Values for content-security-policy:
upgrade-insecure-requests 20,039
frame-ancestors 'self' 10,819
upgrade-insecure-requests; 8,317
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 7,806
frame-ancestors 'self'; 5,910
default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self'; 2,450
block-all-mixed-content 1,822
frame-ancestors 'none' 1,554
block-all-mixed-content; 1,170
frame-ancestors 'none'; 932
object-src 'none' 601
frame-ancestors 'self' mitiendanube.com *.mitiendanube.com lojavirtualnuvem.com.br *.lojavirtualnuvem.com.br mitiendanube.com.ar *.mitiendanube.com.ar mitiendanube.com.mx *.mitiendanube.com.mx mitiendanube.com.co *.mitiendanube.com.co mitiendanube.cl *.mitiendanube.cl; upgrade-insecure-requests 528
frame-ancestors https://*.pironet-ndh.com:4433 'self' 432
default-src 'self' ws: wss: http: https: data: blob: 'unsafe-inline' 429
frame-ancestors 'self' https://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data: blob:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 411
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 402
frame-ancestors 'self' godaddy.com *.godaddy.com dev-godaddy.com *.dev-godaddy.com test-godaddy.com *.test-godaddy.com 393
381
frame-ancestors * 343
report-uri /report-csp-violation 261
upgrade-insecure-requests;frame-ancestors 'none';object-src 'none' 254
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 248
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 231
upgrade-insecure-requests; block-all-mixed-content 222
default-src https: data: 'unsafe-inline' 'unsafe-eval' 220
require-trusted-types-for 'script' 212
frame-ancestors 'self' http://webvisor.com 208
default-src 'self' https: wss: data: blob:; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https: https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; 197
script-src 'self' blob: https://morris-server.de:8801 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; media-src 'self' data: blob: https://api.sparkassen-mediacenter.de https://sparkassen-mediacenter.de https://cdn.sparkassen-mediacenter.de 189
frame-ancestors 'self' ; 183
upgrade-insecure-requests;object-src 'none' 172
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com; 160
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 156
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.152media.info *.2mdn.net *.33across.com *.360playvid.info *.360yield.com *.4dex.io *.abkafurniture.com *.abt.s3.yandex.net *.ad-generation.jp *.ad-plus.com.tr *.ad-score.com *.adfor.io *.adform.com *.adform.net *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.admost.com *.adnow.com *.adnsafe.org *.adnxs.com *.adocean.pl *.adpush.com.tr *.adpushup.com *.adroll.com *.ads-twitter.com *.ads7-adnow.com *.adsafeprotected.com *.adsafescan.com *.adsby.io *.adsmx.online *.adsturk.com *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.adtrafficquality.google *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.air.tech *.aistekso.net *.alexametrics.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.amxrtb.com *.anura.io *.api-sports.io *.app.adjust.com *.appnexus.com *.aralego.com *.atombilisim.com.tr *.axonix.com *.azureedge.net *.baithoph.net *.beachfront.com *.bidswitch.net *.bidtellect.com *.bik.gov.tr *.bildirt.com *.binance.com *.bizzclick.com *.bringads.ru *.cdn.jsdelivr.net *.cdn.pixad.com.tr *.cdn.proadscdn.com *.cimri.com *.clarity.ms *.cleverwebserver.com *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.cookiebot.com *.coxmt.com *.criteo.com *.criteo.net *.cubepile.com *.dable.io *.dailymotion.com *.devotrans.com *.districtm.io *.doubleclick.net *.dreamwater.com.tr *.dsp-media.eskimi.com *.e-planning.net *.emxdgt.com *.engagebdr.com *.ep2.adtrafficquality.google *.ercdn.net *.erstream.com *.eskimi.com *.exponential.com *.facebook.com *.facebook.net *.flashtalking.com *.flowplayer.com *.foremedia.net *.freewheel.tv *.ftstatic.com *.gamoshi.io *.gemius.pl *.github.io *.google *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.growone.sg *.gstatic.com *.gtranslate.net *.gumgum.com *.hhkld.com *.ibillboard.com *.id5-sync.com *.idealmedia.io *.ijit.com *.improvedigital.com *.incehesap.com *.indexexchange.com *.inmobi.com *.instagram.com *.jewelbetting.co *.jewelbetting.net *.jquery.com *.jsdelivr.net *.jwpcdn.com *.karakasbezcanta.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.loopme.me *.makroo.com *.maple-team.com *.mars.media *.media-analytic.com *.mediabong.com *.meta.com *.mgid.com *.moatads.com *.monochat.ai *.monosnap.com *.mrf.io *.netmedyaajans.com.tr *.newborntown.com *.nnowa.com *.omnijay.com *.onesignal.com *.onetag-sys.com *.onnetwork.tv *.openstat.eu *.openweathermap.com *.openx.com *.openx.net *.optad360.io *.outbrain.com *.paytr.com *.peak226.com *.pinterest.com *.pixad.com.tr *.player.im *.player.viads.com *.preply.com *.programattik.com *.protagcdn.com *.publisher-network.com *.pubmatic.com *.pushsaas.digital *.quantcount.com *.radyotelekom.com.tr *.radyotelekomtv.com *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rtb.pixad.com.tr *.rubiconproject.com *.sabio.us *.sanalofisonline.com *.say.ac *.schema.org *.script.ac *.sepetteknoloji.com *.serving-sys.com *.sharethis.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smilewanted.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.springserve.com *.static.hotjar.com *.stickyadstv.com *.stroeer.com *.synacor.com *.t3vakfi.app *.taboola.com *.tagon.co *.tebilisim.com *.teimg.com *.teknofest.app *.tevideo.org *.thalespirlanta.com *.theadx.com *.thebrave.io *.themediagrid.com *.thubanoa.com *.tiktok.com *.tiviplayer.com *.tradingview.com *.tribalfusion.com *.trvdp.com *.ttwstatic.com *.twimg.com *.twitter.com *.ucfunnel.com *.uidapi.com *.unpkg.com *.unrulymedia.com *.us.com *.vdo.ai *.viads.com *.viads.net *.videoomy.com *.vidoomy.com *.vidyome.com *.vimeo.com *.viralize.tv *.virgul.com *.visitchange.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yads.tech *.yahoo.com *.yandex.com *.yandex.net *.yandex.ru *.yastatic.net *.yayin.com.tr *.yieldmo.com *.youtu.be *.youtube.com *.ytimg.com *.zencdn.net 360playvid.info a.bringads.ru ad-plus.com.tr ad.360yield.com adfor.io ads.sepetteknoloji.com ads.vidoomy.com ads.viralize.tv adsby.io adsdkprod.azureedge.net adsmx.online adsturk.com adtrafficquality.google ajs-assets.ftstatic.com analytics.ahrefs.com anura.io api-maps.yandex.ru api.adnsafe.org bidlift.152media.info buttons-config.sharethis.com c1.imgiz.com cdn-auth.t3vakfi.app cdn.adhouse.pro cdn.adpushup.com cdn.adsafescan.com cdn.ampproject.org cdn.doubleverify.com cdn.flowplayer.com cdn.id5-sync.com cdn.jsdelivr.net cdn.jwplayer.com cdn.media-analytic.com cdn.proadscdn.com cdn.ravenjs.com cdn.stickyadstv.com cdn2.bildirt.com cleverwebserver.com cm.adform.net cm.g.doubleclick.net connect.facebook.net consent.cookiebot.com cpm.programattik.com creative-measurement.quantcount.com csync.loopme.me dable.io display-static.yads.tech dsp-media.eskimi.com ep1.adtrafficquality.google ep2.adtrafficquality.google erpm-js.erstream.com euw2-a.amxrtb.com gdetr.hit.gemius.pl google.com gtranslate.net hbopenbid.pubmatic.com hhkld.com ib.adnxs.com id2.t3vakfi.app id5-sync.com instagram.com invstatic101.creativecdn.com ittpx.eskimi.com ittr.eskimi.com js.ad-score.com js.globalsun.io jsc.idealmedia.io jscdn.greeter.me jsdelivr.net lidertv.radyotelekom.com.tr mc.yandex.com monitor.growone.sg monosnap.com mp.4dex.io mrf.io myvalice.com.tr n.nnowa.com netmedyaajans.com.tr nnowa.com oa.openxcdn.net onesignal.com onetag-sys.com openstat.eu pagead2.googlesyndication.com paytr.com pcode.yads.tech pghub.io platform-api.sharethis.com platform.foremedia.net player.im player.viads.com pool-eu.creative-serving.com prebid-server.rubiconproject.com prebid.smilewanted.com preply.com proadscdn.com protagcdn.com pushsaas.digital radyotelekom.com.tr radyotelekomtv.com run.admost.com s0.2mdn.net say.ac script.4dex.io sdk.mrf.io securepubads.g.doubleclick.net sosyal.teknofest.app sp.ad-plus.com.tr ssb-global.smartadserver.com st-n.ads7-adnow.com st-n.nnowa.com static-maps.yandex.ru static.ads-twitter.com static.cdn.pixad.com.tr static.cloudflareinsights.com tags.crwdcntrl.net testerparfum.com theadsby.rtb.pixad.com.tr trgde.adocean.pl tv5-live.ercdn.net twimg.com u.openx.net unpkg.com user-sync.gamoshi.io vdo.ai viads.net videojs.com visitchange.com vjs.zencdn.net vpaid.springserve.com webchat.monochat.ai x.bidswitch.net yandex.com yandex.ru yastatic.net; 154
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; 144
frame-src 'self' https://objectstorage.ap-dcc-gazipur-1.oraclecloud15.com https://www.googletagmanager.com https://www.youtube.com https://youtube.com https://*.youtube.com http://*.youtube.com https://*.google.com https://www.facebook.com https://*.gov.bd http://*.gov.bd https://*.*.gov.bd http://*.*.gov.bd; 140
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 130
default-src * data: 'unsafe-eval' 'unsafe-inline' 127
frame-ancestors 'self' https://app.grovecms.org/ 125
upgrade-insecure-requests; frame-ancestors 'self' 120
frame-ancestors 'self' ; upgrade-insecure-requests; 119
default-src 'self';     style-src 'unsafe-inline';     object-src 'none' 118
default-src 'self' http: https: data: blob: 'unsafe-inline' 114
default-src * 'unsafe-inline';script-src * 'unsafe-eval' 'unsafe-inline';img-src * 'self' data:;frame-ancestors none;frame-src 'self' mailto: tel: https: 112
report-uri /report-csp-violation; upgrade-insecure-requests 106
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 106
frame-ancestors 'self' https://*.substack.com https://substack.com 103
frame-ancestors self 103
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: *.visualwebsiteoptimizer.com; style-src 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com; img-src data: https: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; font-src data: https:; connect-src https: data: blob: *.visualwebsiteoptimizer.com app.vwo.com; media-src blob: data: https:; object-src https:; child-src https: data: blob: 'self' *.visualwebsiteoptimizer.com app.vwo.com; upgrade-insecure-requests; block-all-mixed-content; 102
frame-ancestors *; 100
self 91
frame-ancestors https://sinclairstoryline.com https://qa-sinclairstoryline.com https://int-sinclairstoryline.com https://storyline-qa.com https://storyline-int.com https://preview.int-sinclairstoryline.com https://preview.storyline-int.com https://preview.storyline-qa.com https://preview.qa-sinclairstoryline.com https://preview.sinclairstoryline.com; upgrade-insecure-requests 88
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none' 87
frame-ancestors 'self' https://app.contentful.com 85
default-src 'none' 83
upgrade-insecure-requests;connect-src * 83
frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 81
; report-to blog-front-csp-endpoint 75
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 72
frame-ancestors 'self' https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com *.khapps.com *.khapps.jp *.lsapps.oracle.com *.lsapps.oracle.jp *.dev-lsapps.oracle.com https://oraclesso.sharepoint.com https://oracle.sharepoint.com https://partners.oracle.com https://partners-stage.oracle.com https://partners-test.oracle.com https://partners-sit.oracle.com https://partners-dev.oracle.com 71
frame-ancestors zyro.com *.zyro.com *.builder-preview.com *.zyro.space *.hostinger.com *.hostinger.io *.hostinger.in *.hostinger.co.uk 71
frame-ancestors 'self'; upgrade-insecure-requests 69
frame-ancestors 'self' *.tsoftpanel.com *.paneltsoft.com; 69
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 68
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net fw-cdn.com *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/ https:; manifest-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to cdn.jsdelivr.net *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/ https://www.datadoghq-browser-agent.com; font-src 'self' fonts.gstatic.com cdn.livechatinc.com *.tawk.to; img-src 'self' cdn.jsdelivr.net tawk.link https: data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com; media-src 'self' data: cdn.databerjalan.com dataset.catgarong.com cdn.livechatinc.com youtube.com vimeo.com geo.dailymotion.com twitch.com; object-src 'self' data:; connect-src 'self' data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com unpkg.com *.tawk.to wss://*.tawk.to https://browser-intake-datadoghq.com https: wss:; frame-src *.tawk.to https:; frame-ancestors 'self'; form-action 'self' *.tawk.to; worker-src blob:; 67
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 66
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cookiepro.com https://*.onetrust.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiepro.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com https://*.cookiepro.com; style-src 'self' 'unsafe-inline' 63
upgrade-insecure-requests; frame-ancestors 'self'; 63
default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 63
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 60
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 59
upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 58
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.seals.dlagglobal.com *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.googleapis.com *.cdnnetworks.net *.edgecasts.net *.fasttrackcdn.net *.cdnrocket.net  *.speedysurfcdn.net *.cloudswiftcdn.net *.globalwavecdn.net *.acceleracloud.net *.quickroutecdn.net *.lightningspeedcdn.net *.stormshieldcdn.net *.rapidflarecdn.net *.velocitystream.net *.nexusaccelerate.net *.pacificrouter.com *.cdnhealthcare.net *.traveladventurescdn.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net http://*.sbobet.com; worker-src 'self' blob:; report-uri https://csp.trackittk.net/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa https://csp.trackittk.net/z/44e4f334-51c5-4cdb-b5e0-b33b1ec85c9d 58
frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 58
frame-ancestors 'none'; upgrade-insecure-requests 55
frame-ancestors 'self' *.plentymarkets-cloud-de.com *.my.plentysystems.com 55
frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com 54
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 53
default-src 'self' *.smartsites.parentsquare.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.smartsites.parentsquare.com http://localhost:*; style-src 'self' https: 'unsafe-inline' *.smartsites.parentsquare.com http://localhost:*; img-src 'self' data: https:; font-src 'self' data: https:; frame-src https:; connect-src 'self' https: ws://localhost:* wss://localhost:*; worker-src 'self' blob:; object-src 'self' *.smartsites.parentsquare.com; media-src 'self' https:; base-uri 'self'; form-action 'self' https:; report-uri /csp-reports.php; report-to csp-endpoint; 52
frame-ancestors https://web.telegram.org 52
frame-ancestors 'self' https://cms.scrippsdigital.com 50
frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 50
upgrade-insecure-requests; block-all-mixed-content; 48
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 48
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' * https://cdn.us.heap-api.com https://heapanalytics.com https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval'; script-src-elem * https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * https://heapanalytics.com https://viewer.threshold360.com blob: data:; style-src 'self' * https://heapanalytics.com https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src 'self' * https://c.us.heap-api.com https://heapanalytics.com https://viewer.threshold360.com wss://viewer.threshold360.com blob:; font-src 'self' * https://heapanalytics.com https://viewer.threshold360.com data:; frame-src 'self' * https://viewer.threshold360.com; worker-src * blob:; media-src * blob: data:; frame-ancestors 'self'; 46
base-uri 'self';default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';    script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';form-action * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';report-uri /post_report/;report-to default; 45
default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 44
default-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 44
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://cdn.taboola.com https://ads.taboola.com chrome-extension://jdanfkhnfpagoijgfmklhgakdicpnfil; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=; 43
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 43
frame-ancestors 'self' *; 43
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 42
worker-src 'self' blob: 41
default-src 'self' 'unsafe-inline' 41
frame-ancestors 'self'; report-uri /report-csp-violation 40
default-src 'self'; 40
frame-ancestors 'self' https://*.hygraph.com 40
frame-ancestors 'self' https://dashboard.thepublive.com https://betadashboard.thepublive.com; 39
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https: 39
default-src 'self'; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com www.google.com az416426.vo.msecnd.net www.gstatic.com dc.services.visualstudio.com tagmanager.google.com https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org:* https://cdn.consentmanager.mgr.consensu.org/delivery/cmp.min.css; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://action.metaffiliation.com https://*.googleapis.com www.googletagmanager.com www.google.com az416426.vo.msecnd.net www.gstatic.com dc.services.visualstudio.com tagmanager.google.com www.googleadservices.com *.google-analytics.com *.analytics.google.com static.hotjar.com static.hotjar.io bat.bing.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com script.hotjar.io www.dwin1.com/8427.js www.zenaps.com https://the.sciencebehindecommerce.com/d9core adclick.g.doubleclick.net https://cdn.consentmanager.mgr.consensu.org:* https://consentmanager.mgr.consensu.org:* https://cdn.consentmanager.net:* https://c.delivery.consentmanager.net:* https://ibn.yuzzu.be:* https://static.cdn.prismic.io https://d.delivery.consentmanager.net; font-src 'self' fonts.gstatic.com script.hotjar.com script.hotjar.io data:; frame-src 'self' img.metaffiliation.com bid.g.doubleclick.net www.google.com dc.services.visualstudio.com vars.hotjar.com vars.hotjar.io 11105234.fls.doubleclick.net https://tbl.tradedoubler.com/ www.zenaps.com https://cdn.consentmanager.net https://cdn.consentmanager.mgr.consensu.org:* https://td.doubleclick.net https://*.prismic.io https://www.googletagmanager.com https://sst.yuzzu.be; connect-src 'self' https://www.facebook.com https://bat.bing.net http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://pagead2.googlesyndication.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com dc.services.visualstudio.com connect.facebook.net in.hotjar.com in.hotjar.io vc.hotjar.io inkstone-edge.haiku.ai api.mixpanel.com https://stats.g.doubleclick.net adclick.g.doubleclick.net https://surveystats.hotjar.io:* https://cdn.consentmanager.mgr.consensu.org:* https://consentmanager.mgr.consensu.org:* https://*.rockestate.be *.googleapis.com https://geoservices.wallonie.be https://action.metaffiliation.com:* https://ibn.yuzzu.be:* https://pagead2.googlesyndication.com:* https://www.google.com:* https://googleads.g.doubleclick.net https://bat.bing.com https://adservice.google.com https://www.googleadservices.com https://js.monitor.azure.com https://sst.yuzzu.be https://ad.doubleclick.net https://d.delivery.consentmanager.net; img-src 'self' https://bat.bing.net https://delivery.consentmanager.net:* https://d.delivery.consentmanager.net https://cdn.consentmanager.net:* https://cdn.consentmanager.mgr.consensu.org:* https://consentmanager.mgr.consensu.org:* http://*.google.com https://*.google.com http://*.google.be https://*.google.be http://*.google.co.za https://*.google.co.za www.zenaps.com www.awin1.com ssl.gstatic.com www.gstatic.com 11105234.fls.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net https://ad.doubleclick.net script.hotjar.io www.facebook.com www.google.be https://*.google-analytics.com https://*.analytics.google.com bat.bing.com https://*.googleapis.com maps.gstatic.com www.w3.org https://*.rockestate.be https://geoservices.wallonie.be https://ibn.yuzzu.be:* https://affdc.yuzzu.be:* https://images.prismic.io https://prismic-io.s3.amazonaws.com data: https://yuzzu.be https://www.googletagmanager.com https://www.yuzzu.be https://sst.yuzzu.be https://yuzzu-cms.cdn.prismic.io; child-src 'self' https://vars.hotjar.com https://vars.hotjar.io 39
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 38
base-uri 'self'; frame-ancestors 'self' 38
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval'; 38
object-src 'none';    base-uri 'none';    script-src 'nonce-STATIC_NONCE' 'strict-dynamic' 'wasm-unsafe-eval'; 37
default-src data: 'unsafe-inline' 'unsafe-eval' https:;base-uri 'self';frame-ancestors 'self' ;img-src data: https: blob:;font-src data: https:;media-src https: blob:;connect-src https: wss: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:;style-src data: 'unsafe-inline' https:;child-src https: data: blob:;form-action https:;object-src 'none'; 37
frame-ancestors 'self'; report-uri /_/commcsp?disposition=enforce; 37
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://corporatetools.zeroheight.com https://global-components.corptools.io 37
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.agricharts.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net code.jquery.com cdn.datatables.net *.googletagmanager.com twitter.com *.twitter.com *.windy.com *.financialcontent.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.websol.barchart.com media.agricharts.com *.barchart.com; object-src 'self' s3.amazonaws.com media.agricharts.com; frame-src 'self' *.youtube.com *.facebook.com www.google.com twitter.com *.twitter.com *.windy.com www.screencast.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.websol.barchart.com; worker-src 'self' s3.amazonaws.com media.agricharts.com blob:; frame-ancestors 'self'; 37
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://zoho.com https://maillist-manage.com https://www.gstatic.com https://www.buzzsprout.com https://*.nimbuspop.com https://*.zoho.com https://*.googleapis.com https://zapier.com https://*.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.cloudfront.net https://platform.twitter.com https://player.vimeo.com https://*.localzoho.com https://*.maillist-manage.com https://*.manageengine.com https://*.pagesense.io https://*.zapier.com https://*.zoho.com.au https://*.zoho.eu https://*.zoho.in https://*.zoho.jp https://*.zoho.sa https://*.zohocdn.com https://*.zohocloud.ca https://*.zohostatic.com https://*.zohowebstatic.com https://d3js.org https://cdn.ampproject.org https://cdn.checkhq.com https://code.jquery.com https://fast.wistia.com https://run.pstmn.io https://www.youtube.com https://www.youtube-nocookie.com https://*.zoho.ae https://*.zohopublic.com https://*.zohopublic.in https://*.zohopublic.eu https://*.zohosalesiq.com https://*.zohocorp.com https://*.zohoexternal.in https://*.zohoexternal.com https://*.zoho.uk https://*.catalystserverless.in https://*.catalystserverless.com https://*.development.catalystserverless.com https://*.development.catalystserverless.in https://*.zohobookings.com https://*.zohobookings.eu https://*.zohobookings.in https://*.zoho.ca https://*.zohocdn.com.cn https://*.scoreapp.com;connect-src 'self' blob: https://*.zohostratus.com https://*.zoho.in https://*.zoho.com https://*.zoho.com.au https://*.zoho.eu https://*.zoho.jp https://*.zohocloud.ca https://*.zoho.uk https://*.zoho.sa https://*.zoho.ae https://zoho.com https://*.zohosalesiq.com https://*.zohocorp.com https://*.zohoexternal.in https://*.zohoexternal.com  https://*.zohostatic.com https://*.wistia.com https://*.maillist-manage.com https://zohowebstatic.com https://*.catalystserverless.in https://*.catalystserverless.com https://*.development.catalystserverless.in https://*.zapier.com https://api.github.com https://zapier.com https://*.development.catalystserverless.com https://player.vimeo.com https://twitter.com https://*.localzoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohopublic.in wss://*.zohopublic.in wss://*.zohopublic.eu wss://vts.zohopublic.com https://*.zohowebstatic.com  https://*.zohobookings.com https://*.zohobookings.eu https://*.zohobookings.in https://*.zohocdn.com.cn https://*.zohopublic.eu https://*.scoreapp.com https://*.cdn.pagesense.io https://*.zohoportal.in;frame-src 'self' blob: https://*.nimbuspop.com https://zc.vg https://www.manageengine.in https://www.manageengine.com https://www.manageengine.eu https://www.manageengine.com.au https://www.buzzsprout.com https://*.zohobookings.com https://*.zohobookings.eu https://*.zohobookings.in https://*.campaign-view.in https://anchor.fm https://*.zohosites.com https://*.spotify.com https://platform.twitter.com https://player.captivate.fm https://player.vimeo.com https://vimeo.com https://*.soundcloud.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.zohoshowtime.com https://zoho.to https://*.localzoho.com https://*.maillist-manage.com https://*.pagesense.io https://*.zoho.ae https://*.zoho.com https://*.zoho.com.au https://*.zoho.eu https://*.zoho.in https://*.zoho.jp https://*.zoho.sa https://*.zohocdn.com https://*.zohocloud.ca https://*.zohopublic.com https://*.zohopublic.in https://*.zohosalesiq.com https://*.zohocorp.com https://*.zohoexternal.in https://*.zohoexternal.com https://*.zohowebstatic.com https://*.zohostatic.com https://*.zoho.uk https://*.catalystserverless.in https://*.catalystserverless.com https://*.development.catalystserverless.com https://*.development.catalystserverless.in https://*.zohocdn.com.cn https://*.zohopublic.eu https://*.scoreapp.com https://*.campaign-view.com https://capture.navattic.com; 36
frame-ancestors 'self'; upgrade-insecure-requests; 36
default-src blob: * 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';  font-src * data: 'unsafe-inline'; 36
frame-ancestors 'self' cloudlogin.co *.cloudlogin.co; 36
block-all-mixed-content; frame-ancestors 'self' https://*.sapo.vn https://*.mysapo.net https://aelang.aecomapp.com; upgrade-insecure-requests 36
report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; upgrade-insecure-requests;  script-src 'self' 'unsafe-inline' apis.roblox.com roblox.com *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com js.rbxcdn.com js.stripe.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com arkoselabs.roblox.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net cdn.veriff.me *.lightstep.com client-api.arkoselabs.com api.arkoselabs.com *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com cdn.safecharge.com;  img-src 'self' data: *.cloudfront.net *.gilcdn.com *.gldcdn.com *.google-analytics.com *.google.com *.kaptcha.com *.rblx.org *.rbxcdn.com *.roblox.com *.robloxlabs.com googleads.g.doubleclick.net i.ytimg.com www.googletagmanager.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat *.stripe.com *.tarobicdn.com *.tarobidevsandboxcdn.com www.facebook.com *.snapchat.com *.safecharge.com;  connect-src 'self' *.roblox.com *.robloxlabs.com *.rblx.org *.rbx.com *.rbxcdn.com *.roblox.cn *.simulpong.com *.lightstep.com *.ns1p.net *.arkoselabs.com *.kaptcha.com *.google.com *.google-analytics.com *.doubleclick.net *.sentry.io wss://realtime.roblox.com wss://realtime.sitetest1.robloxlabs.com wss://realtime.sitetest2.robloxlabs.com wss://realtime.sitetest3.robloxlabs.com wss://realtime-signalr.roblox.com *.braintree-api.com *.braintreegateway.com d1q2u37vreaobr.cloudfront.net funcaptcha.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com *.safecharge.com; 35
default-src 'self' 35
img-src https: data:; upgrade-insecure-requests 35
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 35
upgrade-insecure-requests;report-to default; 35
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 34
frame-ancestors 'self' https://deco.cx https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ https://admin-cx.deco.page/ https://deco.chat https://admin.decocms.com https://decocms.com 34
default-src https: data: 'unsafe-eval' 'unsafe-inline' blob: 34
frame-ancestors 'self' *.youtube.com 34
base-uri 'self' 33
frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; 33
frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 33
default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 33
frame-ancestors  'self' asia.espn.com:* asia.espnqa.com:* *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com https://*.espn.nl:* https://*.espn.com:* https://*.espnqa.nl:* *.espnqa.com:* 32
sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri https://csp.yahoo.com/beacon/csp?src=redirect 32
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none'; 32
base-uri 'self'; frame-ancestors 'self'; 32
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 32
child-src * blob: 32
frame-ancestors 'self' https://app.storyblok.com 31
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 31
frame-ancestors 'self'; report-uri /_/commcsp?disposition=enforce 31
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 31
frame-ancestors 'self' https://webvisor.com http://webvisor.com; 31
object-src 'none'; 30
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 30
frame-ancestors 'self' https://*.akifast.com akifast.com 30
frame-ancestors none 29
frame-ancestors 'self' https://app.stg.boxoffice.com https://app.boxoffice.com 29
default-src 'self';style-src 'self' 'unsafe-inline' *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com tagmanager.google.com fonts.googleapis.com *.googleapis.com cdnjs.cloudflare.com;img-src 'self' data: *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.is *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk consent.trustarc.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com immage.monks.tools *.googleapis.com *.google.com *.googleusercontent.com www.digitalassets.starbucks.eu *.starbucks.eu maps.gstatic.com maps.googleapis.com *.trustarc.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com;media-src 'self' *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.is *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk;font-src 'self' fonts.gstatic.com *.gstatic.com *.trustarc.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com tagmanager.google.com aswpsdkus.com aswpsdkeu.com try.access.worldpay.com maps.googleapis.com *.youtube.com *.trustarc.com www.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net unpkg.com cdn.gbqofs.com *.cdn-net.com *.accdab.net *.worldpay.com https://static.cloudflareinsights.com;frame-src 'self' www.youtube-nocookie.com *.youtube.com starbucksjobs.de *.accdab.net consent-pref.trustarc.com *.google.com *.googletagmanager.com try.access.worldpay.com secure-test.worldpay.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.onecupbigchange.com *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.is *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk gateway.switch.tj *.worldpay.com *.trustarc.com youtu.be;frame-ancestors 'self' *.onecupbigchange.com *.starbucks.com cms.starbucks.ae cms.starbucks.at cms.starbucks.be cms.starbucks.bg cms.starbucks.ch cms.starbucks.co.ma cms.starbucks.co.uk cms.starbucks.co.za cms.starbucks.com.bh cms.starbucks.com.co cms.starbucks.com.jo cms.starbucks.com.kw cms.starbucks.com.kz cms.starbucks.com.lb cms.starbucks.com.om cms.starbucks.cz cms.starbucks.de cms.starbucks.eg cms.starbucks.es cms.starbucks.eu cms.starbucks.fr cms.starbucks.hu cms.starbucks.ie cms.starbucks.is cms.starbucks.mt cms.starbucks.nl cms.starbucks.no cms.starbucks.pl cms.starbucks.pt cms.starbucks.qa cms.starbucks.ro cms.starbucks.rs cms.starbucks.sa cms.starbucks.se cms.starbucksslovakia.sk;connect-src 'self' i.ytimg.com js-agent.newrelic.com *.trustarc.com aswpsdkus.com aswpsdkeu.com *.cdn-net.com *.accdab.net six.cdn-net.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.g.doubleclick.net google.com *.google.com aswpapius.com aswpapieu.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.worldpay.com bam.nr-data.net report.starbucks.gbqofs.io stats.g.doubleclick.net https://adservice.google.com maps.googleapis.com *.youtube.com;object-src 'none';base-uri 'none'; 29
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 28
default-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org *.mediawiki.org wikidata.org www.gstatic.com www.google.com apis.google.com platform.twitter.com ajax.cloudflare.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net cdn.syndication.twimg.com openlayers.org www.gstatic.cn hcaptcha.com *.hcaptcha.com bandcamp.com flo.uri.sh challenges.cloudflare.com www.youtube.com;  style-src 'self' data: 'unsafe-inline' miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org *.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com use.typekit.net;  img-src blob: 'self' data: miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com *.fbcdn.net i.ytimg.com *.imgbb.com simgbb.com *.simgbb.com ibb.co *.ibb.co *.postimages.org postimgs.org *.postimgs.org postimg.cc *.postimg.cc *.rbxcdn.com cms-imgp.jw-cdn.org hosted.weblate.org minecraft.wiki www.divine-pride.net static.divine-pride.net legacyofnightwind.com;  font-src 'self' data: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org use.typekit.net;  media-src 'self' blob: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com apis.google.com bandcamp.com;  frame-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net www.google.com docs.google.com apis.google.com calendar.google.com drive.google.com web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com lucid.app scratch.mit.edu hcaptcha.com *.hcaptcha.com bandcamp.com challenges.cloudflare.com map.showdown.wiki clips.twitch.tv video.fastly.steamstatic.com shared.fastly.steamstatic.com *.instatus.com;  connect-src 'self' blob: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com 1.1.1.1 translate.googleapis.com games.roblox.com economy.roblox.com discord.com discordapp.com api.steampowered.com *.instatus.com; 28
frame-ancestors 'self' devcue.diks.fi cue.media.fi cue.test.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:* http://cue.cue-web:*; 28
default-src https:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss: data: blob:; img-src 'self' https: data: blob:; font-src 'self' https: data: blob:; worker-src 'self' https: blob:; frame-ancestors 'self' *.sitewrench.com *.speakcreative.com 28
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 27
block-all-mixed-content; frame-ancestors 'self' 27
frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 27
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 27
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src * data: blob: ; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; worker-src * blob:; 26
default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net events.webnode.com events.staging.webnode.com events.testing.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com bat.bing.net analytics.ahrefs.com/analytics.js connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com www.google.de www.google.com.br cdn.inspectlet.com *.clarity.ms *.bing.com c.seznam.cz pagead2.googlesyndication.com s.yimg.jp ct.pinterest.com analytics.tiktok.com www.redditstatic.com alb.reddit.com https://cdn.rudderlabs.com/ https://cdn.amplitude.com/ cdn.euc-freshbots.ai blob: euc-widget.freshworks.com/widgets/101000002785.js euc-widget.freshworks.com/widgetBase/ b98.yahoo.co.jp https://s.pinimg.com https://track.adform.net https://s2.adform.net https://eu.acsbapp.com/apps/app/dist/js/app.js https://eu.acsbapp.com/apps/app/dist/js/ https://accesswidget-log-receiver.acsbapp.com/ https://eu-cdn.acsbapp.com/config/ https://js-eu1.hs-scripts.com/ https://js-eu1.hs-analytics.net/ https://js-eu1.hs-banner.com/ https://track-eu1.hubspot.com/ https://cdn.hub-prod.team.blue/loader/widget-loader.js;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net static.d.webnodev.com www.gstatic.com js.stripe.com d11bh4d8fhuq47.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net use.typekit.net p.typekit.net cdn.euc-freshbots.ai euc-widget.freshworks.com/widgetBase/static/media/;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net d1bz77arbww182.cloudfront.net d1me9yvfki5736.cloudfront.net d6scj24zvfbbo.cloudfront.net *.pbhom-cdnwnd.com *.cbaul-cdnwnd.com *.clvaw-cdnwnd.com static.d.webnodev.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com bat.bing.net q.quora.com www.google.com www.google.cz www.google.de www.google.com.br www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.clarity.ms *.bing.com analytics.tiktok.com www.redditstatic.com alb.reddit.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi ct.capterra.com d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net cdn.euc-freshbots.ai cdn.freshbots.ai fc-euc1-00-pics-bkt-00.s3.eu-central-1.amazonaws.com https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://ct.pinterest.com https://track.adform.net https://server.seadform.net/serving/cookie/ https://track-eu1.hubspot.com/;frame-ancestors 'self'; 26
frame-ancestors 'self' * 26
base-uri 'self'; 26
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 26
frame-ancestors 26
default-src 'none';base-uri 'self';script-src  'self'  'unsafe-inline'  blob:  https://*.awswaf.com  https://api.search.gov.sg  https://www.search.gov.sg  https://*.wogaa.sg  https://*.dcube.cloud  https://googleads.g.doubleclick.net  https://www.googleadservices.com  https://*.google-analytics.com  https://www.google.com  https://www.googletagmanager.com  https://connect.facebook.net  https://graph.facebook.com  https://*.licdn.com  https://www.gstatic.com/recaptcha/  https://www.google.com/recaptcha/  https://www.youtube.com  https://webchat.vica.gov.sg  https://webchat.mol-vica.com  https://*.clarity.ms  https://*.ask.gov.sg  https://analytics.tiktok.com  https://login.dotomi.com  https://login-ds.dotomi.com  ;style-src  'self'  'unsafe-inline'  https://assets.wogaa.sg  https://assets.dcube.cloud  https://www.search.gov.sg  https://webchat.vica.gov.sg  https://webchat.mol-vica.com  ;object-src  'none'  ;connect-src  'self'  https://*.awswaf.com  https://isomer-user-content.by.gov.sg  https://browser-intake-datadoghq.com  https://api.search.gov.sg  https://*.wogaa.sg  https://*.dcube.cloud  https://api-chat-fe-flag.vica.gov.sg  https://chat.vica.gov.sg  https://autocomplete.vica.gov.sg  wss://chat.vica.gov.sg  https://api-chat-fe-flag.mol-vica.com  https://chat.mol-vica.com  wss://chat.mol-vica.com  https://autocomplete.mol-vica.com  https://www.google-analytics.com  https://*.googletagmanager.com  https://google.com  https://www.google.com  https://analytics.google.com  https://stats.g.doubleclick.net  https://px.ads.linkedin.com  https://*.clarity.ms  https://c.bing.com  https://ask.gov.sg  https://*.ask.gov.sg  https://data.gov.sg  https://*.data.gov.sg  https://ad.doubleclick.net  https://googleads.g.doubleclick.net  https://www.googleadservices.com  https://adservice.google.com  https://www.google.com.sg  https://www.facebook.com  https://analytics.tiktok.com  https://analytics-ipv6.tiktokw.us  ;font-src  'self'  data:  https://fonts.gstatic.com  https://www.search.gov.sg  https://assets.wogaa.sg  https://assets.dcube.cloud  ;frame-src  'self'  https://www.search.gov.sg  https://www.google.com  https://www.googletagmanager.com  https://td.doubleclick.net  https://www.onemap.gov.sg  https://www.youtube-nocookie.com  https://player.vimeo.com  https://m.facebook.com  https://www.facebook.com  https://docs.google.com  https://form.gov.sg  https://maps.gov.sg  https://www.google.com/recaptcha/  https://*.fls.doubleclick.net  ;img-src  'self'  https:  ;manifest-src  'self'  ;media-src  'self'  ;worker-src  'self'  ;frame-ancestors  'self'  ; 26
default-src 'self' 'unsafe-inline' https://* data: wss://*.hotjar.com; frame-ancestors 'none' 26
frame-ancestors 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 26
default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; report-uri /csp-report-endpoint/ 26
default-src 'self';         script-src             'self'             'unsafe-inline'             https://robofolks.cyberfolks.pl             https://api-chat.cyberfolks.pl             https://www.google.com             https://www.gstatic.com             https://www.google-analytics.com             https://www.googletagmanager.com             https://www.googleoptimize.com             https://dev.visualwebsiteoptimizer.com             https://cyberfolks.user.com             https://widget.user.com             https://bat.bing.com             https://bat.bing.net             https://cdn.mouseflow.com             https://analytics.tiktok.com             https://business.tiktok.com             https://googleads.g.doubleclick.net             https://connect.facebook.net             https://scripts.clarity.ms             https://apps.mypurecloud.ie             https://www.youtube.com             https://cdnjs.cloudflare.com             https://cdn-widget.callpage.io             https://www.googleadservices.com             https://www.googletagservices.com 	    https://app.vwo.com             https://www.clarity.ms ;         style-src             'self'             'unsafe-inline'             https://fonts.googleapis.com;         worker-src 'self' blob:;         img-src 'self' data: https:;         font-src             'self'             https://fonts.googleapis.com             https://fonts.gstatic.com             https://cdn.mouseflow.com             https://static2.sharepointonline.com 	    https://www.googletagmanager.com             data:;         connect-src             'self'             https://robofolks.cyberfolks.pl             https://api-chat.cyberfolks.pl             https://api-cdn.mypurecloud.ie             https://api.mypurecloud.ie             wss://webmessaging.mypurecloud.ie             https://fileupload.mypurecloud.ie             https://apps.mypurecloud.ie             https://dev.visualwebsiteoptimizer.com             https://www.google.com             https://www.google.pl             https://region1.analytics.google.com             https://region2.analytics.google.com             https://www.googleadservices.com             https://googleads.g.doubleclick.net             https://stats.g.doubleclick.net             https://eu01.rec.mouseflow.com             https://cyberfolks.user.com             wss://cyberfolks.user.com             https://ads.tiktok.com             https://analytics.tiktok.com             https://analytics-ipv6.tiktokw.us             https://business.tiktok.com             https://cdnjs.cloudflare.com             https://y.clarity.ms 	    https://h.clarity.ms             https://www.facebook.com             https://www.youtube.com             https://www.clarity.ms 	    https://report.clarity.ms             https://www.googletagservices.com 	    https://pagead2.googlesyndication.com             https://bat.bing.com             https://bat.bing.net;         frame-src             'self'             https://cyberfolks.fireprobe.net             https://apps.mypurecloud.ie             https://www.google.com             https://www.facebook.com             https://www.youtube.com             https://bid.g.doubleclick.net 	    https://cyberfolks.user.com             https://www.googletagmanager.com;         frame-ancestors             'self'             https://www.google.com;         object-src 'none';         base-uri 'self'; 25
frame-ancestors 'self' https://aboutyou.content.aboutyou.cloud https://aboutyou.content.staging.aboutyou.cloud 25
object-src 'none'; frame-ancestors 'self' 25
object-src 'self' https://www.youtube.com/ https://www.3cx.com/;frame-src 'self' mailto: tel: https://3cx.com https://www.google.com https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://static.ads-twitter.com/ https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com https://player.vimeo.com; frame-ancestors 'self' 25
frame-ancestors 'self' xerox.com *.xerox.com carear.app 24
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com 24
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 24
script-src * 'unsafe-inline' 'unsafe-eval' 24
frame-ancestors 'self' adultmobile.com *.adultmobile.com babes.com *.babes.com babesnetwork.com *.babesnetwork.com bblmate.com *.bblmate.com biempire.com *.biempire.com bigstr.com *.bigstr.com blackmaleme.com *.blackmaleme.com brazzers.com *.brazzers.com brazzersnetwork.com *.brazzersnetwork.com bromo.com *.bromo.com bromonetwork.com *.bromonetwork.com cambb.xxx *.cambb.xxx cambuilder.com *.cambuilder.com camdevils.com *.camdevils.com camjab.com *.camjab.com camjunky.com *.camjunky.com camrub.com *.camrub.com camutik.com *.camutik.com chatass.com *.chatass.com chatfree24.com *.chatfree24.com clipeek.com *.clipeek.com czechhunter.com *.czechhunter.com danejones.com *.danejones.com debtdandy.com *.debtdandy.com deviante.com *.deviante.com devianthardcore.com *.devianthardcore.com digitalplayground.com *.digitalplayground.com digitalplaygroundnetwork.com *.digitalplaygroundnetwork.com dilfed.com *.dilfed.com dirtyscout.com *.dirtyscout.com doghousedigital.com *.doghousedigital.com dpmate.com *.dpmate.com erito.com *.erito.com eroticspice.com *.eroticspice.com extremetubemate.com *.extremetubemate.com fakehostel.com *.fakehostel.com fakehub.com *.fakehub.com faketaxi.com *.faketaxi.com familyhookups.com *.familyhookups.com familysinners.com *.familysinners.com forgivemefather.com *.forgivemefather.com gilfed.com *.gilfed.com girlgrind.com *.girlgrind.com hentaipros.com *.hentaipros.com hentaiprosnetwork.com *.hentaiprosnetwork.com hotgirlsgame.com *.hotgirlsgame.com househumpers.com *.househumpers.com icfadmin.com *.icfadmin.com iconmale.com *.iconmale.com iknowthatgirl.com *.iknowthatgirl.com jerkmate.com *.jerkmate.com kinkyspa.com *.kinkyspa.com kwikylive.com *.kwikylive.com lesbea.com *.lesbea.com letspostit.com *.letspostit.com liveporncams.xxx *.liveporncams.xxx loveherass.com *.loveherass.com maleaccess.com *.maleaccess.com men.com *.men.com mennetwork.com *.mennetwork.com menxposed.com *.menxposed.com metrohd.com *.metrohd.com milehighmedia.com *.milehighmedia.com milfed.com *.milfed.com mofos.com *.mofos.com mofosnetwork.com *.mofosnetwork.com momslickteens.com *.momslickteens.com nastycast.com *.nastycast.com noirmale.com *.noirmale.com nudecams.xxx *.nudecams.xxx nudeporncams.xxx *.nudeporncams.xxx nyloncams.com *.nyloncams.com onbrazzers.com *.onbrazzers.com onmofos.com *.onmofos.com papi.com *.papi.com prettydirtyteens.com *.prettydirtyteens.com privatamateure.com *.privatamateure.com propertysex.com *.propertysex.com publicagent.com *.publicagent.com realitydudes.com *.realitydudes.com realitydudesnetwork.com *.realitydudesnetwork.com realityjunkies.com *.realityjunkies.com realitykings.com *.realitykings.com rk.com *.rk.com seancody.com *.seancody.com seancodynetwork.com *.seancodynetwork.com sexapemate.com *.sexapemate.com sexroulettelive.net *.sexroulettelive.net sextubemate.com *.sextubemate.com sexworking.com *.sexworking.com sexyhub.com *.sexyhub.com shewillcheat.com *.shewillcheat.com spicevids.com *.spicevids.com spicevidsgay.com *.spicevidsgay.com squirted.com *.squirted.com sweetheartvideo.com *.sweetheartvideo.com sweetsinner.com *.sweetsinner.com taboomale.com *.taboomale.com teenslovehugecocks.com *.teenslovehugecocks.com trannytubemate.com *.trannytubemate.com transangels.com *.transangels.com transangelsnetwork.com *.transangelsnetwork.com transharder.com *.transharder.com transsensual.com *.transsensual.com trueamateurs.com *.trueamateurs.com twinkpop.com *.twinkpop.com twistedfamilies.com *.twistedfamilies.com twistys.com *.twistys.com twistysnetwork.com *.twistysnetwork.com vidsmate.com *.vidsmate.com voyr.com *.voyr.com whynotbi.com *.whynotbi.com; report-uri /api/csp-report; 24
frame-ancestors 'self' www.bookends.info *.bookends.info 24
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.agricharts.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net code.jquery.com cdn.datatables.net *.googletagmanager.com twitter.com *.twitter.com *.windy.com *.financialcontent.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.websol.barchart.com media.agricharts.com *.barchart.com; object-src 'self' s3.amazonaws.com media.agricharts.com; frame-src 'self' *.youtube.com *.facebook.com www.google.com twitter.com *.twitter.com *.windy.com www.screencast.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.websol.barchart.com forecast.weather.gov; worker-src 'self' s3.amazonaws.com media.agricharts.com blob:; frame-ancestors 'self'; 24
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: mailto: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com https://smb.apple.com https://nova.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 23
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 23
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 23
img-src * data:; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'none'; 23
frame-ancestors 'self' https://app.datadoghq.eu https://backoffice.cwcg9g7aq8-mercedesb2-p1-public.model-t.cc.commerce.ondemand.com; 23
frame-ancestors 'self'; object-src 'none' 23
frame-ancestors 'self' https://testbaba.virtualcms.it 23
default-src 'self' 'unsafe-inline' https://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 23
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: https://cdn.ampproject.org https://*.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' filesystem: https://fonts.googleapis.com; img-src 'self' https: data: blob: filesystem: secure.gravatar.com cdn.ampproject.org ampproject.net *.wordpress.org s.w.org *.githubusercontent.com; connect-src 'self' https: data: blob: filesystem: https://cdn.ampproject.org https://ampcid.google.com https://ampcid.google.com.mt https://ampcid.google.com.tr https://*.google-analytics.com https://*.hotjar.com https://*.facebook.com https://*.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com; font-src 'self' https: data: blob: filesystem: https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https: data: blob: filesystem: https://www.googletagmanager.com https://*.google.com https://vars.hotjar.com https://www.facebook.com 23
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src * data: https://ii-package.de; img-src * data: https://ii-package.de 23
default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com images.ctfassets.net/8aevphvgewt8/; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com assets.ctfassets.net/8aevphvgewt8/ videos.ctfassets.net/8aevphvgewt8/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 21
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 21
block-all-mixed-content; upgrade-insecure-requests 21
default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.adform.net *.adnxs.com *.adsrvr.org *.ads-twitter.com *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.amazon-adsystem.com *.awin1.com web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net web-app-batteryadvisor-frontend-pda-t.azurewebsites.net web-app-batteryadvisor-frontend-pda-q.azurewebsites.net web-app-batteryadvisor-frontend-pda-r.azurewebsites.net *.b2x-env.cloud apps.bazaarvoice.com *.bing.com *.bing.net *.clarity.ms *.cloudflare.com app.contentsquare.com t.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net digitizer.app *.dwin1.com *.g.doubleclick.net edge.curalate.com *.en25.com *.excentos.com nonce-csp-test *.facebook.net *.foxbase.de *.fullstory.com *.google-analytics.com *.googleadservices.com www.googleanalytics.com maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.google.com *.google.de *.gstatic.com *.guuru.com rum.hlx.page *.hotjar.com *.iadvize.com cdn.jsdelivr.net s.kelkoogroup.net *.kk-resources.com *.kpcustomer.de *.kuponacdn.de snap.licdn.com *.media01.eu *.metricool.com *.newrelic.com bam.eu01.nr-data.net *.onetrust.com assets.oney.io *.openweathermap.org *.oracleinfinity.in *.outbrain.com *.pages02.net cdn.parcellab.com *.pinimg.com *.pinterest.com *.qualtrics.com *.redditstatic.com lantern.roeyecdn.com *.a.run.app *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.soundcloud.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com userprotect.de.stihl-dns.net *.dam.stihl.cloud *.taboola.com *.teads.tv *.tealiumiq.com analytics.tiktok.com *.tiktokw.us *.tiqcdn.com *.trbo.com *.trkkn.com s.uicdn.com d.c.cdnsrv.de typekit.net *.typekit.net unpkg.com *.unpkg.com *.assistant.watson.appdomain.cloud *.xing.com *.xingcdn.com sp.analytics.yahoo.com *.youtube.com *.youtube-nocookie.com *.ytimg.com s.yimg.com *.zemanta.com *.zenaps.com *.zenloop.com js.stripe.com web-app-frontend-micro-po-t.azurewebsites.net *.wufoo.com; connect-src 'self' adobeioruntime.net *.adobeioruntime.net *.adyen.com *.adsrvr.org *.algolianet.com *.algolia.io *.algolia.net zenloop-website-overlay-production.s3.amazonaws.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon api-app-backend-pda-t.azurewebsites.net api-app-backend-pda-q.azurewebsites.net api-app-backend-pda-r.azurewebsites.net web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net web-app-batteryadvisor-frontend-pda-t.azurewebsites.net web-app-batteryadvisor-frontend-pda-q.azurewebsites.net web-app-batteryadvisor-frontend-pda-r.azurewebsites.net *.bazaarvoice.com *.bing.com *.bing.net *.clarity.ms *.cloudflare.com *.contentsquare.net *.conversionsapigateway.com *.cookielaw.org *.criteo.com *.criteo.net data: *.demdex.net *.digitizer.app *.doubleclick.net d.c.cdnsrv.de edge.curalate.com *.excentos.com ext.nonstoppartner.net *.facebook.com *.foxbase.de *.fullstory.com google.com *.google-analytics.com *.googleadservices.com *.googleapis.com pagead2.googlesyndication.com *.googletagmanager.com *.google.at *.google.be *.google.ch *.google.com *.google.de *.google.es *.google.fr *.google.gr *.google.hu *.google.it *.google.lu *.google.nl *.google.pl *.google.pt *.guuru.com rum.hlx.page *.hotjar.com *.hotjar.io *.iadvize.com s.kelkoogroup.net *.kk-resources.com *.linkedin.com *.media01.eu bam.eu01.nr-data.net *.omtrdc.net *.onetrust.com widget.oney.io *.oribi.io *.outbrain.com api.openweathermap.org *.parcellab.com *.phrase.com *.phraseapp.com *.pinterest.com *.qualtrics.com *.reddit.com *.redditstatic.com *.a.run.app *.thesciencebehindecommerce.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.stihl.be *.stihl.de *.stihl.es *.stihl.fr *.stihl.lu *.stihl.nl *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com stihl-sso.com stihl.tui-servicelayers.io *.taboola.com *.teads.tv collect.tealiumiq.com analytics.tiktok.com *.tiktokw.us *.trbo.com *.trkkn.com typekit.net *.typekit.net *.assistant.watson.appdomain.cloud *.blob.core.windows.net *.xing.com *.xingcdn.com s.yimg.com *.youtube-nocookie.com wss://*.iadvize.com wss://*.hotjar.com www.wepowerconnections.com *.zenloop.com login.microsoftonline.com graph.microsoft.com *.b2clogin.com *.wufoo.com; img-src 'self' *.ad-stir.com *.1rx.io *.3ma79ae7cua.com 3ma79ae7cua.com *.360yield.com *.3lift.com *.addthis.com *.adform.net *.adingo.jp *.admixer.co.kr *.adnxs.com *.adscale.de *.adsrvr.org *.adtdp.com *.advertising.com *.adyen.com *.agkn.com zenloop-assets.s3.eu-west-1.amazonaws.com *.eu-central-1.amazonaws.com *.amazon-adsystem.com *.ants.vn *.appcelerate.ai *.aralego.com *.atdmt.com *.awin1.com *.azureedge.net *.b2x-env.cloud *.bazaarvoice.com segment.prod.bidr.io *.bidswitch.net *.billie.io *.bing.com *.bing.net blob: *.bluekai.com *.casalemedia.com *.clarity.ms *.clmbtech.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.dable.io data: *.demdex.net *.dmxleo.com *.doubleclick.net *.dspx.tv *.dwin1.com *.e-planning.net edge.curalate.com *.emxdgt.com *.everesttech.net *.excentos.com *.facebook.com *.facebook.net *.foxbase.de *.fullstory.com *.fwnm.net *.google-analytics.com *.googleadservices.com maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.googleusercontent.com *.google.ad *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mi *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.guuru.com *.gstatic.com *.herrenseite.de *.hotjar.com *.iadvize.com *.id5-sync.com id5-sync.com event.tracker.inlabserving.com *.rediunid.imrworldwide.com *.ivitrack.com *.kargo.com s.kelkoogroup.net *.krxd.net *.liadm.com *.linkedin.com px.ads.linkedin.com *.mail.ru *.meba.kr *.media.net *.mediavine.com *.mediawallahscript.com *.metricool.com *.mgid.com *.microad.jp *.nate.com *.omnitagjs.com *.omtrdc.net assets.oney.io *.openx.net *.outbrain.com *.pages02.net *.parcellab.com *.pinterest.com *.pinterest.de *.postrelease.com *.pubmatic.com *.qualtrics.com *.reddit.com *.rambler.ru *.revcontent.com *.rlcdn.com *.rockysandstudio.com lantern.roeye.com *.rubiconproject.com *.the.sciencebehindecommerce.com t.uimserv.de *.seadform.net *.seznam.cz *.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net *.socdm.com *.stickyadstv.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com dam.stihl.cloud t.co *.taboola.com *.tapad.com *.teads.tv *.tealiumiq.com *.thebrighttag.com *.tiktokw.us *.toast.com *.tpmn.co.kr *.trbo.com *.tremorhub.com trk.beintoo.net *.turn.com *.twiago.com analytics.twitter.com typekit.net *.typekit.net sync.targeting.unrulymedia.com web-app-batteryadvisor-frontend-pda-t.azurewebsites.net web-app-batteryadvisor-frontend-pda-q.azurewebsites.net web-app-batteryadvisor-frontend-pda-r.azurewebsites.net *.wepowerconnections.com *.windows.net storagetimbersportsdata.blob.core.windows.net *.xing.com *.xingcdn.com *.yahoo.com *.yahoo.net *.yandex.ru *.yieldlab.net *.yieldmo.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.zemanta.com *.zenaps.com *.zenloop.com; media-src 'self'; style-src 'self' 'unsafe-inline' web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net web-app-batteryadvisor-frontend-pda-t.azurewebsites.net web-app-batteryadvisor-frontend-pda-q.azurewebsites.net web-app-batteryadvisor-frontend-pda-r.azurewebsites.net *.cookielaw.org digitizer.app *.excentos.com *.foxbase.de fonts.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.hotjar.com *.iadvize.com *.onetrust.com *.trbo.com cdn.parcellab.com *.wufoo.com; font-src 'self' zenloop-assets.s3.eu-west-1.amazonaws.com web-chat.global.assistant.watson.appdomain.cloud web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net web-app-batteryadvisor-frontend-pda-t.azurewebsites.net web-app-batteryadvisor-frontend-pda-q.azurewebsites.net web-app-batteryadvisor-frontend-pda-r.azurewebsites.net apps.bazaarvoice.com cdnjs.cloudflare.com data: *.excentos.com *.foxbase.de fonts.googleapis.com fonts.gstatic.com *.guuru.com *.hotjar.com *.iadvize.com assets.oney.io cdn.parcellab.com *.stihl.de *.trbo.com typekit.net *.typekit.net *.zenloop.com *.wufoo.com; frame-src 'self' *.ad-srv.net *.adform.net track.adform.net *.adsrvr.org *.adyen.com *.awin1.com segment.prod.bidr.io *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.dwin1.com d.c.cdnsrv.de *.excentos.com *.facebook.com *.fullstory.com *.google.com *.googletagmanager.com *.guuru.com *.iadvize.com *.jaggaer.com *.kuponacdn.de pixel.mathtag.com my.matterport.com secure.img-cdn.mediaplex.com *.pinterest.de *.pinterest.fr *.pinterest.at *.pinterest.it *.pinterest.com *.pinterest.co.uk *.pinterest.ru *.pinterest.ch *.pinterest.es *.pinterest.se *.pinterest.ca *.pinterest.dk *.pinterest.jp *.pinterest.ie *.pinterest.pt *.qualtrics.com *.redintelligence.net *.the.sciencebehindecommerce.com *.soundcloud.com static.stihl.com *.stihl.at *.stihl.be *.stihl.bg *.stihl.ca *.stihl.ch *.dam.stihl.cloud *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.de *.stihl.dk *.stihl.es *.stihl.fi *.stihl.fr *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.lu *.stihl.nc *.stihl.nl *.stihl.no *.stihl.pe *.stihl.pl *.stihl.pt *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-dns.net *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com *.teads.tv *.trbo.com e.video-cdn.net *.youtube.com *.youtube-nocookie.com *.zenaps.com login.microsoftonline.com support-dev.microsoftcrmportals.com graph.microsoft.com js.stripe.com web-app-frontend-micro-po-t.azurewebsites.net *.wufoo.com; frame-ancestors 'self' *.stihl.com *.stihl-preview.com; child-src 'self' blob: *.guuru.com 21
frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; 21
frame-ancestors 'self'; object-src 'self' 21
object-src 'none'; base-uri 'self' 20
require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport 20
report-uri https://99designs.report-uri.com/r/d/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 20
* 20
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 20
default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 20
default-src 'self'; script-src 'self' 'unsafe-inline' 20
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 20
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 20
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 20
default-src 'none' ; connect-src  https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; manifest-src  https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; media-src  https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; script-src blob:  https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' ; font-src data:  https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; img-src data:  https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; style-src  https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob:  https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-src blob:  https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; form-action  https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-ancestors 'self' https://html.duckduckgo.com; base-uri 'self' ; block-all-mixed-content ; 19
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: yoti: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com global.frcapi.com *.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.mmcdn.com *.agego.com www.youtube.com info.xvideos.net www.tjk-njk.com *.yoti.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.acdn5165543.com *.aacdn.net martted.com *.opoxv.com *.analvids.com tour1.analvids.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com chat.1ka.com u.1ka.com chat-media.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.mmcdn.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us storage.agego.com *.gtflixtv.com chat-media.1ka.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net xenoly7.com miraco7.com clariva5.com miraex6.com go2fridayroll.com solvix8.com linktoliraspin.com clyoro7.com volexa5.com dynara3.com veltor2.com *.trackingtraffo.com trackingtraffo.com *.nowsrv.com betoholictrack.net refpa2518.com refpa3665.com melbet-ma.com melbetegypt.com 1xlite-815256.bar *.staticfilesonly.com *.analvids.com tour1.analvids.com; report-uri https://www.xvideos.com/csp-reports; report-to csp-endpoint 19
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 19
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client; style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob: https://accounts.google.com/gsi/; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self' 19
script-src 'self' 19
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; 19
default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' blob: data: https://*; media-src 'self' blob: data: https://*; frame-ancestors 'self'; report-uri /cspreporting.php; report-to csp-endpoint; 19
object-src 'self' https://www.youtube.com/;frame-src 'self' mailto: tel: https://3cx.com https://player.vimeo.com/ https://vars.hotjar.com/ https://www.google.com https://cse.google.com https://mc.yandex.com/ https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://td.doubleclick.net/ https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 19
frame-ancestors 'self' *.hexia.io *.zigtools.nl *.zig365.nl 19
object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; 19
frame-ancestors 'self' https://test-screwfixspares.bloomreach.io/ https://screwfixspares.bloomreach.io/ 19
frame-ancestors 'self' *.plataformaneo.com.br 19
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests; 19
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 19
frame-ancestors 'self' https://shop.kaspersky.co.uk https://shop.kaspersky.ca https://cart.kaspersky.com.br https://loja.kaspersky.pt https://shop.africa.kaspersky.com https://shop.afrique.kaspersky.com https://shop.baltics.kaspersky.com https://shop.bg.kaspersky.com https://shop.hu.kaspersky.com https://shop.il.kaspersky.com https://shop.kaspersky.be https://shop.kaspersky.co.in https://shop.kaspersky.co.jp https://shop.kaspersky.co.kr https://shop.kaspersky.co.th https://shop.kaspersky.com https://shop.kaspersky.com.au https://shop.kaspersky.com.hk https://shop.kaspersky.com.tr https://shop.kaspersky.com.tw https://shop.kaspersky.com.vn https://shop.kaspersky.cz https://shop.kaspersky.de https://shop.kaspersky.dk https://shop.kaspersky.es https://shop.kaspersky.fi https://shop.kaspersky.fr https://shop.kaspersky.gr https://shop.kaspersky.it https://shop.kaspersky.kz https://shop.kaspersky.ma https://shop.kaspersky.nl https://shop.kaspersky.ro https://shop.kaspersky.rs https://shop.kaspersky.ru https://shop.kaspersky.se https://shop.me.kaspersky.com https://shop.no.kaspersky.com https://shop.sea.kaspersky.com https://shop.stan.kaspersky.com https://shop.usa.kaspersky.com https://shop-lt.latam.kaspersky.com https://shop-mx.latam.kaspersky.com https://checkout.kaspersky.gr https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com; 18
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist 18
frame-ancestors 'self'; base-uri 'self'; 18
frame-ancestors https://app.contentful.com 18
default-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.oribi.io *.cookielaw.org *.onetrust.com *.zscalertwo.net *.googlesyndication.com *.linkedin.com *.hubspot.com *.hubapi.com *.optimizely.com js.usemessages.com static.hsappstatic.net http://cscmarketing-cscdbs-prod-container.azurewebsites.net/blog/wp-json/; script-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.zscalertwo.net js.usemessages.com 'sha256-uEVZG2aKtvTnCiyd6KE5c0iP+naoyXFMNU6NZqWfTzk=' 'sha256-FTZUkywTeCare2C/3qESeGwIijE/FJIJzHs4QajBqVU=' 'sha256-6EYFRGyxum0IwH2kLdixEkMnfVbkqBt14VQFi8BCJRA=' 'sha256-NEJOYgS3wIia+ss6EnB/d2Kk/XqlS6ES36GronXzmbs=' *.cookielaw.org *.onetrust.com *.googlesyndication.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsadspixel.net *.doubleclick.net *.optimizely.com js.usemessages.com blob: 'sha256-FYVcJ8j+aeiBImnoPSLVrA8jc6b/AUdJP0H7kMX8XRg=' 'sha256-2pe8k26MWlcKficOeMWZ75CKsCYpC8O7SWL1c80IevA=' 'sha256-xA+Nf+aCToDDa/FWlmohq36+g4wJDUNr/5Z99KzXHAQ=' 'sha256-Ekr4lImICDOvgVtzrLML7wjf3IM4V5Q3+ohyZq4Fi5w=' 'sha256-RF9rMwBknLb1oeLCScm/ALWwuTagCk5TMhixcBZIP38='; style-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com *.crazyegg.com 'unsafe-inline'; img-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net *.cookielaw.org *.hubspot.com; font-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.googlesyndication.com *.hsforms.com *.doubleclick.net *.googletagmanager.com *.optimizely.com; object-src 'none' 18
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 18
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://tags.creativecdn.com https://lensflare.vimeo.com https://arclight.vimeo.com https://player.vimeo.com https://cdn.cquotient.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.dynamicyield.com https://empme11111.pcapredict.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.google-analytics.com https://*.doubleclick.net https://*.dwin1.com https://*.facebook.net https://*.bing.com https://*.criteo.net https://*.stylight.net https://*.linkfire.com  https://*.pinimg.com https://*.adsrvr.org https://sc-static.net https://*.tiktok.com https://*.kuponacdn.de https://*.ad-srv.net https://ad4m.at https://*.ad4m.at https://*.bounce-commerce.de https://*.usemaxserver.de https://*.soreto.com https://*.gsitrix.com https://*.snapchat.com https://*.clarity.ms https://*.criteo.com https://*.paypal.com https://*.scarabresearch.com https://*.cloudfront.net https://*.fatmedia.io https://*.payments-amazon.com https://hal9000.redintelligence.net https://*.klarnacdn.net https://*.adyen.com https://live.adyen.com https://www.googleadservices.com https://api.sovendus.com https://www.awin1.com https://*.sciencebehindecommerce.com https://*.amazonaws.com https://*.b-cdn.net https://*.klarnaservices.com https://*.cquotient.com https://www.glami.sk https://www.glami.cz https://creativecdn.com https://dmdi.pl https://emp-merchandising-gmbh.jobbase.io https://emp-merchandising-gmbh.onlyfy.jobs https://cdn.studentbeans.com/third-party/all.js https://amplify.outbrain.com/cp/obtp.js https://ai.trk42.net/ https://pixel.dmdi.pl/s/tr.js https://c.imedia.cz/js/retargeting.js https://*.osp.live https://widget.sendwise.sevensenders.com https://*.seznam.cz https://*.twitch.tv https://*.getback.ch http://*.static.getback.ch https://www.mainadv.com https://*.thebrighttag.com https://*.rubiconproject.com https://*.klarna.com https://*.pinterest.com https://*.kpcustomer.de https://www.facebook.com https://r.clarity.ms https://p.gsitrix.com https://tr6.snapchat.com https://www.sandbox.paypal.com https://trck.linkster.co https://*.preciso.net https://pixel.byspotify.com https://pixels.spotify.com https://api.recova.ai https://*.zbozi.cz https://jzixlqre.micpn-eu.com https://*.roeyecdn.com https://*.roeye.com blob:; 18
frame-ancestors 'self' https://*.bsale.io https://*.bsale.cl https://*.bsale.com https://*.bsale.com.pe https://*.bsale.com.mx 18
frame-ancestors 'self' https://epson.custhelp.com https://epson-es.custhelp.com https://epson-pt.custhelp.com  *.goepson.com 18
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; connect-src * blob:; font-src https:; frame-ancestors 'self' https://preview.plaece.nl; frame-src *; img-src https: data: blob:; media-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src https: blob: 18
upgrade-insecure-requests; frame-ancestors 'none' 17
default-src 'self' http: https: ws: wss: yoti: * *.faphouse.com; img-src * data: blob:; media-src * blob:; script-src 'self' 'unsafe-inline' blob: https://assets-ah.flixcdn.com www.google.com www.gstatic.com accounts.google.com *.google.com *.amplitude.com www.google-analytics.com www.googleanalytics.com www.googletagmanager.com www.googleoptimize.com optimize.google.com tagmanager.google.com *.hotjar.com https://pm-api.faphouse.com https://pm.faphouse.com/pm/ https://assets-ah.flixcdn.com/ comments.faphouse.com studio.faphouse.com joinmy.fans 'unsafe-eval' challenges.cloudflare.com cdn.delight-vr.com www.yoti.com; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self' 17
frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 17
upgrade-insecure-requests; default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; 17
frame-ancestors 'self' *.agriaffaires.pro *.machineryzone.pro *.agriaffaires.com *.machineryzone.fr *.machineryzone.com *.truckscorner.fr *.mbcore.io; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 17
sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 17
block-all-mixed-content;upgrade-insecure-requests; 17
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data: 17
default-src 'none'; connect-src https://yandex.ru wss://mc.yandex.ru https://strm.yandex.ru https://*.strm.yandex.ru https://*.strm.yandex.net https://verify.yandex.ru https://mc.yandex.ru  https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ua https://mc.yandex.uz https://yastatic.net 'report-sample'; font-src https://fonts.gstatic.com https://yastatic.net 'report-sample'; frame-src https://ad.mail.ru https://googleads.g.doubleclick.net https://mc.yandex.md https://mc.yandex.com https://rutube.ru https://player.vimeo.com https://nuum.ru https://tpc.googlesyndication.com *.google.com https://www.youtube.com https://yastatic.net *.yandex.ru 'report-sample'; img-src 'self' data: an.yandex.ru *.mds.yandex.net counter.yadro.ru https://*.verify.yandex.ru https://amc.yandex.ru https://csi.gstatic.com https://favicon.yandex.net https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.ua https://mc.yandex.uz https://verify.yandex.ru https://www.google-analytics.com https://www.google.ru https://www.googletagmanager.com https://www.gstatic.com https://yastatic.net imagecache.worldwide-ad-network.biz mc.yandex.ru pagead2.googlesyndication.com *.googleusercontent.com *.google.com 'report-sample'; script-src 'self' 'unsafe-inline' an.yandex.ru https://fundingchoicesmessages.google.com  http://pagead2.googlesyndication.com https://ad.mail.ru https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.uz https://pagead2.googlesyndication.com https://partner.googleadservices.com https://r.mradx.net https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com https://yandex.ru https://yastatic.net mc.yandex.ru www.googletagmanager.com 'report-sample'; style-src 'self' 'unsafe-inline' https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://fonts.googleapis.com; media-src data: strm.yandex.ru *.strm.yandex.net; worker-src https://yastatic.net 'report-sample'; report-uri /csp-report.php 17
frame-ancestors 'self' *.awsapps.nvidia.com *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com https://salespro.hpe.com https://hpe.seismic.com https://cms.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://cms.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud https://events.rainfocus.com https://docs.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://docs.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud https://nvfile; 16
frame-ancestors 'self' https://premiersupport.intel.com https://c0.avaamo.com *.intel.com; object-src 'self'; 16
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ rap.skcrtxr.com *.a.mts.ru sm.rtb.mts.ru 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru api-maps.yandex.ru enterprise.api-maps.yandex.ru *.maps.yandex.net yandex.ru *.time-messenger.ru https://gateway.atomyze.ru https://gw.atomyze.ru id.tbank.ru www.tbank.ru api-statist.tinkoff.ru cdn.tbank.ru cfg.tinkoff.ru business.tbank.ru baf.tinkoff.ru cobrowsing.tbank.ru fallback.cdn-tinkoff.ru mobile-appinapp-static-prod.cdn-tinkoff.ru imgproxy.cdn-tinkoff.ru mddc.tinkoff.ru www.cdn-tinkoff.ru api.tinkoffinsurance.ru geocode-maps.yandex.ru delivery.tinkoff.ru broker-api.tinkoffinsurance.ru api-osago.tbank.ru collection-phoenix.t-tech.team tmsg.tbank.ru tmsg.phoenix-ca.ru api.rosbank.ru pulse-image-avatar.cdn-tinkoff.ru invest-brands.cdn-tinkoff.ru webevent.tbank.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: https://tinkoff.ru https://www.tinkoff.ru https://www.youtube.com api-maps.yandex.ru enterprise.api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru https://widget.cloudpayments.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://tinkoff.ru https://www.tinkoff.ru http://img.youtube.com *.maps.yandex.net api-maps.yandex.ru enterprise.api-maps.yandex.ru yandex.ru http://static.tinkoffinsurance.ru https://i.ytimg.com *.rosbank.ru *.depository.ru agents.tcsbank.ru; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://www.youtube.com https://newatom.spaaace.io https://order.atom.auto https://widget.cloudpayments.ru rutube.ru t-j.ru yandex.ru tmsg.phoenix-ca.ru; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data:; report-uri https://www.tbank.ru/api/front/pwaplatform/log/csp-error?appName=pwaplatform&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru; frame-ancestors 'self' tbank.ru www.tbank.ru *.tbank.ru *.tcsbank.ru tinkoff.ru *.tinkoff.ru *.tbank-online.com https://auto.ru https://t-insurance.avito.com mc.yandex.ru metrika.yandex.ru t-j.ru www.rosbank.ru www.depository.ru *.bankline.ru bankline.ru offer.gdemoideti.ru tmsg.phoenix-ca.ru www.cdn-tinkoff.ru; worker-src 'self' blob: https://www.tbank.ru 16
script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval';    connect-src 'self' ws: https:;    style-src 'self' 'unsafe-inline' https:;    font-src 'self' https: data:;    object-src 'none';    worker-src blob:;    img-src 'self' blob: data: https:;    frame-src 'self' blob: data: https:;    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    upgrade-insecure-requests; 16
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 16
frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.outsideapi.com outsideapi.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com velopress.com *.velopress.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com nationalparktrips.com  *.nationalparktripsmedia.com nationalparktripsmedia.com *.betamtb.com betamtb.com *.mysmokymountainpark.com mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.rollmassif.com rollmassif.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.pinkbike.org pinkbike.org *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com *.gaiagps.com gaiagps.com *.trailforks.com trailforks.com 16
frame-ancestors 'self'; object-src 'none'; 16
default-src 'none'; script-src 'self' https://cdn.markmonitor.com; connect-src 'self'; img-src 'self' https://cdn.markmonitor.com; style-src 'self' https://cdn.markmonitor.com; base-uri 'self';form-action 'self' 16
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://strapi.inbox.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.fjordmail.no; 16
frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.do 16
default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://*  data: blob:; frame-src 'self' https://*; img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob:;frame-ancestors 'self'; 16
frame-ancestors 'self' https://es.chevrolet.com 16
frame-ancestors 'self' https://smarthub.keystoneacademic.com https://sanity.keg.com https://beta.sanity.keg.com; 16
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 16
frame-ancestors 'self' https://go.accessacloud.com; 16
default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com login.microsoftonline.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-FlukkU82ZNE00G2TrHsH/yPyxOM3w+ZxvfuhvuFPnUw=' 'sha256-2zZW4Jcwd05ccL428yqAJrFBz0W+zZ84jSu9AoKa75Q=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-JfJ82reKxtqugVbfRGw/O/1x1Lm1I09rHueXSwvbRws=' 'sha256-BbV1i75oYRtLtfDWs7tnA8QLF5EOO1dVHKL0prVd/fQ=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com merchantpool1.linkedin.com/mdt.js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com flo.uri.sh li.protechts.net *.xlgmedia.com *.px-cloud.net merchantpool1.linkedin.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=d 16
default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net *.archieven.nl storage.googleapis.com scribit-pro-hosting.storage.googleapis.com scribit-pro.storage.googleapis.com app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; 16
frame-ancestors 'self' https://metrika.yandex.ru/ 15
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';script-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline';connect-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline';frame-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self' https://food.grab.com https://food.stg-myteksi.com 15
frame-ancestors https://app.storyblok.com 15
worker-src 'self' blob:;frame-ancestors 'self';default-src 'self' *;script-src 'self' * 'unsafe-inline' 'unsafe-eval';script-src-attr 'unsafe-inline';style-src 'self' * 'unsafe-inline';img-src 'self' * data:;connect-src 'self' *;font-src 'self' * data:;frame-src 'self' *;media-src 'self' *;object-src 'none';base-uri 'self';form-action 'self' 15
default-src 'self'; style-src 'self' * 'unsafe-inline';style-src-attr 'self' 'unsafe-inline' *; style-src-elem 'self' 'unsafe-inline' *; font-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; connect-src *; img-src 'self' 'unsafe-inline' data: blob: *; manifest-src *; frame-src *; media-src * blob:; worker-src blob: 15
frame-ancestors none; 15
object-src 'none'; base-uri 'none'; frame-ancestors 'self'; upgrade-insecure-requests 15
frame-ancestors 'self'; base-uri 'self' 15
frame-src * 15
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com dwin1.com cl.qualaroo.com ref.ccb-dev.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com s2.adform.net c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com comeandsee.my.site.com widgets.eu.ziftsolutions.com static.ziftsolutions.com dynamic.eu.ziftsolutions.com static.eu.ziftsolutions.com app.formulayt.com insights.formulayt.com cdn.bc0a.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com dwin1.com cl.qualaroo.com ref.ccb-dev.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com d.la3-c2-ia7.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com map.brightcove.com assets.map.brightcove.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com *.adform.net *.kmtx.io c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com tag.demandbase.com c.amazon-adsystem.com ct.pinterest.com comeandsee.my.site.com widgets.eu.ziftsolutions.com static.ziftsolutions.com dynamic.eu.ziftsolutions.com static.eu.ziftsolutions.com app.formulayt.com insights.formulayt.com cdn.bc0a.com; 15
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https: blob:; frame-ancestors 'self'; upgrade-insecure-requests 15
script-src 'self' 'strict-dynamic' 'nonce-LSY_r4nD0m' https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://www.google-analytics.com:443 https://*.dynamics.com:443 https://mktdplp102cdn.azureedge.net:443 https://www.googletagmanager.com:443 https://connect.facebook.net:443 https://snap.licdn.com:443 https://*.ads.linkedin.com:443 https://www.youtube.com:443 ; style-src 'self' 'unsafe-inline' https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://*.tagmanager.com:443 https://*.googleapis.com:443;font-src 'self'; connect-src 'self' https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://*.lhsystems.com:443 https://*.stape.io:443 https://*.doubleclick.net:443 https://*.dynamics.com:443 https://*.linkedin.com:443 https://*.google-analytics.com:443 https://*.google.com:443 https://*.facebook.com:443;img-src 'self' data: https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://www.google.com:443 https://*.lhsystems.com:443 https://*.doubleclick.net:443 https://*.google.de https://cdn.lhsystems.com:443 https://*.ads.linkedin.com:443 https://*.dynamics.com:443 https://*.facebook.com:443 https://www.google.hu:443 https://*.google.com:443 https://*.google-analytics.com:443 https://*.googletagmanager.com:443;object-src 'none';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;frame-src https://gtm.lhsystems.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://*.google.com:443 https://*.google.de:443 https://*.dynamics.com:443 https://www.youtube.com:443 https://www.youtube-nocookie.com:443 https://www.googletagmanager.com:443; frame-ancestors https://*.dynamics.com:443; form-action 'self'; 15
default-src 'self'; object-src 'self' blob:; frame-ancestors 'self' flex.cybersource.com; worker-src blob: ; frame-src 'self' blob: *; media-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com  cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com  static.hotjar.com launch-9151dc1e0eb6-development  mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com  www.googletagmanager.com  www.google-analytics.com *.parquesreunidos.es *.optickssecurity.com *.opticksstatic.com *.opticksprotection.com opticksprotection.com assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com www.sandbox.paypal.com checkoutshopper-live.adyen.com sandbox.src.mastercard.com src.mastercard.com assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com  optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net  pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com static.zdassets.com *.optimonk.com sdks.shopifycdn.com ajax.googleapis.com webchat.masvoz.es static.b-ite.com cs-assets.b-ite.com pixel.mathtag.com bat.bing.com cdn.jsdelivr.net farm.plista.com j01l4h3n.com diffuser-cdn.app-us1.com www.rvty.net *.clarity.ms 5mcl.fr *.adnxs.com static.tacdn.com prism.app-us1.com trackcmp.net www.jscache.com *.scratcher.io s2.adform.net cdn.leadfamly.com www.tripadvisor.com www.tripadvisor.fr cpi.mirabilandia.it www.opinator.com pe-iw.store.idlewild.com js.adsrvr.org tracker.marinsm.com pe-dw.store.dutchwonderland.com static.zuora.com pe-waw.store.emeraldpointe.com pe-rwsc.store.rwsac.com pe-mn.store.malibunorcross.com *.quantummetric.com t.contentsquare.net pe-bps.store.boomerspalmsprings.com cdn.smooch.io adventurelandresort.secure-cdn.na.accessoticketing.com pe-bv.store.boomersvista.com pe-rwsj.store.rwsplash.com pe-lc.store.lakecompounce.com pe-mm.store.mountasiamarietta.com app.mews.com apps.mews.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com pay.google.com easyway-webchat.s3.eu-north-1.amazonaws.com *.smooch.io sc-static.net tr.snapchat.com *.sprinklr.com apps.mypurecloud.ie surveydynamix.com apps.mypurecloud.com osm.klarnaservices.com js.klarna.com pagead2.googlesyndication.com static.sojern.com *.outbrain.com tib2.tropical-islands.de sla3.slagharen.com mir8.mirabilandia.it mib9.mirabeach.mirabilandia.it war5.parquewarner.com wab6.parquewarnerbeach.parquewarner.com pam4.parquedeatracciones.es mpg3.movieparkgermany.de mar7.marineland.fr zoo2.zoomadrid.com fau4.faunia.es bjl1.bobbejaanland.be bld2.bonbonland.dk dwo7.dutchwonderland.com bnp8.bonoparques.es tus1.tusenfryd.no swa4.selwo.es swm9.selwomarina.es teb6.telefericobenalmadena.com mxa8.atlantisaquarium-madrid.es bel7.belantis.de blk3.blackpoolzoo.org.uk bos6.sommarland.no bor5.oceanarium.co.uk aqs1.aquasplash.fr car1.cartaya.aquopolis.es cda2.costa-dorada.aquopolis.es cul3.cullera.aquopolis.es tor4.torrevieja.aquopolis.es vil5.villanueva.aquopolis.es slp2.sealifeparkhawaii.com ctp3.castlepark.com knw4.kennywood.com adp5.adventurelandresort.com lkc8.lakecompounce.com cnh1.cartoonnetworkhotel.com sct1.sandcastlewaterpark.com stl6.storylandnh.com sny5.splishsplash.com lsa6.livingshores.com rla9.ragingwaters.com syd7.ragingwaterssydney.com.au wco2.watercountry.com wep3.emeraldpointe.com noa8.noahsarkwaterpark.com idw7.idlewild.com webchat.digitalcx.com *.aptrinsic.com *.datatrans.com *.recaptcha.net *.bookingkit.com *.paypalobjects.com *.trackingplan.com *.leadinfo.net *.moin.ai *.talkjs.com *.accdab.net staging.cdn-net.com six.cdn-net.com www.cdn-net.com demo.fareharbor.com fareharbor.com *.piwik.pro *.instagram.com *.equalweb.com img.mpay.samsung.com us-cdn-gpp.mcsvc.samsung.com *.stackadapt.com; style-src * 'unsafe-inline' blob:; font-src * data:; connect-src * 15
worker-src 'self'; 15
upgrade-insecure-requests; base-uri 'none'; 15
font-src 'none' 15
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:; 15
script-src-elem *.newrelic.com *.maxymiser.net *.googletagmanager.com *.oracleinfinity.io *.crazyegg.com *.facebook.net *.getblue.io *.air.tech *.google-analytics.com *.doubleclick.net *.kommunicate.io *.youtube.com *.soicos.com *.tiktok.com *.yandex.com *.onesignal.com onesignal.com *.verificado.ai https://cdn-mz-gj-vai.verificado.ai/widget/main.js *.google.com *.gstatic.com https://www.google.com/recaptcha/ *.googleadservices.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.lightwidget.com *.clarity.ms *.bing.com unpkg.com *.greencolumnart.com *.hotjar.com *.cloudfront.net *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net cdn.logrocket.io cdn.lr-ingest.io cdn.lr-in.com cdn.lr-in-prod.com cdn.lr-ingest.com cdn.ingest-lr.com cdn.lr-intake.com cdn.intake-lr.com cdn.logr-ingest.com cdn.lrkt-in.com cdn.lgrckt-in.com *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com code.jquery.com stackpath.bootstrapcdn.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem fonts.googleapis.com *.kommunicate.io *.soicos.com *.verificado.ai *.cloudflare.com *.typekit.net https://www.google.com/recaptcha/ *.googletagmanager.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.crazyegg.com *.clarity.ms *.bing.com *.cdnfonts.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googletagmanager.com *.facebook.com *.transbank.cl *.sabbi.cl *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.cardinalcommerce.com *.paypal.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.payulatam.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com webpay3g.transbank.cl webpay3gint.transbank.cl *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com 'self' 'unsafe-inline'; frame-ancestors *.youtube.com *.vimeo.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.grupoaxo.com *.kipling.cl blog.andesgear.cl *.usercentrics.eu *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.weltpixel.com *.facebook.com https://web.facebook.com https://accounts.google.com/ *.cnetcontent.com *.vimeo.com https://event.getblue.io *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://notrack.indexado.pmbox.cloud https://emersya.com *.lightwidget.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://firalivepro.blob.core.windows.net/ https://fira-live-player-pro.azurewebsites.net/ https://20839951p.rfihub.com/ *.googletagmanager.com *.doubleclick.net *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.wufoo.com/ https://wufoo.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.soicos.com *.crazyegg.com *.verificado.ai https://komax-tracking.oms.linets.cl/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br mercadopago.cl/ *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com *.syndigo.com *.syndigo.cloud *.google.com.co *.google.com.pa *.teads.tv *.gap.cl https://fichashppervasive.blob.core.windows.net *.komaxchile.cl/ *.kliper.cl/ https://dc.oracleinfinity.io/ https://s3.amazonaws.com/ https://stags.bluekai.com/ https://cm.g.doubleclick.net https://rrstatic.retailrocket.net/ https://mc.yandex.ru/ https://an.yandex.ru/ https://mc.yandex.md/ *.maxymiser.net *.komaxchile.cl *.bananarepublic.cl *.brooksbrothers.cl *.dcshoes.cl *.kipling.cl *.kivul.cl *.kliper.cl *.marmot.cl *.mammut.cl *.oldnavy.cl *.stoked.cl *.surprice.cl *.thenorthface.cl *.ugg.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io https://km-prod-s3-bucket.s3.amazonaws.com *.elfsight.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.cl *.google.com.pe *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.gap.com.pe news-oldnavy.cl *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.oraclecloud.com *.guess.cl *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.googletagmanager.com *.doubleclick.net komax-files.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net cdn.cs.1worldsync.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.facebook.net *.connect.facebook.net https://accounts.google.com/gsi/client *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.bootstrapcdn.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com *.maxymiser.net/ *.kommunicate.io *.retailrocket.net *.oracleinfinity.io *.crazyegg.com *.komaxchile.cl *.oraclecloud.com *.onesignal.com https://onesignal.com/ *.googleoptimize.com *.lightwidget.com *.air.tech *.rfihub.net *.hicloud.com *.tiktok.com *.hotjar.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.elfsight.com https://mc.yandex.ru/ https://mc.yandex.md/ https://an.yandex.ru/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nr-data.net unpkg.com *.soicos.com *.verificado.ai *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net cdn.logrocket.io cdn.lr-ingest.io cdn.lr-in.com cdn.lr-in-prod.com cdn.lr-ingest.com cdn.ingest-lr.com cdn.lr-intake.com cdn.intake-lr.com cdn.logr-ingest.com cdn.lrkt-in.com cdn.lgrckt-in.com *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com https://rum.hlx.page *.redditstatic.com *.reddit.com *.ads-twitter.com *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com *.doubleclick.net *.typeform.com code.jquery.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com https://rrstatic.retailrocket.net/ https://widget.kommunicate.io/ *.fontawesome.com https://firalivepro.blob.core.windows.net *.brooksbrothers.cl/ https://*.komaxchile.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io unsafe-inline *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.syndigo.com *.syndigo.cloud https://emersya.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.youtube.com youtube.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com 'self' 'unsafe-inline'; manifest-src *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net wss://tm.filter:1502/ xml.ssreviewsportal.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com https://accounts.google.com/gsi/ *.paypal.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv *.doubleclick.net *.kommunicate.io *.oracleinfinity.io *.oraclecloud.com *.tiktok.com https://mc.yandex.ru/ https://an.yandex.ru https://mc.yandex.md/ *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.maxymiser.net/ *.elfsight.com https://analytics.pangle-ads.com/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.crazyegg.com *.nr-data.net *.sentry.io *.google-analytics.com *.facebook.net google.com *.soicos.com *.yandex.com *.verificado.ai *.amazonaws.com https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com  wss://*.zendesk.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.logrocket.io *.lr-ingest.io *.logrocket.com *.lr-in.com *.lr-in-prod.com *.lr-ingest.com *.ingest-lr.com *.lr-intake.com *.intake-lr.com *.logr-ingest.com *.lrkt-in.com *.lgrckt-in.com *.usercentrics.eu *.grupoaxo.com *.inspectlet.com wss://ws.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com *.analytics.google.com *.redditstatic.com *.reddit.com *.twitter.com *.ads-twitter.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com https://accounts.google.com/ http: https: blob: 'self' 'unsafe-inline'; default-src *.maxymiser.net *.komaxchile.cl *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io *.fitit.ai *.cloudfunctions.net *.googleapis.com 'self' 'unsafe-inline'; 15
frame-ancestors 'self' https://webcake.io https://*.webcake.io https://storecake.io https://*.storecake.io https://botcake.io https://www.botcake.io https://webcake.biz https://*.webcake.biz 15
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: https://cdn.ampproject.org https://*.google-analytics.com https://www.googletagmanager.com https://widgets.api-sports.io; style-src 'self' 'unsafe-inline' filesystem: https://fonts.googleapis.com; img-src 'self' https: data: blob: filesystem: secure.gravatar.com cdn.ampproject.org ampproject.net *.wordpress.org s.w.org *.githubusercontent.com https://widgets.api-sports.io https://*.api-sports.io; connect-src 'self' https: data: blob: filesystem: https://cdn.ampproject.org https://ampcid.google.com https://ampcid.google.com.mt https://ampcid.google.com.tr https://*.google-analytics.com https://*.hotjar.com https://*.facebook.com https://*.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com https://widgets.api-sports.io https://*.api-sports.io; font-src 'self' https: data: blob: filesystem: https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https: data: blob: filesystem: https://www.googletagmanager.com https://*.google.com https://vars.hotjar.com https://www.facebook.com https://widgets.api-sports.io 15
block-all-mixed-content;connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss:;default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss: 'report-sample';font-src 'self' data: https: blob: wss: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-ancestors 'self' int1.msn.com ntp.msn.cn ntp.msn.com windows-int1.msn.com windows.msn.cn windows.msn.com www.bing.com www.msn.com mathsolver.microsoft.com mathsolver-dev.microsoft.com chrome-extension://lklfbkdigihjaaeamncibechhgalldgl;media-src 'self' https: blob:;report-to csp-endpoint;worker-src 'self' https: blob: 'report-sample'; 14
script-src 'self' 'unsafe-eval' blob: open.spotifycdn.com open-exp.spotifycdn.com open-review.spotifycdn.com open-exp-review.spotifycdn.com quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://www.redditstatic.com/ads/pixel.js https://t.contentsquare.net/uxa/22f14577e19f3.js https://get.microsoft.com/badge/ms-store-badge.bundled.js https://cdn.us.heap-api.com https://heapanalytics.com 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=' 'sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s=' 'sha256-o2wzIImHJ4+WWE5DCTR+myWU0UNml0+wwpDXRo++vII='; frame-ancestors 'self' https://adgen-dev.spotify.com/account/*/ad/*/details https://adgen-dev.spotify.com/preview/* https://local.spotify.net/account/*/ad/*/details https://local.spotify.net/preview/* https://app.smartly.io/*; 14
script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 14
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://*.bwin.com https://*.bwin.de https://*.bwin.dk https://*.bwin.es https://*.bwin.fr https://*.bwin.it https://*.bwin.gr https://*.bwin.se https://*.bwin.be https://*.bwin.co https://*.bwin.mx https://*.bwin.nl https://*.bwin.pl https://*.bwin.pt https://*.bwin.ro https://*.bwincasino.be https://*.bwindice.be https://*.betcity.nl https://*.betboo.bet.br https://*.br.betboo.com https://*.partypoker.com https://*.partypoker.cz https://*.partypoker.de https://*.partypoker.dk https://*.partypoker.es https://*.partypoker.fr https://*.partypoker.it https://*.partypoker.mx https://*.partypoker.nl https://*.partypoker.pt https://*.partypoker.se https://*.partypokerlive.com https://*.partypoker-sochi.com https://*.partycasino.com https://*.ab.partycasino.ca https://*.partycasino.ca https://*.partycasino.es https://*.partycasino.mx https://*.partycasino.nl https://*.partycasino.se https://*.partysports.com https://*.partysports.ca https://*.partysports.es https://*.partysports.mx https://*.partysports.nl https://*.galabingo.com https://*.galacasino.com https://*.galaspins.com https://*.cheekybingo.com https://*.foxybingo.com https://*.foxygames.com https://*.gamebookers.com https://*.gamebookers.de https://*.giocodigitale.it https://*.ladbrokes.com https://*.ladbrokes.de https://*.ninjacasino.se https://*.oddset.de https://*.on.betmgm.ca https://*.on.bwin.ca https://*.on.partycasino.ca https://*.on.partypoker.ca https://*.on.partysports.ca https://*.on.wheeloffortunecasino.com https://*.partyarcadegames.com https://*.premium.com https://*.bpremium.de https://*.sh.bwin.de https://*.slotclub.de https://*.partyslots.de https://*.sportingbet.com https://*.sportingbet.bet.br https://*.sportingbet.co.za https://*.sportingbet.de https://*.sportingbet.gr https://*.sportingbet.ro https://*.sportsinteraction.com https://*.on.sportsinteraction.com https://*.ab.sportsinteraction.com https://*.unikrn.com https://*.coral.co.uk https://*.vistabet.gr https://*.casinoclub.com https://*.da.partypoker.com https://*.danskespil.dk https://*.cms.test.env.works https://*.itsfogo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.bwin.com https://*.bwin.de https://*.bwin.dk https://*.bwin.es https://*.bwin.fr https://*.bwin.it https://*.bwin.gr https://*.bwin.se https://*.bwin.be https://*.bwin.co https://*.bwin.mx https://*.bwin.nl https://*.bwin.pl https://*.bwin.pt https://*.bwin.ro https://*.bwincasino.be https://*.bwindice.be https://*.betcity.nl https://*.betboo.bet.br https://*.br.betboo.com https://*.partypoker.com https://*.partypoker.cz https://*.partypoker.de https://*.partypoker.dk https://*.partypoker.es https://*.partypoker.fr https://*.partypoker.it https://*.partypoker.mx https://*.partypoker.nl https://*.partypoker.pt https://*.partypoker.se https://*.partypokerlive.com https://*.partypoker-sochi.com https://*.partycasino.com https://*.ab.partycasino.ca https://*.partycasino.ca https://*.partycasino.es https://*.partycasino.mx https://*.partycasino.nl https://*.partycasino.se https://*.partysports.com https://*.partysports.ca https://*.partysports.es https://*.partysports.mx https://*.partysports.nl https://*.galabingo.com https://*.galacasino.com https://*.galaspins.com https://*.cheekybingo.com https://*.foxybingo.com https://*.foxygames.com https://*.gamebookers.com https://*.gamebookers.de https://*.giocodigitale.it https://*.ladbrokes.com https://*.ladbrokes.de https://*.ninjacasino.se https://*.oddset.de https://*.on.betmgm.ca https://*.on.bwin.ca https://*.on.partycasino.ca https://*.on.partypoker.ca https://*.on.partysports.ca https://*.on.wheeloffortunecasino.com https://*.partyarcadegames.com https://*.premium.com https://*.bpremium.de https://*.sh.bwin.de https://*.slotclub.de https://*.partyslots.de https://*.sportingbet.com https://*.sportingbet.bet.br https://*.sportingbet.co.za https://*.sportingbet.de https://*.sportingbet.gr https://*.sportingbet.ro https://*.sportsinteraction.com https://*.on.sportsinteraction.com https://*.ab.sportsinteraction.com https://*.unikrn.com https://*.coral.co.uk https://*.vistabet.gr https://*.casinoclub.com https://*.da.partypoker.com https://help.danskespil.dk https://*.danskespil.dk https://*.cms.test.env.works https://*.itsfogo.com; 14
default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 14
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; worker-src 'self' blob:; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; upgrade-insecure-requests; report-uri https://glsgroup.report-uri.io/r/default/csp/enforce; report-to https://glsgroup.report-uri.io/r/default/csp/enforce; 14
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline'    https://api.cloudflare.com    *.kargo.com    tag.bounceexchange.com    tag.wknd.ai    assets.bounceexchange.com    api.bounceexchange.com    dev.bounceexchange.com    dash.bounceexchange.com    dash-staging.bounceexchange.com    *.rfihub.com    *.rfihub.net    *.sixflags.com    *.googletagmanager.com    *.googlesyndication.com    storage.googleapis.com    *.youtube.com    *.ujet.co    *.sentry-cdn.com    *.algolia.net    *.algolianet.com    *.sixflags.net    *.abtasty.com    *.osano.com    *.api.osano.com    *.datasubject.com    *.quantummetric.com    *.clarity.ms    core.sanity-cdn.com    acsbapp.com    authjs.dev    unpkg.com    *.ondigitalocean.app    *.attractions.io    *.pinterest.com    connect.facebook.net    *.buy.sixflags.com    *.store.sixflags.com    s.pinimg.com    *.g.doubleclick.net    https://bat.bing.com/bat.js    https://live.rezync.com    https://cdn.boomtrain.com    https://bat.bing.com    https://bat.bing.com/p/action    https://bat.bing.com/p/action/247012320.js    https://connect.facebook.net/en_US/fbevents.js    https://try.abtasty.com    https://www.google.com    https://analytics.google.com    https://www.gstatic.com    *.taboola.com    https://cloudpresskit.com;  style-src 'self' 'unsafe-inline' *.abtasty.com assets.bounceexchange.com;  img-src 'self' data: blob: assets.bounceexchange.com events.bouncex.net *.cdnwidget.com pippio.com *.store.sixflags.com *.liadm.com *.clarity.ms *.buy.sixflags.com https://www.google.com https://i.liadm.com  https://ad.doubleclick.net https://analytics.google.com https://www.facebook.com  *.g.doubleclick.net https://live.rezync.com https://bat.bing.com https://trc.taboola.com *.wistia.com *.youtube.com *.googlesyndication.com  *.moengage.com *.googletagmanager.com *.ytimg.com *.abtasty.com authjs.dev https://cloudpresskit.com https://static.cloudpresskit.com https://bat.bing.com/action cdn.sanity.io static.sixflags.com six-flags.s3.amazonaws.com assets.sixflags.com;  font-src 'self' data:    https://cloudpresskit.com assets.bounceexchange.com;  object-src 'none';  base-uri 'self';  form-action 'self' api.bounceexchange.com dev.bounceexchange.com;  frame-ancestors 'self';  frame-src * www.google.com recaptcha.google.com assets.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com *.google.com *.buy.sixflags.com *.store.sixflags.com;  worker-src blob:;  child-src blob: assets.bounceexchange.com;  connect-src 'self' ws:    api.bounceexchange.com    *.kargo.com    coupons.bounceexchange.com    events.bouncex.net    *.cdnwidget.com    *.cdnbasket.net    *.boomtrain.com    *.clarity.ms    *.doubleclick.net    https://www.facebook.com    https://analytics.google.com    https://bat.bing.com    https://bat.bing.com/p/action    https://bat.bing.com/p/action/247012320.js    *.wistia.com    *.acsbapp.com    *.moengage.com    *.sixflags2024.dev    *.quantummetric.com    *.sfdev.co    api.sixflags.net    *.store.sixflags.com    *.buy.sixflags.com    *.youtube.com    *.api.osano.com    *.osano.com    *.algolia.net    *.algolianet.com    *.sixflags.net    *.abtasty.com    *.pinterest.com    *.taboola.com    *.ondigitalocean.app    *.attractions.io    *.googletagmanager.com    *.intentia.com    fg8vvsvnieiv3ej16jby.litix.io    *.googleadservices.com    undefined    undefined    https://d18car1k0ff81h.cloudfront.net    https://dev.cf-mobile.com    https://live.rezync.com    https://www.google.com    https://static.cloudpresskit.com    https://www.google-analytics.com    https://us-central1-missi-six-prod.cloudfunctions.net    https://cloudpresskit.com    *.cloudfront.net;  manifest-src 'self' accounts.google.com *.abtasty.com web-sf-user-pool-domain-uat.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain-dev.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain-qa.auth.us-east-2.amazoncognito.com;  media-src 'self' blob: *.youtube.com;  upgrade-insecure-requests; 14
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 14
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 14
frame-ancestors 'self' https://medium.com 14
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https:; frame-src 'self' https:; upgrade-insecure-requests 14
default-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https: http:;font-src 'self' data: https:;connect-src 'self' https: ws: wws:;frame-ancestors 'self' https://*.holidu.com https://*.holidu.cloud https://*.holidu.io https://tsmart.tomas-travel.com 14
form-action 'self' 14
default-src 'self' blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com;connect-src 'self' blob: wss: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.metart.network *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.metartmoney.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com api.ipify.org *.s3.eu-central-1.amazonaws.com;style-src 'self' blob: 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com;font-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.vwo.com;script-src 'self' 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com;frame-src 'self' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.twitter.com *.youtube.com *.vimeo.com *.atlassian.net *.metartmoney.com *.visualwebsiteoptimizer.com *.vwo.com *.google.com *.trymax.ai;img-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.icfcdn.com *.twimg.com *.twitter.com *.zopim.com *.jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.visualwebsiteoptimizer.com *.vwo.com *.vscdns.com *.strpst.com *.google.com;media-src 'self' data: blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.icfcdn.com *.zdassets.com *.visualwebsiteoptimizer.com *.vwo.com;worker-src 'self' data: blob: wss:;object-src 'none' 14
frame-ancestors 'self' meisterdrucke.com meisterdrucke.de meisterdrucke.at; 14
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: *; frame-ancestors 'self' https://gameloader.1030marsbahis.com 14
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ 14
upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: ws: *.abtasty.com *.bazaarvoice.com *.bumlam.com *.bing.com bat.bing.net *.crazyegg.com *.clarity.ms *.doubleclick.net *.google.com *.google-analytics.com *.googlesyndication.com *.gstatic.com *.googleapis.com www.googleadservices.com www.googletagmanager.com service.gstatic-cache.com lh3.googleusercontent.com *.mapbox.com *.mycheckstatus.com *.onetrust.com *.pinterest.com *.pmcprograms.com *.pricespider.com *.retargetly.com *.typeform.com *.taboola.com services.global.commerce-connector.com shoppable-assets.global.commerce-connector.com shoppable-configs.global.commerce-connector.com shoppable.commerce-connector.com ws.hotjar.com script.hotjar.com static.hotjar.com metrics.hotjar.io vc.hotjar.io content.hotjar.io nasacort.jebbit.com xyzalus.jebbit.com icyhotus.jebbit.com www.youtube.com m.youtube.com www.youtube-nocookie.com allegra-pitstop-game-0046fd43d9e4.herokuapp.com testyourliver.abi.ai crescendoc.wufoo.com s3.amazonaws.com askyourliver.s3.eu-central-1.amazonaws.com beacon.deepintent.com ads-engagement.presage.io an.yandex.ru mc.yandex.com mc.yandex.ru yandex.ru analytics.tiktok.com analytics.twitter.com static.ads-twitter.com api-js.mixpanel.com api.amcreativemedia.com api.global-data-lab.com api.highdataanalytics.com api.lapis-analytics.com api.mkmediaworks.com api.permutive.com api.solaranalyticscorp.com cdn-eidpp.nitrocdn.com cdn-uicons.flaticon.com cdn.cookielaw.org cdn.flowcode.com cdn.jsdelivr.net cdn.krxd.net cdn.mouseflow.com cdn.trustpilot.net cdn.tailwindcss.com cdnjs.cloudflare.com clientstream.launchdarkly.com cloudjs.netlify.com code.jquery.com connect.facebook.net l.facebook.com www.facebook.com ara.paa-reporting-advertising.amazon auth.iws-hybrid.trendmicro.com data1.calicluo.com datenschutz.sanofi.de i.ytimg.com ib.adnxs.com secure.adnxs.com images.simplycodes.com kraken.rambler.ru r3.dotdigital-email.com r3.dotdigital-pages.com cs.frontend.weborama.fr sanofi.solution.weborama.fr deo.shopeemobile.com dev.visualwebsiteoptimizer.com diffuser-cdn.app-us1.com edge.fullstory.com fonts.cdnfonts.com gdehu.hit.gemius.pl grmtech.net hu-gmtdmp.mookie1.com hugde.adocean.pl insight.adsrvr.org js.adsrvr.org log-papago.naver.com login.microsoftonline.com mon16-normal-useast5.tiktokv.us o132438.ingest.sentry.io p.typekit.net use.typekit.net pixel.rubiconproject.com pollen.services.myilume.de pollenapps.com privacy-cs.mail.ru r3.mail.ru rs.mail.ru top-fwz1.mail.ru px.adhigh.net px.ads.linkedin.com rbtds.net retcode-us-west-1.arms.aliyuncs.com rules.quantcount.com s.adroll.com s.amazon-adsystem.com s.pinimg.com s.yimg.com sc-static.net secure.quantserve.com security-us.mimecast.com snap.licdn.com sp.analytics.yahoo.com spoppe-b.azureedge.net t-azmaps.azurelbs.com st.top100.ru static.ads-twitter.com t.co static.terratraf.io static2.sharepointonline.com sync.crwdcntrl.net sync.dmp.otm-r.com sync.upravel.com tr.snapchat.com tr6.snapchat.com racking.adsafety.net unpkg.com use.fontawesome.com vk.com ws.miqcommerce.com www.instagram.com www.rappi.com.co www.researchsolutions.com www.sanofi.us www.terracycle.com apiv2.popupsmart.com yt3.ggpht.com vimeo.com player.vimeo.com edge.curalate.com engage.telfast.com.au www.telfastcashback.com.au telfast-widget.ambeedata.com telfast-movie-ticket.kostaging.com.au telfast-movie-ticket.kopromos.com.au www.buscopanmoneyback.com.au lett.2buycdn.com embed.2b.uy *.teads.tv p.teads.tv *.amazon-adsystem.com *.run.app analytics-ipv6.tiktokw.us cortizone10.jebbit.com *.taggbox.com *.tagbox.com iaso-amer.dulcolax.com *.blueconic.net 2buy.site embed.2buy.site bit-arcades.web.app ambitious-bush-00d15ee1e.6.azurestaticapps.net www.w3schools.com; 14
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 14
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 14
frame-ancestors 'self' https://familywatchdog.us https://*.familywatchdog.us ; 14
frame-ancestors https://*.login.smartweb.test https://*.admin.shop-sftest.io https://*.webshop-admin.scannet.dk https://*.admin.hostedshop.io https://*.admin.hostedcms.io https://*.webshop.dandomain.dk 14
upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ 13
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: yoti: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com global.frcapi.com *.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.mmcdn.com *.agego.com www.youtube.com info.xnxx.com www.tjk-njk.com *.yoti.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.acdn5165543.com *.aacdn.net martted.com *.opoxv.com *.analvids.com tour1.analvids.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.mmcdn.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us storage.agego.com *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net xenoly7.com miraco7.com clariva5.com miraex6.com go2fridayroll.com solvix8.com linktoliraspin.com clyoro7.com volexa5.com dynara3.com veltor2.com *.trackingtraffo.com trackingtraffo.com *.nowsrv.com betoholictrack.net refpa2518.com refpa3665.com melbet-ma.com melbetegypt.com 1xlite-815256.bar *.staticfilesonly.com *.analvids.com tour1.analvids.com; report-uri https://www.xnxx.com/csp-reports; report-to csp-endpoint 13
frame-ancestors 'self' https://*.useberry.com 13
frame-ancestors 'self' https://*.kayak.com https://www.kayak.com.ar https://www.kayak.com.au https://www.kayak.bo https://www.kayak.com.br https://www.kayak.cat https://www.kayak.cl https://www.cn.kayak.com https://www.kayak.com.co https://www.kayak.co.cr https://www.kayak.dk https://www.kayak.com.do https://www.kayak.com.ec https://www.kayak.com.sv https://www.kayak.fr https://www.kayak.de https://www.kayak.com.gt https://www.kayak.com.hn https://www.kayak.com.hk https://www.kayak.co.in https://www.kayak.co.id https://www.kayak.ie https://www.kayak.it https://www.kayak.co.jp https://www.kayak.com.my https://www.kayak.com.mx https://www.kayak.nl https://www.kayak.com.ni https://www.kayak.no https://www.kayak.com.pa https://www.kayak.com.py https://www.kayak.com.pe https://www.kayak.com.ph https://www.kayak.pl https://www.kayak.pt https://www.kayak.com.pr https://www.en.kayak.sa https://www.kayak.sg https://www.kayak.co.kr https://www.kayak.es https://www.kayak.se https://www.kayak.ch https://www.kayak.co.th https://www.kayak.com.tr https://www.kayak.ae https://www.kayak.co.uk https://www.kayak.com.uy https://www.kayak.co.ve 13
default-src * 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' nic.bradesco imprensa.bradesco vivaprime.bradesco assets.bradesco *.prebanco.com.br *.adobedtm.com *.bing.com *.google.com *.google.com.br *.facebook.com *.facebook.net *.youtube.com *.youtube.com.br *.tiktok.com *.googleapis.com https://fonts.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://canalconsorciado.bradesco.com.br *.googleoptimize.com static.ads-twitter.com *.doubleclick.net *.rybena.com.br *.navdmp.com t.co https://banco.bradesco *.bradesco.com.br *.banco.bradesco *.interneth.bradesco.com.br *.bradescopessoajuridica.com.br *.bradescocelular.com.br *.omny.fm *.ggpht.com *.ytimg.com https://turn2c-sandbox.com https://wa.onelink.me https://apps.sae1.pure.cloud *.virtualearth.net https://bancobradesco.tt.omtrdc.net https://dpm.demdex.net https://www.unibrad.com.br; img-src * 'self' data: https:; font-src * 'self' data:; media-src * 'self' data: 13
upgrade-insecure-requests, upgrade-insecure-requests 13
frame-ancestors 'self' https://*.joyn.de https://app.datadoghq.eu; 13
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 13
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self'; style-src 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'none' 13
frame-src *; 13
frame-ancestors https://*.flexera.com https://*.flexera.de https://*.revenera.com https://*.revenera.de https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com *.visualwebsiteoptimizer.com app.vwo.com; default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: useruploads.vwo.io *.visualwebsiteoptimizer.com app.vwo.com; form-action 'self'; script-src * 'unsafe-eval' 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com 'self' blob:; style-src * 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https: 13
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; 13
script-src 'self' 'unsafe-inline' 'unsafe-eval' checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com cspl-corpweb-site-asia-production-revamp.s3.ap-southeast-1.amazonaws.com www.instagram.com *.ttwstatic.com youtube.com tiktok.com www.tiktok.com web.cmp.usercentrics.eu p.teads.tv *.freshchat.com in.fw-cdn.com analytics.tiktok.com vimeo.com www.vimeo.com www.youtube.com *.treasuredata.com snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com *.cdn.adyen.com; object-src 'none'; child-src 'self' checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com www.instagram.com *.ttwstatic.com tiktok.com www.tiktok.com *.freshchat.com www.youtube.com youtube.com www.google.com google.com *.doubleclick.net player.vimeo.com www.googletagmanager.com *.cdn.adyen.com maps.google.com.sg www.google.com maps.google.com goo.gl google.com www.facebook.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests 13
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 13
frame-ancestors whitelabel.camspower.com cams.dnxlive.com 13
default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com https://maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net https://maxcdn.bootstrapcdn.com 13
frame-ancestors 'self' azeu.marketing.adobe.com 13
default-src * 'unsafe-eval' 'unsafe-inline' data: mediastream: blob: filesystem:; 13
frame-ancestors 'self' https://www.irpcommerce.com; 13
object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests 13
require-trusted-types-for 'script';report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport 12
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 12
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https: ; worker-src 'self' blob: ; media-src 'self' blob: https: ; 12
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 12
frame-ancestors 'self' *.purpledshub.com 12
frame-ancestors 'self' https://app.storyblok.com; 12
default-src http:; img-src * data:; script-src https:* http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline'; 12
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 12
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com *.inspiredvss.co.uk 12
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; 12
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src *  'unsafe-inline'; font-src * data:; 12
default-src 'self' *.idrive.com *.idrivesync.com  https://graph.facebook.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.idriveonlinebackup.com  https://*.chatbot.com https://www.clarity.ms https://*.bing.com https://maxaccess-api.onlineada.workers.dev https://snap.licdn.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://js.zohocdn.com https://salesiq.zoho.com https://embed.tawk.to https://app.chatsupport.co https://*.zendesk.com https://static.zdassets.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://js.hcaptcha.com https://*.facebook.com https://bmrsignal.idrivelite.com https://*.google.com https://apis.google.com https://accounts.google.com https://alcdn.msauth.net  https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://cdn.livechatinc.com https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://ajax.googleapis.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.google.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://js.stripe.com https://www.googletagmanager.com https://api.maxaccess.io; img-src https://* 'self' data: blob: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://css.zohocdn.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com; font-src https://* https://fonts.gstatic.com data: ; object-src 'self' https://secure.livechatinc.com; frame-src https://* 'self' data: blob:; frame-src https://*.idriveonlinebackup.com; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; frame-ancestors 'self'; 12
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *; 12
frame-ancestors 'self' https://*.bdo.global 12
frame-ancestors 'self' https://*.akifast.com akifast.com https://*.akinoncloud.com akinoncloud.com 12
frame-ancestors 'self' https://*.fynd.com 12
connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 12
frame-ancestors https://app.contentful.com https://dash.cloudflare.com 12
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;script-src * 'unsafe-inline' 'unsafe-eval' data: blob:;script-src-elem * 'unsafe-inline' 'unsafe-eval' data: blob:;style-src * 'unsafe-inline' 'unsafe-eval' data: blob:;style-src-attr * 'unsafe-inline' 'unsafe-eval' data: blob:;style-src-elem * 'unsafe-inline' 'unsafe-eval' data: blob:;img-src * 'unsafe-inline' 'unsafe-eval' data: blob:;font-src * 'unsafe-inline' 'unsafe-eval' data: blob:;object-src * 'unsafe-inline' 'unsafe-eval' data: blob:;media-src * 'unsafe-inline' 'unsafe-eval' data: blob:;frame-src * 'unsafe-inline' 'unsafe-eval' data: blob:;frame-ancestors *;connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:;worker-src * 'unsafe-inline' 'unsafe-eval' data: blob: 12
frame-ancestors 'self' *.localhost.test *.pages.dev *.tickettando.it tickettando.it *.casacinemanapoli.it; 12
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.youtube.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 12
default-src https: wss://*.hotjar.com wss://wc.dcbprotect.com:8080 'unsafe-inline' 12
frame-ancestors 'self' *.mydukaan.io; 12
default-src https: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' ;img-src https: blob: data:;font-src https: data:;connect-src https: wss:;worker-src https: blob:; 12
default-src  'self' https://*.dcube.cloud/ ;  script-src  'self'  'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag 'sha256-jrgkEqFIwhymCeRxfh3RHm2ssvwC2lNerrrYfQZiAMA=' # Script for WizGov 'sha256-E6VSHz7prXjxYy3IswjAT2XLomQQ+UmhLBThJZm+dGs=' # Script for WizGov https://script-staging.wiz.gov.sg/customs-script.js https://script.wiz.gov.sg/customs-script.js blob:  https://assets.dcube.cloud  https://*.wogaa.sg  https://assets.adobedtm.com  https://www.google-analytics.com  https://cdnjs.cloudflare.com  https://va.ecitizen.gov.sg  https://*.cloudfront.net  https://printjs-4de6.kxcdn.com  https://unpkg.com  https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net  https://connect.facebook.net  https://graph.facebook.com  https://facebook.com  https://www.facebook.com  https://*.googletagmanager.com https://*.licdn.com  https://webchat.vica.gov.sg  https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js https://*.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud/ https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js https://attachments.apac2.webexengage.com https://cdn-widget.apac2.webexengage.com https://rtm.sg.webexconnect.io https://widget.apac2.webexengage.com ;  object-src  'self' ;  style-src  'self'  'unsafe-inline' https://fonts.googleapis.com/  https://*.cloudfront.net  https://va.ecitizen.gov.sg  https://*.wogaa.sg  https://cdnjs.cloudflare.com  https://datagovsg.github.io  https://webchat.vica.gov.sg  https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ;  img-src  * ;  media-src  * ;  frame-src  https://form.gov.sg/  https://wogaa.demdex.net/  https://*.youtube.com  https://*.youtube-nocookie.com  https://*.vimeo.com  https://vimeo.com https://www.google.com  https://checkfirst.gov.sg  https://www.checkfirst.gov.sg  https://docs.google.com  https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ https://*.onemap.gov.sg/ https://maps.hack2025.gov.sg https://maps.gov.sg ;  frame-ancestors  'none' ;  font-src  *  data: ;  connect-src  'self'  https://dpm.demdex.net  https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com  https://stats.g.doubleclick.net  https://*.wogaa.sg  https://va.ecitizen.gov.sg  https://ifaqs.flexanswer.com  https://*.cloudfront.net  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  https://wogadobeanalytics.sc.omtrdc.net  https://data.gov.sg  https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://*.ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://console.apac.sabio.cloud/ https://authmiddleware.ap.sabio.cloud https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://attachments.apac2.webexengage.com https://cdn-widget.apac2.webexengage.com https://rtm.sg.webexconnect.io https://widget.apac2.webexengage.com ; 12
style-src * 'unsafe-inline'; font-src * data:; img-src * data:; connect-src *; object-src none; frame-ancestors 'self'; 12
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data: blob:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php 12
frame-ancestors *.shein.com https://www.shein.com.hk https://www.shein.com.vn https://www.shein.com.mx https://www.shein.co.uk https://www.shein.tw https://www.shein.se https://co.shein.com https://www.shein.com.co 11
frame-ancestors 'self' *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ bam.nr-data.net/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.1c-bitrix.ru gw.timeweb.com https://cloud.roistat.com https://cllctr.roistat.com https://smartcaptcha.yandexcloud.net smartcaptcha.yandexcloud.net https://cdn.mxpnl.com cdn.mxpnl.com *.jivo.ru *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ *.timeweb.net *.timeweb.ru timeweb.eu vds-static.timeweb.com cloud.timeweb.com timeweb.cloud public-api.timeweb.com content.timeweb.com api.craftum.com api-v2.craftum.com *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com sentry.timeweb.net:4443 data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net myreviews.dev https://myreviews.dev webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ wss://*.jivosite.com https://www.googleoptimize.com/ blob: timeweb.com content.saas-support.com cdn.envybox.io whitesaas.com https://directus-twtech.timeweb.net https://api-qa.timeweb.ru 11
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net *.newsbreak.com *.newsbreakapp.com *.upday-content.com *.upday.com *.samsung-news.com; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 11
upgrade-insecure-requests; frame-ancestors 'self' https://explore.bitdefender.com/; object-src 'none'; script-src 'unsafe-eval' 'self' 'nonce-DhcnhD3khTMePgXw' 'strict-dynamic' 'unsafe-hashes' 'sha256-RjileO61mmx5C3Z0ub77ckR3sl153RlKqUC+EcKaVQc=' ; 11
frame-ancestors 'self' *.kameleoon.com 11
frame-ancestors 'self' https://www.thomsonreuters.com 11
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 11
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors: 'self' *.mheducation.com; 11
default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 11
frame-ancestors 'self' *.funke.cue.cloud 11
frame-ancestors 'self' *.google.com; 11
upgrade-insecure-requests; frame-ancestors 'self' https://explore.apptio.com https://explore.ibm.com 11
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 11
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 11
frame-ancestors 'self' https://app.contentful.com; 11
default-src 'self'; connect-src 'self' *.yoast.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.authorize.net *.facebook.com stats.addtoany.com *.google.com *.google-analytics.com cdn.cookielaw.org *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com s3.eu-west-1.amazonaws.com *.marker.io stats.g.doubleclick.net *.clarity.ms *.mktoresp.com *.ziftsolutions.com *.ziftone.com *.ziftmarcom.com *.onetrust.com *.cookielaw.org *.newrelic.com bam.nr-data.net *.googlesyndication.com *.gstatic.com scout.salesloft.com cdn.linkedin.oribi.io *.mktoutil.com *.bonterratech.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com bat.bing.com *.convertexperiments.com *.instagram.com *.linkedin.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com *.onetrust.com ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.vimeo.com *.cloudinary.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com *.tofuhq.com; font-src 'self' data: fonts.googleapis.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ct.capterra.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com https://www.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com *.tofuhq.com; frame-src 'self' app.marker.io *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.instagram.com *.driftt.com *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com *.zensource.cloud vars.hotjar.com *.desire2learncapture.com *.everyaction.com *.mktoresp.com *.spotify.com *.googlesyndication.com tpc.googlesyndication.com *.googleads.com *.googleapis.com go.bonterratech.com hemsync.clickagy.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com *.marketo.com google.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com https://www.googleadservices.com *.byspotify.com vimeo.com *.tofuhq.com; img-src 'self' *.vimeocdn.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.wpengine.com *.w.org secure.gravatar.com data: *.bonterratech.com test-bonterra-corporate-v2.pantheonsite.io live-bonterra-corporate-v2.pantheonsite.io *.driftt.com maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com zensource-salisbury.s3.amazonaws.com chat.mcsoftware.com *.timevaluecalculators.com *.ytimg.com *.ziftsolutions.com *.ziftone.com *.cookielaw.org *.googlesyndication.com www.google-analytics.com googleads.g.doubleclick.net www.google.com ad.doubleclick.net ade.googlesyndication.com *.bing.com px.ads.linkedin.com www.linkedin.com c.clarity.ms cdn.kimbia.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com *.clarity.ms *.linkedin.com *.google.ca ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.vimeo.com *.cloudinary.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com *.tofuhq.com; media-src 'self' *.vimeo.com *.zi-scripts.com *.onetrust.com *.zoominfo.com *.clickagy.com *.youtube.com *.spotify.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.cloudinary.com https://www.googleadservices.com *.byspotify.com vimeo.com *.tofuhq.com; object-src 'self' *.oembed.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.vimeo.com *.youtube.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.cloudinary.com https://www.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com *.tofuhq.com; script-src 'self' 'unsafe-eval' https://cdn.cookielaw.org *.marker.io *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.driftt.com *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com *.vimeo.com s.ytimg.com *.googlesyndication.com *.hotjar.com unpkg.com *.timevaluecalculators.com *.w55c.net *.chatbeacon.io *.marketo.net google.com *.everyaction.com *.mktoresp.com *.ziftsolutions.com cdn.cookielaw.org go.bonterratech.com js.zi-scripts.com ws.zoominfo.com *.onetrust.com tags.clickagy.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.cloudinary.com cdn-4.convertexperiments.com *.instagram.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com https://scripts.clarity.ms https://www.googleadservices.com *.byspotify.com *.spotify.com https://d34r8q7sht0t9k.cloudfront.net *.podscribe.com vimeo.com *.tofuhq.com; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.google.com *.gstatic.com *.googleapis.com *.driftt.com munchkin.marketo.net *.ziftsolutions.com cdn.cookielaw.org widgets.kimbia.com cdn.kimbia.com *.newrelic.com go.everyaction.com *.googlesyndication.com snap.licdn.com bat.bing.com scout-cdn.salesloft.com www.clarity.ms connect.facebook.net googleads.g.doubleclick.net *.convertexperiments.com *.instagram.com go.bonterratech.com www.googleadservices.com *.6sc.co ws.zoominfo.com *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdn-4.convertexperiments.com *.instagram.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com https://scripts.clarity.ms https://www.googleadservices.com *.byspotify.com *.spotify.com https://d34r8q7sht0t9k.cloudfront.net *.podscribe.com vimeo.com *.tofuhq.com; script-src-attr 'self' 'unsafe-inline' https://www.googleadservices.com *.byspotify.com *.spotify.com https://d34r8q7sht0t9k.cloudfront.net *.podscribe.com vimeo.com *.tofuhq.com; style-src 'self' fonts.googleapis.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com tagmanager.google.com *.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com *.timevaluecalculators.com *.marketo.net google.com *.everyaction.com *.mktoresp.com *.ziftsolutions.com *.driftt.com go.everyaction.com cdn.cookielaw.org go.bonterratech.com ct.capterra.com learn.bonterratech.com *.marketo.com google.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline' https://www.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com *.tofuhq.com; style-src-elem 'self' 'unsafe-inline' *.typekit.net *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com https://www.googletagmanager.com go.everyaction.com fonts.googleapis.com *.ziftsolutions.com cdn.kimbia.com go.bonterratech.com ct.capterra.com learn.bonterratech.com *.marketo.com jsd-widget.atlassian.com google.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com *.tofuhq.com; frame-ancestors 'self' vimeo.com *.tofuhq.com 11
form-action 'self'; 11
default-src https:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.se *.websupport.se websupport.hu *.websupport.hu team.blue *.team.blue *.fw-cdn.com *.freshchat.com *.freshworks.com *.iubenda.com *.redditstatic.com tracker.metricool.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com trustpilot.com *.trustpilot.com googletagmanager.com *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net *.googlesyndication.com *.google.sk google.sk *.googleadservices.com analytics.tiktok.com stats.g.doubleclick.net connect.facebook.net snap.licdn.com cdn.plyr.io bat.bing.com *.ads-twitter.com c.seznam.cz *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.ladesk.com *.isy-teamblue.services *.motu-teamblue.services *.teamblue.services *.acsbapp.com *.adform.net *.youtube.com *.google.com google.com *.exponea.com; style-src 'self' 'report-sample' 'unsafe-inline' websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.hu *.websupport.hu websupport.se *.websupport.se *.fw-cdn.com *.freshchat.com *.googletagmanager.com cdn.iubenda.com cdn.plyr.io; object-src 'self'; base-uri 'self'; connect-src 'self' 'report-sample' data: ws://localhost:12387 websupport.cz *.websupport.cz websupport.hu *.websupport.hu websupport.sk *.websupport.sk websupport.se *.websupport.se *.fw-cdn.com *.freshchat.com *.freshworks.com wss://*.freshchat.com *.iubenda.com *.redditstatic.com *.reddit.com googleapis.com *.googleapis.com *.google.com google.com *.google.sk google.sk pagead2.googlesyndication.com *.googleadservices.com px.ads.linkedin.com analytics.tiktok.com bat.bing.com *.google-analytics.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.acsbapp.com *.motu-teamblue.services *.teamblue.services h.seznam.cz noembed.com cdn.plyr.io autoform.ekosystem.slovensko.digital; font-src 'self' 'report-sample' 'unsafe-inline' data: websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.se *.websupport.se websupport.hu *.websupport.hu gstatic.com *.gstatic.com; frame-ancestors 'self' *.websupport.sk; frame-src 'self' 'report-sample' *.websupport.sk websupport.sk *.websupport.cz websupport.cz *.websupport.hu websupport.hu *.websupport.se websupport.se blob: team.blue *.team.blue *.freshchat.com ladesk.com *.ladesk.com cookiebot.com *.cookiebot.com youtube.com www.youtube-nocookie.com *.youtube.com docs.google.com *.googletagmanager.com *.doubleclick.net *.facebook.com public.infinario.com *.iubenda.com autoform.ekosystem.slovensko.digital; img-src 'self' 'report-sample' data: *.fw-cdn.com *.freshchat.com cookiebot.com *.cookiebot.com *.reddit.com tracker.metricool.com gravatar.com *.gravatar.com gstatic.com *.gstatic.com *.google.com *.google.al *.google.at *.google.ba *.google.be *.google.bg *.google.by *.google.ch *.google.com.cy *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.hr *.google.hu *.google.ie *.google.is *.google.it *.google.je *.google.kz *.google.li *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mk *.google.mt *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.se *.google.si *.google.sk *.google.sm *.google.rs *.google.com.ua *.google.co.uk *.google.cat *.facebook.com *.googletagmanager.com *.g.doubleclick.net maps.googleapis.com *.google-analytics.com *.googleadservices.com *.linkedin.com t.co analytics.twitter.com bat.bing.com c.seznam.cz *.ytimg.com *.motu-teamblue.services *.teamblue.services brxcdn.com websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.hu *.websupport.hu websupport.se *.websupport.se; manifest-src 'self'; media-src 'self'; worker-src 'self'; 11
frame-ancestors 'self'; object-src 'self'; 11
frame-ancestors 'self' https://app.eu.contentful.com; 11
frame-ancestors 'self' www.charleskeith.com www.pedroshoes.com 11
frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru 11
frame-ancestors 'self' https://*.etracker.com 11
frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 11
default-src 'self';    img-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net *.tixpo.jp;    media-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net *.tixpo.jp;    style-src 'self' 'nonce-yiyABNgr0rFv5i+sndZpFTeyWOw=' fonts.googleapis.com cdn.jsdelivr.net *.cloudfront.net *.tixpo.jp;    style-src-attr 'self' 'nonce-yiyABNgr0rFv5iasndZpFTeyWOw=';    script-src 'self' 'nonce-acga38w6Qa0Xoa7JsaBE0xAWWP0=' www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ajax.googleapis.com *.cloudfront.net *.mul-pay.jp *.tixpo.jp *.emtg.co.jp;    font-src 'self' data: fonts.gstatic.com fonts.googleapi.com *.cloudfront.net *.tixpo.jp;    form-action 'self' *.mul-pay.jp *.emtg.co.jp;    connect-src 'self' www.google-analytics.com analytics.google.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com www.gstatic.com *.tixpo.jp;    frame-ancestors 'self'; 11
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 11
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 11
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 11
base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/; font-src 'self' data: *.cloudfront.net; form-action 'self'; frame-ancestors 'self' *.mycleverpush.com; img-src * data:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' *.cloudfront.net *.usabilla.com *.getback.ch *.abtasty.com; upgrade-insecure-requests; worker-src blob: 'self' *.cleverpush.com 11
default-src 'self' *.via-mobilis.com api.via-mobilis.com http://media.viamobilis.export.doorlinkenvoorraad.nl https://stockway.pro *.gvt1.com accounts.google.com www.google.com *.googleadservices.com *.calendly.com *.drimify.com *.trustpilot.com *.googlesyndication.com *.googletagservices.com *.googleapis.com *.adtrafficquality.google *.static-viamobilis.com static-viamobilis.com *.ampproject.net https://acdn.adnxs.com/ *.g.doubleclick.net  *.doubleclick.net *.criteo.com *.youtube.com youtube.com *.youtu.be youtu.be *.youtube-nocookie.com youtube-nocookie.com *.komoot.de photon.kamoot.de *.komoot.io photon.komoot.io *.hotjar.com *.usersnap.com criteo.net *.criteo.net *.tawk.to cloud.panono.com poulalion.eu *.vimeo.com www.recaptcha.net *.facebook.com https://platform.twitter.com ; img-src * *.google-analytics.com *.googletagmanager.com data: blob: 'self' ; script-src * *.googletagmanager.com *.googleanalytics.com *.google-analytics.com *.googleoptimize.com https://photon.komoot.de/ https://my.via-mobilis.com/ 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline' https://static-viamobilis.com; font-src * data:; frame-src * *.googletagmanager.com; frame-ancestors *.europe-camions.com *.via-mobilis.com trux4me.com *.trux4me.com ; connect-src * *.googletagmanager.com *.google.com *.google-analytics.com *.analytics.google.com data: 'self'; base-uri 'self' ; worker-src * data: blob: 11
frame-ancestors 'self' http://admin.bonami.cz 11
frame-ancestors 'self' https://www.quandoo-partner.com/ https://ws.ephapay.net/ https://pp.ephapay.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://adservice.google.com https://google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pay.google.com https://www.googletagmanager.com https://www.gstatic.com https://region1.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://region1.analytics.google.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://analytics.tiktok.com https://tr.snapchat.com https://spay.samsung.com https://4625502.fls.doubleclick.net https://5181002.fls.doubleclick.net https://s7.addthis.com https://6nw8ohlf.micpn.com https://api.woosmap.com https://bda.bookatable.com https://bf61376cao.bf.dynatrace.com https://bookings.designmynight.com https://castle.verseapps.co.uk https://cdn.jsdelivr.net https://code.jquery.com https://cognito-identity.eu-west-1.amazonaws.com https://ep.smct.co https://firehose.eu-west-1.amazonaws.com https://ipl.smct.io https://js.smct.co https://js.smct.io https://miller-and-carter.sjv.io https://partners.designmynight.com https://platform.twitter.com https://rules.quantcount.com https://safekey-3.americanexpress.com https://sc-static.net https://script.hotjar.com https://sdk.woosmap.com https://secure.quantserve.com https://servedby.flashtalking.com https://smct.co https://static.hotjar.com https://static.uk.eagleeye.com https://stats.g.doubleclick.net https://svht.tradedoubler.com https://utt.impactcdn.com https://vintage-inns.pxf.io https://widgets.designmynight.com https://cdn.fingerprint.host https://cdn.fingerprint-staging.host https://www.dwin1.com https://*.webtrends-optimize.com https://analytics.tiktok.com https://*.azurewebsites.net https://*.onetrust.com https://*.cloudfront.net https://*.privacy-center.org https://privacy-center.org https://*.sjv.io https://forms.airship.co.uk https://verifi.podscribe.com https://ipv4.podscribe.com https://www.recaptcha.net https://sdk.fra-02.braze.eu https://js.appboycdn.com https://eu01.in.treasuredata.com https://cdn.treasuredata.com; object-src 'none'; base-uri 'none'; 11
frame-ancestors 'self' http://jack-wolfskin.com https://mywolfpack.jack-wolfskin.com http://staffbase.com capacitor://jack-wolfskin.com capacitor://staffbase.com; 11
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.omappapi.com https://cdn.jsdelivr.net https://cdn.onesignal.com https://api.onesignal.com https://*.cloudflareinsights.com https://*.amazonaws.com https://umami.apidome.net https://www.clarity.ms https://*.clarity.ms https://*.apidome.net; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.omappapi.com https://cdn.jsdelivr.net https://cdn.onesignal.com https://api.onesignal.com https://*.cloudflareinsights.com https://*.amazonaws.com https://umami.apidome.net https://www.clarity.ms https://*.clarity.ms https://*.apidome.net; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.omappapi.com; font-src 'self' data: https://fonts.cdnfonts.com https://fonts.gstatic.com; img-src 'self' data: blob: https:; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.apidome.net https://reg.apidome.net https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.omappapi.com https://*.amazonaws.com https://umami.apidome.net https://www.clarity.ms https://*.clarity.ms https://cdn.onesignal.com https://api.onesignal.com https://*.onesignal.com; frame-src 'self' https:; worker-src 'self' blob:; manifest-src 'self' 11
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*; object-src 'self' data: blob: https://*; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 'self' https:; frame-src *; style-src * 'unsafe-inline'; 11
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; img-src 'self' data: https: http:; font-src 'self' data: https: http:; media-src 'self' data: https: http: blob:; frame-src 'self' https: http:; connect-src 'self' https: http: wss: ws:; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 11
script-src 'unsafe-inline' 'unsafe-eval' http: https: 11
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 11
frame-ancestors *; report-uri /_/commcsp?disposition=enforce; 11
default-src * data: 'unsafe-inline' 'unsafe-eval' 'self' blob:; media-src * blob:; img-src * data: 'unsafe-inline' blob: *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.heapanalytics.com https://*.qualtrics.com; font-src * data: 'unsafe-inline'; frame-ancestors *.amway.it; connect-src 'self' api-js.datadome.co *.amway.eu https://siteintercept.qualtrics.com https://maps.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com https://*.clarity.ms https://c.bing.com *.auryc.com https://amway-api.exponea.com https://*.ada.support https://*.qualtrics.com; frame-src https://*.elf.site https://players.brightcove.net geo.captcha-delivery.com https://coreplus.amwayglobal.com https://coreplus-qa.amwayglobal.com https://coreplus-regional.gmb-preprod.corp.amway.net https://coreplus-stage.amwayglobal.com *.qualtrics.com https://bonus.amway-services.com https://online.flippingbook.com https://amway-achievers.web.app https://amway-achievers-gallery.web.app app.vwo.com *.visualwebsiteoptimizer.com https://www.youtube.com https://*.ada.support https://*.qualtrics.com https://export-file-storage-prod.s3.us-east-1.amazonaws.com https://view.genially.com https://*.3ways.com; worker-src 'self' blob:; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com tags.tiqcdn.com js.datadome.co *.googleapis.com *.heapanalytics.com *.qualtrics.com *.clarity.ms https://amway-api.exponea.com https://*.ada.support https://*.qualtrics.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com *.googleapis.com *.gstatic.com 11
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' *.webvisor.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr 11
default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com https://*.zdassets.com;  script-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; connect-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com wss://*.zopim.com https://*.zdassets.com; upgrade-insecure-requests; report-uri /csp.cgi; 11
default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com login.microsoftonline.com bat.bing.com lnkd.tt.omtrdc.net/rest/v1/delivery www.google.com google.com adservice.google.com pagead2.googlesyndication.com td.doubleclick.net www.googletagmanager.com www.googleadservices.com ad.doubleclick.net googleads.g.doubleclick.net; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-JfJ82reKxtqugVbfRGw/O/1x1Lm1I09rHueXSwvbRws=' 'sha256-BbV1i75oYRtLtfDWs7tnA8QLF5EOO1dVHKL0prVd/fQ=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com www.google.com/recaptcha/enterprise.js www.gstatic.com/recaptcha/releases/ www.googletagmanager.com/gtag/js www.googleadservices.com/pagead/ www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ adservice.google.com/pagead/ pagead2.googlesyndication.com/pagead/ www.googletagmanager.com/gtag/destination merchantpool1.linkedin.com/mdt.js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com flo.uri.sh play.vidyard.com www.google.com/recaptcha/ aat-acr-web-prod.azurewebsites.net *.fls.doubleclick.net www.googletagmanager.com td.doubleclick.net li.protechts.net *.xlgmedia.com *.px-cloud.net merchantpool1.linkedin.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gg 10
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 10
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https:; frame-src http: https: data:; upgrade-insecure-requests 10
frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com https://www.gather.town; 10
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 10
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' 10
frame-ancestors *.ivanti.com https://dash.cloudflare.com 10
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 10
frame-ancestors *; upgrade-insecure-requests; object-src 'none' 10
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob: 'self' data:; object-src 'none'; child-src https: data: blob:; form-action https:; block-all-mixed-content; 10
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 10
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 10
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarivate.com https://*.clarivate.com https://clarivate.com https://*.nr-data.net *.en25.com https://js.zi-scripts.com https://epsilon.6sense.com/ https://www.redditstatic.com *.yahoo.co.jp tag.flvcdn.net https://static.lightning.force.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivateanalytics.my.site.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://code.jquery.com https://connect.facebook.net https://derwent.com *.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com  https://cdn.jsdelivr.net https://app.vwo.com https://*.googlesyndication.com https://*.zoominfo.com https://translate.google.com https://*.googleapis.com https://*.amcharts.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 10
upgrade-insecure-requests; object-src 'none' 10
object-src 'self' cdn.jsdelivr.net *.verbraucherzentrale.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.verbraucherzentrale.de player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com verbraucherzentrale-sachsen.cloud.purpleview.de https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/ https://secure.spendenbank.de https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com https://app.bryter.io https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/ cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://heizsystemvergleich.vz-nrw.de https://polyfill-fastly.io https://unpkg.com https://auswertung.verbraucherzentrale.de/; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src * 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://secure.spendenbank.de https://matomo.verbraucherzentrale.de ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' *.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de cdn.jsdelivr.net gemeinschaftsredaktion.de *.gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de www.fakeshoperkennung.de www.fake-shop-erkennung.de www.fakeshop-finder.de warnung.fakeshop-finder.de www.verbraucherzentrale-niedersachsen.de 10
manifest-src 'self'; 10
frame-ancestors 'self' https://*.fun.com 10
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; worker-src 'self' blob:; 10
frame-ancestors 'self' https://dato-plugin-seven.vercel.app https://factorial-next.admin.datocms.com *.factorial.co *.factorial.es *.factorial.mx *.factorial.fr *.factorial.it *.factorialhr.co.uk *.factorialhr.co *.factorialhr.de *.factorial.ch *.factorial.be *.factorialhr.pt *.factorialhr.com.br *.factorialhr.com.ar *.factorialhr.ar *.factorialhr.cl *.factorialhr.com.de *.factorial.pl *.factorialhr.com 10
upgrade-insecure-requests;frame-ancestors 'self' ; 10
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 10
default-src 'self' atlassian-companion:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.recaptcha.net tracking.risk.lexisnexis.com code.jquery.com www.gstatic.com player.vimeo.com cdn.cookielaw.org *.clickagy.com *.adsrvr.org www.buzzsprout.com *.6sc.co *.6sense.com blob: *.visualwebsiteoptimizer.com cdnjs.cloudflare.com platform.twitter.com connect.facebook.net img.en25.com assets.adobedtm.com js.zi-scripts.com *.zoominfo.com www.googletagmanager.com *.google-analytics.com www.youtube.com www.youtube-nocookie.com s.ytimg.com *.lexisnexis.com *.lexisnexis.co.uk *.lexisnexis.es *.lexisnexis.com.br *.lexisnexis.co.jp *.liadm.com *.qualified.com *.doubleclick.net bat.bing.com *.licdn.com *.linkedin.com *.microad.jp *.baidu.com pagead2.googlesyndication.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.fonts.net cdnjs.cloudflare.com; img-src 'self' data: blob: img.en25.com bat.bing.com *.ytimg.com pbs.twimg.com *.lexisnexis.com *.lexisnexis.co.uk pixel.wp.com *.lexisnexis.es *.lexisnexis.com.br *.lexisnexis.co.jp analytics.lexisnexisrisk.com *.google-analytics.com *.doubleclick.net *.everesttech.net *.demdex.net cdn.cookielaw.org tracking.risk.lexisnexis.com *.pagead2.googlesyndication.com *.clickagy.com *.openx.net *.liadm.com idsync.rlcdn.com *.agkn.com *.visualwebsiteoptimizer.com *.microad.jp pixel-sync.sitescout.com *.linkedin.com *.google.com www.google.co.in *.facebook.com *.adsrvr.org pixel.rubiconproject.com *.6sc.co *.6sense.com; font-src 'self' fonts.gstatic.com *.agkn.com wordpress.com *.tmxcyber.com *.adnxs.com; connect-src 'self' *.microad.jp www.google.co.in *.googleadservices.com browser-intake-datadoghq.com *.visualwebsiteoptimizer.com *.zoominfo.com *.google-analytics.com *.algolia.net *.algolianet.com analytics.lexisnexisrisk.com js.zi-scripts.com *.demdex.net *.everesttech.net www.recaptcha.net cdn.cookielaw.org geolocation.onetrust.com *.lexisnexis.com *.lexisnexis.co.uk *.lexisnexis.es *.lexisnexis.com.br *.lexisnexis.co.jp *.clickagy.com *.adsrvr.org *.liadm.com *.qualified.com wss://*.qualified.com *.google.com bat.bing.com px.ads.linkedin.com *.facebook.com privacyportal.onetrust.com cdnjs.cloudflare.com pagead2.googlesyndication.com *.baidu.com *.6sc.co *.6sense.com; frame-src 'self' atlassian-companion: *.visualwebsiteoptimizer.com www.youtube.com www.comparably.com *.blueflamingo.solutions *.tmxcyber.com app.teamwalnut.com *.doubleclick.net www.buzzsprout.com *.turtl.co www.youtube-nocookie.com platform.twitter.com player.vimeo.com *.demdex.net gateway.on24.com www.recaptcha.net *.adsrvr.org *.liadm.com www.googletagmanager.com *.qualified.com *.microad.jp cdn.cookielaw.org dpm.demdex.net *.linkedin.com www.kitchco.com nam11.safelinks.protection.outlook.com; media-src 'self' *.cloudfront.net *.qualified.com; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri /cdn-cgi/script_monitor/report 10
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 10
frame-ancestors 'self' https://builder.io 10
upgrade-insecure-requests; frame-ancestors 'self' https://*.cookiebot.com 10
frame-ancestors 'self' *.ci360.sas.com app.contentstack.com login.celebrations.com www.1800flowers.com www.1800baskets.com www.berries.com www.cheryls.com www.florists.com www.plants.com www.fruitbouquets.com www.harryanddavid.com www.simplychocolate.com www.thepopcornfactory.com www.vitalchoice.com www.wolfermans.com www.celebrations.com prod-celebrations-chained.18f.tech pmallstore.pmalladmin.com 10
default-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob:; 10
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 10
default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’; img-src ‘self’ data:; font-src ‘self’ data:; connect-src ‘self’; 10
frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it 10
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://singhealth-rheumatology.app.keyreply.com https://kkh.app.keyreply.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com https://kkh-edubot.app.keyreply.com https://connect.facebook.net https://ndcs.app.keyreply.com https://singhealth.app.keyreply.com https://shp.app.keyreply.com https://singhealth-rheumatology.app.keyreply.com *.google-analytics.com *.googletagmanager.com *.youtube.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com; img-src 'self' data: https://keyreplykkh.blob.core.windows.net https://keyreplykkhedubotuat.blob.core.windows.net https://keyreplysinghealth.blob.core.windows.net https://keyreplyshpuat.blob.core.windows.net https://keyreplykkhedubot.blob.core.windows.net https://keyreplyshpuat.blob.core.windows.net https://keyreplykkhedubot.blob.core.windows.net https://keyreplyshpuatprod.blob.core.windows.net https://keyreplykkhedubotprod.blob.core.windows.net https://rheumatologyprod.blob.core.windows.net https://www.google.com https://www.gstatic.com https://fonts.gstatic.com https://www.google.co.in https://keyreplyndcs.blob.core.windows.net https://keyreply.blob.core.windows.net https://assets.uat-hhm.hhtest.sg https://ch-api.healthhub.sg https://keyreplysinghealthuat.blob.core.windows.net *.google-analytics.com *.googletagmanager.com *.youtube.com; connect-src 'self' https://www.google.com https://singhealth-rheumatology.app.keyreply.com https://kkh.app.keyreply.com https://kkh-edubot.app.keyreply.com https://analytics.google.com https://stats.g.doubleclick.net https://www.gstatic.com https://translate.googleapis.com https://translate-pa.googleapis.com https://connect.facebook.net https://www.facebook.com https://ndcs.app.keyreply.com https://singhealth-rheumatology.app.keyreply.com https://singhealth.app.keyreply.com https://shp.app.keyreply.com https://*.keyreply.com https://customercare-webapi.azurewebsites.net wss://customercare-webapi.azurewebsites.net wss://ndcs.app.keyreply.com *.google-analytics.com *.googletagmanager.com *.youtube.com; font-src 'self' data: https://webchat.keyreply.com; media-src 'self' https://keyreply.blob.core.windows.net; object-src 'none'; frame-src 'self' https://www.google.com https://translate-pa.googleapis.com https://singhealth-rheumatology.app.keyreply.com https://kkh.app.keyreply.com https://singhealth.app.keyreply.com https://singhealth-rheumatology.app.keyreply.com https://shp.app.keyreply.com https://kkh-edubot.app.keyreply.com https://momento360.com https://*.momento360.com *.google-analytics.com *.googletagmanager.com *.youtube.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; 10
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; 10
default-src https: 'unsafe-inline' 'unsafe-eval' 10
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; 10
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://i.checkmybus.com https://dev1assets.checkmybus.com https://assets.checkmybus.com https://testassets.checkmybus.com https://cdn.priv.center https://prod-origin.truendo.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.bstatic.com https://*.services.visualstudio.com https://script.crazyegg.com https://*.msecnd.net https://cdn.jsdelivr.net https://*.doubleclick.net https://securepubads.g.doubleclick.net https://adservice.google.de https://script.crazyegg.com https://tpc.googlesyndication.com https://*.google.com https://*.googleusercontent.com https://*.gstatic.com https://www.googleadservices.com https://cdn.ampproject.org https://*.facebook.net https://*.facebook.com https://*.fontawesome.com https://monitor.azure.com https://*.monitor.azure.com https://e-js.zonka.co https://www.clarity.ms https://unpkg.com https://bat.bing.com https://www.atmrum.net https://cdn.debugbear.com https://ep2.adtrafficquality.google securepubads.g.doubleclick.net https://faro-collector-prod-eu-west-2.grafana.net https://scripts.clarity.ms https://static.clicktripz.com https://www.clicktripz.com; style-src 'self' 'unsafe-inline' https://i.checkmybus.com https://dev1assets.checkmybus.com https://assets.checkmybus.com https://testassets.checkmybus.com https://fonts.googleapis.com https://*.fontawesome.com https://accounts.google.com https://*.googletagmanager.com; frame-src 'self' https://*.googletagmanager.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.booking.com https://*.bstatic.com https://cdnjs.cloudflare.com https://*.gstatic.com https://*.google.com https://*.youtube.com/ https://*.facebook.com https://*.msecnd.net https://*.services.visualstudio.com https://e.zonka.co https://ep2.adtrafficquality.google https://www.clicktripz.com; worker-src 'self' blob: 'unsafe-eval' 'unsafe-inline' www.checkmybus.com; form-action 'self' www.checkmybus.com.ar www.checkmybus.com.br https://www.checkmybus.com.br/artigo www.checkmybus.cz www.checkmybus.cl www.checkmybus.co www.checkmybus.de https://www.checkmybus.de/beitrag www.checkmybus.co.uk https://www.checkmybus.co.uk/article www.checkmybus.com https://www.checkmybus.com/article www.checkmybus.es www.checkmybus.fr https://www.checkmybus.fr/article www.checkmybus.hr www.checkmybus.it https://www.checkmybus.it/articolo www.checkmybus.my www.checkmybus.com.mx www.checkmybus.nl www.checkmybus.at www.checkmybus.pe www.checkmybus.pl https://www.checkmybus.pl/artykul www.checkmybus.pt www.checkmybus.ch www.checkmybus.com.tr partner-bahn.de reiseauskunft.bahn.de; base-uri 'self' i.checkmybus.com 10
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-fnsp-matomo-analytics-prod.azurewebsites.net https://cdn.jsdelivr.net https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://statistikk.fnsp.no https://web-sdk-eu.aptrinsic.com https://www.cdisol.blog https://ajax.googleapis.com/ https://js.monitor.azure.com; object-src 'none'; manifest-src https://www.cdisol.blog; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://web-sdk-eu.aptrinsic.com https://www.cdisol.blog; font-src 'self' data: https://dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com https://web-sdk-eu.aptrinsic.com https://cdn.jsdelivr.net; img-src 'self' data: https://*.nhn.no https://www.ahus.no https://www.antibiotika.no https://www.betanienhospital.no https://www.betaniensykehus.no https://www.bjorkeli.no https://www.diakonhjemmetsykehus.no https://wwww.dovblindhet.no https://fellesinnhold.fnsp.nhn.no https://www.finnmarkssykehuset.no https://www.fnsp.no https://www.haraldsplass.no https://www.hdo.no https://www.helgelandssykehuset.no https://www.helse-bergen.no https://www.helse-fonna.no https://www.helse-forde.no https://www.helse-midt.no https://www.helse-mr.no https://www.helse-nord.no https://www.helse-sorost.no https://www.helse-stavanger.no https://www.helse-vest-ikt.no https://www.helse-vest.no https://www.helsenordikt.no https://www.helseplattformen.no https://www.hemit.no https://www.hnt.no https://www.hsr.as https://www.jdps.no https://www.kloverasen.no https://www.kvalitetsregistre.no https://www.lovisenbergsykehus.no https://www.luftambulanse.no https://www.martinahansen.no https://norcrin.fnsp.nhn.no https://www.nordlandssykehuset.no https://www.nortrials.no https://www.nyemetoder.no https://www.olaviken.no https://www.oslo-universitetssykehus.no https://www.pasientreiser.no https://www.revmatismesykehuset.no https://rvtsvest.fnsp.nhn.no https://www.saman.no https://samhandlingsbarometeret.fnsp.nhn.no https://www.sifer.no https://www.siv.no https://www.sjukehusapoteka-vest.no https://www.skde.no https://www.solli.no https://www.spesialisthelsetjenesten.no https://www.sshf.no https://www.sthf.no https://www.stolav.no https://www.sunnaas.no https://www.sykehusapotek-nord.no https://www.sykehusapotekene.no https://www.sykehusapoteket.no https://www.sykehusbygg.no https://www.sykehuset-innlandet.no https://www.sykehuset-ostfold.no https://www.sykehusinnkjop.no https://www.sykehuspartner.no https://www.tryggakuttmedisin.no https://www.tryggprat.no https://www.unn.no https://www.vestreviken.no https://sp.tinymce.com; media-src 'self' https://*.nhn.no https://www.ahus.no https://www.antibiotika.no https://www.betanienhospital.no https://www.betaniensykehus.no https://www.bjorkeli.no https://www.diakonhjemmetsykehus.no https://www.dovblindhet.no https://fellesinnhold.fnsp.nhn.no https://www.finnmarkssykehuset.no https://www.fnsp.no https://www.haraldsplass.no https://www.hdo.no https://www.helgelandssykehuset.no https://www.helse-bergen.no https://www.helse-fonna.no https://www.helse-forde.no https://www.helse-midt.no https://www.helse-mr.no https://www.helse-nord.no https://www.helse-sorost.no https://www.helse-stavanger.no https://www.helse-vest-ikt.no https://www.helse-vest.no https://www.helsenordikt.no https://www.helseplattformen.no https://www.hemit.no https://www.hnt.no https://www.hsr.as https://www.jdps.no https://www.kloverasen.no https://www.kvalitetsregistre.no https://www.lovisenbergsykehus.no https://www.luftambulanse.no https://www.martinahansen.no https://norcrin.fnsp.nhn.no https://www.nordlandssykehuset.no https://www.nortrials.no https://www.nyemetoder.no https://www.olaviken.no https://www.oslo-universitetssykehus.no https://www.pasientreiser.no https://www.revmatismesykehuset.no https://rvtsvest.fnsp.nhn.no https://www.saman.no https://samhandlingsbarometeret.fnsp.nhn.no https://www.sifer.no https://www.siv.no https://www.sjukehusapoteka-vest.no https://www.skde.no https://www.solli.no https://www.spesialisthelsetjenesten.no https://www.sshf.no https://www.sthf.no https://www.stolav.no https://www.sunnaas.no https://www.sykehusapotek-nord.no https://www.sykehusapotekene.no https://www.sykehusapoteket.no https://www.sykehusbygg.no https://www.sykehuset-innlandet.no https://www.sykehuset-ostfold.no https://www.sykehusinnkjop.no https://www.sykehuspartner.no https://www.tryggakuttmedisin.no https://tryggprat.fnsp.nhn.no https://www.unn.no https://www.vestreviken.no; connect-src 'self' https://app-fnsp-matomo-analytics-prod.azurewebsites.net https://fellesinnhold.fnsp.nhn.no https://cg.optimizely.com https://js.monitor.azure.com/ https://pui.episerver.net/ https://dc.services.visualstudio.com/; frame-src 'self' https://*.fnsp.nhn.no https://acast.com/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://app.powerbi.com https://apps.skde.no https://dashboard.find.episerver.net/ https://data.stolav.no/ https://ekstranett.helse-midt.no/ https://fellesinnhold.fnsp.nhn.no https://film.oslo-universitetssykehus.no/ https://fnsp.fnsp.nhn.no https://login.microsoftonline.com https://medfilm.se/ https://navikt.github.io https://ntnu.cloud.panopto.eu/ https://open.spotify.com/ https://player.vimeo.com https://players.brightcove.net/ https://podcasts.apple.com https://prat.fnsp.no https://prod-tabellverk.skde.org/ https://skde.org https://sketchfab.com https://test.skde.no https://uib.cloud.panopto.eu/ https://vimeo.com/ https://www.acast.com/ https://www.fnsp.no https://www.youtube-nocookie.com https://www.youtube.com https://use.mazemap.com https://rise.articulate.com/ https://forms.office.com/ https://csb10033fff971bc7e5.z6.web.core.windows.net/ https://youtu.be/ https://cg.optimizely.com https://wevideo.com https://www.wevideo.com; frame-ancestors 'self'; 10
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' https:; frame-src 'self' https:; 10
frame-ancestors 'self' https://customer.educations.com https://event.virtualdays.com 10
frame-ancestors 'self' *.laccd.edu *.elac.edu *.wlac.edu *.lapc.edu *.lamission.edu *.lavc.edu *.lasc.edu *.lahc.edu *.lacc.edu *.lattc.edu 10
default-src *; frame-src https:; script-src * 'unsafe-inline' 'unsafe-eval'; blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; img-src * data:; object-src 'none'; frame-ancestors https:; base-uri 'self'; connect-src *; font-src * data:; worker-src blob: 'self'; 10
frame-ancestors 'self' oricohxr.works ricoh.oricohxr.works; 10
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https: nytresource:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: nytresource:; style-src data: 'unsafe-inline' https: nytresource:; img-src data: https: blob: android-webview-video-poster: nytresource:; font-src data: https: nytresource:; connect-src data: https: wss: blob: nytresource:; media-src data: https: blob: nytresource:; object-src https:; child-src https: data: blob: nytresource:; form-action https: nytimes: nytcooking: nytxwd:; report-uri https://csp.nytimes.com/report; 9
frame-ancestors 'self' accounts.login.idm.telekom.com; 9
default-src 'self' * data: 'unsafe-inline' 'unsafe-eval' 9
report-uri /v1/csplog; block-all-mixed-content; frame-ancestors https://*.grupawp.pl https://*.kube.dev.dcwp.pl; 9
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net https://js.adsrvr.org https://go.affec.tv https://bat.bing.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://snap.licdn.com https://tracking.g2crowd.com https://connect.facebook.net *.visualwebsiteoptimizer.com https://app.vwo.com *.sharethis.com https://unpkg.com https://d1hgczpbubj217.cloudfront.net https://app-static.turtl.co https://js.zi-scripts.com *.mutinycdn.com https://www.clarity.ms https://scripts.clarity.ms *.roundprinceweb.com https://www.redditstatic.com https://go.proofpoint.com https://www.google.com https://www.gstatic.com https://www.buzzsprout.com https://extend.vimeocdn.com https://storage.googleapis.com https://js.navattic.com https://js.qualified.com https://wpaassets.blob.core.windows.net https://www.youtube.com https://vimeo.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * *.mutinycdn.com; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; frame-ancestors 'self' https://app.mutinyhq.com; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com * *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com *.qualified.com; report-uri /report-csp-violation 9
frame-ancestors https://*.ringcentral.com https://*.ringcentral.ca https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://support.ringcentral.biz https://outlook.live.com https://outlook.office365.com https://outlook.office.com 9
frame-ancestors 'self' https://www.fortinet.com https://fortinet.pathfactory.com 9
frame-ancestors 'self' *.nokia.com *.ceros.com nokia.lookbookhq.com; report-uri /report-csp-violation 9
frame-ancestors 'self' https://guides.opentext.com wss://ws8.qualified.com https://opentext.sl.smartling.com https://assets.opentext.com https://partnermarketing.opentext.com https://content.microfocus.com; default-src data: 'unsafe-inline' 'unsafe-eval' https:;style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src  https:; connect-src https: wss:; object-src https:; child-src https:; 9
frame-ancestors 'self' *.freshworks.com *.freshdesk.com *.freshservice.com *.myfreshworks.com *.freshcaller.com *.freshteam.com *.freshchat.com *.freshping.io *.freshrelease.com *.freshstatus.io *.freshsuccess.com *.freshsuccess.io views.paperflite.com app.paperflite.com web.paperflite.com canvas.paperflite.com *.optimizely.com *.freshpo.com *.myfreshworks.dev *.freshscout.com freshworks.pathfactory.com *.freshrobust.com *.freshitops.com *.freshcmdb.com 9
default-src https: blob: * 'unsafe-inline' 'unsafe-eval'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline'; frame-src https:; style-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; 9
frame-ancestors iinet.net.au:* *.iinet.net.au:* westnet.com.au:* *.westnet.com.au:* tpg.com.au:* *.tpg.com.au:* tpgtelecom.com.au:* tpgtelecom.com.au:* *.tpgtelecom.com.au:* internode.on.net:* *.internode.on.net:*; 9
object-src 'none'; form-action 'self'; frame-ancestors 'self'; 9
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://*.genesys.com https://*.genesyscsdt.com https://*.genesyscsdteng.com https://*.genesys.cloud https://resources.genesys.com https://*.seismic.com https://genesys.seismic.com https://know.genesys.com https://help.genesys.com https://*.contentsquare.net https://apps.mypurecloud.com https://genesys.lightning.force.com https://genesys.file.force.com; 9
connect-src 'self' wss: *.adyen.com bat.bing.com bat.bing.net browser-intake-datadoghq.eu *.browser-intake-datadoghq.eu www.ceneo.pl common-services.cidaas.de *.clarity.ms cke4.ckeditor.com *.cloudflare.com cdn.cookielaw.org ams.creativecdn.com *.doubleclick.net *.facebook.com www.google.at google.com adservice.google.com *.analytics.google.com apis.google.com pay.google.com tez.google.com www.google.com www.google.cz www.google.de www.google.es www.google.fr www.google.it www.google.nl www.google.pl www.google.sk *.google-analytics.com *.googleadservices.com *.googleapis.com pagead2.googlesyndication.com www.googletagmanager.com retazove-pily.heureka.sk code.jquery.com *.kaufland.at account.kaufland.com *.kaufland.cz *.kaufland.de *.kaufland.es *.kaufland.fr *.kaufland.it *.kaufland.nl *.kaufland.pl *.kaufland.sk js.klarna.com x.klarnacdn.net eu.klarnaevt.com availability.loadbee.com src.mastercard.com *.mopinion.com *.onetrust.com *.paypal.com *.paypalobjects.com spay.samsung.com *.seznam.cz jsapi.simplesurance.de *.sovendus.com *.theadex.com analytics.tiktok.com analytics-ipv6.tiktokw.us *.userwerk.com *.venmo.com assets.secure.checkout.visa.com; default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: blob:; font-src 'self' data: https:; frame-src 'self' https: http:; img-src 'self' blob: data: https: http: chrome-extension:; object-src 'self' https: http:; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=puba4ff6837563e0a6289c852e7c147d8db&dd-evp-origin=content-security-policy&ddsource=csp-report&service=csp-report&ddtags=env:prod; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: track.adform.net js.adsrvr.org bat.bing.com *.cash.app applepay.cdn-apple.com cdn.ckeditor.com *.clarity.ms *.cloudflare.com cdn.cookielaw.org tags.creativecdn.com cdn.datatables.net googleads.g.doubleclick.net connect.facebook.net edge.eu1.fullstory.com cdn.getivy.de apis.google.com pay.google.com translate.google.com www.google.com *.googleadservices.com *.googleapis.com www.googleoptimize.com pagead2.googlesyndication.com *.googletagmanager.com tagmanager.google.com www.heureka.cz code.jquery.com *.kaufland.at *.kaufland.cz *.kaufland.de kaufland.de *.kaufland.es *.kaufland.fr *.kaufland.it *.kaufland.nl *.kaufland.pl *.kaufland.sk js.klarna.com x.klarnacdn.net *.loadbee.com src.mastercard.com *.mopinion.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.ratepay.com *.seznam.cz jsapi.simplesurance.de api.sovendus.com cdn.speedcurve.com speedcurve.com *.theadex.com analytics.tiktok.com *.int.userwerk.com *.venmo.com assets.secure.checkout.visa.com www.zbozi.cz; style-src 'self' 'unsafe-inline' https:; worker-src blob: 'self' 9
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 9
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 9
upgrade-insecure-requests;frame-ancestors 'self' https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ https://www.staging.medscape.com/ https://www.skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ https://endocrinologistnation.com https://www.endocrinologistnation.com https://amgenicpsp.lightning.force.com/ https://nephrologistconnect.com https://rheumatologynation.com https://dermatologistnation.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://www.onetrust.com https://privacyportal.onetrust.com https://privacyportal-uat-cdn.onetrust.com https://uat.onetrust.com https://app.onetrust.com https://app.cookiepro.com 9
frame-ancestors 'self' https://*.refinitiv.com https://*.lseg.com; 9
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://hossa.inwx.com https://zammad.inwx.de *.zammad.inwx.de ws: wss: *.hossa.inwx.com https://static.inwx.com; worker-src 'self' blob: 9
default-src 'self' https:; script-src 'self' https: https://assets.adoberesources.net https://documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' https://*.typekit.net; img-src 'self' https: data: https://assets.adoberesources.net https://lh3.googleusercontent.com; connect-src 'self' https: https://was-nam-us-prd-bhapi.azurewebsites.net wss://*.qualified.com wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bhgateway.azurewebsites.net https://assets.adoberesources.net https://documentcloud.adobe.com https://*.adobe.io wss://*.adobe.io; font-src 'self' https: https://*.typekit.net; frame-ancestors 'self' https:; frame-src 'self' https: https://documentcloud.adobe.com; 9
default-src=self; 9
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 9
upgrade-insecure-requests; frame-ancestors 'none'; 9
frame-ancestors 'self' letmedate.com www.letmedate.com 9
upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src https:; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 9
script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 9
frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com 9
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob: ws:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 9
frame-ancestors 'self' *.affino.com; 9
none 9
upgrade-insecure-requests; default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; font-src 'self' https://*.apple.com; style-src 'self' https://*.apple.com 'unsafe-inline'; script-src 'self' https://*.apple.com 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-p7PoC97FO+Lu90RNjGWxhbm13yALSR4xzV8vaDhaQBo=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; connect-src 'self' https://*.apple.com https://*.mzstatic.com; media-src 'self' https://*.apple.com blob:; child-src 'self' https://*.apple.com; frame-src 'self' https://*.apple.com itms-appss: macappstore:; worker-src blob:; frame-ancestors 'none'; block-all-mixed-content; report-uri /api/csp-report 9
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://recaptcha-staging.corp.google.com/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/allowlist;base-uri www.google.com 9
default-src 'self' http: https: ws: wss:; script-src 'self' http: https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' http: https: data:; style-src 'unsafe-inline' http: https:; font-src 'self' http: https: data:; 9
default-src * blob: data: about:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob:; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self' https://cdn.justpremium.com; form-action 'self' 9
default-src * 'unsafe-inline' 'unsafe-eval' 9
frame-ancestors 'self';; upgrade-insecure-requests 9
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://gravityapi.com https://am.bnpparibas.com https://cm.teads.tv https://d1z2jf7jlzjs58.cloudfront.net https://p.teads.tv https://sentry.hcaptcha.com https://js.hcaptcha.com https://ampw-component.bnpparibas-am.com https://ampw-component.staging.bnpparibas-am.com https://nextgen.am.staging.bnpparibas https://nextgen.am.bnpparibas https://nextgen.am.dev.bnpparibas https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://md-scp.kampyle.com https://s0.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://assets.adobedtm.com https://unpkg.com https://www.google-analytics.com https://9873963.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://m.clarity.ms https://stats.g.doubleclick.net https://www.clarity.ms https://analytics.newscred.com https://snap.licdn.com https://www.google-analytics.com https://www.stoneshot.com https://cdn.cookielaw.org https://www.googletagmanager.com https://api.bnpparibas-am.com https://api.staging.bnpparibas-am.com https://player.ausha.co https://apidata.staging.bnpparibas-am.com https://apidata.bnpparibas-am.com; font-src 'self' 'unsafe-inline' data: https://ampw-component.bnpparibas-am.com https://ampw-component.staging.bnpparibas-am.com https://nextgen.am.staging.bnpparibas https://nextgen.am.bnpparibas https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://s0.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://fonts.gstatic.com https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com; img-src 'self' blob: https://am.bnpparibas.com https://www.bnpparibas-am.com https://dpm.demdex.net https://cm.everesttech.net https://l.teads.tv https://t.teads.tv https://p1.parsely.com https://ampw-component.bnpparibas-am.com https://ampw-component.staging.bnpparibas-am.com https://nextgen.am.staging.bnpparibas https://nextgen.am.bnpparibas https://bnpparibas-am-com.go-vip.net https://bnpparibas-am.com https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://bnppampublicglobalprod.112.2o7.net https://diversification.bnpparibas-am.com https://pixel.wp.com https://secure.gravatar.com https://bnppampublicglobaldev.112.2o7.net https://ad.doubleclick.net https://www.linkedin.com https://udc-neb.kampyle.com data:  https://resources.digital-cloud.medallia.eu https://px.ads.linkedin.com https://cdn.cookielaw.org https://www.stoneshot.com https://www.google-analytics.com https://pixel.welcomesoftware.com https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com; base-uri 'self'; object-src 'self'; media-src 'self' https://*.ausha.co https://ampw-component.bnpparibas-am.com https://ampw-component.staging.bnpparibas-am.com https://nextgen.am.staging.bnpparibas https://nextgen.am.bnpparibas https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://www.youtube.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://audio.ausha.co https://audiofiles.ausha.co; child-src 'self' https://bnppam.demdex.net https://newassets.hcaptcha.com https://ampw-component.bnpparibas-am.com https://ampw-component.staging.bnpparibas-am.com https://nextgen.am.staging.bnpparibas https://nextgen.am.bnpparibas https://widget.ausha.co https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://www.youtube.com https://widgets.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://td.doubleclick.net https://9054818.fls.doubleclick.net https://www.youtube.com https://resources.digital-cloud.medallia.eu https://9873963.fls.doubleclick.net https://bnpparibas-am.libcast.com https://embed.api.video https://player.ausha.co; worker-src 'self' blob:;style-src 'self' 'unsafe-inline' https://ampw-component.bnpparibas-am.com https://ampw-component.staging.bnpparibas-am.com https://nextgen.am.staging.bnpparibas https://nextgen.am.bnpparibas https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://s0.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://fonts.googleapis.com https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com; connect-src 'self' https://gravityapi.com https://docfinder.bnpparibas-am.com https://cm.teads.tv https://t.teads.tv https://p1.parsely.com https://t.teads.tv https://analytics-fe.digital-cloud.medallia.eu https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://ampw-component.bnpparibas-am.com https://ampw-component.staging.bnpparibas-am.com https://nextgen.am.staging.bnpparibas https://nextgen.am.bnpparibas https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://bnp-privacy.my.onetrust.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://region1.google-analytics.com https://dpm.demdex.net https://resources.digital-cloud.medallia.eu https://apidata.staging.bnpparibas-am.com https://apidata.bnpparibas-am.com https://stats.g.doubleclick.net https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com https://www.stoneshot.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.google-analytics.com; 9
object-src 'none'; form-action 'self'; frame-ancestors 'self' 9
frame-ancestors 'self' http://*.tp.com https://*.tp.com http://insights.tp.com https://insights.tp.com 9
frame-ancestors 'self' https://platform.fynd.com 9
frame-ancestors https://auto-emotion.cupra.de https://showcase.cupra.de.showcase.dev.cupra.de 'self' 9
frame-ancestors 'self'; base-uri 'self'; object-src 'none'; 9
block-all-mixed-content; upgrade-insecure-requests; 9
frame-ancestors https://*.myshopify.com https://admin.shopify.com 9
unsafe-inline 9
require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport 9
default-src * https: data: blob: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 9
frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 9
object-src 'self'; 9
frame-ancestors 'self' https://temaquevende.com.br https://vitrinedetemas.hostgator.com.br *.clearsale.com.br 9
frame-ancestors 'self' my.samsonite.test.frucon.net my.samsonite.staging.frucon.net my.samsonite.com *.narvar.com narvar.com *.integrations-narvar.com dobit.com *.dobit.com samsonite-dxp.dobit.com http://localhost:88; base-uri 'self'; 9
frame-ancestors http://*.interactcp.com https://*.interactcp.com 'self' 9
worker-src 'self' blob:; 9
frame-ancestors 'self' https://www.mtbiker.sk; 9
script-src 'nonce-3d064211-36cd-4880-9a17-d1ff73000681' 'strict-dynamic';media-src 'self' 'self' blob:;; 9
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org wwwb-events.archive.org 9
default-src * https: data: blob: 'unsafe-inline' 'unsafe-eval'; 9
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 8
default-src https: data: 'unsafe-eval' 'unsafe-inline' https://*.smassets.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com wss://*.qualified.com https://api.amplitude.com https://api2.amplitude.com https://*.crazyegg.com; upgrade-insecure-requests; connect-src https: wss: https://rum-ingest.us1.signalfx.com/ https://api.schedule.zoominfo.com https://ws.zoominfo.com 'self'; script-src https: blob: 'unsafe-eval' 'unsafe-inline' https://js.zi-scripts.com https://schedule.zoominfo.com https://ws-assets.zoominfo.com 'self'; worker-src https: blob: 'self'; media-src https: blob: 'self'; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com https://*.microsoft365.com https://*.cloud.microsoft 8
default-src 'self' *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; style-src 'self' 'unsafe-inline' *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; font-src 'self' *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; img-src 'self' data: https: blob: *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; media-src 'self' blob: *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; connect-src 'self' *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; worker-src 'self' blob: *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; frame-src 'self' *.prismic.io *.myworkdayjobs.com *.workday.com *.jobvite.com *.googletagmanager.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' *.myworkdayjobs.com *.workday.com 8
frame-ancestors 'self' https://localhost:* https://*.bustle.com https://*.bdg.com 8
frame-ancestors 'self' *.mebis.info 8
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 8
frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ https://customerportal.solarwinds.com/ https://www.g2.com/ https://app.mutinyhq.com/  https://app.optimizely.com https://*.optimizely.com 8
frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.vfz-services.nl https://*.prod.aws.ziggo.io https://*.acc.aws.ziggo.io https://*.dev.aws.ziggo.io https://*.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl; 8
frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 8
; frame-ancestors 'self' 8
frame-ancestors *; report-uri /_/commcsp?disposition=enforce 8
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 8
frame-ancestors 'self' https://*.qtx.dev https://*.dev.qtxquartz.com https://*.stage.qtxquartz.com https://www.fiercewireless.com https://www.fiercetelecom.com https://sample.dragonforms.com https://*.questexinfo.com http://resources.questex.com https://resources.questex.com 8
connect-src 'self' inetchat.zoner.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com www.google-analytics.com *.smartlook.cloud *.doubleclick.net https://web.facebook.com https://www.facebook.com https://manychat.com https://socialplugin.facebook.net *.google-analytics.com https://search.zonercloud.cz https://*.clarity.ms www.google.com google.com https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io adservice.google.com www.google.cz *.analytics.google.com px.ads.linkedin.com googletagmanager.com https://maps.googleapis.com https://ai-dev.zarea.net:4003 c.imedia.cz;default-src 'self' www.google-analytics.com www.google.com inetchat.zoner.com;font-src 'self' data: fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;img-src 'self' data: stats.g.doubleclick.net www.google-analytics.com www.google.cz www.google.com inetchat.zoner.com www.facebook.com c.imedia.cz http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.inpage.cz https://www.inpage.sk https://c.seznam.cz https://i.ytimg.com *.twitter.com https://seal.digicert.com ad.czechia.com  api.thegreenwebfoundation.org www.abuseipdb.com www.googletagmanager.com https://px.ads.linkedin.com https://c.bing.com https://c.clarity.ms www.google.sk www.google.es www.google.de www.google.sn https://maps.gstatic.com www.czechia.com mailing.zoner.eu;manifest-src 'self';script-src 'self' 'unsafe-inline' data: www.google.com www.gstatic.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz connect.facebook.net c.imedia.cz rec.smartlook.com *.twitter.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://seal.digicert.com ad.czechia.com https://c.seznam.cz https://widget.manychat.com https://mccdn.me www.clarity.ms https://search.zonercloud.cz https://snap.licdn.com https://*.clarity.ms https://maps.googleapis.com/ https://mujtest.eu https://cdn.amcharts.com https://cdn.datatables.net https://martinturek.dev 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net;frame-ancestors 'none';form-action 'self' admin.czechia.com admin.slovaknet.sk admin.regzone.cz *.csob.cz *.tatrabanka.sk www.googletagmanager.com www.facebook.com;base-uri 'self';object-src 'none';frame-src 'self' *.inpage.cz *.inpage.sk *.inpageweb.com www.youtube.com www.google.com maps.google.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.twitter.com www.metercustom.net https://web.facebook.com https://www.facebook.com *.doubleclick.net https://docs.google.com mailing.zoner.eu www.googletagmanager.com https://mujtest.eu;report-uri /csp-report-endpoint; 8
object-src 'self' 8
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://p2-chat-use1.starcenter.star2star.com/ https://privacy-proxy.usercentrics.eu/ https://www.youtube.com/ https://app.usercentrics.eu/ https://info.sangomaus.local/ https://info.staging.sangoma.com/ https://info.sangoma.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://cdn.howuku.com/ https://api.howuku.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hubspot.com/ https://js.hsforms.net/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://play.google.com/ https://www.googleadservices.com/ https://s3.tradingview.com/ https://www.workable.com/ https://dcvxs6ggqztsa.cloudfront.net/ https://apply.workable.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' blob: data: https://secure.gravatar.com/ https://privacy-proxy-server.usercentrics.eu/ https://staging.sangoma.com/ https://app.usercentrics.eu/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://perf-na1.hsforms.com/ https://track.hubspot.com/ https://forms-na1.hsforms.com/ https://www.googletagmanager.com/ https://www.linkedin.com/ https://www.x.com/ https://uct.service.usercentrics.eu/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://i.ytimg.com/ ; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' wss://ws.hotjar.com/ https://api.hsforms.com/ https://api.usercentrics.eu/ https://px.ads.linkedin.com/ https://api.howuku.com/ https://cta-service-cms2.hubspot.com/ https://content.hotjar.io/ https://p2-chat-use1.starcenter.star2star.com/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://www.google-analytics.com/ https://www.linkedin.com/ https://www.google.com/ https://www.workable.com/assets/embed.js https://www.youtube.com/ https://www.x.com/ https://metrics.hotjar.io/ https://api.howuku.com/ https://api.howuku.com/ https://vc.hotjar.io/ https://consent-api.service.consent.usercentrics.eu/ https://google.com/ https://www.googleadservices.com/ ;worker-src 'self' blob: https://www.google.com/ ;frame-src 'self' https://p2-chat-use1.starcenter.star2star.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://www.google.com/ https://www.youtube.com/ https://forms.hsforms.com/ https://www.tradingview-widget.com/ ;frame-ancestors 'self' https://www.google.com/ ; 8
default-src * 'unsafe-inline' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.rambler.ru dsp-rambler.ru *.dsp-rambler.ru *.rambler-co.ru *.top100.ru *.s3.yandex.net *.market.yandex.ru *.yandex.ru *.maps.yandex.net yandex.ru yastatic.net *.webvisor.org smartcaptcha.yandexcloud.net www.google-analytics.com www.googletagmanager.com *.weborama.fr *.weborama-tech.ru weborama-tech.ru *.adlooxtracking.com adlooxtracking.com *.adlooxtracking.ru adlooxtracking.ru adriver.com adriver.ru *.adriver.com *.adriver.ru *.serving-sys.ru *.serving-sys.com serving-sys.ru serving-sys.com *.smi2.net *.smi2.ru smi2.ru *.24smi.net *.smi2cdn.ru *.sber.ru sber.ru *.mail.ru *.mindbox.ru *.rnet.plus *.adfox.ru *.jsdelivr.net *.pushwoosh.com *.createjs.com *.facebook.net *.reddigital.ru *.geniusaudience.com *.gnezdo.ru *.hit.gemius.pl *.prom.app.sberdevices.ru *.2xclick.ru *.infox.sg *.otm-r.com stat.media *.terratraf.io *.soloway.ru vk.com *.getsitecontrol.com www.tns-counter.ru *.mradx.net *.ampproject.org *.bumlam.com *.imgsniper.com *.terratraf.com *.digitaltarget.ru telegram.org *.buzzoola.com buzzoola.com *.aidata.io *.a.mts.ru anketolog.ru blob:; report-to csp.rambler-co.ru 8
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.salesforce.com *.force.com *.site.com; 8
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: ws: wss: http: https:; 8
default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 8
frame-ancestors 'none'; upgrade-insecure-requests; 8
default-src *; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: 8
frame-ancestors nuanceaudio.com *.nuanceaudio.com *.luxgroup.net https://cms-prod.brxm.grandvision.io 8
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 8
default-src 'self';connect-src 'self' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com https://accounts.google.com/gsi/ *.google-analytics.com www.googletagmanager.com csi.gstatic.com habboo-a.akamaihd.net d29usylhdk1xyu.cloudfront.net;img-src 'self' data: *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com *.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com habboo-a.akamaihd.net images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com cdn.rpxnow.com pay.openbucks.com trck.spoteffects.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.habbo.com https://appleid.cdn-apple.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com connect.facebook.net https://accounts.google.com/gsi/client *.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com apis.google.com rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net;style-src 'self' 'unsafe-inline' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com;child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com data:;frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br;form-action 'self' https://login.habbo.com https://help.habbo.com https://help.habbo.de https://help.habbo.es https://help.habbo.fi https://help.habbo.fr https://help.habbo.it https://help.habbo.nl https://help.habbo.com.br https://help.habbo.com.tr habbohelpbr.zendesk.com habbohelpen.zendesk.com habbohelpde.zendesk.com habbohelpes.zendesk.com habbohelpfi.zendesk.com habbohelpfr.zendesk.com habbohelpit.zendesk.com habbohelpnl.zendesk.com habbohelptr.zendesk.com;upgrade-insecure-requests ;report-uri /csp/report 8
default-src 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; frame-ancestors 'self' 8
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss: 8
'self' ; 8
frame-ancestors 'self' https://virtual-tours.msccruises.com; 8
script-src 'self' https: 'unsafe-inline' 8
worker-src https://api.wcx.cloud https://f.wcentrix.com; font-src https://components-bnpl-pe-bbva-moprestamo-com.s3.amazonaws.com https://f.wcentrix.com *.fontawesome.com *.alothemes.com *.magepow.com 'self' data: *.typekit.net *.moprestamo.com *.connectif.cloud data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' business.facebook.com webpay3g.transbank.cl webpay3gint.transbank.cl *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.opencontrol.mx *.kaptcha.com *.openpay.pe https://api.wcx.cloud https://f.wcentrix.com *.weltpixel.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.paynet.com.mx *.openpay.mx *.openpay.co c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com assets.fintoc.com https://assets.fintoc.com *.moprestamo.com *.apurata.com *.google.com https://www.google.com.ar https://www.google.cl https://www.google.com.pe https://www.google.co.ve https://coliseumstorehelp.zendesk.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.postimg.cc *.openpay.mx 'self' data: *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.facebook.com *.apptrian.com *.scene7.com p.typekit.net *.gstatic.com *.googleapis.com *.google.cl *.hotjar.com *.google.com.co *.mercadopago.cl *.mercadopago.com.pe *.bing.com *.clarity.ms *.notifications-icommkt.com *.track-icommkt.com *.connectif.cloud *.converse.cl *.converse.com.pe *.newbalance.com.pe *.merrell.com.pe *.stevemadden.com.pe *.catlifestyle.pe coliseumstore.cl *.coliseumstore.cl *.coliseum.com.pe www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.apurata.com https://coliseumstorehelp.zendesk.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ https://api.smooch.io https://api.smooch.io/faye https://api.wcx.cloud https://f.wcentrix.com https://wcentrix.net *.woowup.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.net business.facebook.com *.google.com unpkg.com cdn.jsdelivr.net *.magento-datasolutions.com *.magento-ds.com amcglobal.sc.omtrdc.net use.typekit.net *.online-metrix.net *.converse.cl *.google.cl *.hotjar.com *.getblue.io *.connectif.cloud *.tiktok.com *.bing.com *.emarsys.net *.clarity.ms *.cloudfront.net *.crazyegg.com *.zdassets.com *.vnforapps.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.moprestamo.com https://f.wcentrix.com *.fontawesome.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.typekit.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://res.cloudinary.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.apurata.com https://coliseumstorehelp.zendesk.com *.openpay.mx *.openpay.co *.openpay.pe wss://api.smooch.io https://api.wcx.cloud https://f.wcentrix.com *.moprestamo.com components-bnpl-pe-bbva-beta.moprestamo.com *.run.app *.conversionsapigateway.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.google-analytics.com *.paypal.com api.mercadopago.com tm.filter:* *.snplow.net *.pingdom.net *.woorank.com *.adobe.io *.adobedc.net *.youtube.com *.googleapis.com *.magento-ds.com performance.typekit.net *.sentry.io *.converse.cl *.google.cl *.hotjar.com wss://ws.hotjar.com *.hotjar.io stats.g.doubleclick.net *.google.com.co *.tiktok.com *.connectif.cloud *.bing.com notifications-icommkt.com track-icommkt.com *.crazyegg.com *.clarity.ms *.zdassets.com *.powerpay.pe apurata.com *.woowup.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 8
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; 8
default-src 'self' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-src https:; img-src data: https:; media-src https:; object-src 'none'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-presentation allow-same-origin allow-scripts; 8
script-src 'self' 'unsafe-inline' https://*.huggy.app https://*.huggy.chat https://*.huggy.cloud wss://*.huggy.app wss://*.huggy.chat wss://*.huggy.cloud https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.huggy.app https://*.huggy.chat https://*.huggy.cloud wss://*.huggy.app wss://*.huggy.chat wss://*.huggy.cloud; img-src 'self' data: https: blob: https://*.huggy.app https://*.huggy.chat https://*.huggy.cloud wss://*.huggy.app wss://*.huggy.chat wss://*.huggy.cloud; font-src 'self' data: https://fonts.gstatic.com https://*.huggy.app https://*.huggy.chat https://*.huggy.cloud wss://*.huggy.app wss://*.huggy.chat wss://*.huggy.cloud; connect-src 'self' https://demo-1.conversionsapigateway.com https://mpc2-prod-1-is5qnl632q-uc.a.run.app https://mpc-prod-27-s6uit34pua-uk.a.run.app https://*.huggy.app https://*.huggy.chat https://*.huggy.cloud wss://*.huggy.app wss://*.huggy.chat wss://*.huggy.cloud https://gateway.apispt.net https://gateway.dev.apispt.net https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://image.boxnary.com https://www.google-analytics.com https://www.facebook.com; frame-src 'self' https: https://*.huggy.app https://*.huggy.chat https://*.huggy.cloud wss://*.huggy.app wss://*.huggy.chat wss://*.huggy.cloud; worker-src 'self' blob:; manifest-src 'self'; media-src 'self' https: blob:; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests 8
default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 8
frame-ancestors 'self' *.bambuser.com 8
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 8
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 8
default-src http: data: 'unsafe-inline' 'unsafe-eval' 8
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://s7.addthis.com https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; img-src 'self' https:; frame-src 'self' https: https://www.google.com; object-src 'none'; frame-ancestors 'self';connect-src 'self' https://www.google-analytics.com https://analytics.google.com https:; 8
frame-ancestors https://app.storyblok.com/ 8
default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 8
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://rum-static.pingdom.net/ https://www.googletagmanager.com https://www.google-analytics.com https://web.cmp.usercentrics.eu; style-src 'report-sample' 'self' 'unsafe-inline' https://web.cmp.usercentrics.eu; connect-src 'self' https://app.qweb.nl https://www.foxxl.hosting https://*.google-analytics.com https://*.pingdom.net https://v1.api.service.cmp.usercentrics.eu; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://fonts.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self' https://app.qweb.nl; 8
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://payment.preprod.payone.com https://payment.payone.com 'self' https://payment.preprod.payone.com https://payment.payone.com; frame-ancestors 'none' 'none'; img-src 'self' data: https: 'self' data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https: http://localhost:8080 'unsafe-inline' 'unsafe-eval' https: http://localhost:8080; upgrade-insecure-requests; 8
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.domain-robot.org https://maxcdn.bootstrapcdn.com  https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.google.com https://*.usercentrics.eu https://www.googleadservices.com https://snap.licdn.com https://*.facebook.net https://googleads.g.doubleclick.net https://*.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://t.co https://*.google.de https://*.google.com https://*.facebook.com https://seal.digicert.com blob: data: https://fonts.googleapis.com/css;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 8
frame-ancestors 'self' *.sivuviidakko.fi *.lianacms.com *.tagomocms.fi; 8
upgrade-insecure-requests; default-src https:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; media-src https: blob:; worker-src 'self' blob:; 8
frame-ancestors 'self' ersag.com.tr *.ersag.com.tr 8
default-src                 'self'                 data:                 https://dkcompany.altapaysecure.com                 https://*.mobilepay.dk                https://*.vipps.no                https://*.paypal.com                https://*.idealapi.nl                https://*.ideal.nl                https://dkcompany.imgix.net                 https://dkcompany-test.imgix.net                 https://dkcompany-ctf.imgix.net                 https://*.dkcompanyshop.com                 https://*.productmarketingcloud.com                 https://vitals.vercel-insights.com                 https://www.googletagmanager.com                 https://*.google-analytics.com                 https://fonts.googleapis.com                 https://plausible.io                 https://*.googlesyndication.com                 https://*.azure.com                https://*.services.visualstudio.com                https://*.ctfassets.net                 https://*.facebook.net                 https://*.cookieinformation.com                 https://*.voyado.com                 https://*.vercel-scripts.com                 https://hook.eu1.make.com                https://dk-company.webshipper.io                 https://*.clarity.ms                 https://*.sleeknote.com                 https://*.relewise.com                 https://*.eyefitu.com	                https://*.bing.com                https://*.facebook.com                 https://*.facebook.net                 https://*.youtube.com                https://*.vimeo.com                https://*.pinimg.com                https://*.tiktok.com                https://*.pinterest.com                https://*.google.com                 https://*.google.dk                 https://*.doubleclick.net                 https://*.getflowbox.com                 https://cdn.flbx.io                 https://*.dialogintelligens.dk                https://*.soakedinluxury.com                 https://*.parttwo.com                 https://*.woodwood.com                 https://*.ivyoak.com                 https://*.matinique.com                 https://*.inwear.com                 https://*.sainttropez.com                 https://*.dkcompany.com                 https://*.casual-friday.eu                 https://*.atelierreve.biz                 https://*.sorbetshop.com                 https://*.designersmarket.net                 https://*.blendcompany.com                 https://*.solid-official.com                 https://*.balloriginal.com                 https://*.pulzjeans.com                 https://*.byoung.com                 https://*.fransa.com                 https://*.ichi.biz                 https://*.karenbysimonsen.com                 https://*.kaffe-clothing.com                 https://*.culture-fashion.com                 https://*.cream-clothing.com                 https://*.gestuz.com                 https://*.myessentialwardrobe.com                 https://*.bonaparteshop.com                 https://*.companys.com                 https://*.byoung.no                 https://*.dkcompanyshop.com                 'unsafe-inline'                 'unsafe-eval';              font-src                 'self'                 https://fonts.gstatic.com                https://fonts.googleapis.com;              style-src                 'self'                 https://dkcompany.altapaysecure.com                 https://fonts.googleapis.com                 'unsafe-inline';              manifest-src                 'self';              worker-src                 'self'                 blob:;              form-action                 'self';              frame-ancestors                 'self'                 https://app.contentful.com;              upgrade-insecure-requests; 8
frame-ancestors 'self' https://trustseal.enamad.ir 8
object-src 'none'; base-uri 'none'; frame-ancestors 'none'; 8
frame-ancestors 'self' https://gtranslate.io; 8
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src * blob:; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://www.googletagmanager.com https://isic.de https://cdn.trustcommander.net https://td.doubleclick.net ; img-src 'self' https://fit4ref.de https://www.fit4ref.de data: https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://www.google-analytics.com https://manager.tagcommander.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://r2eu01.visualwebsiteoptimizer.com blob: https://googleads.g.doubleclick.net https://www.google.com https://www.google.com.sg https://stats.g.doubleclick.net; manifest-src 'self'; media-src *; report-uri https://63f2d3ef3e361dd413cfdb2d.endpoint.csper.io/?v=0; worker-src 'self' https://fit4ref.de https://www.fit4ref.de blob: 8
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn01l.vaillant-group.com *.adalyser.com *.adform.com *.adform.net *.adroll.com *.bing.com *.consentmanager.net *.contentsquare.net *.criteo.com *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.glp8.net *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.ibm.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.presage.io *.redditstatic.com *.clarity.ms *.serving-sys.com *.taboola.com *.tiktok.com *.tiktokw.us *.xo-matic.com *.youtube.com *.zenloop.com a.mgid.com acdn.adnxs.com c.seznam.cz c1.rfihub.net cdn-assets-prod.s3.amazonaws.com cdn.inis360.com cdn.oribi.io cdn.prod.uidapi.com cloudrizon.formstack.com contactis.ua graph.facebook.com heizungonline.vaillant.de heyzine.com io.fusedeck.net js.adsrvr.org mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be optimizely.s3.amazonaws.com popup.campaign.playable.com preventivi.vaillant.it s.pinimg.com s.yimg.com snap.licdn.com static.ads-twitter.com static.cleverpush.com static.criteo.net tags.creativecdn.com toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de vaillantp.ubiqubit.it verkoopkansen.vaillant.nl widget.trustpilot.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.instalxpert.be www.recaptcha.net; connect-src 'self' ws: *.adform.net *.analytics.google.com *.bing.com *.bing.net *.clarity.ms *.contentsquare.net *.criteo.com *.delivery.consentmanager.net *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.facebook.com *.facebook.net *.glp8.net *.hotjar.com *.hotjar.io *.linkedin.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.prod.uidapi.com *.reddit.com *.redditstatic.com *.serving-sys.com *.taboola.com *.tiktok.com *.tiktokw.us *.xo-matic.com ams.creativecdn.com api.cleverpush.com capi.vaillant.es capig.stape.cc heizungonline.vaillant.de ib.adnxs.com ice.360yield.com insight.adsrvr.org logx.optimizely.com mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be operator-integ.uidapi.com premiumstory.bvz.at premiumstory.noen.at branded-content.tt.com preventivi.vaillant.it prod.uidapi.com s.yimg.com story.nachrichten.at story.vienna.at story.vol.at toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; style-src 'self' 'unsafe-inline' *.loyjoy.com *.glp8.net *.zenloop.com app.optimizely.com cdn01l.vaillant-group.com cloudrizon.formstack.com contactis.ua fonts.googleapis.com heizungonline.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be preventivi.vaillant.it tagmanager.google.com toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl www.googletagmanager.com www.instalxpert.be; img-src 'self' blob: data: *.1rx.io *.adalyser.com *.adform.net *.adlmerge.com *.adroll.com *.agkn.com *.atemda.com *.bidswitch.net *.bing.com *.bing.net *.clarity.ms *.consentmanager.net *.contentsquare.net *.creativecdn.com *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.glp8.net *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hit.gemius.pl *.linkedin.com *.loyjoy.com *.outbrain.com *.presage.io *.pubmatic.com *.reddit.com *.taboola.com *.xo-matic.com a.mgid.com a.twiago.com aax-eu.amazon-adsystem.com ad.360yield.com ad.as.amanad.adtdp.com ad.mail.ru ad.tpmn.co.kr ad.yieldlab.net ad.yieldlab.net adasta-pbs.relevant-digital.com adlmerge.com adn.caprofitx.com ads.betweendigital.com ads.betweendigital.com ads.enjoy4fun.com ads.stickyadstv.com ads.yieldmo.com an.yandex.ru an.yandex.ru analytics.ad.daum.net api.gov-img.site app.optimizely.com atemda.com bbnaut.ibillboard.com bbnaut.ibillboard.com bh.contextweb.com bh.contextweb.com c.seznam.cz c1.adform.net capturemedia-assets.com cdn.optimizely.com cdn.performax.cz cdn01l.vaillant-group.com ce.lijit.com clientes.saunierduval.es clientes.vaillant.es cm.adform.net cm.g.doubleclick.net cm.gammaplatform.com cm.gammaplatform.com cm.mgid.com cmeu.hit.gemius.pl cm-exchange.toast.com cmrtbhpl.hit.gemius.pl contactis.ua contextual.media.net cookiesync.axis-marketplace.com cookiesyncgotham.com criteo-partners.tremorhub.com criteo-sync.teads.tv cs.adingo.jp cs.gssprt.jp cs.gssprt.jp cs.mobfox.com cs.yellowblue.io cstb.adsinteractive.com csync.loopme.me csync.smilewanted.com delivery.swid.switchads.com delivery.swid.switchads.com dis.criteo.com dmx.districtm.io dot.wp.pl dpm.demdex.net dsum-sec.casalemedia.com dsum-sec.casalemedia.com e1.emxdgt.com e1.emxdgt.com eb2.3lift.com eb2.3lift.com eexsync.com elb.the-ozone-project.com exchange.mediavine.com fast.nexx360.io fusedeck.com glp8.net goo.gamx.io gum.criteo.com hb.adtarget.com.tr hb.r2b2.cz hb.r2b2.io hb.yahoo.net hb.yahoo.net hbx.media.net heizungonline.vaillant.de ib.adnxs.com ib.adnxs.com insight.adsrvr.org ice.360yield.com ice.360yield.com id5-sync.com idsync.admixer.co.kr idsync.rlcdn.com ih.adscale.de ih.adscale.de inv-nets.admixer.net jadserve.postrelease.com localhost mapping.lacunads.com match.c8.net.ua match.c8.net.ua match.sharethrough.com match.sharethrough.com matching.ivitrack.com mes-devis.saunierduval.fr mixer.mobon.net mkt.saunierduval.es mkt.vaillant.es mojklient.vaillant.pl ms-cookie-sync.presage.io mynet-pbs.theadx.com offer.vaillant.be offerte.bulex.be offre.bulex.be onetag-sys.com optimics-ads.aimatch.com pbjs.digitalmatter.services pbs.optidigital.com pbs.yahoo.com pixel.rubiconproject.com pixel.rubiconproject.com pixel.s3xified.com pixel.tapad.com prebid.admatic.de prebid.adocean.pl prebid.adtarget.com.tr prebid.jixie.io prebid.monetixads.com prebid.pixad.com.tr prebid.serve.admatic.com.tr prebid-s2s.media.net prebid-server.pbstck.com prebid-server.rtbhouse.net prebid-server.rubiconproject.com prebid-stag.setupad.net preventivi.vaillant.it profile.ssp.rambler.ru profile.ssp.rambler.ru public-prod-dspcookiematching.dmxleo.com r.casalemedia.com res.cloudinary.com rm.em.nscontext.eu rm.em.nscontext.eu router.infolinks.com rt.marphezis.com rt.udmserve.net rtb.adxpremium.services rtb-csync.smartadserver.com rtb-server.valuad.io s.ad.smaato.net s.amazon-adsystem.com s.seedtag.com s2s.yieldbird.com s-cs.rmp.rakuten.com s-cs.send.microad.jp s-cs.send.microad.jp server.seadform.net simage2.pubmatic.com simage2.pubmatic.com sofia.trustx.org sp.analytics.yahoo.com sp.gmossp-sp.jp ssc-cms.33across.com ssp.adriver.ru ssp.adriver.ru ssp.api.tappx.com ssp.wp.pl ssp-csync.smartadserver.com ssp-csync.smartadserver.com static.cleverpush.com sync.1rx.io sync.addlv.smt.docomo.ne.jp sync.adkernel.com sync.ad-stir.com sync.adtech.ink sync.adtelligent.com sync.aniview.com sync.bidence.net sync.bidmatic.io sync.cenarius.orangeclickmedia.com sync.connectad.io sync.console.adtarget.com.tr sync.cootlogix.com sync.dmp.otm-r.com sync.e-planning.net sync.go.sonobi.com sync.inmobi.com sync.kueezrtb.com sync.outbrain.com sync.pubrise.ai sync.taboola.com sync.teads.tv sync-criteo.ads.yieldmo.com sync-service.net t.adx.opera.com t.visx.net tg.socdm.com tg.socdm.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de toolbox-gb-glowworm.prod.cloud.heatingonline.de u.4dex.io ups.analytics.yahoo.com us.ck-ie.com us.ck-ie.com us.shb-sync.com us-east-pbs.automatad.com usersync.gumgum.com usersync-america.rtblab.net us-u.openx.net us-u.openx.net verkoopkansen.vaillant.nl vid.vidoomy.com visitor.omnitagjs.com visitor.omnitagjs.com x.bidswitch.net z.cdn.adtarget.market; font-src 'self' data: *.loyjoy.com *.glp8.net cdn01l.vaillant-group.com fonts.cdnfonts.com heizungonline.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be preventivi.vaillant.it script.hotjar.com toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; object-src 'none'; base-uri 'self'; form-action 'self' *.columbusconnect.it *.facebook.com *.officego.de *.plansoft-online.de *.saunierduval.es *.vaillant-group.com *.vaillant.es eshopspares.protherm.sk http://sso.wigam.com http://www.columbusconnect.it https://sso.wigam.com:8016 pontbevaltas.saunierduval.hu self-service.vaillant.de shop.vaillant.at sso.wigam.com; frame-src 'self' *.adform.net *.adroll.com *.adsrvr.org *.captivate.fm *.cdn-pci.optimizely.com *.cdn.optimizely.com *.consentmanager.net *.criteo.com *.doubleclick.net *.elf.site *.facebook.com *.g.doubleclick.net *.glp8.net *.google.com *.oplead.com *.pinterest.com *.protherm.cz *.rfihub.com *.saunierduval-piecedetachee.fr *.saunierduval.es *.taboola.com *.xo-matic.com *.vaillant-systeme.de *.vaillant.es *.vaillant.ua *.vaillantkotle.cz *.vanmarcke.com 27052801.hs-sites-eu1.com aides.saunierduval.fr ams.creativecdn.com anzeigen.premium.salzburg24.at anzeigen.premium.sn.at apps.vaillantgroup.org bayi.demirdokum.net cat.hermann-saunierduval.it cat.vaillant.it cloud.at.vgmarketingcloud.com contotermicohsd.vaillantgroup.it contotermicovaillant.vaillantgroup.it customer.vaillant.com.tr epaper.paper2web.ch fiches-qce.saunierduval.fr foerdermittelsuche.betatool.de form.jotform.com forms.iframes-saunierduval.es forms.office.com gutschein.vaillant.de heyzine.com identity.vaillant-group.com iframe.vaillantbayiminternette.com iqg.vaillant.com mapapartnerov.protherm.sk marktraum.betatool.de mkt.saunierduval.es optimum.vaillant.at optimum.vaillant.pl pompe-a-chaleur.saunierduval.fr portal.vaillant.ua powerfinder.hermann-saunierduval.it powerfinder.vaillant.it servicevaillant.wufoo.com servis.demirdokum.net servis.protherm.sk share-eu1.hsforms.com simulator.vaillant.com tarif-public.saunierduval.fr tools.vaillant.nl ucretsizkesif.demirdokum.com.tr urunler.demirdokum.com.tr vaillant-group.campaign.playable.com vaillant-systeme.de vaillant.cleverpush.com vaillant.cyber-time.at vaillantclub.vaillant.com.tr vf.r3f.technology widget.trustpilot.com wpcalc.vaillant.ch www.foerderdata.at www.foerdermittelauskunft.de www.googletagmanager.com www.kalkulator-vaillant.pl www.mepcontent.com www.recaptcha.net www.youtube.com wwwvaillantbe.mycleverpush.com; upgrade-insecure-requests; 8
default-src *; font-src 'self' data: https://static.opencityitalia.it https://fonts.gstatic.com https://acsbapp.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; img-src * 'self' data: https: blob: 8
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none', frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 8
frame-ancestors 'self' www.f5.com f5.com studio.f5.com cdn.studio.f5.com k6fem79d.api.sanity.io f5.com.cn www.f5.com.cn mktg.tags.f5.com mktg.collect.f5.com; 7
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.basis.net *.sitescout.com *.mktoresp.com *.sentry-cdn.com *.integrate.com *.d41.co *.contentsquare.net analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com dpm.demdex.net platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net munchkin.marketo.net widget.usersnap.com resources.usersnap.com cdn5.userzoom.com app.contentsquare.com js.zi-scripts.com scripts.zoominfo.com ws.zoominfo.com tags.clickagy.com www.trustradius.com https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' blob: *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.basis.net *.sitescout.com *.mktoresp.com *.sentry-cdn.com *.integrate.com *.d41.co *.contentsquare.net analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com dpm.demdex.net platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net munchkin.marketo.net widget.usersnap.com resources.usersnap.com cdn5.userzoom.com app.contentsquare.com js.zi-scripts.com scripts.zoominfo.com ws.zoominfo.com tags.clickagy.com www.trustradius.com https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; style-src 'self' 'unsafe-inline' *.redhat.com fonts.googleapis.com js.driftt.com https://cdnjs.cloudflare.com https://static.redhat.com https://use.fontawesome.com https://www.redhat.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' tracks.redhat.com; report-uri https://o425042.ingest.sentry.io/api/5370002/security/?sentry_key=676ea2c2d4a147c2834066d24c04a9e4&sentry_environment=prod 7
frame-ancestors 'self' https://*.nbcnews.com https://*.today.com https://*.msnbc.com https://*.telemundo.com https://*.nbcnewstools.net https://*.eonline.com https://*.cnbc.com; 7
default-src * 'unsafe-eval' data: 'unsafe-inline'; frame-ancestors 'none'; worker-src * 'self' blob:; 7
frame-ancestors 'self' *.zdnet.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 7
default-src 'self' *.2o7.net *.accenture.cn *.accenture.com *.accenture.jp *.accenture.test *.accenturealumni.com *.adnxs.com *.adobe.com *.adobeaemcloud.com *.adobedc.net *.adobedtm.com *.ads-twitter.com *.adsrvr.org *.adsymptotic.com *.amazonaws.com *.appcast.io *.apple.com *.assestsadobe.com *.azurewebsites.net *.bidswitch.net *.bing.com *.bootstrapcdn.com *.bnr.nl *.casalemedia.com *.captcha.com *.clarity.ms *.clicktale.net *.cloudflare.com *.cocubesprod.com *.company-target.com *.companytarget.com *.confirmit.com *.contentsquare.com *.contentsquare.net *.cookielaw.org *.crwdcntrl.net *.d3js.org *.datadoghq-browser-agent.com *.day.com *.demandbase.com *.delvenetworks.com *.demdex.net *.doubleclick.net *.echocdn.com *.echosign.com *.embed.ly *.en25.com *.everesttech.net *.facebook.com *.facebook.net *.flipsnack.com *.fontawesome.com *.ggpht.com *.glassdoor.com *.google.ca *.google.co.in *.google.co.za *.google.com *.google.com.ph *.google.com.sg *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ietf.org *.javelingroup.com *.jsdelivr.net *.knotch-cdn.com *.knotch.it *.libsyn.com *.licdn.com *.lightinfosys.com *.linkedin.com *.login.live.com *.marketo.net *.mettl.de *.ml314.com *.monster.com *.mktgcdn.com *.newsroom.accenture.de *.novetta.com *.omtrdc.net *.onetrust.com *.oribi.io *.pagetiger.com *.pubmatic.com *.reddit.com *.redditstatic.com *.rlcdn.com *.rosettastone.com *.rubiconproject.com *.salesforce.com *.scene7.com *.schema.org *.siteimprove.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.tableau.com *.trtl.co *.twimg.com *.typekit.net *.unpkg.com *.vidyard.com *.virtualearth.net *.yahoo.com *.youtube.com *.youtube-nocookie.com *.youtubenocookie.com *.ytimg.com https://t.co *.ionicframework.com *.flourish.studio https://flo.uri.sh https://unpkg.com *.delvenetworks.com *.slideshare.net *.jquery.com *.assetsadobe.com *.fintechinnovationlab.com *.pcdn.co *.wistia.net *.intraworlds.com *.wistia.com *.powerbi.com https://browser-intake-datadoghq.com https://d25zu39ynyitwy.cloudfront.net *.paradox.ai blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2o7.net *.accenture.cn *.accenture.com *.accenture.jp *.accenture.test *.accenturealumni.com *.adnxs.com *.adobe.com *.adobeaemcloud.com *.adobedc.net *.adobedtm.com *.ads-twitter.com *.adsrvr.org *.adsymptotic.com *.amazonaws.com *.appcast.io *.apple.com *.assestsadobe.com *.azurewebsites.net *.bidswitch.net *.bing.com *.bootstrapcdn.com *.bnr.nl *.casalemedia.com *.captcha.com *.clarity.ms *.clicktale.net *.cloudflare.com *.cocubesprod.com *.company-target.com *.companytarget.com *.confirmit.com *.contentsquare.com *.contentsquare.net *.cookielaw.org *.crwdcntrl.net *.d3js.org *.datadoghq-browser-agent.com *.day.com *.demandbase.com *.delvenetworks.com *.demdex.net *.doubleclick.net *.echocdn.com *.echosign.com *.embed.ly *.en25.com *.everesttech.net *.facebook.com *.facebook.net *.flipsnack.com *.fontawesome.com *.ggpht.com *.glassdoor.com *.google.ca *.google.co.in *.google.co.za *.google.com *.google.com.ph *.google.com.sg *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ietf.org *.javelingroup.com *.jsdelivr.net *.knotch-cdn.com *.knotch.it *.libsyn.com *.licdn.com *.lightinfosys.com *.linkedin.com *.login.live.com *.marketo.net *.mettl.de *.ml314.com *.monster.com *.mktgcdn.com *.newsroom.accenture.de *.novetta.com *.omtrdc.net *.onetrust.com *.oribi.io *.pagetiger.com *.pubmatic.com *.reddit.com *.redditstatic.com *.rlcdn.com *.rosettastone.com *.rubiconproject.com *.salesforce.com *.scene7.com *.schema.org *.siteimprove.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.tableau.com *.trtl.co *.twimg.com *.typekit.net *.unpkg.com *.vidyard.com *.virtualearth.net *.yahoo.com *.youtube.com *.youtube-nocookie.com *.youtubenocookie.com *.ytimg.com https://t.co *.ionicframework.com *.flourish.studio https://flo.uri.sh https://unpkg.com *.delvenetworks.com *.slideshare.net *.jquery.com *.assetsadobe.com *.fintechinnovationlab.com *.pcdn.co *.wistia.net *.intraworlds.com *.wistia.com *.powerbi.com https://d25zu39ynyitwy.cloudfront.net *.paradox.ai blob:; style-src 'self' 'unsafe-inline' *.2o7.net *.accenture.cn *.accenture.com *.accenture.jp *.accenture.test *.accenturealumni.com *.adnxs.com *.adobe.com *.adobeaemcloud.com *.adobedc.net *.adobedtm.com *.ads-twitter.com *.adsrvr.org *.adsymptotic.com *.amazonaws.com *.appcast.io *.apple.com *.assestsadobe.com *.azurewebsites.net *.bidswitch.net *.bing.com *.bootstrapcdn.com *.bnr.nl *.casalemedia.com *.captcha.com *.clarity.ms *.clicktale.net *.cloudflare.com *.cocubesprod.com *.company-target.com *.companytarget.com *.confirmit.com *.contentsquare.com *.contentsquare.net *.cookielaw.org *.crwdcntrl.net *.d3js.org *.datadoghq-browser-agent.com *.day.com *.demandbase.com *.delvenetworks.com *.demdex.net *.doubleclick.net *.echocdn.com *.echosign.com *.embed.ly *.en25.com *.everesttech.net *.facebook.com *.facebook.net *.flipsnack.com *.fontawesome.com *.ggpht.com *.glassdoor.com *.google.ca *.google.co.in *.google.co.za *.google.com *.google.com.ph *.google.com.sg *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ietf.org *.javelingroup.com *.jsdelivr.net *.knotch-cdn.com *.knotch.it *.libsyn.com *.licdn.com *.lightinfosys.com *.linkedin.com *.login.live.com *.marketo.net *.mettl.de *.ml314.com *.monster.com *.mktgcdn.com *.newsroom.accenture.de *.novetta.com *.omtrdc.net *.onetrust.com *.oribi.io *.pagetiger.com *.pubmatic.com *.reddit.com *.redditstatic.com *.rlcdn.com *.rosettastone.com *.rubiconproject.com *.salesforce.com *.scene7.com *.schema.org *.siteimprove.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.tableau.com *.trtl.co *.twimg.com *.typekit.net *.unpkg.com *.vidyard.com *.virtualearth.net *.yahoo.com *.youtube.com *.youtube-nocookie.com *.youtubenocookie.com *.ytimg.com https://t.co *.ionicframework.com *.flourish.studio https://flo.uri.sh https://unpkg.com *.delvenetworks.com *.slideshare.net *.jquery.com *.assetsadobe.com *.fintechinnovationlab.com *.pcdn.co *.wistia.net *.intraworlds.com *.wistia.com *.powerbi.com https://d25zu39ynyitwy.cloudfront.net *.paradox.ai blob:; img-src 'self' data: *.2o7.net *.accenture.cn *.accenture.com *.accenture.jp *.accenture.test *.accenturealumni.com *.adnxs.com *.adobe.com *.adobeaemcloud.com *.adobedc.net *.adobedtm.com *.ads-twitter.com *.adsrvr.org *.adsymptotic.com *.amazonaws.com *.appcast.io *.apple.com *.assestsadobe.com *.azurewebsites.net *.bidswitch.net *.bing.com *.bootstrapcdn.com *.bnr.nl *.casalemedia.com *.captcha.com *.clarity.ms *.clicktale.net *.cloudflare.com *.cocubesprod.com *.company-target.com *.companytarget.com *.confirmit.com *.contentsquare.com *.contentsquare.net *.cookielaw.org *.crwdcntrl.net *.d3js.org *.datadoghq-browser-agent.com *.day.com *.demandbase.com *.delvenetworks.com *.demdex.net *.doubleclick.net *.echocdn.com *.echosign.com *.embed.ly *.en25.com *.everesttech.net *.facebook.com *.facebook.net *.flipsnack.com *.fontawesome.com *.ggpht.com *.glassdoor.com *.google.ca *.google.co.in *.google.co.za *.google.com *.google.com.ph *.google.com.sg *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ietf.org *.javelingroup.com *.jsdelivr.net *.knotch-cdn.com *.knotch.it *.libsyn.com *.licdn.com *.lightinfosys.com *.linkedin.com *.login.live.com *.marketo.net *.mettl.de *.ml314.com *.monster.com *.mktgcdn.com *.newsroom.accenture.de *.novetta.com *.omtrdc.net *.onetrust.com *.oribi.io *.pagetiger.com *.pubmatic.com *.reddit.com *.redditstatic.com *.rlcdn.com *.rosettastone.com *.rubiconproject.com *.salesforce.com *.scene7.com *.schema.org *.siteimprove.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.tableau.com *.trtl.co *.twimg.com *.typekit.net *.unpkg.com *.vidyard.com *.virtualearth.net *.yahoo.com *.youtube.com *.youtube-nocookie.com *.youtubenocookie.com *.ytimg.com https://t.co *.ionicframework.com *.flourish.studio https://flo.uri.sh https://unpkg.com *.delvenetworks.com *.slideshare.net *.jquery.com *.assetsadobe.com *.fintechinnovationlab.com *.pcdn.co *.wistia.net *.intraworlds.com *.wistia.com *.powerbi.com https://browser-intake-datadoghq.com https://d25zu39ynyitwy.cloudfront.net *.paradox.ai blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 7
upgrade-insecure-requests;report-uri /csp-violation-report-endpoint/ 7
object-src *; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; 7
report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 7
frame-ancestors 'self' https://blog.hootsuite.com https://app.contentful.com https://hootsuite.com https://staging.hootsuite.com/; report-uri https://o3805.ingest.sentry.io/api/6608832/security/?sentry_key=f44c14ec894c4667b3fd34b84042794d 7
block-all-mixed-content; frame-ancestors 'self' https://payload.anker-in.com; upgrade-insecure-requests; 7
frame-src 'self'; 7
frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.healthybenefitsplus.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org  www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net match.adsrvr.org; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.healthybenefitsplus.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.recaptcha.net *.lpsnmedia.net *.liveperson.net https://va.idp.liveperson.net match.adsrvr.org; 7
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.arbeitsagentur.de *.assono.de *.b-ite.com *.betterplace.org *.canto.global *.cdninstagram.com *.chatcaptain.com *.chathero.ai *.cookiebot.com *.cookiebot.eu *.dvinci-hr.com *.easy-feedback.com *.etracker.com *.etracker.de *.eu-west-1.playback.live-video.net *.eventis.online *.exmap.de *.facebook.com *.fbcdn.net *.fontawesome.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.highcharts.com *.hk24.de *.ihk-baustellen-portal.de *.ihk-berlin.org *.ihk.de *.ihk24.de *.ihk24.ihk.de *.jobcluster.de *.jobs.personio.com *.jobs.personio.de *.kununu.com *.lineupr.com *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.office.com *.office365.com *.openstreetmap.de  *.openstreetmap.org *.podigee-cdn.net *.podigee.io *.rang-und-namen.de *.signalize.com *.spotify.com *.stage.bio *.stream24.net *.sweap.io  *.sylphen.com *.thinglink.com *.thinglink.me *.toubiz.de *.twitch.tv *.twitter.com *.unikam.de *.usercentrics.eu *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.webstream.eu *.xing-events.com *.youtube.com *.zynd.de api.flockler.app api.mapbox.com app.powerbi.com app.powr.io app.sli.do ausbildung.berlin	 auskunft.nvv.de baustellennavi.de branchenpuls.odis-berlin.de bruecken.projekt.link bxb-festival.app cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.knightlab.com cdn.podigee.com cdn.podlove.org cdnjs.cloudflare.com chat.gr-apps.de client.inecos.de code.jquery.com/jquery-3.1.1.min.js code.jquery.com/jquery-3.4.1.min.js connect.facebook.net consentcdn.cookiebot.com cta.ihk.i40.de datawrapper.dwcdn.net detmold.ihk-beitragsrechner.de dihk.imageplant.de dms.licdn.com doo.net e.video-cdn.net easy-feedback.com easy-feedback.de embed.podcasts.apple.com eoa2.bildung1.gfi.ihk.de events-to-impress.activehosted.com events.ihk-berlin.de expertenpool.automatisierungsregion.de fahrinfo.vbb.de fl-1.cdn.flockler.com fonts.gstatic.com geometro-cockpit.com gwatch.events handelskammer-bremen.appointmind.net heimatshoppen.ihk-industrie-treffpunkt.de heyhugo.ai hk24.sharepoint.com iframe.gewerbe-miete.de iframe.mygma.prd.iib-it.de iframe.wvd-portfolio.de ihk-baustellen-portal.de:5555 ihk-berlin-meetings.webex.com ihk-darmstadt-portal.rexx-recruitment.com ihk-export-admin.simplyorg-seminare.de ihk-hl.gr-live.de ihk-ostwestfalen-portal.rexx-recruitment.com ihk-table-view.customer.apps.kalebru.com ihk-wahlcheck.qgmbh.de ihk.prototype.berlin ihk.selbstdenker.com ihk24.epccm19.com ihk24.omq.de ihk24.omq.io ihkakademie.de ihkchem.pi-asp.de ihknw.pi-asp.de imagemarker.com ims-files-cdn.net jobs.guidecom.de jobs.ihk-niederrhein.de jsfiddle.net kasskada.de konjunkturboard-bw.de link.webropolsurveys.com livestream.watch login.microsoftonline.com mailto: matomo.rexx-systems.commatomo.js maxcdn.bootstrapcdn.com media-api.flockler.com media.graphassets.com media.graphcms.com media.licdn.com mediathek.ihk-gfi.de metabase.datenwerk-sh.freeddns.org mukihk24.z6.web.core.windows.net my.immobilienfotograf-berlin.com my.tikee.io myihk.com myjobboard.de news.ihk-sh.de online.fliphtml5.com organigramm.cloud-ihk-cottbus.de p668079.webspaceconfig.de plugins.flockler.com pruefungen-cottbus-ihk.de publish.flyeralarm.digital register.ihk-exportakademie.de rh1.chatmodul.de s2survey.net s3.fraunhofer.de service.tecintelli.de share.ihkzuschwerin.de  share.synthesia.io signlanguage.alangu.de smart.ihk-berlin.de social-proxy.flocklr.com standortfinder.rlp.de start.video-stream-hosting.de static-exp1.licdn.com static.arttacsolutions.com static.dvinci-easy.com stats-api.flockler.app stats.g.doubleclick.net streaming.sendewerk.berlin tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tel: userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com w.soundcloud.com weltmetropole.app widget.taggbox.com widgets-v3.simplyorg.de widgets.lineupr-dev.com widgets.lineupr.com widgets.thh.tours wms02.exmap.de wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.ahk.de www.ardmediathek.de www.aufstiegs-bafoeg.de www.bahn.de www.branchenpuls.berlin www.bso-hessen.de www.chatbase.co www.cybersicher-check.de www.econda-monitor.de www.etermin.net www.eventbrite.de www.finest-jobs.com www.forschungsfinder-hessen.de www.google.analytics.com www.googletagmanager.com www.handelskammer-bremen.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-rlp.de www.ihkac-anwendungen.de www.inno-vet.de www.instagram.com www.iwd.de www.leg-thueringen.de www.media42day.com www.menti.com www.mint-in-hessen.de www.praktikum.info www.rmv.de www.terminland.de www.total-lokal.de www.tvo.de www.vvs.de www.webstream.eu www.youtube-nocookie.com zukunftsdialog-fachkraefte.berlin zukunftsforum-wirksame-bildung.de zukunftsforum.app zvlms.fraunhofer.de zynd.de  ;  report-uri /blueprint/servlet/csplogging/logViolation ; 7
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: ; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 7
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com duo.com *.umbrella.com *.pricespider.com *.mapbox.com  *.vercel.app cdnjs.cloudflare.com https://community.cisco.com/; 7
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; script-src-elem https: 'unsafe-inline' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'self' blob:; block-all-mixed-content 7
frame-ancestors https://app.storyblok.com; 7
default-src 'self' 'unsafe-inline'; img-src 'self' data: 7
; 7
frame-ancestors 'self' https://www.johnsoncontrols.com 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 7
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com https://*.rudderlabs.com https://api.rudderstack.com https://app.contentful.com 7
img-src * data: 7
upgrade-insecure-requests; object-src 'none'; 7
object-src 'none'; form-action 'self'; frame-ancestors 'none' 7
frame-ancestors 'self' *.google.com *.googleusercontent.com 7
frame-ancestors https://*.teknikproffset.se https://pj-guiding-content.sanity.studio 'self' 7
default-src 'self';frame-src 'self' *.youtube.com youtu.be *.smartertools.com docs.google.com;script-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data: blob:;style-src * 'unsafe-inline';media-src *;frame-ancestors 'self';connect-src *; 7
frame-ancestors 'self';base-uri 'self';font-src 'self' https: data:;object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 7
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' form.lidl.com *.youtube.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com googleads.g.doubleclick.net *.googleadservices.com googleadservices.com *.googletagservices.com googletagservices.com cdn.cookielaw.org ibe.uphotel.agency https://www.google.com https://www.gstatic.com *.virtualearth.net *.bing.com bing.com unpkg.com *.pagestrip.com onepagebooking.com cdnjs.cloudflare.com *.walls.io walls.io connect.facebook.net *.facebook.net facebook.net snap.licdn.com *.linkedin.com linkedin.com *.azureedge.net hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com web-sdk.cdn.cmp.schwarz *.dynamics.com; img-src 'self' data: *.object.storage.eu01.onstackit.cloud *.google-analytics.com *.google.de www.googletagmanager.com googleads.g.doubleclick.net *.google.com fonts.gstatic.com form.lidl.com *.google-analytics.com ibe-frontend-production-frontend.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.tile.openstreetmap.org *.tiles.virtualearth.net *.bing.com http://*.tile.osm.org unpkg.com *.pagestrip.com cdn.cookielaw.org onepagebooking.com api.scon-assets.schwarz www.facebook.com px.ads.linkedin.com dc.ads.linkedin.com www.googleadservices.com img.schwarz hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com *.dynamics.com *.azureedge.net *.linkedin.com *.bing.net *.googlesyndication.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com form.lidl.com *.fonts.net ibe.uphotel.agency https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.bing.com unpkg.com *.pagestrip.com onepagebooking.com hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com form.lidl.com ibe.uphotel.agency *.pagestrip.com hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com; frame-src 'self' 'unsafe-inline' www.youtube.com form.lidl.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleadservices.com googleadservices.com *.googletagservices.com googletagservices.com *.facebook.net facebook.net *.linkedin.com linkedin.com *.bing.com bing.com *.youtube-nocookie.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://www.google.com *.walls.io walls.io form.schwarz-digits.de form.beschaffung.schwarz; connect-src 'self' www.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.googleadservices.com www.googleadservices.com stats.g.doubleclick.net form.lidl.com *.uphotel.agency cdn.cookielaw.org *.onetrust.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com  *.openstreetmap.org https://www.bing.com pagestrip.com *.pagestrip.com *.scon.schwarz wss://endpoint-prod.scon.schwarz scon-assets-hub-prod.apps.01.cf.eu01.stackit.cloud api.scon-assets.schwarz px.ads.linkedin.com dc.ads.linkedin.com *.facebook.com *.facebook.net *.azureedge.net *.dynamics.com hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com api.friendlycaptcha.com banner-api.cdn.cmp.schwarz web-sdk.cdn.cmp.schwarz *.googlesyndication.com; frame-ancestors 'self' *.googletagmanager.com form.lidl.com *.google-analytics.com; worker-src 'self' blob:; 7
frame-ancestors 'self' https://*.unbounce.com https://app.unbounce.com https://unbouncepages.com 7
object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 7
frame-ancestors 'self' https://*.contentstack.com 7
object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 7
default-src 'self';  worker-src 'self' blob:;  script-src 'self' 'unsafe-eval' 'unsafe-inline'     https://sdk.token.logpay.de     https://maps.googleapis.com     blob:     https://www.jsctool.com     https://jsctool.com     https://*.optimizely.com     https://secure.pay1.de     https://www.img-bahn.de     https://cms.static-bahn.de     https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com     https://*.bahn.de     https://*.bahn.com     https://app.crossengage.io     https://ucm-eu.verint-cdn.com     https://*.go-mpulse.net;  connect-src 'self'     https://maps.googleapis.com     https://mapsresources-pa.googleapis.com     https://www.gstatic.com     data:     blob:     https://p11.techlab-cdn.com     https://www.jsctool.com     https://jsctool.com     https://assets.static-bahn.de     https://dmp.adform.net     https://siteintercept.qualtrics.com     https://logx.optimizely.com     https://*.optimizely.com     https://collect.tealiumiq.com     https://trk-api.crossengage.io     https://accounts.bahn.de     https://ucm-eu.verint-cdn.com     https://hoover-eu.verint-api.com     https://*.akstat.io     https://*.go-mpulse.net     wss://hoover-eu.verint-api.com     https://kiana.services-bahn.de;  frame-src 'self'     https://s-bahn-hh.specials-bahn.de/     https://cms.static-bahn.de     https://secure.pay1.de     https://dbpayment.dbv.service.deutschebahn.com     https://payment.dbv.service.deutschebahn.com     https://*.bahn.de     https://www.abo-bahn.de     https://db.novafind.eu     https://transport.novafind.eu     https://a791773171.cdn.optimizely.com/     https://s-bahn-muenchen-live.de     https://accounts.bahn.de     https://db-bordgastronomie.de     https://ersatzkarte-dbregiobusnord.de     https://analytics.geops.de     https://*.sbahnm.geops.de     https://fipo.deutschebahn.com     https://regioforce.my.salesforce-sites.com     https://www.jugendticket-nds.de     https://a1.adform.net     https://dbstreckenagent.de     https://www.dbstreckenagent.de     https://tour.services-bahn.de;  frame-ancestors 'self';  style-src 'self'     https://ucm-eu.verint-cdn.com     https://fonts.googleapis.com     https://www.jsctool.com     https://jsctool.com     'unsafe-inline';  font-src 'self' data: https://fonts.gstatic.com;  img-src 'self'     https://*.static-bahn.de     https://maps.googleapis.com     https://mapsresources-pa.googleapis.com     https://maps.gstatic.com     https://www.awin1.com     https://partner-bahn.de     https://cm.g.doubleclick.net     https://fcmatch.google.com     https://fcmatch.youtube.com     https://dmp.adform.net     https://cdn.optimizely.com     https://*.qualtrics.com     https://assets.static-bahn.de     https://*.bahn.de     https://assets-ri.extranet.deutschebahn.com     https://cms.static-bahn.de     https://*.akstat.io     data:;  media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 7
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://api-esp-eu.piano.io; worker-src 'self' blob:; child-src 'self' blob: https://consentcdn.cookiebot.com; frame-src 'self' https://platform.twitter.com/ *.twitter.com https://consentcdn.cookiebot.com *.googletagmanager.com https://api-esp.piano.io https://share.transistor.fm https://www.google.com *.googlesyndication.com *.adtrafficquality.google *.youtube.com datawrapper.dwcdn.net e.infogram.com js.stripe.com https://www.youtube-nocookie.com *.webclew.com *.doubleclick.net https://securepubads.g.doubleclick.net/ https://www.googleadservices.com/ *.spotify.com https://api-esp-eu.piano.io/ https://cdn-gl.imrworldwide.com/ *.soundcloud.com donorbox.org https://*.hsforms.com https://*.hsforms.net https://www.google.com/recaptcha/ https://*.linkedin.com https://*.googletagservices.com 7
frame-ancestors *.lotvue.com *.insearch-ds.net resource.ecisolutions.com ecisoftwaresolutions.pathfactory.com 'self' 7
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.gstatic.com *.hotjar.com *.doubleclick.net *.arabbank.com *.google.com *.facebook.net *.facebook.com *.googleapis.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh  www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google-analytics.com google-analytics.com www.googletagmanager.com www.youtube.com www.linkedin.com linkedin.com instagram.com  twitter.com *.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.readspeaker.com data:;                      frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.google.com 10.1.228.170 10.1.228.172 www.youtube-nocookie.com youtube-nocookie.com www.youtube.com platform.twitter.com *.arabbank.com embed.typeform.com bid.g.doubleclick.net geo-tracker.ads.memob.com *.readspeaker.com 10.1.30.170 10.1.30.170:15871 tools.eurolandir.com tools.euroland.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.readspeaker.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.googletagmanager.com *.google-analytics.com google-analytics.com *.googleadservices.com ajax.googleapis.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat analytics.tiktok.com;                       connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://anaarabi.arabbank.com *.hotjar.com *.doubleclick.net *.google.com *.readspeaker.com www.google-analytics.com google-analytics.com *.googleapis.com *.gstatic.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com  www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh  www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa;                       img-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.facebook.net *.facebook.com *.googletagmanager.com www.google.jo *.googleapis.com *.google-analytics.com google-analytics.com syndication.twitter.com *.gstatic.com *.abwebadmin.com *.arabbank.com geo-tracker.ads.memob.com embed.typeform.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh  www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat       data: blob:  ;  media-src 'self'    blob:;              script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googleadservices.com *.doubleclick.net *.google.com *.googleapis.com  *.readspeaker.com *.facebook.com *.facebook.net script.crazyegg.com 10.1.228.170 10.1.228.172 *.google-analytics.com *.gstatic.com *.googletagmanager.com *.arabbank.com *.typeform.com  geo-tracker.ads.memob.com 10.1.30.170 10.1.30.170:15871 7
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com d10lpsik1i8c69.cloudfront.net google-analytics.com analytics.google.com www.google-analytics.com iongroupdev.wpenginepowered.com data.iongroup.com; 7
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://analytics.filen.io/js/plausible.js; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.filen.io; font-src 'self'; frame-src 'self'; img-src 'self' https://blog.filen.io https://api.dicebear.com https://cdn.discordapp.com https://filen.io data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 7
default-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://kit.fontawesome.com   https://vlibras.gov.br https://www.vlibras.gov.br     https://www.googletagmanager.com https://atlas.microsoft.com     https://www.google-analytics.com https://cdn.jsdelivr.net     https://www.google.com https://www.gstatic.com     https://www.ba.gov.br https://ba.gov.br     https://use.fontawesome.com https://www.chatbase.co     https://www.instagram.com https://platform.twitter.com  https://*.clarity.ms  https://code.jquery.com;   script-src-elem 'self' 'unsafe-inline' blob:  https://kit.fontawesome.com   https://vlibras.gov.br https://www.vlibras.gov.br     https://www.googletagmanager.com https://atlas.microsoft.com     https://www.google-analytics.com https://cdn.jsdelivr.net     https://www.google.com https://www.gstatic.com     https://apis.google.com https://use.fontawesome.com     https://www.chatbase.co https://www.instagram.com     https://platform.twitter.com https://unpkg.com  https://*.clarity.ms  https://regin.pscs.com.br   https://code.jquery.com https://connect.facebook.net;   style-src 'self' 'unsafe-inline' data:     https://fonts.googleapis.com https://www.ba.gov.br     https://ba.gov.br https://cdn.jsdelivr.net     https://unpkg.com   https://ka-f.fontawesome.com;   img-src 'self' data: https:;   font-src 'self' data:     https://fonts.gstatic.com https://fonts.googleapis.com     https://cdn.jsdelivr.net https://atlas.microsoft.com     https://vlibras.gov.br https://www.vlibras.gov.br   https://ka-f.fontawesome.com;   connect-src 'self'  https://ka-f.fontawesome.com   https://atlas.microsoft.com     https://servicosaocidadao.ba.gov.br     https://www.google-analytics.com     https://www.googletagmanager.com     https://dc.services.visualstudio.com     https://acessos.vlibras.gov.br     https://dicionario2.vlibras.gov.br     https://vlibras.gov.br https://cdn.jsdelivr.net     https://traducao2.vlibras.gov.br     https://www.google.com https://apis.google.com     https://www.chatbase.co https://saojoaodabahia.ba.gov.br  https://*.clarity.ms  https://chatbot.pscs.com.br   wss://chatbot.pscs.com.br;   frame-src 'self'     https://www.youtube.com https://www.google.com     https://nuvidio.com https://app.powerbi.com     https://prodeb-sac-digital.firebaseapp.com     https://gestor.meioambiente.ba.gov.br     https://www.chatbase.co https://platform.twitter.com     https://www.instagram.com     https://publicacao.egba.ba.gov.br   https://www.transparencia.ba.gov.br   https://calendar.google.com   https://copilotstudio.microsoft.com   https://services.pge.ba.gov.br   https://piloto.egba.ba.gov.br   https://rtmp.irdeb.ba.gov.br; frame-ancestors 'self' https://www.google.com;   worker-src 'self' blob:; 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' 7
frame-ancestors 'self' https://*.solidpixels.net https://*.solidpixels.com https://*.solidpixels.cz; report-uri https://o4510499984769024.ingest.de.sentry.io/api/4510499988373584/security/?sentry_key=79fdf04e7859269363a6a291a44f1978 7
frame-src 'self' https://cflscoreboard.cfl.ca/ http://cflscoreboard.cfl.ca/ https://*.googlesyndication.com https://www.facebook.com/ https://www.google.com/ https://players.brightcove.net/ https://*.doubleclick.net https://player.simplecast.com/ https://*.oseg.ca https://www.youtube.com/ https://*.fevo.com/ https://forums.cfl.ca/ https://*.argonauts.ca/ https://player.vimeo.com/ https://w.soundcloud.com/ https://*.f2p.media.geniussports.com/ https://cdn.flipsnack.com/ https://mlse.formstack.com/ https://issuu.com/ https://gsm-widgets.betstream.betgenius.com/ https://chat.satis.fi/ https://tradablebits.com/ https://embed.waze.com/ https://gamezone.cfl.ca/ https://platform.twitter.com/ https://www.instagram.com/ https://www.tiktok.com/ https://interland3.donorperfect.net/ https://chartbeat.com/ https://static2.chartbeat.com/ https://*.acuityscheduling.com/ https://*.tagboard.com/ https://caimgs.s3-ca-central-1.amazonaws.com/ https://cdn.userway.org/ https://www.surveymonkey.com/ https://player.streamguys.com/ https://www.buzzsprout.com https://www.googleadservices.com/ https://console.googletagservices.com/ https://play.ottawaredblacks.com/ https://www.googletagservices.com/ https://www.tdplace.ca/ https://www.placetd.ca/ https://fevo-enterprise.com/ https://x.adroll.com/ https://www.googletagmanager.com/ https://ep2.adtrafficquality.google/ https://winnipegfootballclub.jotform.com/ https://embed.radio.co/ https://open.spotify.com/ https://pop0-ccs-webchat-api.serverdata.net/ https://logwork.com/ https://app.hubspot.com/; 7
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.typekit.net *.audioeye.com cdn.shopify.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com *.gstatic.com *.jst.ai ajax.googleapis.com *.affirm.com *.launchdarkly.com connect.facebook.net *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com *.demdex.net www.googletagmanager.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.vimeo.com *.hotjar.com *.doubleclick.net *.jst.ai *.paymetric.com *.affirm.com *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws *.zdassets.com *.visualwebsiteoptimizer.com app.vwo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net validator.swagger.io *.cdninstagram.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com via.placeholder.com *.klaviyo.com *.google.com *.google.ca *.facebook.com *.fls.doubleclick.net googleapis.com *.affirm.com *.jst.ai cdn.cookielaw.org *.audioeye.com *.imgur.com blob: *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io https://imgs.signifyd.com https://*.online-metrix.net s7d9.scene7.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com *.instagram.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.airbud.io demo.airbud.io ajax.googleapis.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com *.jst.ai *.kmail-lists.com *.affirm.com *.launchdarkly.com *.audioeye.com *.imgur.com cdn.cookielaw.org *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com api.smooch.io wss://api.smooch.io app.vwo.com *.visualwebsiteoptimizer.com *.mountain.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net *.affirm.com *.launchdarkly.com connect.facebook.net *.jst.ai *.audioeye.com web.hyro.ws *.zdassets.com *.visualwebsiteoptimizer.com app.vwo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.imgur.com blob: web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com *.youtube.com *.affirm.com *.launchdarkly.com *.jst.ai *.audioeye.com *.imgur.com hyropublic.blob.core.windows.net *.cookielaw.org *.onetrust.com *.clarity.ms *.bing.com web.hyro.ws wss://web.hyro.ws wss://widget-mediator.zopim.com *.zdassets.com *.adobedtm.com api.smooch.io wss://api.smooch.io wheelpros.tt.omtrdc.net *.visualwebsiteoptimizer.com app.vwo.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'self' 'unsafe-inline'; 7
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 7
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 7
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data: blob:;child-src * blob:;connect-src *;font-src * data:;object-src *;media-src *;frame-src *;base-uri *;form-action *;frame-ancestors *;script-src-attr *;upgrade-insecure-requests 7
object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self'; 7
default-src https: 'unsafe-inline' 'unsafe-eval' data: 7
frame-ancestors 'self'; report-uri csp-reports; report-to csp-endpoint; 7
default-src 'self' mailto: tel:; font-src https: data: blob:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; frame-ancestors 'self'; frame-src https: mailto: tel: blob:; connect-src https: blob:; media-src https: mediastream: blob: 7
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 7
connect-src 'self' *.google.com *.google-analytics.com *.disqus.com disqus.com *.disquscdn.com *.addthis.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.rlcdn.com 7
frame-ancestors 'self' https://www.ruralvia.com https://ruralviasimuladores.afi.es https://bancocooperativosimuladores.afi.es https://bancocooperativo-simuladores.afi.es https://ruralvia-simuladores.afi.es; 7
default-src * 'unsafe-inline' 'unsafe-eval' data: 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: legacy.questdiagnostics.com *.scene7.com www.questdiagnostics.com tags.tiqcdn.com  www.youtube.com analytics.js *.google-analytics.com qualtrics.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com img04.en25.com cdn.cookielaw.org maps.googleapis.com *.questdiagnostics.com tag.demandbase.com tag-logger.demandbase.com scripts.demandbase.com api.company-target.com company-target.com segments.company-target.com s.company-target.com rlcdn.com js.hs-analytics.net secure.quantserve.com bs.serving-sys.com api.fouanalytics.com snap.licdn.com licdn.com px.ads.linkedin.com analytics.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com api.mixpanel.com api-js.mixpanel.com cdn.mxpnl.com js-cdn.dynatrace.com vbk56183.live.dynatrace.com ucg59307.live.dynatrace.com pc-quest-collect.tealiumiq.com https://d8j4om1fqg.kameleoon.io https://static.kameleoon.com https://graphical-editor.kameleoon.com https://simulation.kameleoon.com  https://client-config.kameleoon.com https://sdk-config.kameleoon.eu https://electra.kameleoon.com; connect-src 'self' target.questdiagnostics.com *.scene7.com *.google-analytics.com stats.g.doubleclick.net qualtrics.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com cdn.cookielaw.org cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com developer.onetrust.com maps.googleapis.com *.questdiagnostics.com dpm.demdex.net wss: directline.botframework.com api.company-target.com api.fouanalytics.com tag.demandbase.com tag-logger.demandbase.com scripts.demandbase.com api.company-target.com company-target.com segments.company-target.com s.company-target.com rlcdn.com  snap.licdn.com licdn.com px.ads.linkedin.com analytics.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com api.mixpanel.com api-js.mixpanel.com cdn.mxpnl.com js-cdn.dynatrace.com vbk56183.live.dynatrace.com ucg59307.live.dynatrace.com pc-quest-collect.tealiumiq.com https://d8j4om1fqg.kameleoon.io https://static.kameleoon.com https://data.kameleoon.io https://data.kameleoon.eu https://eu-data.kameleoon.io https://eu-data.kameleoon.eu https://na-data.kameleoon.io https://na-data.kameleoon.eu https://editor.kameleoon.com https://graphical-editor.kameleoon.com https://simulation.kameleoon.com  https://api.kameleoon.com https://customers.kameleoon.com  https://logger.kameleoon.io https://client-config.kameleoon.com https://sdk-config.kameleoon.eu https://api.products.kameleoon.com; frame-ancestors 'self' *.questdiagnostics.com *.qdx.com; 7
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com dwin1.com cl.qualaroo.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.clarity.ms www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com d.la3-c2-ia7.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com s2.adform.net c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com widgets.eu.ziftsolutions.com static.ziftsolutions.com dynamic.eu.ziftsolutions.com static.eu.ziftsolutions.com app.formulayt.com insights.formulayt.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com dwin1.com cl.qualaroo.com ref.ccb-dev.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.artfut.com my.tealiumiq.com t.contentsquare.net d.la3-c2-ia7.salesforceliveagent.com canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com map.brightcove.com assets.map.brightcove.com tags.srv.stackadapt.com members.cj.com *.adform.net *.kmtx.io c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com tag.demandbase.com c.amazon-adsystem.com ct.pinterest.com widgets.eu.ziftsolutions.com static.ziftsolutions.com dynamic.eu.ziftsolutions.com static.eu.ziftsolutions.com app.formulayt.com insights.formulayt.com; 7
nosniff 7
default-src 'self';     style-src 'self' 'unsafe-inline' *.bazaarvoice.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.salesforce-scrt.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.google.co.in/ *.danoneskyr.co.uk/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.adsrvr.org/ *.applicationinsights.io/ *.adyen.com/ *.teads.tv/ *.hotjar.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.adobeaemcloud.com/ *.hotjar.io/ *.visualstudio.com/ *.bootstrapcdn.com/ *.briteverify.com/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.force.com/ *.google.com/ *.googleapis.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.mopinion.com/ *.myfonts.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ *.zencdn.net/ *.visualwebsiteoptimizer.com app.vwo.com use.typekit.net p.typekit.net;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://digital-health-services-eu.danone.com/ *.bazaarvoice.com/ *.salesforce-scrt.com/  https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.danoneskyr.co.uk/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.applicationinsights.io/ *.cloudfront.net/ *.adsrvr.org/ *.amazon-adsystem.com/ blob: https://js-agent.newrelic.com/ *.algolia.net/ *.algolia.io/ *.addthis.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.addthisedge.com/ *.adobedtm.com/ *.ads-twitter.com/ *.adyen.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.constant.co/ *.danone-dtc.net/ *.digital4danone.com/ *.doubleclick.net/ *.everestjs.net/ *.facebook.net/ *.force.com/ *.gbqofs.com/ *.gigya.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.googleadservices.com/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.monitor.azure.com/ *.mopinion.com/ *.onetrust.com/ *.outbrain.com/ *.pinterest.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.salesforce.com/ *.salesforceliveagent.com/ *.scene7.com/ *.sharethis.com *.tagcommander.com/ *.teads.tv/ *.theadex.com *.trustcommander.net/ *.trustpilot.com/ *.twitter.com *.visualstudio.com/ *.ytimg.com/ ct.captcha-delivery.com http://*.hotjar.com http://*.hotjar.io http://danone.d3.sc.omtrdc.net/ https://*.hotjar.com https://*.hotjar.io https://live2support.com/ https://s.pinimg.com/ https://sc-static.net/ js.datadome.co www.youtube.com/ *.tiktok.com/ *.jsdelivr.net/ *.visualwebsiteoptimizer.com app.vwo.com use.typekit.net;     img-src 'self' data: *.bazaarvoice.com/ *.pixeltrack.it/ *.salesforce-scrt.com/ *.paypalobjects.com/  https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ https://staging-danone.pixeltrack.it/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypal.com/ https://www.aptaclub.co.uk/ *.applicationinsights.io/ *.adsrvr.org/ *.adition.com/ *.danoneskyr.co.uk/ *.hotjar.com/ *.hotjar.io/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.visualstudio.com/ *.adnxs.com/ *.adyen.com/ *.analytics.google.com/ *.assetsadobe.com/ *.assetsadobe2.com/ *.bing.com/ *.channelsight.com/ *.commander1.com/ *.cx.atdmt.com/ *.danone-dtc.net/ *.danone.com/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.everesttech.net/ *.facebook.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.google.ie/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.hotjar.com *.hotjar.io *.live2support.com/ *.lpsnmedia.net/ *.mookie1.com/ *.omtrdc.net/ *.onetrust.com/ *.outbrain.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.trustcommander.net/ *.twitter.com/ *.visualstudio.com/ *.w3.org/ *.ytimg.com/ http://danonegroup-stage.neolane.net/ http://t.co/ https://ca-live.adyen.com/ https://cscoreproweustor.blob.core.windows.net/ https://ct.pinterest.com/ https://www.google.fr/ https://www.google.nl/ *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io p.typekit.net;     frame-src 'self' *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/  https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.algolia.net/ *.applicationinsights.io/ *.algolia.io/ *.addthis.com *.adsrvr.org/ *.adyen.com/ *.danoneskyr.co.uk/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.amazon-adsystem.com/ *.briteverify.com *.channelsight.com/ *.chargebee.com/ *.cloudfront.net/ *.commander1.com/ *.constant.co/ *.demdex.net/ *.doubleclick.net/ *.facebook.com/ *.flockler.com/ *.force.com/ *.gigya.com/ *.google.com/ *.googleapis.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.nutridrink.com.br/onde-encontrar/ *.onetrust.com/ *.proprofs.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.spotify.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.tohklom.com/ *.trustcommander.net/ *.trustpilot.com *.vimeo.com/ *.visualstudio.com/ *.youtube.com geo.captcha-delivery.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://aax-eu.amazon-adsystem.com/ https://ketchapi.co.uk/ https://tr.snapchat.com/ www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com;     connect-src 'self'  *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/  https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.google.co.in/ *.danoneskyr.co.uk/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.amazonaws.com/ *.adsrvr.org/ *.applicationinsights.io/ *.example.com/ *.paa-reporting-advertising.amazon/ *.tapad.com/ *.azure.com/  *.amazon-adsystem.com/ https://bam.eu01.nr-data.net/ *.algolia.net/ *.algolia.io/ *.addthis.com/ *.adyen.com/ *.teads.tv/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.analytics.google.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.briteverify.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.commercetools.com/ *.danone-dtc.net/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.facebook.com/ *.force.com/ *.gbqofs.io/ *.google-analytics.com *.google-analytics.com/ *.googleapis.com/ *.live2support.com/ *.mopinion.com/ *.omtrdc.net/ *.onetrust.com/ *.privacy.trustcommander.net/ *.salesforce-sites.com/ *.scene7.com/ *.sentry.io/ *.sharethis.com/ *.snapchat.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ api-js.datadome.co http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.com:* https://*.hotjar.io https://api.sphere.io/ https://ct.pinterest.com/ https://lasteventf-tm.everesttech.net/ https://privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ wss://*.hotjar.com *.tiktok.com/ *.google.com/  https://*.algolianet.com *.visualwebsiteoptimizer.com app.vwo.com performance.typekit.net *.trustpilot.com *.googleadservices.com https://unpkg.com https://cdn.jsdelivr.net/ https://digital-health-services-eu.danone.com/;     font-src 'self' data: *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/  https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.paypalobjects.com/ *.danoneskyr.co.uk/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypal.com/ *.adsrvr.org/ *.adyen.com/ *.applicationinsights.io/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.danone-dtc.net/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.googleapis.com/ *.gstatic.com/ *.gstatic.mopinion.com/ *.live2support.com/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ http://*.hotjar.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://gstatic.mopinion.com/ https://vjs.zencdn.net/ *.google.com/ use.typekit.net;     media-src 'self' *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/  https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.paypalobjects.com/ *.danoneskyr.co.uk/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypal.com/ *.adsrvr.org/ *.briteverify.com/ *.applicationinsights.io/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.googleapis.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.lpsnmedia.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ *.google.com/ 7
worker-src 'http://test.datalex.org' 'http://www.lawnet.sg'; 7
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.erwinhymergroup.com https://*.laika.it 7
img-src 'self' data: https:; 7
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests 7
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 7
frame-ancestors 'self' http://*.elsevier.es/ 7
default-src 'none'; connect-src yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://fundingchoicesmessages.google.com  http://pagead2.googlesyndication.com https://csi.gstatic.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com https://clk.streamgo.ru 'report-sample'; font-src https://yastatic.net https://fonts.gstatic.com; frame-src https://yastatic.net https://*.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com 'report-sample'; img-src * data: 'report-sample'; manifest-src 'self'; media-src data: 'self' https://strm.yandex.ru https://*.strm.yandex.net https://cdn.streamgo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yandex.ru https://yastatic.net https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.gh https://adservice.google.com.ng https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://adservice.google.sk https://adservice.google.sn https://adservice.google.tm https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://mc.yandex.com 'report-sample'; style-src 'self' 'unsafe-inline' https://www.gstatic.com 'report-sample'; report-uri /csp-report.php 7
frame-ancestors 'self' https://t.easystreetrealty.com http://t.easystreetrealty.com https://t.highgarden.com http://t.highgarden.com 7
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' ;  object-src 'none' ;  frame-ancestors 'self' ;  base-uri 'self' ;  prefetch-src 'self' ;  img-src https: data: ; 7
font-src *;img-src * data:; 7
default-src https: data: blob: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 7
frame-ancestors 'self' https://geocentric.com https://citylight.studio 7
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; 7
upgrade-insecure-requests; frame-ancestors 'self' https://www.motor.es/tasar-coche https://www.cea-online.es/ https://cea-online.es/ https://grupoalhambra.com/; 7
base-uri 'self';frame-ancestors 'self' 7
script-src https://www.gstatic.com/ https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.gstatic.com/ https://translate.googleapis.com/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; default-src 'self'; frame-src https://docs.e-iepdata.com 'self'; font-src https://www.gstatic.com/ https://fonts.gstatic.com/ 'self'; img-src data: https: 'self'; connect-src https://*.e-iepdata.com https://www.gstatic.com/ https://csp.withgoogle.com https://translate.googleapis.com/ https://translate-pa.googleapis.com 'self'; 7
base-uri 'self'; frame-ancestors 'self'; object-src 'none' 7
script-src-elem 'self' https://www.gstatic.com/recaptcha/  *.ampproject.net/ https://ad.atdmt.com https://www.google.com/recaptcha/api.js www.google-analytics.com ajax.googleapis.com https://cdn.ampproject.org https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https://adservice.google.com/adsid/integrator.js https://adservice.google.com.vn/adsid/integrator.js https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com/pagead/js/r20190408/r20190131/show_ads_impl.js 7
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com *.googleapis.com https://app.eika.no/infrastruktur-styleguide-web/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://eika.piwik.pro/ppms.js https://svc.kundedialog.eika.no/t/w https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js https://cdn.spinnaker-js.com/rc/ https://acdn.adnxs.com/dmp/up/pixie.js siteimproveanalytics.com https://www.googletagmanager.com https://in.taskanalytics.com https://connect.facebook.net https://googleads.g.doubleclick.net www.googleadservices.com https://secure.adnxs.com http://ib.adnxs.com https://*.mookie1.com *.google-analytics.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://app.eika.no/infrastruktur-styleguide-web/ https://tagmanager.google.com;img-src 'self' * data: region1.google-analytics.com region1.analytics.google.com;frame-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.morningstar.com *.morningstar.no https://id.eika.no https://www.googletagmanager.com https://eika-kundeutbytte.grensesnitt.cloud https://www.sign.nets.eu https://www.e-sign.nets.eu https://csfe.bankid.no https://pvu.nets.no https://ir.oms.no/component/companyDisclosuresArchive https://*.google.com https://*.google.no https://*.google.se *.doubleclick.net https://connect.facebook.net https://ext.mnm.as;font-src 'self' https://fonts.gstatic.com https://app.eika.no/infrastruktur-styleguide-web/;connect-src 'self' https://eika.piwik.pro http://apil1.spinnaker-js.com https://cdn.spinnaker-js.com/rc/ https://*.google-analytics.com/j/collect https://*.google-analytics.com/g/collect region1.google-analytics.com region1.analytics.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google.com/ccm/collect;report-uri /WebResource.axd?cspReport=true 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 7
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https: wss:; img-src 'self' data: https:; 7
style-src * 'self' 'unsafe-inline'; 7
frame-ancestors 'self';  report-uri /log/csp-violation 7
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru mycdn.me http://*.mycdn.me https://*.mycdn.me http://st-ok.cdn-vk.ru https://st-ok.cdn-vk.ru http://st-ok-pts.cdn-vk.ru https://st-ok-pts.cdn-vk.ru wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://cdn.consentmanager.net https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru static.dzeninfra.ru connect.ok.ru https://connect.ok.ru blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru http://st-ok.cdn-vk.ru https://st-ok.cdn-vk.ru http://st-ok-pts.cdn-vk.ru https://st-ok-pts.cdn-vk.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://*.consentmanager.net https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru static.dzeninfra.ru *.adtrafficquality.google;  worker-src blob: 'self';  connect-src * wss: blob: data:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 6
frame-ancestors 'self'; report-uri https://reuters.report-uri.com/r/t/csp/enforce; report-to report-uri 6
frame-ancestors 'self'; frame-src 'self' https://*.google.com https://*.googletagmanager.com https://www.sitecdn.com braintreegateway.com assets.braintreegateway.com googletagmanager.com https://client.dropcatch.com https://*.paypal.com https://*.paypalobjects.com https://ssl.kaptcha.com; script-src 'self' https://*.google.com https://*.doubleclick.net https://*.gstatic.com https://*.paypal.com https://*.googletagmanager.com https://secure.dropcatch.com https://*.google-analytics.com 'unsafe-inline'; connect-src 'self' https://*.google.com https://*.paypal.com https://*.amazonaws.com https://*.braintreegateway.com https://*.braintree-api.com https://uilogging.tcdevops.com https://logging.dropcatch.com https://*.google-analytics.com https://translate.dropcatch.com https://client.dropcatch.com wss://rt.dropcatch.com https://*.launchdarkly.com https://o4510675591430144.ingest.us.sentry.io 6
frame-ancestors 'self' *.dynatrace.org *.dynatrace.com *.dynatrace.cn 6
default-src 'self' data: blob: *.verisign.com *.brightcove.net *.cookielaw.org; report-uri /report-csp; img-src 'self' data: *.brightcove.com *.cookielaw.org *.prod.boltdns.net *.sc.omtrdc.net/ *.siteimproveanalytics.io *.verisign.com *.vrsn.com; object-src 'none'; script-src 'strict-dynamic' 'sha256-CGpdaFkwpoN/Y4QoqLo0RdJmj5+2hbbSOQshfoM+KXM=' 'sha256-25oyWeB5x2h+29wgs11kB+oSVeFAGvrstIuO38JdGiI=' 'sha256-kLnArxja6Bs6U2Il+xfeJn8veuH81wPxrw/ixeqvDT8=' 'sha256-Sh79HpVcRWbbh8F4vWgVVkmc5kGu923LZAOeMWUh2w0=' 'sha256-Sh79HpVcRWbbh8F4vWgVVkmc5kGu923LZAOeMWUh2w0=' 'sha256-BOxqnVkiNQRZ/YQbyX2YYYgZNFLr8Hhq4FlZQRC3GeE=' 'sha256-DzahDayNFEoUz+wus3ioBIpoQDQ08i/zH3pCScqWICY=' 'sha256-+qB++cp4k+Izi7u8vVq0ycjxNzwKmKmud31l0gCfwPk=' 'sha256-XfhXbgLiZndw4wQttCtlwRntxTnAXXHXH5oZdlTiCkc=' 'sha256-PkiHtGuW8aOw2cCDmzzFj6UZ7sXa/KVHkqmlnHZ4x4A=' 'sha256-DL/7jgkAnhfZsP0bmzGP9kCLW+I/0KRwqOPnsoH0PlE=' 'sha256-NHOoud63+2cBtSNi2IKnSBavAjzFYLOcGvkm/uiAZA4=' 'sha256-9cxvFRJs+pkTqyLJYARzDPz1UmNhF2zMtugmVy8FPHM=' 'sha256-TbWeTDEIxBhTCQ/lm4IexwU7qnX1hMXWnZH1JzonFtM=' 'sha256-ZZk/LrH7rKIyCirJiYDdNHSADxzxwez30zDWZ+xtJiE=' 'sha256-truTrv3vESVm1meLN38xeX1+9WwEUJgQ6Y4WEpx2sMA=' 'sha256-SRRUCF20jnbOSMxPsDmSPq4nvKhvMa2yvjk0XJfIsDo=' 'sha256-re94cG5uyiPhQmenZNqdooC43E6KtOrpFS9vvfS6u/Y=' 'sha256-bDeZBkWY/XtuECJYpurlm7Jo5L5ToW4cjDsTTOHMSxA=' 'sha256-Odkwiy+kw1IMFIqpLj5CTeKv3UcCpdcKdVi7A0nLw24=' 'sha256-eNDjAQZ94fbvqt+tWTr+1oYVi7TxNSNXbL9Nw3qz3Gg=' 'sha256-r0Uey3AZ72C+Av8fzAhgkuteLZU9sR8awd7TpsCfRpY=' *.onetrust.com *.salesforceliveagent.com *.verisign.com *.zencdn.net assets.adobedtm.com siteimproveanalytics.com players.brightcove.net; style-src 'self' 'unsafe-inline'; connect-src 'self' *.akamaihd.net *.brightcove.com *.cludo.com *.cookielaw.org *.greenhouse.io *.onetrust.com *.prod.boltdns.net *.sc.omtrdc.net *.verisign.com *.vrsn.com dpm.demdex.net; worker-src blob: 6
upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com *.brightspeed.com http://static.virtualroi.com/; 6
default-src 'none'; frame-ancestors 'none'; connect-src 'self' www.ntppool.org st.ntppool.org status.ntppool.org 8ll7xvh0qt1p.statuspage.io send.webform.dev; font-src fonts.gstatic.com; form-action 'self' send.webform.dev checkout.stripe.com; img-src 'self' data: st.ntppool.org st.pimg.net news.ntppool.org *.mapper.ntppool.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.statuspage.io st.ntppool.org st.pimg.net news.ntppool.org www.mapper.ntppool.org js.stripe.com send.webform.dev; style-src 'self' fonts.googleapis.com fonts.gstatic.com send.webform.dev st.ntppool.org st.pimg.net news.ntppool.org; report-uri https://ntppool.report-uri.com/r/t/csp/wizard 6
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://cdn.mouseflow.com https://static.cloudflareinsights.com https://assets.adobedtm.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://pi.pardot.com https://static.ads-twitter.com https://go.elsevier.com https://script.leadboxer.com https://activitymap.adobe.com https://www.googleadservices.com https://digitalfeedback.us.confirmit.com https://www.surveygizmo.eu https://dotcom.tags.elsevier.com https://cdn.optimizely.com https://segment-cdn.app.optimizely.com https://app.optimizely.com https://cdn3.optimizely.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com; img-src 'self' data: https://secure-ecsd.elsevier.com images.ctfassets.net https://smetrics.elsevier.com metrics.elsevier.com https://cm.everesttech.net https://cdn.cookielaw.org https://cdn.nonprod.3d4medical.com https://cdn.3d4medical.com *.google-analytics.com https://dpm.demdex.net https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.nl https://t.co https://analytics.twitter.com https://id.rlcdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://bam.nr-data.net https://osmose-it.s3.amazonaws.com https://survey.us.confirmit.com https://px4.ads.linkedin.com https://www.googleadservices.com https://www.googletagmanager.com https://dotcom.tags.elsevier.com https://s3.amazonaws.com https://cdn-assets-eu.frontify.com https://media.ffycdn.net; font-src 'self' https://app.optimizely.com; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://dpm.demdex.net elsevierlimited.tt.omtrdc.net https://smetrics.elsevier.com https://bam.nr-data.net *.notify.elsevier.com *.google-analytics.com https://account.elsevier.com https://account.staging.ecommerce.elsevier.com https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com localhost:* *.snplow.net https://tag-logger.demandbase.com https://kibana.leadboxer.com https://pagead2.googlesyndication.com https://digitalfeedback.us.confirmit.com https://adservice.google.com https://px.ads.linkedin.com https://o2.mouseflow.com https://widgixeu-beacon.s3.amazonaws.com https://business.api.elsevier.com https://gtm-dotcom.staging.webpresence.elsevier.com https://dotcom.tags.elsevier.com https://www.google.com/ccm/collect https://eu01.rec.mouseflow.com https://cdn.optimizely.com https://segment-cdn.app.optimizely.com https://app.optimizely.com https://tapi.optimizely.com logx.optimizely.com; media-src 'self' videos.ctfassets.net assets.ctfassets.net cdn-assets-eu.frontify.com media.ffycdn.net; object-src 'none'; frame-ancestors 'self' https://app.contentful.com https://3d4medical.com https://completeanatomy.cn; frame-src 'self' https://elsevierlimited.tt.omtrdc.net https://campaigns.elsevier.com https://www.googletagmanager.com https://elsevier.demdex.net https://www.facebook.com https://s.company-target.com https://activitymap.adobe.com https://td.doubleclick.net https://survey.alchemer.eu https://dotcom.tags.elsevier.com https://a29442590540.cdn.optimizely.com; base-uri 'self'; form-action 'self'; 6
default-src 'self' vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'inline-speculation-rules' https://snap.licdn.com https://www.youtube.com cdn.vercel-insights.com va.vercel-scripts.com vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/* cdp.vercel.com;style-src 'self' 'unsafe-inline' vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;img-src 'self' blob: data: *.github.io avatars.githubusercontent.com user-images.githubusercontent.com vercel.com vercel.live *.vercel.sh assets.vercel.com cdn.raster.app https://images.ctfassets.net https://www.google.com https://i.ytimg.com https://s3.amazonaws.com pbs.twimg.com https://www.gravatar.com https://lishhsx6kmthaacj.public.blob.vercel-storage.com;media-src 'self' blob: data: vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;connect-src 'self' data: *.chilipiper.com *.ingest.sentry.io *.ingest.us.sentry.io wss://ws-us3.pusher.com sockjs-use3.pusher.com react-tweet.vercel.app https://*.contentful.com vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/* cdp.vercel.com;font-src 'self' vercel.com assets.vercel.com vercel.live fonts.gstatic.com *.vercel.sh;frame-ancestors  'self'  https://messaging.haus  https://vercel.com  https://app.contentful.com  https://*.contentful.com  https://*.vercel.sh  https://*.vercel.com 6
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://billing-ads-qa-devel.corp.google.com https://payments.google.com/ https://www.youtube.com https://youtube.googleapis.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://ajax.googleapis.com https://mannequin.storage.googleapis.com https://static.corp.google.com https://storage.googleapis.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://payments.sandbox.google.com https://www.googleadservices.com https://maps.googleapis.com https://www.google.com/js/bg/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/Gstore/cspreport/allowlist;worker-src blob: 6
frame-ancestors 'self' www.united-internet-media.de adimg.uimserv.net advideo.uimserv.net 6
upgrade-insecure-requests; frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com; 6
default-src 'self'; media-src https://static.zdassets.com https://res.cloudinary.com https://pmecdn.protonweb.com; connect-src 'self' wss: https://protonmail.zendesk.com https://ekr.zdassets.com blob: https://account.proton.me https://reports.proton.me https://telemetry.proton.me https://*.algolia.net https://*.algolianet.com https://go.getproton.me https://noembed.com https://boards-api.greenhouse.io https://proton.me https://*.paypal.com https://*.paypalobjects.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline'  https://static.zdassets.com https://pmecdn.protonweb.com https://www.youtube.com https://platform.twitter.com https://*.paypal.com https://*.paypalobjects.com; style-src 'self' 'unsafe-inline' https://pmecdn.protonweb.com https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://pmecdn.protonweb.com; img-src 'self' data: blob: https:; frame-src 'self' data: blob: https://www.youtube-nocookie.com https://platform.twitter.com https://*.paypal.com https://*.paypalobjects.com; object-src 'self' data: blob:; child-src 'self' data: blob: https://*.paypal.com https://*.paypalobjects.com; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self' https://*.proton.me; 6
frame-ancestors 'self' https://*.brightsites.co.uk; 6
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com *.visualwebsiteoptimizer.com https://forms.hsforms.com; frame-ancestors 'self' https://cms.hosting.com; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com  https://googleads.g.doubleclick.net; upgrade-insecure-requests; worker-src blob:; 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.citi.com *.google.com *.qualtrics.com bat.bing.com ct.pinterest.com www.youtube.com cdn.plaid.com code.jquery.com pwm-image.trendmicro.com *.google-analytics.com js.adsrvr.org s.pinimg.com assets.adobedtm.com *.liveperson.com nexus.ensighten.com cdn.boomtrain.com lptag.liveperson.net s.yimg.com gc.kis.v2.scr.kaspersky-labs.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com live.rezync.com mpsnare.iesnare.com negbar.ad-blocker.org video.limelight.com cdn.gbqofs.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net get663.com c1.rfihub.net www.adobetag.com c.tvpixel.com www.googleadservices.com tpc.googlesyndication.com bcdn-god.we-stats.com a.rfihub.com services-dev.sdiapi.com *.online-metrix.net data.privacy.ensighten.com connect.facebook.net s.rfihub.com/meta blob: p11.techlab-cdn.com p11.techlab-cdn.com p11.techlab-cdn.com; object-src 'none'; frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 6
block-all-mixed-content;frame-ancestors *.mail.com 6
object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com http://*.cvent.cloud https://*.cvent.cloud; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com  https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com http://*.cvent.cloud https://*.cvent.cloud; report-uri /report-csp-violation 6
frame-ancestors 'self' https://*.mailerlite.com; 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.brighttalk.com *.pdst.fm *.doubleclick.net  *.google-analytics.com  *.bing.com  *.googleadservices.com  *.facebook.net  *.techtarget.com  *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.vidyard.com *.hotjar.com *.driftt.com *.searchcdn.com *.salesforceliveagent.com *.force.com *.salesforce.com *.salesforce-sites.com *.google.com *.googleoptimize.com *.redditstatic.com *.jsdelivr.net unpkg.com *.highcharts.com *.zi-scripts.com assets.barracuda.com *.pixeltracker.co js.qualified.com qualified.com *.dpmsrv.com *.clarity.ms ib.adnxs.com 6
frame-ancestors 'self' https://c360.cricketwireless.com; 6
frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com *.austrian.com; script-src cdn.cookielaw.org privacyportal.onetrust.com www.google.com bat.bing.com ct.pinterest.com s.pinimg.com app.link cdn.branch.io *.slgnt.eu *.exactag.com *.quantummetric.com *.monetate.net *.doubleclick.net *.googleadservices.com *.tiqcdn.com *.tealiumiq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.usabilla.com *.artefact.com *.skyscanner.net *.skyscanner.net *.facebook.com *.facebook.net *.kayak.com *.amadeus.com *.lufthansa-group.com *.austrian.com *.lufthansa.com *.swiss.com *.brusselsairlines.com *.go-mpulse.net *.techlab-cdn.com *.instagram.com *.akamaihd.net *.akstat.io *.cloudfront.net *.cognigy.cloud *.googleapis.com *.gstatic.com *.sheerid.com *.meili.travel bat.bing.com *.dwin1.com widget.getyourguide.com lhopa01.custhelp.com rum.hlx.page 'unsafe-inline' 'unsafe-eval'; object-src 'none'; worker-src blob: *.lufthansa.com; 6
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://*.motorola.com;media-src https: blob: data; img-src https: data: blob:; 6
default-src https: 'unsafe-eval' 'unsafe-inline' 'self' ws: data:; worker-src blob:; object-src 'none'; frame-ancestors 'none' 6
default-src 'self' *.jfrog.com *.visualwebsiteoptimizer.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jfrog.com https://geoip-js.com https://www.googletagmanager.com https://cdn.cookielaw.org *.nagich.co.il https://www.recaptcha.net https://sec.webeyez.com https://pagead2.googlesyndication.com https://www.gstatic.com https://www.gstatic.cn https://dev.visualwebsiteoptimizer.com https://gtm.jfrog.com https://js.driftt.com https://munchkin.marketo.net *.marketo.com https://static.oktopost.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://js.zi-scripts.com https://static.ads-twitter.com https://snap.licdn.com https://connect.facebook.net https://www.redditstatic.com *.outbrain.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://okt.to https://www.google-analytics.com blob: https://tracking.g2crowd.com https://platform.twitter.com https://www.google.com *.6sc.co https://cdn.heapanalytics.com *.zuora.com https://256-fnz-187.mktoutil.com https://js-eu1.hsforms.net https://www2.bluesnap.com https://jfrogforms.formtitan.com *.algolia.net *.algolianet.com https://app.vwo.com transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com https://www.influ2.com https://a.usbrowserspeed.com; connect-src 'self' *.jfrog.com https://send.webeyez.com https://ingest.webeyez.com *.nagich.co.il https://cdn.cookielaw.org https://www.gstatic.com https://pagead2.googlesyndication.com *.visualwebsiteoptimizer.com https://gtm.jfrog.com https://www.google.com *.marketo.com https://ws.zoominfo.com https://js.zi-scripts.com https://pixel-config.reddit.com https://www.redditstatic.com *.outbrain.com https://px.ads.linkedin.com https://256-fnz-187.mktoresp.com https://www.google-analytics.com *.6sc.co *.onetrust.com https://tracking.g2crowd.com https://geoip-js.com *.6sense.com https://www.googleapis.com *.g2.com https://heapanalytics.com https://256-fnz-187.mktoutil.com *.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com *.hubspot.com https://www.googleadservices.com https://www2.bluesnap.com *.algolia.net *.algolianet.com https://app.vwo.com https://www.recaptcha.net transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com https://www.facebook.com https://t.influ2.com/ https://google.com; style-src 'self' 'unsafe-inline' *.jfrog.com https://rtp-static.marketo.com https://fonts.googleapis.com https://access.nagich.co.il https://app.vwo.com *.visualwebsiteoptimizer.com transcend-cdn.com; font-src 'self' *.jfrog.com https://fonts.gstatic.com data:; img-src * blob: data: transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com; media-src 'self' *.jfrog.com; frame-src 'self' *.jfrog.com https://sec.webeyez.com https://www.googletagmanager.com https://www.recaptcha.net https://js.driftt.com https://td.doubleclick.net https://www.google.com https://www.facebook.com https://www.youtube.com *.zuora.com *.hsforms.com https://jfrogforms.formtitan.com https://jfrog.chilipiper.com https://hackerone.com https://jfrog.force.com https://jfrogprm.my.salesforce-sites.com https://app.vwo.com *.visualwebsiteoptimizer.com https://jfrogcpq.formtitan.com https://sandbox-jfrog.chilipiper.com https://apps.chilipiper.com https://access.nagich.co.il; frame-ancestors 'self' https://partners.jfrog.com https://supportjfrog.force.com/; worker-src 'self' *.jfrog.com https://sec.webeyez.com blob:; 6
child-src blob:; connect-src 'self' 'unsafe-inline' https:; default-src 'self'; font-src 'self' data: https://*.wcms.basf.com; frame-ancestors https://*.wcms.basf.com; frame-src https://* blob:; img-src 'self' data: https://*.basf.com https://assets.dcp-storefront.basf.com https://cdn.cookielaw.org https://collect.tealiumiq.com https://platform.b4u-cloud.de *.kampyle.com *.medallia.eu *.qualtrics.com *.facebook.com https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/; media-src 'self' blob: https://*.wcms.basf.com; object-src 'none'; script-src 'wasm-unsafe-eval' 'unsafe-inline'; script-src-elem 'self' https: 'sha256-ttfnBjqp3Wtmn9FUPKkR3GLb0D3xMFCg7QcjYux8Y+o='; style-src 'unsafe-inline' 'self'; style-src-elem 'self' 'unsafe-inline' https://*.wcms.basf.com https://player.youku.com https://platform.b4u-cloud.de; worker-src blob: 6
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 6
frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id https://*.videoconverter.com https://*.fastreel.com http://webvisor.com https://portal1.comm100.io https://screencapture.com https://*.picverse.com; report-uri https://o474997.ingest.sentry.io/api/5707147/security/?sentry_key=839cab03978446cdbf603f5f5022e843&sentry_environment=production; report-to csp-endpoint 6
frame-ancestors  'self' 6
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://gravatar.com https://www.gravatar.com; frame-src 'self' https://play.libsyn.com; base-uri 'none'; form-action 'self' https://duckduckgo.com; frame-ancestors 'none'; 6
default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src     'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net;style-src   'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *; 6
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: about:; frame-src 'self' *; worker-src blob:; object-src https://wnyc-project-prod.s3.amazonaws.com; frame-ancestors 'self' localhost *; media-src 'self' *; 6
frame-ancestors 'self' https://*.osp.tech 6
frame-ancestors *.npo.nl *.bijnpo.nl *.npotest.nl *.npoacc.nl 6
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:; object-src 'none'; frame-ancestors 'self'; connect-src 'self' * https://*.productfruits.com wss://*.productfruits.com https://productfruits.help/; font-src 'self' 'unsafe-inline' data: https://k.clarity.ms https://www.google.ca https://www.google.com.pe www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.cdntwrk.com https://*.genetec.com https://static.cloudflareinsights.com https://cdn.livechatinc.com https://oc-cdn-public.azureedge.net https://*.wrike.com https://*.navattic.com https://storage.googleapis.com; frame-src 'self' https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://bid.g.doubleclick.net www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bloomreach.cloud https://*.doubleclick.net https://*.facebook.com https://*.genetec.com https://*.geneteccloud.com https://*.google.com https://*.livechatinc.com https://*.marketo.com https://*.podbean.com https://*.powerappsportals.com https://*.youtube.com https://static.addtoany.com https://oc-cdn-public.azureedge.net genetec.involve.me https://*.wrike.com https://*.navattic.com https://storage.googleapis.com https://*.productfruits.com https://*.vidyard.com; img-src 'self' 'unsafe-inline' data: * https://*.productfruits.com; media-src 'self' https://k.clarity.ms https://www.google.ca https://www.google.com.pe www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.bloomreach.cloud https://*.genetec.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://youtu.be https://static.cloudflareinsights.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https://k.clarity.ms https://www.google.ca https://www.google.com.pe www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bing.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.clarity.ms https://*.cookielaw.org https://*.crazyegg.com https://*.doubleclick.net https://*.facebook.net https://*.genetec.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://*.inspectlet.com https://*.licdn.com https://*.livechatinc.com https://*.marketo.com https://*.marketo.net https://*.onetrust.com https://*.site24x7rum.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://ionfiles.scribblecdn.net https://v1.addthisedge.com https://youtu.be https://z.moatads.com https://static.cloudflareinsights.com https://static.addtoany.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://oc-cdn-public.azureedge.net https://www.redditstatic.com genetec.involve.me ajax.googleapis.com https://maps.googleapis.com https://js.navattic.com https://*.productfruits.com https://*.zoominfo.com https://js.zi-scripts.com https://*.vidyard.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bing.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.clarity.ms https://*.cookielaw.org https://*.crazyegg.com https://*.doubleclick.net https://*.facebook.net https://*.genetec.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://*.inspectlet.com https://*.licdn.com https://*.livechatinc.com https://*.marketo.com https://*.marketo.net https://*.onetrust.com https://*.site24x7rum.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://ionfiles.scribblecdn.net https://v1.addthisedge.com https://youtu.be https://z.moatads.com https://static.cloudflareinsights.com https://oc-cdn-public.azureedge.net https://*.wrike.com https://*.navattic.com https://storage.googleapis.com https://*.productfruits.com https://*.zoominfo.com https://js.zi-scripts.com https://*.vidyard.com; style-src 'self' 'unsafe-inline' https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://tagmanager.google.com www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.genetec.com https://*.marketo.com https://static.cloudflareinsights.com https://oc-cdn-public.azureedge.net https://*.wrike.com https://*.navattic.com https://storage.googleapis.com https://*.productfruits.com https://*.vidyard.com; style-src-elem 'self' 'unsafe-inline' https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://tagmanager.google.com www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.genetec.com https://*.marketo.com https://static.cloudflareinsights.com https://oc-cdn-public.azureedge.net https://*.wrike.com https://*.navattic.com https://storage.googleapis.com https://*.productfruits.com https://*.vidyard.com 6
frame-ancestors 'none'; base-uri 'self'; 6
frame-ancestors 'self';upgrade-insecure-requests; report-uri https://l.iplsc.com/logger/ 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss://* https://*; 6
default-src *.licdn.com *.linkedin.com bf11981lkb.bf.dynatrace.com *.contentsquare.net *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net brp.my.site.com brp.my.salesforce-scrt.com monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.attribution.adswizz.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.demdex.net *.day.com *.everesttech.net *.scene7.com *.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com *.teads.tv brp.my.salesforce-sites.com cdn.jsdelivr.net stconsumercaseapip01.blob.core.windows.net stconsumercaseapiq01.blob.core.windows.net arttrk.com *.yimg.com www.filepicker.io *.unchartedsociety.com *.qualtrics.com brp--qacopy.sandbox.my.salesforce-sites.com brp--qauat2.sandbox.my.site.com brp--qacopy.sandbox.my.site.com brp.my.salesforce.com brp--qacopy.sandbox.my.salesforce-scrt.com sp.analytics.yahoo.com *.ski-doo.com *.adsrvr.org alb.reddit.com *.googlesyndication.com data.adxcel-ec2.com s.pinimg.com yulvr.ca www.redditstatic.com ct.pinterest.com brp--digitaldev.sandbox.my.site.com brp--digitaldev.sandbox.my.salesforce-scrt.com *.axept.io *.axeptio.eu axeptio.imgix.net conversions-config.reddit.com pixel-config.reddit.com bat.bing.com *.adobeaemcloud.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self'; 6
default-src *; img-src 'self' 'unsafe-eval' data: https://ct.capterra.com *; script-src * 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://www.youtube.com/embed/ blob:; style-src * 'unsafe-inline'; font-src * data:; media-src *; frame-src * https://www.youtube.com https://www.youtube.com/embed/ data:; worker-src blob:; 6
default-src https: *.willistowerswatson *.wtwco data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none'; 6
default-src https: 'unsafe-inline' 6
default-src * blob: data: https:; script-src blob: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 6
default-src 'self'; 	style-src 'self' *.algolia.io/ https://forms.office.com/ *.adobe.io/ *.mikmak.ai/ *.swaven.com/ *.aptaclub.com/ https://sibforms.com/ *.q4web.com/ *.adobe.com/ *.unpkg.com/ https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://s.pinimg.com/ct/core.js/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.commandersact.com/ *.twimg.com/ *.twitter.com/ *.live2support.com/ *.lpsnmedia.net/ *.googletagmanager.com/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ 'unsafe-inline';     script-src 'self' *.algolia.io/ https://forms.office.com/ *.adobe.io/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://sibforms.com/forms/end-form/build/main.js https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js  https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/  https://js-agent.newrelic.com/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.github.io/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.seg.js/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mikmak.ai/ *.mathtag.com/ *.ads-twitter.com/ *.clevy.io/ *.tiktok.com/ https://sc-static.net/ *.hypemarks.com/ *.licdn.com/ *.commandersact.com/ *.twimg.com/ *.trustcommander.net/ *.cdn.syndication.twimg.com/ *.zencdn.net/ https://telegram.org/ https://youtube.com/iframe_api *.youtube.com/ *.twitter.com/ *.pinterest.com/ *.ytimg.com/ *.secutix.com/ *.swaven.com/ *.live2support.com/ *.googletagmanager.com/ *.tagcommander.com/ *.facebook.net/ *.google.ie/ *.google.de/ *.lpsnmedia.net/ *.hotjar.com/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.digital4danone.com/ *.addthisedge.com/ 'unsafe-inline' 'unsafe-eval' blob:;     img-src 'self' *.algolia.io/ *.adobe.io/ https://forms.office.com/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js  https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js  https://s.pinimg.com/ct/core.js/ *.google.com.mx/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.ytimg.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ data: *.digital4danone.com/ *.clevy.io/ *.digital4danone.com.cn/ https://t.co/ *.hypemarks.com/ *.linkedin.com/ *.assetsadobe.com/ *.live2support.com/ *.twimg.com/ *.mikmak.ai/ *.swaven.com/ *.twitter.com/ *.trustcommander.net/ *.cdninstagram.com/ *.outbrain.com/ *.danone.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.facebook.com/ *.googletagmanager.com/ *.youtube.com/;     frame-src 'self' *.algolia.io/ https://forms.office.com/ *.aptaclub.com/ *.googletagmanager.com/ *.adobe.io/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js  https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.tintup.com/ *.commandersact.com/ *.vimeo.com/ *.linkedin.com/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.twitter.com/ https://cdn.trustcommander.net/ https://t.me/ https://static.rolex.com/ *.mikmak.ai/ *.swaven.com/ *.ausha.co/ *.q4europe.com/ *.tohklom.com/  *.tagcommander.com/ *.liveperson.net/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com/ *.youtube.com/ *.adsrvr.org/ *.cloudfront.net/ *.spotify.com/ *.hypemarks.com/;     connect-src 'self' *.algolia.io/ https://forms.office.com/ *.sibforms.com/ *.adobe.io/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js  https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ https://bam.eu01.nr-data.net/ *.google.com/ *.jsdelivr.net/ *.algolia.net/ *.googletagmanager.com/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.scene7.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ *.weezevent.com/ https://yourdriversfordanonebenelux.com/  *.snapchat.com/ *.mathtag.com/ *.tiktok.com/ *.clevy.io/ *.commandersact.com/ *.googleapis.com/ *.privacy.commander1.com/ *.privacy.trustcommander.net/ https://privacy.trustcommander.net/ https://privacy.commander1.com/ *.q4europe.com/ *.mikmak.ai/ *.swaven.com/ *.youtube.com/ *.live2support.com/ *.addthis.com/ *.google-analytics.com *.facebook.com/ *.instagram.com/ *.secutix.com/ *.omtrdc.net/ *.sharethis.com/ *.doubleclick.net/;     font-src 'self' *.algolia.io/ *.adobe.io/ https://forms.office.com/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.googletagmanager.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js  https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ https://assets.brevo.com/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.mikmak.ai/ *.swaven.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.commandersact.com/ *.live2support.com/ data: *.amazonaws.com/ *.gstatic.com/ *.zencdn.net/;     media-src 'self' *.algolia.io/ *.adobe.io/ https://forms.office.com/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js  https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ *.jsdelivr.net/ *.algolia.net/ *.mikmak.ai/ *.swaven.com/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.googletagmanager.com/ *.snapchat.com/ *.mathtag.com/ *.lpsnmedia.net/ *.digital4danone.com/ blob: 6
frame-ancestors 'self' https://*.infomaker.io https://login.leaddesk.com https://login-qed.leaddesk.com https://login-qed-fi1.leaddesk.com https://login-qed-fi2.leaddesk.com 6
frame-ancestors 'self' *.hivelocity.net 6
frame-ancestors 'self' http://localhost:8080 https://cms.dev.ecom.mueller.de https://cms.test.ecom.mueller.de https://cms.prod.ecom.mueller.de; 6
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.auscheck.gov.au https://*.CISC.gov.au https://*.cetc.gov.au https://*.osi.gov.au https://*.gov.au https://bordertv.au.vbrickrev.com https://*.translation.gov.au https://*.odwt.app https://*.auscheck-5.preprod.govcms.gov.au 6
upgrade-insecure-requests; frame-ancestors 'self' https://*.hihaho.com 6
default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com certificates.webtests.com blob:; style-src 'self' 'unsafe-inline' certificates.webtests.com fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' certificates.webtests.com data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 6
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 6
frame-ancestors https://*.com 6
frame-ancestors 'self' https://cms.nextmedia.com.au; 6
block-all-mixed-content; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 6
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 6
worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io; 6
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; 6
frame-ancestors 'none'; object-src 'none'; 6
frame-ancestors *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; form-action shop.justlanded.com *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; object-src 'none'; base-uri 'self'; 6
frame-ancestors 'self' https://event.on24.com/ https://insightsoftware.highspot.com/ 6
frame-ancestors 'self'  https://crm.test.doublefs.com https://crm.prod.doublefs.com; 6
block-all-mixed-content; default-src 'self' blob: https://*.wistia.com https://*.wistia.net; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://www.googletagmanager.com cdn.cookielaw.org *.sdworx.com *.pardot.com a458c8fcc5c8447d898446e84c87217b.js.ubembed.com www.google-analytics.com assets.ubembed.com cdn.landbot.io connect.facebook.net *.clarity.ms bat.bing.com snap.licdn.com *.firebaseio.com www.googleoptimize.com *.googleapis.com https://assets.calendly.com https://web103.reachmee.com https://tracking.intentsify.io https://secure.norm0care.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://static.landbot.io https://www.youtube.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://secure.agile-company-365.com https://cdn.leadinfo.net https://form.jotform.com https://*.hotjar.com https://optimize.google.com my.visme.co https://*.skedify.io *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com https://*.jotform.ms https://*.jotform.com https://app.readpeak.com/js/rpa.js https://sdworx.stackbase.nl/ https://tags.inzynk.io/6ol4roju/iztag.js https://*.inzynk.io https://vercel.live/ https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net https://ldynamicspublicapi.leadforensics.com https://secure.intelligent-business-7.com https://vercel.live https://va.vercel-scripts.com/v1/speed-insights/script.debug.js https://plugin.skedify.io https://*.sleeknote.com px.ads.linkedin.com/ *.convertexperiments.com https://bat.bing.net https://sdworx-payhr.co.uk/ https://cdn.dmsales.com https://analytics.greensender.pl https://cdn.jotfor.ms https://d-code.liadm.com/ https://*.vector.co https://*.usbrowserspeed.com https://*.ip-api.com https://*.pexipengage.com https://*.lfeeder.com https://*.leadfeeder.com https://tags.sdworx.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.sentry-cdn.com/ https://va.vercel-scripts.com/v1/script.debug.js https://*.claydar.com https://*.usercentrics.eu; style-src 'self' 'report-sample' 'unsafe-inline' data: *.typekit.net fonts.googleapis.com cdn.landbot.io *.googletagmanager.com https://assets.calendly.com https://plugin.skedify.io https://*.hotjar.com https://optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://vercel.live https://*.sleeknote.com https://fonts.googleapis.com https://cdn.jotfor.ms https://tags.sdworx.com https://fast.wistia.com https://cdn.sdworx.com; img-src 'self' data: blob: *.typekit.net cdn.cookielaw.org fonts.gstatic.com www.google-analytics.com *.googleapis.com https://px.ads.linkedin.com www.linkedin.com bat.bing.com www.facebook.com p.adsymptotic.com https://*.ads.linkedin.com https://*.gstatic.com https://assets.calendly.com i.ytimg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://develop-sr3snxi-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be https://country-cms.prd.sdworx.com https://*.hotjar.com https://optimize.google.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws *.sleeknote.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.jotform.ms https://*.jotform.com https://c.clarity.ms https://webeo-web-content.s3-eu-west-1.amazonaws.com https://vercel.live https://vercel.com https://development-q5nzhaa-srgqxffdos4hk.eu-5.platformsh.site https://acceptance-yfiuy3a-srgqxffdos4hk.eu-5.platformsh.site https://sdworx-lms-cms.prd.reference.be https://strgeuwaccsdworxlearning.blob.core.windows.net https://static.landbot.io https://www.sdworx.com https://strgeuwprdsdworxlearning.blob.core.windows.net https://cdne-euw-acc-ext-sdworxlearning.azureedge.net https://cdne-euw-dev-ext-sdworxlearning.azureedge.net https://cdne-euw-prd-ext-sdworxlearning.azureedge.net blob: sleeknotestaticcontent.sleeknote.com analytics.sleeknote.com https://lms-cms.prd.sdworx.com https://bat.bing.net https://sdworx-payhr.co.uk/ https://www.dmsales.com https://analytics.greensender.pl https://cdn.jotfor.ms https://*.sdworx.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.convertexperiments.com https://collector.leadinfo.net https://*.lfeeder.com https://*.leadfeeder.com https://tags.sdworx.com https://*.wistia.com https://*.wistia.net https://*.usercentrics.eu; font-src 'self' data: fonts.googleapis.com use.typekit.net https://use.typekit.net https://fonts.gstatic.com cdn.landbot.io https://*.hotjar.com *.sleeknote.com https://vercel.live https://assets.vercel.com https://cdn.jotfor.ms https://*.wistia.com https://*.wistia.net https://cdn.sdworx.com; connect-src 'self' *.typekit.net fonts.gstatic.com *.onetrust.com *.googleapis.com cdn.cookielaw.org googleads.g.doubleclick.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net *.pardot.com *.landbot.io *.sdworx.com *.clarity.ms wss://*.firebaseio.com *.firebaseio.com *.analytics.google.com https://*.algolia.net https://*.algolianet.com https://*.apm.eu-west-1.aws.cloud.es.io https://cdn.linkedin.oribi.io https://idx.liadm.com https://www.facebook.com https://ldynamicspublicapi.leadforensics.com https://collector.leadinfo.net https://api.leadinfo.com wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://a458c8fcc5c8447d898446e84c87217b.events.ubembed.com https://bat.bing.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws cdnjs.cloudflare.com *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com https://px.ads.linkedin.com/wa/ https://sdworx.stackbase.nl/ px.ads.linkedin.com/ https://ldynamicspublicapi.leadforensics.com https://vercel.live wss://ws-us3.pusher.com https://*.ingest.sentry.io https://*.sleeknote.com *.convertexperiments.com https://*.inzynk.io https://bat.bing.net https://sdworx-payhr.co.uk/ https://*.leadinfo.net https://eu-api.jotform.com https://pro.ip-api.com/ https://api.vector.co/ https://*.google-analytics.com https://*.googletagmanager.com https://tags.sdworx.com https://*.litix.io https://*.wistia.com https://*.wistia.net http://*.wistia.com http://*.wistia.net https://*.algolia.net https://*.sentry-cdn.com/ https://api.claydar.com https://*.usercentrics.eu; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/ https://eu-submit.jotform.com; frame-src https://player.springcast.app/ *.firebaseio.com https://*.hotjar.com https://calendly.com go.sdworx.com https://www.youtube.com https://www.youtube-nocookie.com https://trainings.sdworx.de https://datawrapper.dwcdn.net https://survey.sdworx.com https://web103.reachmee.com https://www.videoask.com https://embed.acast.com https://a458c8fcc5c8447d898446e84c87217b.pages.ubembed.com https://www.google.com https://outlook.office365.com https://www.sd.be https://optimize.google.com https://form.jotform.com https://www.facebook.com my.visme.co https://eu-submit.jotform.com/ https://*.skedify.io *.sleeknote.com onsite-subscribe.getdrip.com app.vwo.com *.visualwebsiteoptimizer.com https://iswebb.com/ https://td.doubleclick.net/ https://vercel.live/ https://www.googletagmanager.com/ https://sdworx-payhr.co.uk/ https://forms.office.com/ https://widgets-cache.jotform.io https://www.jotform.com https://*.sdworx.com https://*.ivoox.com https://*.pexipengage.com https://tags.sdworx.com  https://fast.wistia.com https://www.calculatorvenituri.ro/ https://fast.wistia.com https://fast.wistia.net https://www.appdemostore.com/ https://web.cmp.usercentrics.eu/ https://app.usercentrics.eu/; worker-src 'self' blob:; media-src 'self' blob: https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://develop-sr3snxi-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be https://country-cms.prd.sdworx.com https://lms-cms.prd.sdworx.com https://*.wistia.com https://*.wistia.net; frame-ancestors 'none'; object-src 'none' 6
frame-ancestors 'self' www.wirtgen-group.com forms.wirtgen-group.com; 6
frame-ancestors  https://*.netinfo.bg/ 6
frame-ancestors 'self' *.facebook.com 6
frame-ancestors 'self' *.tournamentsoftware.com *.toernooi.nl 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.orsted.com *.azureedge.net orsted.com.au *.app.cookieinformation.com *.euroland.com *.eurolandir.com cdn.appdynamics.com *.eum-appdynamics.com *.googletagmanager.com *.gstatic.com *.googleoptimize.com www.googleadservices.com *.googleapis.com *.bing.com *.doubleclick.net *.t.co *.pardot.com *.youtube.com *.linkedin.com *.twitter.com *.globenewswire.com *.23video.com delivery.twentythree.com orsted.containers.piwik.pro orsted.piwik.pro *.crazyegg.com unpkg.com cs.lf-discover.com *.puzzel.com *.arcgis.com code.jquery.com *.lfeeder.com orsted-global-graduate-programme.simplecast.com omny.fm cdnjs.cloudflare.com *.bootstrapcdn.com *.defgo.com *.defgo.net *.vimeo.com presscloud.com *.ritzau.dk *.simplecast.com *.elnet.danskenergi.dk *.sli.do *.audioboom.com *.licdn.com *.adsrvr.org *.soundcloud.com *.google.com *.google.com.my *.google.nl *.google.dk *.facebook.net; 6
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 6
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 6
upgrade-insecure-requests; report-to endpoint; report-uri https://report.api.jtl-software.com/csp/; default-src 'self';base-uri 'self';form-action 'self' forms-eu1.hsforms.com www.facebook.com/tr/ kundencenter.jtl-software.de checkout.jtl-software.com;frame-ancestors 'self';connect-src 'self' forms-eu1.hsforms.com api-eu1.hubapi.com forms-eu1.hscollectedforms.net hubspot-forms-static-embed-eu1.s3.amazonaws.com static.hsappstatic.net www.paypal.com api.personio.de/recruiting/applicant px.ads.linkedin.com/wa/ px.ads.linkedin.com/attribution_trigger www.googleadservices.com/ googleads.g.doubleclick.net adservice.google.com/pagead www.google.com/ccm/collect *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz analytics.google.com/g/collect www.google-analytics.com region1.analytics.google.com region1.google-analytics.com/g/collect stats.g.doubleclick.net/g/collect stats.g.doubleclick.net/j/collect region1.analytics.google.com/g/collect maps.googleapis.com www.facebook.com/tr/ *.clarity.ms/collect bat.bing.net/actionp/0 bat.bing.com/actionp/0 stats.jtl-software.de/matomo.php crm.jtl-software.de consent.jtl-software.de;font-src 'self' cdn.jtl-software.com fonts.gstatic.com/s/roboto/v30/ data:;frame-src 'self' forms-eu1.hsforms.com www.paypal.com www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.googletagmanager.com/ www.facebook.com/tr/ consent.jtl-software.de;child-src 'self' forms-eu1.hsforms.com www.paypal.com www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.googletagmanager.com/ www.facebook.com/tr/ consent.jtl-software.de;img-src 'self' cdn.jtl-software.com forms-eu1.hsforms.com track-eu1.hubspot.com data: t.paypal.com www.paypalobjects.com img.youtube.com i.ytimg.com px.ads.linkedin.com googleads.g.doubleclick.net/pagead/ google.com *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz www.google-analytics.com stats.g.doubleclick.net/g/collect www.googletagmanager.com maps.googleapis.com/maps/ maps.gstatic.com/mapfiles/ www.facebook.com/tr/ www.facebook.com/privacy_sandbox/pixel/register/trigger/ c.clarity.ms/c.gif c.bing.com/c.gif bat.bing.net/action/0 bat.bing.com/action/0 bilder.jtl-software.de data:;object-src 'none';script-src 'self' cdn.jtl-software.com js-eu1.hsforms.net js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.hs-analytics.net js-eu1.hubspt.com www.paypal.com www.paypalobjects.com www.youtube.com/iframe_api www.youtube.com/s/player/ snap.licdn.com/li.lms-analytics/ www.googleadservices.com/ googleads.g.doubleclick.net/pagead/ www.google.com/pagead/ www.recaptcha.net/recaptcha/api.js www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.googletagmanager.com/gtm.js www.googletagmanager.com/ maps.googleapis.com/maps/ maps.googleapis.com/maps-api-v3/api/js/ connect.facebook.net/en_US/fbevents.js connect.facebook.net/signals/config/ www.clarity.ms/tag/kmqrcg56hz scripts.clarity.ms bat.bing.com/bat.js bat.bing.net/bat.js bat.bing.com/p/action/ stats.jtl-software.de/matomo.js crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.js 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' cdn.jtl-software.com www.googletagmanager.com/debug/ fonts.googleapis.com/css crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.css 'unsafe-inline';worker-src 'self' www.google.com/recaptcha/api2/webworker.js www.googletagmanager.com/ blob:; 6
default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; 6
frame-ancestors 'self' https://portal.mapp.com; 6
default-src https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://gameduell.de https://gameduell.com https://gameduell.fr https://gameduell.nl https://gameduell.co.uk https://gameduell.se https://gameduell.dk https://gameduell.at https://gameduell.ca https://gameduell.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: asset: https://assets.gameduell.de *.google-analytics.com https://webchat.helpshift.com https://seal.digicert.com https://seal-goldengate.bbb.org https://connect.facebook.net https://www.redditstatic.com https://www.dwin1.com https://www.awin1.com https://lantern.roeyecdn.com https://the.sciencebehindecommerce.com https://*.micropayment.de https://*.checkout.com 'report-sample'; img-src 'self' data: blob: https://mein.gameduell.de https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es blob: https://assets.gameduell.de https://media.gameduell.de https://www.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com https://lh3.google.com https://lh3.googleusercontent.com https://seal.digicert.com https://d2duuy9yo5pldo.cloudfront.net https://www.facebook.com https://alb.reddit.com https://www.awin1.com https://lantern.roeye.com https://lantern.roeyecdn.com https://www.wepowerconnections.com 'report-sample'; style-src 'self' blob: 'unsafe-inline' https://assets.gameduell.de https://seal-blue.bbb.org; object-src 'self' https://*.gameduell.de https://assets.gameduell.de; connect-src 'self' wss://*.gameduell.de wss://my.gameduell.com wss://mon.gameduell.fr wss://mijn.gameduell.nl wss://www.gameduell.de wss://www.gameduell.com wss://www.gameduell.fr wss://www.gameduell.nl wss://www.gameduell.co.uk wss://www.gameduell.se wss://www.gameduell.dk wss://www.gameduell.at wss://www.gameduell.ca wss://www.gameduell.es https://*.gameduell.de blob: https://assets.gameduell.de https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://perf-events.cloud.unity3d.com https://www.redditstatic.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://the.sciencebehindecommerce.com https://*.checkout.com https://*.boku.com; form-action 'self' https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es 'report-sample'; child-src 'self' blob: https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com; font-src 'self' data: blob: https://assets.gameduell.de https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://www.awin1.com https://*.micropayment.de https://*.checkout.com https://*.boku.com https://orange.w-ha.com https://3dsecure-vrp.de; worker-src 'self' blob:; media-src 'self' data: blob: https://assets.gameduell.de; frame-ancestors 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://admintool.gameduell.de; base-uri 'self' https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; manifest-src blob: 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; report-uri /gd/rest/jslog/csp 6
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.hk  *.interactivebrokers.ch  *.interactivebrokers.eu  *.interactivebrokers.ie  *.interactivebrokers.lu  *.interactivebrokers.hu  *.interactivebrokers.com.sg  *.ibkr.com.sg  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  IBKR.docebosaas.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.youtube.com  *.interactivebrokers.ie  *.interactivebrokers.lu  *.interactivebrokers.hu  *.clientam.ch  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  impact.interactivebrokers.com  *.ibkrcampus.com  widgets.tipranks.com  site.recognia.com  *.portfolioanalyst.com  portfolioanalyst.com  www.portfolioanalyst.com  www.interactivebrokers.com  https://www.interactivebrokers.com/  *.lynxbroker.com  site.recognia.com  ibkr.paxosclients.com  worldtrader.hsbc.ae  *.xstaging.tv  *.ibkrcampus.com  ibkrcampus.com  *.ibkrguides.com  ibkrcampusstg.wpenginepowered.com  *.traderstation-international.com  *.greenwichcompliance.com; 6
img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschaftermarket.com *.dxtservice.com *.bosch.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com *.nr-data.net *.youtube.com *.translate.google.com *.startengo.dev *.startengo.fr mapb.boschaftermarket.com mapb.boschaftermarket.fr; object-src 6
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.site.com *.salesforce-scrt.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://players.brightcove.net/ https://www.recaptcha.net https://www.gstatic.com https://js-agent.newrelic.com https://pi.pardot.com https://www.youtube.com https://in2.taskanalytics.com https://bam.nr-data.net https://snap.licdn.com https://googleads.g.doubleclick.net https://info.weareplanet.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://tag.demandbase.com https://j.6sc.co https://tracking.g2crowd.com https://connect.facebook.net https://tpc.googlesyndication.com https://cdn.weglot.com/weglot.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com maps.googleapis.com; frame-ancestors 'self'; report-uri https://www.weareplanet.com/report-uri/enforce 6
frame-ancestors 'self' https://app.kontent.ai; 6
default-src 'self' gap: 'unsafe-inline';     script-src 'self'         data: https://cdn.amcharts.com         data: https://c.mql5.com/         data: https://cdn.ampproject.org/         data: https://content.mql5.com/         data: https://connect.facebook.net/         data: https://ifccd.net         data: code.jquery.com         data: *.ifcmarkets.com         data: *.ifcmiran.asia         data: *.tradeifcm.asia         data: https://apis.google.com         data: www.google-analytics.com         data: www.googleadservices.com         data: www.googletagmanager.com         data: https://www.google.com/         data: www.googleapis.com/         data: cse.google.com/         data: clients1.google.com/         data: https://www.gstatic.com/         data: https://www.googleadservices.com        data: trade.mql5.com         data: https://ipinfo.io         data: https://ajax.cloudflare.com         data: https://yastatic.net/share2/share.js         data: https://mc.yandex.ru/metrika/tag.js         data: https://dsp-media.eskimi.com         data: https://ssl.pstatic.net         data: wcs.naver.net         data: *.bing.com         data: *.twitter.com         data: *.adroll.com         data: *.conv.rs         data: widget.trustpilot.com         data: connect.facebook.net         data: https://www.aparat.com         data: https://www.aparat.com         'unsafe-eval' 'unsafe-inline';     frame-src 'self'         data: *.trustpilot.com         data: *.google.com         data: https://*.adroll.com         data: https://component.autochartist.com         data: *.ifcm-invest.com         data: https://www.tradays.com         data: https://www.mql5.com         data: https://www.youtube.com         data: https://chat.ifcmtz.com         data: https://chat.ifctr.asia         data: https://chat.fxifcm.asia         data: https://chat.ifcmfx.com         data: https://chat.ifcmfx.cn         data: https://chat.ifcm.co.uk         data: https://chat.ifcmarkets.tw         data: https://chat.ifcmarkets.my         data: https://chat.ifcmarkets.net         data: https://chat.ifcmarkets.hk         data: https://chat.ifcmarkets.mx         data: https://chat.ifcmarkets.com.br         data: https://chat.ifcmarkets.co.id         data: https://chat.ifcmarkets.co.in         data: https://chat.ifcmarkets.co         data: https://chat.ifcmarkets.ae         data: https://trade.mql5.com         data: https://td.doubleclick.net         data: *.googletagmanager.com         data: *.ifcmarkets.com         data: *.ifcmiran.asia         data: *.tradeifcm.asia         data: *.ifcmarkets.co.za         data: https://*.facebook.com         data: https://www.aparat.com         data: https://ifccd.net;     media-src *         data: https://www.ifcmarkets.com/downloads/video/;    object-src *;     style-src 'self'         data: *.ifcmarkets.com         data: *.ifcmiran.asia         data: https://ifccd.net         data: https://pr.ifccd.net         data: https://www.google.com         data: https://fonts.googleapis.com         'unsafe-inline';     img-src *         data: http://www.w3.org/;     font-src 'self'         data: *.ifcmiran.asia         data: https://ifccd.net         data: https://fonts.gstatic.com         data: https://fonts.googleapis.com         data: https://pr.ifccd.net;     connect-src *;     manifest-src 'self'         data: https://ifccd.net         data: https://be1.ifcmfar.com         data: *.ifcmiran.asia;    worker-src 'self' blob: data:; 6
frame-ancestors https://cms-prod.brxm.grandvision.io 6
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.intellimizeditor.com https://intellimizeditor.com https://cdn.intellimize.co https://ajax.googleapis.com https://ajax.cloudflare.com https://analytics.twitter.com https://api.intellimize.co https://app-abk.marketo.com https://audience.nrich.ai https://bat.bing.com https://boards.greenhouse.io https://cdn.ampproject.org https://cdn.cookielaw.org https://cdn.onesignal.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://js.chilipiper.com https://maps.googleapis.com https://munchkin.marketo.net https://onesignal.com https://player.vimeo.com https://s.yimg.com https://sc.lfeeder.com https://script.crazyegg.com https://script.hotjar.com https://secure.esignlive.com https://secure.onespan.com https://serve.nrich.ai https://ssl.google-analytics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://static.hotjar.com https://tag.demandbase.com https://tag.nrich.ai https://tpc.googlesyndication.com https://translate.google.com https://tribl.io https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://d41.co https://*.d41.co https://embed.ustudio.com https://asana-user-private-us-east-1.s3.us-east-1.amazonaws.com https://id.rlcdn.com https://scout-cdn.salesloft.com https://tracking.g2crowd.com https://j.6sc.co https://view.ceros.com https://app.leandata.com https://js.driftt.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://optimize.google.com https://www.googleoptimize.com/ https://extend.vimeocdn.com https://code.highcharts.com https://cdn.bizible.com https://www.vimeo.com https://vimeo.com https://cdn.jsdelivr.net https://rc-sc.js.driftt.com https://site-concierge.driftt.com blob: https://www.g2.com https://challenges.cloudflare.com/ https://unpkg.com/ https://cdn.ckeditor.com/; style-src 'self' 'report-sample' 'unsafe-inline' https://app-abk.marketo.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://js.chilipiper.com/ https://onesignal.com https://secure.onespan.com https://tag.demandbase.com https://translate.googleapis.com https://tribl.io https://use.fontawesome.com https://cdn.jsdelivr.net https://optimize.google.com https://www.googletagmanager.com https://www.gstatic.com https://unpkg.com/; form-action 'self'; base-uri 'self'; object-src 'none'; connect-src 'self' https://*.clarity.ms https://*.company-target.com https://*.nr-data.net https://308-zmt-742.mktoresp.com https://308-zmt-742.mktoutil.com https://adservice.google.com https://analytics.google.com https://api.chilipiper.com https://api.intellimize.co https://audience.nrich.ai https://bat.bing.com https://cdn.cookielaw.org https://in.hotjar.com https://log.intellimize.co https://maps.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://s.yimg.com https://secure.onespan.com https://serve.nrich.ai https://stats.g.doubleclick.net https://tag.nrich.ai https://tracking.chilipiper.com https://translate.googleapis.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://cdn.linkedin.oribi.io https://www.facebook.com https://www.google-analytics.com https://app.leandata.com https://js.zi-scripts.com https://ws.zoominfo.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.by https://www.google.bs https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.cz https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.cg https://www.google.com.co https://www.google.com.cy https://www.google.com.cu https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kh https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.li https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.nl https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.com https://www.google.cu https://www.google.de https://www.google.dk https://www.google.dl https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fl https://www.google.fr https://www.google.ge https://www.google.gm https://www.google.gr https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.lk https://www.google.li https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rw https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.vu https://www.google.zm https://www.googletagmanager.com https://cs.lf-discover.com https://*.d41.co https://d41.co https://se-services.intellimize.co https://*.salesloft.com https://*.6sc.co https://www.google.co.ls https://www.google.bi https://www.google.com.af https://www.google.tt https://www.google.ws https://www.google.st https://www.google.gg https://www.google.im https://secure.adnxs.com/ https://js.driftt.com https://www.googletagmanager.com https://content.hotjar.io https://metrics.hotjar.io https://epsilon.6sense.com https://px.ads.linkedin.com https://*.6sense.com https://rc-sc.js.driftt.com https://site-concierge.driftt.com https://tracking.g2crowd.com https://tracking-api.production.g2.com https://tracking-api.g2.com/ https://cdnjs.cloudflare.com/ https://geolocation.onetrust.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src https://*.esignlive.com/ https://*.onespan.com https://api.intellimize.co https://app.intellimize.co https://*.intellimizeio.com https://onespan.chilipiper.com https://apps.chilipiper.com https://app-abk.marketo.com https://bid.g.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://sandbox.esignlive.com https://secure.onespan.com https://test.api.intellimize.co https://tpc.googlesyndication.com https://tribl.io https://vars.hotjar.com https://vimeo.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.youtube.com https://youtube.com https://*.prod.acquia-sites.com https://embed.ustudio.com/ https://view.ceros.com/ https://app.leandata.com https://js.driftt.com https://optimize.google.com https://webikeo.fr/ https://td.doubleclick.net/ http://stg.onespan.com/ http://www.onespan.com/ https://rc-sc.driftt.com https://rc-sc.js.driftt.com https://site-concierge.driftt.com https://job-boards.greenhouse.io/ https://www.g2.com/ https://challenges.cloudflare.com/; img-src 'self' data: blob: *; manifest-src 'self'; media-src 'self'; worker-src 'none'; 6
default-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;img-src 'self' data: *;connect-src 'self' *;worker-src 'self' blob: *;frame-src 'self' oauth.telegram.org *;frame-ancestors 'self' *;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 6
frame-ancestors 'self' https://dlinz.sharepoint.com; 6
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' 'self' *; img-src 'self' data: *; connect-src *; frame-src 'self' *; font-src data: 'self' https://*.typekit.net https://fonts.gstatic.com https://c1.sfdcstatic.com https://app.mavenoid.com; media-src 'self' https://*.cloudfront.net https://*.azureedge.net; worker-src 'self' blob: *; form-action 'self' https://www.googleapis.com/oauth2/v2/userinfo https://accounts.google.com/o/oauth2/auth https://www.facebook.com/tr/ https://*.cdn-net.com https://www.pages01.net https://*.sandbox.my.salesforce.com https://*.sandbox.my.site.com https://acco1.my.salesforce.com https://acco1.my.site.com; frame-ancestors 'self'; 6
default-src 'self'; style-src 'self' 'unsafe-inline'; 6
frame-ancestors *.df-automotive.de *.felgenshop.de 6
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 6
default-src 'self' 'unsafe-inline' *.myconnectsuite.com *.schoolinsites.com *.pcmac.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; base-uri 'self'; form-action 'self' 'unsafe-inline' *; img-src 'self' *; connect-src 'self' *; frame-src *; media-src 'self' blob: *; worker-src 'self' blob: * 6
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; frame-ancestors 'self' https://app.optimizely.com; 6
upgrade-insecure-requests; frame-ancestors 'self' http://localhost https://localhost https://aemstage1.assaabloyservices.com https://aemdev.hesinnovations.com https://assaconnect.azurewebsites.net https://assaconnect-qa.azurewebsites.net https://assaconnect-staging.azurewebsites.net https://connect.assaabloy.com https://edc.adamsrite.com https://egress-calculator-qa.azurewebsites.net https://egresscalc.assaabloy.com https://egress-calculator-prod.azurewebsites.net https://eac-dev.aa-bts.com https://eac-qa.aa-bts.com https://eacconfig.assaabloy.com; default-src * data: 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: http:; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; base-uri 'self'; 6
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';  style-src 'self' 'unsafe-inline'; img-src * data:; 6
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ rap.skcrtxr.com *.a.mts.ru sm.rtb.mts.ru 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru business.tinkoff.ru business.tbank.ru business-webinars.bot.tinkoff-business.com sendsay.ru flijh.tb.ru gmzzu.tb.ru api.amplitude.com *.tb.ru tglk.ru cobrowsing.tinkoff.ru cobrowsing.tbank.ru cdn.tbank.ru cfg.tinkoff.ru www.tbank.ru api-statist.tinkoff.ru baf.tinkoff.ru id.tbank.ru www.cdn-tinkoff.ru error-hub.tbank.ru origination.tinkoff.ru oplata.tinkoff.ru social.secrets.tbank.ru securepay.tinkoff.ru imgproxy.cdn-tinkoff.ru api.mindbox.ru forma.tbank.ru polls.tbank.ru b2g.tbank.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: *.youtube.com sendsay.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru business.t-static.ru *.ads.linkedin.com *.linkedin.com *.googleusercontent.com *.cloud.google.com *.googleapis.com *.adhigh.net px.adhigh.net *.adsymptotic.com; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru www.youtube.com rutube.ru youtu.be; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data:; report-uri https://www.tbank.ru/api/front/pfpsme/log/csp-error?appName=pfpsme&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru 6
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com 6
frame-ancestors 'self' yousign.app; 6
frame-ancestors 'self' https://builder.io; 6
<options and value> 6
frame-ancestors app.storyblok.com 6
frame-ancestors 'self' *.plentymarkets-cloud-ie.com *.my.plentysystems.com 6
default-src 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: http: https:; font-src 'self' http: https:; connect-src 'self' http: https:; frame-src 'self' http: https: 6
default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval'; 6
default-src 'self'; connect-src *; font-src data: *; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 6
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 6
reflected-xss block 6
frame-ancestors 'self' https://drivmp--fullcopy.lightning.force.com https://drivmp--fullcopy.my.salesforce.com https://drivmp--fullcopy--c.visualforce.com https://drivmp.lightning.force.com https://drivmp.my.salesforce.com https://drivmp--c.visualforce.com https://drivmp--fullcopy.sandbox.lightning.force.com https://drivmp--fullcopy.sandbox.my.salesforce.com https://drivmp--fullcopy--c.sandbox.visualforce.com https://drivmp--fullcopy--c.sandbox.vf.force.com https://drivmp--c.vf.force.com 6
default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/ blob:; style-src 'self' 'unsafe-inline' https:; img-src https: data: blob: 'self'; media-src https: 'self'; object-src 'self'; font-src *.gstatic.com *.googleapis.com data: 'self' https:; frame-ancestors https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 'self'; frame-src https:; connect-src https: ws: wss: https://app.wotnot.io 'self' wss://ws.hotjar.com; worker-src blob:; child-src blob: 6
upgrade-insecure-requests; frame-ancestors: self 6
default-src 'self'; script-src 'self' 'strict-dynamic' 'sha256-l3tfobNGSDsiWwzSdX9QqvprTaL+kQGzfRzpdkbM1m0=' 'sha256-aXFWSsQLd4kfpqpWNQwLKFmiDgjd+I1iaw3mCViRRUc=' 'unsafe-inline' 'wasm-unsafe-eval' https://vrt.be https://*.vrt.be https://previewshared.mediahuis.be/cxense/cxense.vrtnu.js https://*.sentry-cdn.com https://assets.adobedtm.com https://cdn.cxense.com/cx.js https://api.cxense.com https://cdn.jsdelivr.net/npm/@snowplow/browser-plugin-performance-timing@latest/dist/index.umd.min.js https://gabe.hit.gemius.pl https://gdpr-wrapper.privacymanager.io https://gdpr.privacymanager.io https://imasdk.googleapis.com/js/sdkloader/ima3.js https://*.qualtrics.com https://www.gstatic.com https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js https://*.opecloud.com https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js https://www.clarity.ms; style-src 'self' 'unsafe-inline' https://vrt.be https://*.vrt.be https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://chat.stream-io-api.com wss://chat.stream-io-api.com wss://api-dev.vrt.radio/socket.io/ wss://api-stag.vrt.radio/socket.io/ wss://api.vrt.radio/socket.io/ https://vrt.be https://*.vrt.be https://*.vrtcdn.be https://vrtmax.stag.a51.be https://d33ksfmeznrrrv.cloudfront.net https://*.omtrdc.net https://*.streamtheworld.com https://*.akamaized.net https://o140591.ingest.sentry.io https://dpm.demdex.net https://siteintercept.qualtrics.com https://time.akamai.com https://license.theoplayer.com https://widevine-proxy.drm.technology/proxy https://gdpr-wrapper.privacymanager.io https://*.privacymanager.io https://*.uplynk.com https://gabe.hit.gemius.pl https://*.smartocto.com https://*.contentinsights.com https://fairplay-license.drm.technology https://csi.gstatic.com https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://vrt-live.cdn.vustreams.com https://*.buffup.net wss://*.buffup.net https://api.amplitude.com https://api-dev.vrt.radio https://api-stag.vrt.radio https://api.vrt.radio https://unpkg.com/theoplayer@6.7.0/ https://unpkg.com/theoplayer@7.6.1/ https://cdn.jsdelivr.net/npm/@mux/mux-data-theoplayer@5.1.7/ https://cdn.jsdelivr.net/npm/@mux/mux-data-theoplayer@5.3.12/ https://unpkg.com/theoplayer@8.12.1/THEOplayer.transmux.js https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js https://*.opecloud.com https://*.googlesyndication.com https://*.doubleclick.net https://*.doubleverify.com https://*.clarity.ms https://sporza-api.stag.a51.be https://api.sporza.be https://resources.vudrm.tech https://*.litix.io https://cdnjs.cloudflare.com/polyfill/v3/ https://growthbook-api.datascience.a51.be https://*.streamabc.net https://cdn.jsdelivr.net/npm/shaka-player@4.16.16/ https://cdn.jsdelivr.net/npm/@mux/mux-data-shakaplayer@5.12.8/ https://cdn.jsdelivr.net/npm/@mux/mux-data-shakaplayer@5.14.11/ https://cdn.jsdelivr.net/npm/hls.js@1.6.13/ https://cdn.jsdelivr.net/npm/mux-embed@5.13.0/ https://cdn.jsdelivr.net/npm/mux-embed@5.14.0/ https://cdn.jsdelivr.net/npm/hls.min.js https://cdn.jsdelivr.net/npm/hls.min.js.map https://cdn.jsdelivr.net/npm/emojibase-data@latest/; font-src 'self' https://vrt.be https://*.vrt.be https://buffup-web-sdk.core.buffup.net https://files.qualifio.com/library/vrt/fonts/; frame-src 'self' https://vrt.be https://*.vrt.be https://*.ketnet.be https://vrtbe.demdex.net https://cdn.cxense.com https://*.privacymanager.io https://ls.hit.gemius.pl https://imasdk.googleapis.com https://unpkg.com/ https://interactief.radio2.be https://interactief.radio1.be https://interactief.mnm.be https://interactief.stubru.be https://interactief.een.be https://interactief.klara.be; img-src 'self' data: https://getstream.imgix.net/images/emoji-sprite.png https://vrt.be https://*.vrt.be https://vrt.sc.omtrdc.net https://comcluster.cxense.com https://licensing.theoplayer.com https://ib.adnxs.com https://secure.adnxs.com https://*.doubleclick.net https://*.postrelease.com https://*.cxense.com https://cm.everesttech.net https://*.demdex.net https://*.opecloud.com https://*.qualtrics.com https://*.buffup.net https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googlesyndication.com https://*.cloud.ovh.net https://dublin.stream-io-cdn.com/; manifest-src 'self'; media-src 'self' blob: data: https://*.vrt.be https://*.vrtcdn.be https://d33ksfmeznrrrv.cloudfront.net https://*.streamtheworld.com https://*.akamaized.net https://*.uplynk.com https://*.adnxs-simple.com https://buffup-public.s3.eu-west-2.amazonaws.com https://assets.vrt.buffup.net https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.gvt1.com https://*.adsafeprotected.com https://*.doubleverify.com https://*.moatads.com https://*.flashtalking.com https://*.adform.net https://*.mediahuis.be https://*.2mdn.net https://resources.vudrm.tech https://vrt.simplecastaudio.com https://*.stream-io-cdn.com; worker-src 'self' blob:; 6
frame-ancestors 'self' *.azdev.direct *.adobe.com direct.lvh.me:8080 6
default-src    'self';  script-src    'self'    'unsafe-eval'    'sha256-gAoLN6KJ0A9OafcVJMjzxNdkYgp5k6N6TAeX0LWP/FI='    'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k='    'sha256-h0q/wc9bqEqBhdFWnKDHIxeXP11Ajil7n/hsjm6/dqM='    'sha256-C5rDgRHg+vqKO7WuW9xWaUgdVJbqlhnjKIbfvsKF0xE='    'sha256-JExGmEvC7ZiVWk+GdIt3rVoPWN4W8NCmOfUKXbey7ig='    'sha256-xVILJh0lK70lVi3RoL4ILRgU+KTxxEWHvZDNRTV6JrA='    'sha256-Xi0aUTero+2HCGXxqbCOJfZM32R2yQ2vJ1qfEx5uB2M='    'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU='    'sha256-/JfUu6Zem/6hYsbOAALYRBMS6NOtpUCjDi0RlTS/qb8='    'sha256-2+sA5gLjooF7uql+LE1YEJtYO9VyaPgYBt1rWu41zm0='    'sha256-0D4HtGLdTewYCOXEfwwNl9/8Dl+VhGM1tNJGkLTdgE4='    'sha256-S9ZGnLkZ7P/9E037KPJ434vL+yLVOncfSKLiJjet2bE='    'sha256-6fQwbrnXjDFfyddlQVIIWnIbDc2fp+SIiOI+WBxcjr4='    'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE='    'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k='    'sha256-A0/707MQdpfr/tR18VnYSk7JMJoUQSBURZEJa8wF6po='    'sha256-kvqasyXMdm/oaFYV13Vo7H+iWofPfqO92EjT+TP30wQ='    'sha256-3ajBc/dcb/EhkUUCWwgas0KdZImxjGdF3bpG8w8YRPY='    'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE='    maps.googleapis.com    px.ads.linkedin.com    p.adsymptotic.com    snap.licdn.com    www.google-analytics.com    player.vimeo.com    extend.vimeocdn.com    *.archgroup.com    www.googletagmanager.com    www.clarity.ms;     script-src-elem     'self'     'unsafe-inline'     maps.googleapis.com     px.ads.linkedin.com     p.adsymptotic.com     snap.licdn.com     www.google-analytics.com     player.vimeo.com     extend.vimeocdn.com     www.archgroup.com     www.googletagmanager.com     platform.twitter.com     www.clarity.ms     c.clarity.ms     e.clarity.ms     scripts.clarity.ms;      style-src     'self'     'unsafe-inline'     use.fontawesome.com     fonts.googleapis.com     *.googletagmanager.com     fonts.gstatic.com;      frame-src     *.archgroup.com     www.podbean.com     www.youtube.com     www.google.com     *.icims.com     player.vimeo.com     *.twitter.com;  img-src     'self'     data:     www.archgroup.com     archgroup.com     ps.w.org     p.adsymptotic.com     wpengine.com     dify.wpengine.com     maps.gstatic.com     *.googleapis.com     *.ggpht.com     secure.gravatar.com     *.linkedin.com     *.google-analytics.com     *.analytics.google.com     *.twitter.com     c.clarity.ms     c.bing.com;      font-src     'self'     data:     *.fontawesome.com     fonts.googleapis.com     fonts.gstatic.com;      connect-src     'self'     www.archgroup.com     insurance.archgroup.com     mortgage.archgroup.com     reinsurance.archgroup.com     *.google-analytics.com     analytics.google.com     *.analytics.google.com     archcapital2020tf.q4web.com     *.licdn.com     stats.g.doubleclick.net     my.wpengine.com     yoast.com     api.redirect.li     px.ads.linkedin.com     cdn.linkedin.oribi.io     e.clarity.ms;      media-src     *.archgroup.com     extend.vimeocdn.com;      form-action     'self';      base-uri     'self';      frame-ancestors     'self'     www.slipcase.com     marketplace.marsh.com;      upgrade-insecure-requests;  object-src     'self';      child-src     'self';  worker-src     'self'     blob:     *.archgroup.com; 6
default-src     'self'; frame-ancestors 'self'; style-src       'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com *.wexfabric.com; script-src      'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com *.wexfabric.com; style-src-elem  'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com *.wexfabric.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com *.wexfabric.com; font-src        'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com *.wexfabric.com data:; connect-src     'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com *.wexfabric.com; frame-src       'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com *.wexfabric.com; form-action     'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com *.wexfabric.com; img-src         'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com *.wexfabric.com data:; upgrade-insecure-requests 6
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline'; 6
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* http://* data:; style-src 'self' 'unsafe-inline' https://* http://* data:; font-src 'self' https://* http://* data:; object-src 'self'; 6
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com sc-static.net analytics.tiktok.com bat.bing.com fpt.absa.co.za fpt.absa.com.gh fpt.absabank.co.ke fpt.absabank.mu fpt.absa.co.mz fpt.absa.sc fpt.absa.co.tz fpt.absa.co.ug fpt.absa.co.zm fpt.absa.co.bw p.teads.tv absa2--a2sadcdev.sandbox.my.site.com absa2--a2sadcdev.sandbox.my.salesforce-scrt.com absa2--a2uat.sandbox.my.site.com absa2--a2uat.sandbox.my.salesforce-scrt.com absa2.my.site.com absa2.my.salesforce-scrt.com absa-en-za-stage-webview-library-service.kitsys.net absa-en-za-stage.kitsys.net 6
default-src 'self' https:; img-src 'self' data: https:; style-src-elem 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src-attr 'unsafe-inline'; font-src 'self' data: https:; frame-ancestors https://volkswagen-admin.porsche-holding.com; connect-src 'self' https: wss: ws: data:; manifest-src 'self' https:; media-src 'self' https: data: blob; frame-src 'self' https:; upgrade-insecure-requests 6
style-src * 'unsafe-inline'; font-src * data:; img-src * data:; connect-src *; object-src 'self'; frame-ancestors 'self'; 6
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 6
base-uri 'none'; font-src 'self' https: data:; form-action self https://cart.penguinrandomhouse.com https://www.facebook.com; frame-ancestors 'self'; img-src 'self' data: https://sites.prh.com https://www.penguinrandomhouse.com https://images.penguinrandomhouse.com https://images.randomhouse.com https://res.cloudinary.com https://i.ytimg.com https://i.vimeocdn.com https://s.amazon-adsystem.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://googleads.g.doubleclick.net https://pixel.sitescout.com https://c.lytics.io/ https://cm.everesttech.net https://dpm.demdex.net https://attribution.sitescout.com https://alb.reddit.com https://www.googletagmanager.com https://scode.randomhouse.com; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com https://c.lytics.io https://www.googleadservices.com https://www.googletagmanager.com https://s.pinimg.com https://snap.licdn.com/ https://analytics.tiktok.com https://sc-static.net https://connect.facebook.net https://b-code.liadm.com https://cdn01.basis.net https://visitor-service-us-east-1.tealiumiq.com https://googleads.g.doubleclick.net https://tr.snapchat.com https://ct.pinterest.com https://rum-static.pingdom.net https://www.redditstatic.com https://pixel.byspotify.com https://visitor-service.tealiumiq.com; upgrade-insecure-requests; 6
default-src 'self' *.aptaclub.de/ *.aptaclub.ch/ *.aptaclub.at/ *.activia.de/ *.danone-dany.de/ *.fruchtzwerge.at/ *.milupa.de/ *.milupa.at/ *.nutricia.de/ *.provamel.de/ *.badoit.ch/ *.volvic.de/ *.volvic.ch/ *.yopro.de/ *.typeform.com/ *.salesforce-scrt.com/ *.adsrvr.org/ *.danonino.ch/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.adobeaemcloud.com/ *.youtube.com/ https://app.chargebee.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/  *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/  *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.aptaclub.de/ *.bittesehr.net/ *.trustedshops.com/ *.danone-activia.ch/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.my.site.com/ *.comdirect.de/ *.force.com/ *.salesforce-sites.com/ https://vimeo.com/ *.blueconic.net/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.b-cdn.net/ *.amazonaws.com/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; style-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.activia.de/ *.milupa.de/ *.milupa.at/ *.provamel.de/ *.salesforce-scrt.com/ *.danonino.ch/ *.badoit.ch/ *.nutricia.de/ *.adsrvr.org/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.aptaclub.ch/ *.aptaclub.de/ *.aptaclub.de/ *.volvic.ch/ *.volvic.de/ *.yopro.de/ *.typeform.com/ *.my.salesforce-sites.com *.tiktok.com *.typekit.net/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.youtube.com youtube.com https://app.chargebee.com/  *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.chargebee.com/ *.danone-dany.de/ *.static.criteo.net/ *.criteo.com/ *.mopinion.com/ *.live2support.com/ *.lpsnmedia.net/ *.bootstrapcdn.com/ *.tagcommander.com/ https://www.google.nl/ https://dpm.demdex.net/ *.channelsight.com/ *.focusgames.co.uk/ https://assets.adobedtm.com/ *.zencdn.net/ *.sharethis.com/ *.pinimg.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.danone-activia.ch/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.my.site.com/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.salesforce-sites.com/ *.trustcommander.net/ *.amazon-adsystem.com/ *.commander1.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ https://start.video-stream-hosting.de/ *.nutriciaflocare.com/ *.b-cdn.net/ *.amazonaws.com/ *.userlike.com/ *.criteo.net/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline'; script-src 'self' *.typeform.com/ https://js.adsrvr.org/ https://www.redditstatic.com/ https://c.amazon-adsystem.com/aat/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.badoit.ch/ *.danonino.ch/ *.salesforce-scrt.com/ *.nutricia.de/ *.milupa.at/ *.activia.de/ *.yopro.de/ sgtm.volvic.de/ sgtm.volvic.ch/ sgtm.provamel.de/ sgtm.danone-dany.de/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ https://js-agent.newrelic.com/ *.my.salesforce-sites.com *.licdn.com *.usercentrics.eu *.tiktok.com *.monitor.azure.com/ https://s7g10.scene7.com/ *.teads.tv/ *.danone-activia.ch/ *.youtube.com/ *.channelsight.com/ *.typekit.net/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.salesforceliveagent.com/ *.force.com/ *.salesforce.com/ *.squarelovin.com/ https://squarelovin.com/ https://app.chargebee.com/ *.paypal.com/ *.nxtck.com/ *.googlesyndication.com/ *.adyen.com/ *.chargebee.com/ https://static.criteo.net/js/ld/ld.js *.criteo.com/ *.ytimg.com/ https://live2support.com/ *.mopinion.com/ *.googletagmanager.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://s.pinimg.com/ *.tagcommander.com/ *.twitter.com/ *.pinterest.com/ *.instagram.com/ https://services.postcodeanywhere.co.uk/ *.commandersact.com/ *.facebook.net/ *.google.ie/ *.lpsnmedia.net/ *.pinimg.com/ *.danone-dtc.net/ *.hotjar.com/ *.focusgames.co.uk/ *.outbrain.com/ *.google.com.ph/ *.google.co.in/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.gstatic.com/ *.aptaclub.de/ *.milupa.de/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.aptaclub.at/ *.milupa.at/ *.aptaclub.ch/ *.milupa.ch/ *.aptaclub.com.vn/ *.addthisedge.com/ *.ads-twitter.com/ *.adnxs.com/ *.adventori.com/ https://adventori.com/ https://dsp.adfarm1.adition.com/ *.widgets.trustedshops.com/ www.youtube.com https://youtube.com/ *.analytics.google.com/ *.comdirect.de/ https://bittesehr.net/ *.bittesehr.net/ *.treasuredata.com/ *.gigya.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.trustedshops.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.focusgames.com/ *.my.site.com/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.salesforce-sites.com/ *.linkedin.oribi.io/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.typeform.com/ *.channelsight.com/ *.reddit.com/ *.redditstatic.com/ *.alb.reddit.com/ *.activia.de/ sgtm.provamel.de/ https://sync.targeting.unrulymedia.com/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.badoit.ch/ *.actimel.fr/ *.salesforce-scrt.com/ *.adsrvr.org/ *.danone-activia.ch/ *.yopro.de/ https://sgtm.volvic.de/ https://sgtm.volvic.ch/ https://sgtm.danone-dany.de/ https://sync.1rx.io/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.sync.1rx.io/ *.usercentrics.eu https://www.aptaclub.de/ *.aptaclub.de/ https://www.aptaclub.at/ *.aptaclub.at/ https://www.aptaclub.ch/ *.aptaclub.ch/ https://www.nutricia.de/ *.nutricia.de/ https://www.danonino.ch/ *.danonino.ch/ https://www.fruchtzwerge.at/ *.fruchtzwerge.at/ https://www.fruchtzwerge.de/ *.fruchtzwerge.de/ https://www.milupa.at/ *.milupa.at/ https://www.milupa.de/ *.milupa.de/ https://s7g10.scene7.com/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.force.com/ *.salesforce.com/ *.visualforce.com/ *.nutricia.de/ *.digital4danone.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.assetsadobe.com/ *.adyen.com/ *.ytimg.com/ *.live2support.com/ https://ca-live.adyen.com/ https://www.google.de/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://services.postcodeanywhere.co.uk/ http://danonegroup-stage.neolane.net/ https://ca-live.adyen.com/ *.cx.atdmt.com/ *.danone-dtc.net/ https://ct.pinterest.com/ *.outbrain.com/ *.danone.com/ *.atdmt.com/ *.pinterest.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.focusgames.co.uk/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/  *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.pinimg.com/ *.facebook.com/ *.googletagmanager.com/ *.linkedin.com/ https://t.co/ *.adsrvr.org/ *.crm4d.com/ *.adotmob.com/ *.goldenbees.fr  *.taboola.com/ *.mediavine.com/ *.ivitrack.com/ *.tremorhub.com/ *.spx.smartclip.com/ *.liadm.com/ *.smaato.net/ *.ads.yieldmo.com/ *.bing.com/ *.advertising.com/ *.criteo.com/ *.3lift.com/ *.smartadserver.com/ *.360yield.com/ *.pubmatic.com/ *.casalemedia.com/ *.yahoo.com/ *.teads.tv/ *.adform.net/ *.adscale.de/ *.media.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.yieldlab.net/ *.bidswitch.net/ *.sharethrough.com/ *.twiago.com/ *.stickyadstv.com/ *.omnitagjs.com/ *.ad.smaato.net/ *.rubiconproject.com/ *.google.com.ph/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.focusgames.com/ *.trustcommander.net/ *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.blueconic.net/ *.salesforce-sites.com/ https://sgtm.nutricia.de/ *.google.com/ *.amazon-adsystem.com/ *.google.fr/  *.id5-sync.com/ *.trustedshop.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/  *.google.es/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ id5-sync.com/  https://www.jedeflaschegewinnt.de/ 'unsafe-inline'; frame-src 'self'  *.aptaclub.de/ *.activia.de/ *.channelsight.com/ *.danone-activia.ch/ *.danonino.ch/ *.aptaclub.de/ *.aptaclub.at/ *.aptaclub.ch/ *.provamel.de/ *.danone-dany.de/ *.typeform.com/ https://danone-events.eu.typeform.com/ https://business.safety.google/ *.actimel.de/ *.milupa.de/ *.milupa.at/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.badoit.ch/ *.volvic.ch/ *.nutricia.de/ *.volvic.de/ *.salesforce-scrt.com/ *.adsrvr.org/ *.office.com/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.my.salesforce-sites.com *.akamaized.net *.teads.tv/ *.nutricia.de *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/  *.yopro.de/ *.force.com/ *.salesforce.com/ *.paypal.com  *.adyen.com/ https://app.chargebee.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.tohklom.com/  *.tagcommander.com/ https://aax-eu.amazon-adsystem.com/ *.amazon-adsystem.com/ *.liveperson.net/ *.vimeo.com/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.spotify.com/ *.cloudfront.net/ *.instagram.com/ *.soundcloud.com/ *.twitter.com/ *.pinterest.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.flockler.com/ *.google-analytics.com/ *.analytics.google.com/ *.adnxs.com/  *.google.ie/ *.google.co.in/ *.google.com.ph/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.blueconic.net/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.treasuredata.com/ *.gigya.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.salesforce-sites.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; connect-src 'self'  *.typeform.com/ *.channelsight.com/ *.reddit.com/ *.redditstatic.com/ *.alb.reddit.com/ *.activia.de/ *.milupa.at/ *.yopro.de/ https://sgtm.volvic.de/ *.adsrvr.org/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.nutricia.de/ *.salesforce-scrt.com/ *.danone-activia.ch/ *.algolianet.com/ *.algolia.net/ *.algolia.io/ https://api.trustbadge.etrusted.com/accounts/ https://trustbadge.api.etrusted.com/ https://sgtm.provamel.de/ https://ara.paa-reporting-advertising.amazon/ https://sgtm.volvic.ch/ https://sgtm.danone-dany.de/ https://id5-sync.com/ *.tiktok.com/ *.linkedin.com/ *.azure.com/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.s3.eu-west-1.amazonaws.com/ https://bam.eu01.nr-data.net/ *.badoit.ch/ *.my.salesforce-sites.com *.usercentrics.eu *.teads.tv/ https://s7g10.scene7.com/ https://dc.services.visualstudio.com/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/  *.force.com/ *.salesforce.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.paypal.com *.sentry.io/ *.googlesyndication.com/ *.adyen.com/ *.live2support.com/ https://sentry.labdigital.nl *.addthis.com/ *.mopinion.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.danone-dtc.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.ct.pinterest.com/ *.privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ *.commercetools.com/ *.facebook.com/ *.omtrdc.net/ *.hotjar.com/ *.pinterest.com/ *.trustcommander.net/ *.sharethis.com/ *.doubleclick.net/ *.blueconic.net/ *.aptaclub.at/ https://bittesehr.net/ *.bittesehr.net/ *.treasuredata.com/ *.gigya.com/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.milupa.de/ *.milupa.at/ *.fruchtzwerge.at/ *.danonino.ch/ *.aptaclub.ch/ *.my.site.com/  *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.linkedin.oribi.io/ *.salesforce-sites.com/ *.amazon-adsystem.com/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.googlesyndication.com/ *.adnxs.com/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; font-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.channelsight.com/ *.adsrvr.org/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.danonino.ch/ *.badoit.ch/ *.salesforce-scrt.com/ *.activia.de/ *.danone-dany.de/ *.danone-activia.ch/ *.volvic.ch/ *.volvic.de/ *.aptaclub.ch/ *.aptaclub.at/ *.aptaclub.de/ *.danone-dtc.net *.typekit.net/ *.nutricia.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.salesforce.com/  *.yopro.de/ *.adyen.com/ *.squarelovin.com/ https://app.chargebee.com/ *.googlesyndication.com/ *.provamel.de/ *.gstatic.mopinion.com/ https://gstatic.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.danone-dtc.net/ https://vjs.zencdn.net/ https://squarelovin.com/ *.comdirect.de/ https://bittesehr.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.my.site.com/ *.milupa.de/ *.milupa.at/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ https://app.chargebee.com/ *.force.com/ *.salesforce-sites.com/ *.amazon-adsystem.com/  *.google-analytics.com/ *.analytics.google.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/  *.googleapis.com/ *.googletagmanager.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; media-src 'self' *.lpsnmedia.net/ *.channelsight.com/ *.nutricia.de/ *.danone-activia.ch/*.danone-dany.de/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.milupa.de/ *.milupa.at/ *.provamel.de/ *.volvic.ch/ *.badoit.ch/ *.danonino.ch/ *.volvic.de/ *.yopro.de/ *.activia.de/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.aptaclub.ch/*.aptaclub.at/ *.aptaclub.de/ *.adsrvr.org/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.squarelovin.com/ *.digital4danone.com/; 6
default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 6
frame-ancestors 'self' https://*.contentstack.com http://*.viaoutlets.com https://*.viaoutlets.com https://*.bataviastad.nl https://*.fashion-arena.cz https://*.wroclawfashionoutlet.com https://*.freeportfashionoutlet.pt https://*.mallorcafashionoutlet.com https://*.oslofashionoutlet.no https://*.viladocondefashionoutlet.pt https://*.zweibrueckenfashionoutlet.com https://*.landquartfashionoutlet.ch https://*.sevillafashionoutlet.com https://*.hedefashionoutlet.se; 6
script-src 'self' 'unsafe-inline' 6
frame-ancestors 'self' *.contentstack.com 6
default-src 'self' blob: about:; img-src 'self' 'unsafe-eval' data: blob:  about: *.awin1.com stats.g.doubleclick.net *.trbo.com *.gstatic.com *.google.de *.google.com *.youtube.com *.amazonaws.com *.bing.com *.clarity.ms photoservice.cloud *.google-analytics.com *.cdninstagram.com *.saal-digital.net *.saal-digital.com *.saal-digital.de *.photo-portal.shop *.googleusercontent.com *.paypal.com *.paypalobjects.com *.hotjar.com *.facebook.com *.ytimg.com *.cookiepro.com *.bing.net *.usercentrics.eu; script-src 'self' 'unsafe-eval' 'unsafe-inline' about: *.awin1.com *.sciencebehindcommerce.com *.roeyecdn.com *.dwin1.com *.trbo.com *.saal-digital.net *.photo-portal.shop *.clarity.ms *.bing.com *.hotjar.com *.facebook.net blob: about: *.cookiepro.com *.amazonaws.com photoservice.cloud *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.google.com *.paypalobjects.com *.paypal.com *.sovendus.com *.googleapis.com *.usercentrics.eu; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com photoservice.cloud *.cookiepro.com fonts.googleapis.com *.hotjar.com *.saal-digital.net *.sovendus.com *.usercentrics.eu; font-src 'self' *.amazonaws.com photoservice.cloud oam-software.com *.ssw-software.com *.gstatic.com *.paypalobjects.com *.hotjar.com; connect-src 'self' data: blob: about: *.sciencebehindcommerce.com google.com *.dropboxapi.com *.eu-central-1.amazonaws.com photoservice.cloud *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.cookiepro.com *.googleusercontent.com  *.saal-digital.net *.photo-portal.shop *.saal-digital.net *.amazoncognito.com *.paypal.com *.clarity.ms *.bing.com *.bing.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.sovendus.com *.usercentrics.eu; frame-src *; object-src 'none'; 6
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net *.twistoo.co; connect-src 'self' *.googletagmanager.com *.igodigital.com *.maxcdn.com *.polyfill.io *.facebook.net *.facebook.com *.searchnode.io *.omnisrc.com *.bitrec.io *.google.com *.google.ee *.google.fi *.google.lv *.google.lt *.google-analytics.com *.doubleclick.net *.soundestlink.com *.nr-data.net *.esto.ee *.hotjar.io *.cookieinformation.com *.searchnode.net *.bing.com *.googleapis.com *.googleadservices.com *.issuu.com *.cookiebot.com stape.io capig.stape.host analytics.tiktok.com *.twistoo.co t.cometlytrack.com google.com *.nosto.com respondent.survicate.com survey.survicate.com survey-prd.survicate-cdn.com *.cookieyes.com cdn-cookieyes.com; font-src 'self' *.gstatic.com data: *.123formbuilder.com *.issuu.com *.bootstrapcdn.com *.twistoo.co surveys-static.survicate.com surveys-static-prd.survicate-cdn.com cdn.jsdelivr.net; frame-src 'self' *.123formbuilder.com *.facebook.com *.cookieinformation.com *.youtube.com *.youtube-nocookie.com *.issuu.com *.videoly.net *.cookiebot.com *.doubleclick.net *.flippingbook.com publuu.com googletagmanager.com *.google.com; img-src 'self' data: kotrynagroup.lt *.kotrynagroup.lt *.babycity.lt *.babycity.lv *.babycity.ee *.kidzone.lt *.kidzone.lv *.kidzone.ee *.kidzone.fi *.toycity.lt *.toycity.lv *.zaisluplaneta.lt *.jukukeskus.ee *.toysplanet.lv *.igodigital.com *.bing.com *.facebook.com *.google-analytics.com *.google.com *.google.lt *.google.lv *.google.ee *.google.fi *.ytimg.com *.videoly.co *.adnxs.com *.reddit.com *.googleapis.com *.gstatic.com *.youtube.com *.ckeditor.com *.doubleclick.net *.kotrynagroup.com *.googleadservices.com *.googletagmanager.com *.issuu.com *.wistia.com *.wistia.net *.cookiebot.com analytics.tiktok.com *.twistoo.co surveys-static.survicate.com surveys-static-prd.survicate-cdn.com assets.survicate.com img.survicate.com images.unsplash.com cdn-cookieyes.com; media-src *.twistoo.co data:; script-src 'self' 'unsafe-hashes' 'unsafe-eval' 'unsafe-inline' *.nr-data.net *.google.com *.google.lt *.google.lv *.google.fi *.google.ee *.igodigital.com polyfill.io *.bitrec.com *.googletagmanager.com *.facebook.net *.searchnode.io *.google-analytics.com *.doubleclick.net *.hotjar.com *.bing.com *.youtube.com omnisrc.com *.sentry-cdn.com *.soundestlink.com omnisnippet1.com *.doubleclick.net *.newrelic.com *.videoly.co *.123formbuilder.com *.esto.ee *.redditstatic.com *.cookieinformation.com *.adnxs.com *.googleapis.com *.ckeditor.com *.jsdelivr.net *.googleadservices.com *.issuu.com *.youtube-nocookie.com *.ytimg.com *.videoly.net *.cookiebot.com stape.io capig.stape.host analytics.tiktok.com *.publuu.com cdnjs.cloudflare.com *.twistoo.co t.cometlytrack.com static.cloudflareinsights.com *.nosto.com nosto.stackla.com *.cloudfront.net survey.survicate.com surveys-static.survicate.com surveys-static-prd.survicate-cdn.com survey-prd.survicate-cdn.com cdn-cookieyes.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.123formbuilder.com *.ckeditor.com *.jsdelivr.net *.issuu.com *.bootstrapcdn.com cdnjs.cloudflare.com *.twistoo.co *.cloudfront.net surveys-static.survicate.com surveys-static-prd.survicate-cdn.com 6
“upgrade-insecure-requests� 6
script-src 'nonce-e6668af3-0a0d-4dfb-8eac-9debc8622fd4' 'strict-dynamic';media-src 'self' 'self' blob:;; 6
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 6
base-uri 'self'; font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com use.fontawesome.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors www.paypalobjects.com https://auth.services.adobe.com/ 'self'; form-action https://enews.dynatrap.com/ https://enews.terro.com/ https://enews.victorpest.com/ https://enews.havahart.com/ https://enews.mosquitomagnet.com/ https://enews.perkypet.com/ https://enews.saferbrand.com/ https://enews.zarebasystems.com/ https://enews.vlink.victorpest.com/ https://enews.woodstreambrands.ca/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src api.tiles.mapbox.com widget.freshworks.com *.usablenet.com *.udev1a.net https://fonts.googleapis.com/ https://*.typekit.net/ *.adobe.com fonts.googleapis.com *.sharethis.com   assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com use.fontawesome.com cdn.listrakbi.com cdn.pricespider.com https://js.klevu.com 'self' 'unsafe-inline'; script-src *.pricespider.com api.tiles.mapbox.com snap.licdn.com widget.freshworks.com *.udev1a.net https://www.google.com/ https://www.gstatic.com/ https://commerce.adobedtm.com/ https://app.jazz.co/ *.marketingcloudfx.com c.amazon-adsystem.com https://s.pinimg.com/ct/core.js ct.pinterest.com s.pinimg.com/ct/ *.usablenet.com bam.nr-data.net js-agent.newrelic.com  assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.klevu.com *.ksearchnet.com maps.googleapis.com *.googleapis.com *.maxmind.com services.listrak.com *.listrakbi.com *.tiktok.com *.bing.com *.hotjar.com connect.facebook.net wtbevents.pricespider.com locate.pricespider.com cdn.leadmanagerfx.com agent.marketingcloudfx.com use.fontawesome.com *.truevaultcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.cdninstagram.com *.adobe.com player.vimeo.com download-video.akamaized.net https://download-video-ak.vimeocdn.com/v3-1/playback/9fd159ef-cfc8-425b-b81d-00002b57d3dd/9f99cd6f-bf6cd135 https://perky-pet-int-bucket-shared-video.s3.amazonaws.com https://perky-pet-uat-bucket-shared-video.s3.amazonaws.com/ https://perky-pet-prod-bucket-shared-video.s3.amazonaws.com 'self' 'unsafe-inline'; img-src bat.bing.com *.google.ca *.pricespider.com px.ads.linkedin.com *.cdninstagram.com *.mapbox.com   cdnjs.cloudflare.com  polaris.truevaultcdn.com https://samples.woodstream.com/ *.google.com.ua *.google.pl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com   www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.klevu.com *.ksearchnet.com flagpedia.net maps.gstatic.com www.facebook.com *.google.com *.usablenet.com www.dynatrap.com *.listrakbi.com www.gstatic.com www.zarebasystems.com maps.googleapis.com www.woodstream.com www.woodstreampartnerportal.com www.woodstreampartnerportal.ca www.terro.com www.victorpest.com www.havahart.com www.mosquitomagnet.com www.perkypet.com www.saferbrand.com vlink.victorpest.com www.woodstreambrands.ca storage.googleapis.com mediacdn.espssl.com *.woodstreampartnerportal.com s7d2.scene7.com data: 'self' 'unsafe-inline'; frame-src www.paypalobjects.com s.amazon-adsystem.com https://a40.usablenet.com/ https://ws-nameplate-printer.netlify.app/ services.listrak.com player.flipsnack.com https://auth.services.adobe.com/ www.facebook.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.googleapis.com *.google.com *.weltpixel.com *.usablenet.com 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net content.hotjar.io *.hotjar.com bat.bing.com cdn.linkedin.oribi.io widget.freshworks.com vc.hotjar.io woodstream.freshdesk.com https://commerce.adobedc.net/ https://commerce.adobe.io/ https://graph.instagram.com/ https://prod-29.westus.logic.azure.com/ *.webpagefx.org https://us-central1-ws-m2-dev-migration-map.cloudfunctions.net https://instagramfeed-lvc56rmsca-uc.a.run.app *.pricespider.com cdnjs.cloudflare.com  https://pagead2.googlesyndication.com/ https://prod-180.westus.logic.azure.com/ googleads.g.doubleclick.net js.go2sdk.com *.amazon-adsystem.com ara.paa-reporting-advertising.amazon *.google-analytics.com https://www.facebook.com/ *.truevaultcdn.com *.mapbox.com *.marketingcloudfx.com *.leadmanagerfx.com bam.nr-data.net *.tiktok.com recs.listrakbi.com *.mmapiws.com paypal.com *.googleapis.com maps.googleapis.com https://ct.pinterest.com/v3/ https://ct.pinterest.com/user/ ws://localhost:* https://prod-40.westus.logic.azure.com/  https://int-app.perkypetsmartfeeder.com  https://uat-app.perkypetsmartfeeder.com  https://app.perkypetsmartfeeder.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.klevu.com *.ksearchnet.com www.gstatic.com *.tiktok.com recs.listrakbi.com wss://*.hotjar.com/ 'self' 'unsafe-inline'; 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://webmessaging.usw2.pure.cloud *.usw2.pure.cloud https://wepowerconnections.com https://lantern.roeyecdn.com https://lantern.roeye.com *.visualwebsiteoptimizer.com *.vwo.com dpm.demdex.net bat.bing.com *.tvpixel.com *.adsrvr.org *.go-mpulse.net *.akstat.io *.akamaihd.net chart.googleapis.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.googleapis.com https://google.com/pay *.gstatic.com *.wpsandwatch.com *.wpsandwatch.net *.kasandwatch.net *.collect.igodigital.com whirlpool-cdn.thron.com digitalassets-cdn.thron.com *.paypal.com apps.bazaarvoice.com *.bazaarvoice.com *.facebook.com *.facebook.net *.pinimg.com *.pinterest.com *.algolianet.com *.algolia.net https://insights.algolia.io *.ctfassets.net *.vtexassets.com https://vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com https://flagcdn.com *.sentry.io *.newrelic.com *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.contentsquare.net *.contentsquare.com *.onetrust.com *.cookielaw.org *.doubleclick.net *.criteo.com *.dwin1.com *.awin1.com *.zenaps.com *.airpr.com https://the.sciencebehindecommerce.com https://*.qualtrics.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.min.css https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.umd.js https://unpkg.com/tailwindcss@%5E1.0/dist/tailwind.min.css https://cdn.tailwindcss.com/3.3.2 https://cdn.bc0a.com https://ixfd2-api.bc0a.com *.usablenet.com *.usablenet.dev https://assets.adobedtm.com *.mczbf.com *.emjcd.com *.sjwoe.com cj.dotomi.com cj.com s3-us-east-1.amazonaws.com s3-eu-west-1.amazonaws.com https://dct.kitchenaid.ie https://dct.kitchenaid.co.uk https://dct.kitchenaid.fr https://dct.kitchenaid.be https://dct.kitchenaid.nl https://dct.kitchenaid.de https://dct.kitchenaid.at https://dct.kitchenaid.it https://dct.kitchenaid.fi https://dct.kitchenaid.dk https://dct.kitchenaid.se https://dct.kitchenaid.es https://dct.kitchenaid.pt https://dct.kitchenaid.ch https://eu.klarnaevt.com https://api.sandbox.getalma.eu https://api.getalma.eu https://api.sandbox.getalma.eu/v2/payments/eligibility https://api.getalma.eu/v2/payments/eligibility *.klarna.com *.klarnacdn.net *.klarnaservices.com https://js.klarna.com/web-sdk/v1/klarna.js https://x.klarnacdn.net/ui/fonts/v1.3/fonts.css https://cdn.almapay.com *.adyen.com *.cdn.adyen.com *.execute-api.eu-west-1.amazonaws.com; img-src * data:; media-src *; frame-src *; frame-ancestors 'self' https://app.contentful.com *.kasandwatch.net https://www.google.com https://api.sandbox.getalma.eu https://api.getalma.eu; 6
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co ajax.cloudflare.com chimeratool.com *.chimeratool.com *.elfsight.com data.chimeratool.com *.flutterwave.com *.stripe.com *.atfawry.com *.google.com *.payerone.com *.facebook.net  wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com  *.google.com *.dhru.com *.paypal.com *.paypalobjects.com *.googletagmanager.com t.me *.t.me wa.me *.wa.me ; img-src * data:; font-src * data: 6
object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 6
default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: wss: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; report-uri https://912c98659423667ae9a3372f78cdda6d.report-uri.com/r/d/csp/enforce 6
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 6
frame-ancestors 'self' *.shoplineapp.com *.facebook.com; upgrade-insecure-requests; 6
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://challenges.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net; img-src 'self' data: https: blob:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https:; frame-src 'self' https: https://challenges.cloudflare.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 6
frame-ancestors 'self' https://www.onetrust.com; default-src 'self' 'unsafe-inline' data: *.6sc.co *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.goconsensus.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.onetrust.ninja *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com *.bizibly.com *.scene7.com *.cvent.com *.turtl.co *.mktoutil.com pactsafe.io *.pactsafe.io *.cloudfront.net *.adnxs.com *.qualified.com wss://ws7.qualified.com *.doubleclick.net; script-src 'self' 'unsafe-inline' *.6sc.co *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.goconsensus.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.onetrust.ninja *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com *.bizibly.com *.scene7.com *.cvent.com *.turtl.co *.mktoutil.com pactsafe.io *.pactsafe.io *.cloudfront.net *.adnxs.com *.qualified.com wss://ws7.qualified.com *.doubleclick.net; connect-src 'self' blob: *.6sc.co *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.goconsensus.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.onetrust.ninja *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com *.bizibly.com *.scene7.com *.cvent.com *.turtl.co *.mktoutil.com pactsafe.io *.pactsafe.io *.cloudfront.net *.adnxs.com *.qualified.com wss://ws7.qualified.com *.doubleclick.net; img-src 'self' data: https://www.googleadservices.com https://www.google.com https://www.google.co.kr https://www.google.co.in *.6sc.co *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.goconsensus.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.onetrust.ninja *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com *.bizibly.com *.scene7.com *.cvent.com *.turtl.co *.mktoutil.com pactsafe.io *.pactsafe.io *.cloudfront.net *.adnxs.com *.qualified.com wss://ws7.qualified.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.turtl.co *.onetrust.com; media-src * blob:; worker-src * blob:; base-uri 'self'; 5
frame-ancestors 'self' https://*.globo.com https://*.globoi.com https://*.i.globo https://*.techtudo.com.br always; 5
frame-ancestors 'self' *.wal.co *.walmart-customcards.com *.walmart.com:* *.walmart.net *.walmartimages.com; report-uri https://csp.walmart.com/c/r/gl 5
frame-ancestors 'self' media.rakr.net rackspace.pathfactory.com docs.google.com; report-uri https://www.rackspace.com/report-uri/enforce 5
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com; 5
frame-ancestors 'self' tvn.pl *.tvn.pl tvn24.pl *.tvn24.pl tvn7.pl *.tvn7.pl tvnstyle.pl *.tvnstyle.pl tvnturbo.pl *.tvnturbo.pl ttv.pl *.ttv.pl discoverychannel.pl *.discoverychannel.pl travelchanneltv.pl *.travelchanneltv.pl tvnfabula.pl *.tvnfabula.pl tlcpolska.pl *.tlcpolska.pl metro.tv *.metro.tv foodnetwork.pl *.foodnetwork.pl wbdpoland.pl *.wbdpoland.pl hgtv.pl *.hgtv.pl itvn.pl *.itvn.pl itvnextra.pl *.itvnextra.pl tvnxrstudio.pl *.tvnxrstudio.pl tvnxrstudio.com *.tvnxrstudio.com player.pl wbd.com 5
frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com; 5
object-src 'none'; base-uri 'self'; 5
frame-ancestors https://www.airship.com/ https://app.mutinyhq.com/; upgrade-insecure-requests; 5
frame-ancestors 'self' *.windy.com:* 5
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; 5
media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; 5
frame-ancestors 'self' https://statistik.mpg.de 5
frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; media-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; object-src 'none'; block-all-mixed-content; 5
default-src 'self' blob:;  script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' blob: data: app-ab56.marketo.com *.optimonk.com cdn.jsdelivr.net d2c7xlmseob604.cloudfront.net *.impartner.live js.hs-scripts.com munchkin.marketo.net translate.google.com/translate_a/element.js web.bentley.com *.ads.linkedin.com *.ads-twitter.com *.amazonaws.com *.bentley.com *.bing.com *.brightcove.net *.byspotify.com www.clarity.ms *.cloudflare.com *.cloudfront.net *.company-target.com *.demandbase.com *.drift.com *.driftt.com *.doubleclick.net *.excentos.com *.facebook.net *.feedbackify.com *.flockler.com *.getsmartling.com *.google-analytics.com *.google.com googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com *.gstatic.cn *.gstatic.com *.hsforms.net http://it-it-2990e259de6cb10f0.getsmartling.com *.jotform.com *.marketo.com *.marketo.net *.mouseflow.com *.onetrust.com packages.prmcdn.io *.pagespeed-mod.com *.pingdom.net pixel.byspotify.com pvdpix.com qvdt3feo.com *.recaptcha.net *.redditstatic.com static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js *.salesloft.com *.surveysparrow.com tags.srv.stackadapt.com *.tailwindcss.com *.tourial.com *.twitter.com *.userway.org *.zencdn.net 1.safecdn01.com accessibilityserver.org api.hubspot.com bat.bing.com/bat.js beacon-v2.helpscout.net/ bentleypocstg.wpengine.com blibok.com c.itaozi.cn cdn.cookielaw.org cdn.mathjax.org cdn.mouseflow.com click.easypower.com client.prod.mplat-ppcprotect.com connect.facebook.net conoret.com cookie-cdn.cookiepro.com d2c7xlmseob604.cloudfront.net fast.wistia.com form.jotform.com/static/feedback.js forms.hubspot.com gateway.on24.com images.uc.cn js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectforms.net js.hsforms.net js.hsleadflows.net js.hubspot.com js.usemessages.com mstat.acestream.net munchkin.marketo.net ob.segreencolumn.com pixel.byspotify.com players.brightcove.net relatedgamesnet-a.akamaihd.net scout-cdn.salesloft.com search.imtt.qq.com service.excentos.com snap.licdn.com snap.licdn.com/li.lms-analytics/insight.min.js static.ads-twitter.com tag.demandbase.com tags.srv.stackadapt.com ucads-cdn.ucweb.com unpkg.com unpkg.zhimg.com vjs.zencdn.net w8o39.m70vee7.com *.youtube.com *.visualwebsiteoptimizer.com app.vwo.com *.optimonk.com *.onsite.optimonk.com cdn-asset.optimonk.com https://bentleysystems.my.site.com;  style-src 'self' 'report-sample' 'unsafe-inline' data: app-ab56.marketo.com *.bentley.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.easypower.com packages.prmcdn.io *.excentos.com *.optimonk.com https://bentleysystems.my.site.com/ESWLiveChatprod1757717595345/assets/styles/bootstrap.min.css s3.amazonaws.com tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com *.userway.org web.bentley.com;  object-src 'self' *.brightcove.net;  connect-src 'self' blob: data: localhost: ad.doubleclick.net gjtrack.ucweb.com https: *.doubleclick.net *.hubspot.com adservice.google.com bcbolt446c5271-a.akamaihd.net bcsecure01-a.akamaihd.net forms.hubspot.com manifest.prod.boltdns.net stats.g.doubleclick.net wss://www.bentley.com *.visualwebsiteoptimizer.com app.vwo.com;  font-src 'self' data: themes.googleusercontent.com https:;  frame-ancestors 'self' *.bentley.com *.docebosaas.com/ bentleysystems.gcs-web.com/ bentleysystems-preview.gcs-web.com/;  frame-src 7668309.hs-sites.com/ app-ab56.marketo.com www.facebook.com *.bentley.com *.brightcove.net *.core.windows.net *.doubleclick.net *.facebook.com *.flickr.com *.getsmartling.com *.google.com *.googletagmanager.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hubspot.com *.jotform.com *.driftt.com *.menlosecurity.com *.on24.com *.onetrust.com outlook.office.com  outlook.office365.com *.podbean.com *.recaptcha.net https://pricing-calculator.sensemetrics.com:3000 *.sensemetrics.com *.surveysparrow.com *.tourial.com *.twitter.com *.userway.org *.wpengine.com *.youtube.com *.zscalerthree.net 7rx80283.ibosscloud.com block.opendns.com blocked.freedom.to bpb.opendns.com cdn.cookielaw.org click.easypower.com div.show gateway.zscaler.net gateway.zscalertwo.net gateway.zscloud.net leap13.github.io login.zscloud.net mozbar.moz.com *.statuspage.io remove.video s.company-target.com skytraf.xyz www.ciuvo.com zswpmanager.wip.mmc.com wp-rocket.me/ app.vwo.com *.visualwebsiteoptimizer.com  https://bentleysystems.my.site.com/;  img-src 'self' blob: data: www.bentley.com https: t.co *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com;  manifest-src 'self' www.bentley.com;  media-src 'self' blob: data: https:;  report-uri https://6449169ef1e3671a29137d52.endpoint.csper.io?v=7;  worker-src 'self' blob:; 5
frame-ancestors 'self' *.adobe.com *.assets.adobedtm.com 5
base-uri 'self'; style-src 'self' 'unsafe-inline' https://static.popmechanic.ru https://*.mindbox.ru https://events.nethouse.ru https://fonts.googleapis.com *.jivo.ru *.jivosite.com; img-src 'self' https://res.cloudinary.com https://vk.com https://*.vk.com https://*.mindbox.ru https://www.google-analytics.com https://top-fwz1.mail.ru https://*.googlesyndication.com https://tr.lfeeder.com https://www.google.ru https://*.adtrafficquality.google https://tr-rc.lfeeder.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google.com https://fonts.googleapis.com https://*.mindbox.ru https://media2.giphy.com *.jivo.ru *.jivosite.com data: blob:; connect-src 'self' https://*.doubleclick.net https://res.cloudinary.com https://www.google-analytics.com https://top-fwz1.mail.ru https://privacy-cs.mail.ru https://analytics.google.com https://*.analytics.google.com https://fundingchoicesmessages.google.com https://*.googlesyndication.com https://*.adtrafficquality.google https://mc.yandex.ru https://mc.yandex.com https://yandex.ru https://yandex.com https://uaas.yandex.ru https://*.mindbox.ru https://jivo-userdata.obs.ru-moscow-1.hc.sbercloud.ru https://*.ahrefs.com/ https://www.google.com https://www.gstatic.com https://recaptcha.google.com https://*.recaptcha.google.com wss://*.jivosite.com wss://*.jivo.ru wss://mc.yandex.ru/solid.ws *.jivo.ru *.jivosite.com; form-action 'self'; frame-ancestors 'self' *.jivo.ru *.jivosite.com https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://cloudinary.com https://*.cloudinary.com; child-src https://mc.yandex.ru https://mc.yandex.com; frame-src 'self' https: *.jivo.ru *.jivosite.com https://*.youtube.com https://rutube.ru/ https://vk.com https://vkvideo.ru/ https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://*.facebook.com https://top-fwz1.mail.ru https://*.adtrafficquality.google https://*.marquiz.ru https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://events.nethouse.ru https://cloudinary.com https://*.cloudinary.com https://go.vooozer.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha; block-all-mixed-content; 5
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/  ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/  ; style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/  ; frame-ancestors 'self'; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/  ; worker-src 'self' data: blob:; 5
default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com markdowneditor-public-e0gpfpcwcbbze3ag.b01.azurefd.net markdowneditor-PubDev-czdhe4dpdyaee6fj.b01.azurefd.net markdowneditor-external-Public-fmgmfefddycxdmfj.b01.azurefd.net MarkdownEditor-external-PubDev-dfgagughg7fub7h5.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net MarkdownEditor-external-PubDev-dfgagughg7fub7h5.b01.azurefd.net markdowneditor-PubDev-czdhe4dpdyaee6fj.b01.azurefd.net markdowneditor-public-e0gpfpcwcbbze3ag.b01.azurefd.net markdowneditor-external-Public-fmgmfefddycxdmfj.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn ai.azure.com *.ai.azure.com learn-video.azurefd.net docs.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests 5
frame-ancestors 'self' https://nurture.solarwinds.com/ 5
frame-ancestors 'self' https://easyweb.td.com https://banquenet.td.com 5
default-src 'self'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.cdn.linkedin.oribi.io *.oribi.io app.clearbit.com *.visualwebsiteoptimizer.com *.ads.linkedin.com cdn.dreamdata.cloud tracking.g2crowd.com tracking-api.g2.com bat.bing.net *.clarity.ms www.redditstatic.com *.reddit.com *.pingdom.net x.clearbitjs.com browser.sentry-cdn.com *.navattic.com; font-src 'self' data: *.kinstacdn.com *.slidesharecdn.com *.wistia.com *.wistia.net; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self' *.covideo.com; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com *.marketo.com *.marketo.net html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com *.emarsys.com *.vidmails.com *.covideo.com *.g2.com *.clearbitjs.com *.marketimpacttools.com *.doubleclick.net open.spotify.com *.adobe.com www.youtube.com view.ceros.com *.navattic.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com *.px.ads.linkedin.com googleads.g.doubleclick.net *.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org *.clearbitjs.com *.visualwebsiteoptimizer.com cdn.filestackcontent.com bat.bing.net *.bing.com *.clarity.ms *.medium.com *.reddit.com; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.driftqa.com *.driftt.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.on24.com *.clearbitjs.com tag.clearbitscripts.com *.visualwebsiteoptimizer.com marketo.clearbit.com cdn.dreamdata.cloud reveal.clearbit.com *.adobe.com js.sentry-cdn.com browser.sentry-cdn.com bat.bing.com *.clarity.ms www.redditstatic.com *.reddit.com view.ceros.com *.pingdom.net *.navattic.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.marketo.com *.marketo.net  *.adobe.com; worker-src 'self' blob:; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net *;  img-src 'self' data: *;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *;  font-src 'self' 'unsafe-inline' https://fonts.gstatic.com *;  upgrade-insecure-requests;  block-all-mixed-content; 5
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.adsrvr.org  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://bat.bing.net  https://*.cliplister.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.criteo.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.experimentation.dev  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.lidlplus.com  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://*.friendlycaptcha.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://lidl.media.schwarz  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://*.scon.schwarz  wss://endpoint-prod.scon.schwarz  https://*.simplesurance.com  intent:  wss://127.0.0.1:*  https://*.8select.io  https://*.adyen.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.semtrack.de  https://*.simplesurance.de  https://*.sit.sys.odj.cloud  https://*.solutenetwork.com  https://analytics.google.com  https://analytics.tiktok.com  https://balancechecks.tx-gate.com  https://cloud.mail.lidl.de  https://dmp.theadex.com  https://facebook.com  https://fonts.gstatic.com  https://h.online-metrix.net  https://tracking.s24.com  https://utiqcontent.com  https://www.google-analytics.com  https://www.lacmp.net  https://www.moebel.de  https://*.tailortool.de  https://utiq.mno.link  https://mobile-token.telekom.de  https://tmi.vodafone.de  https://o2de.mno.link  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.adsrvr.org  https://*.cliplister.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.criteo.com  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.experimentation.dev  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  https://link.tink.com  https://manuals.sit-connect.com  intent:  https://*.adyen.com  https://*.bizrate.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.ftrace.com  https://*.lidl-info.com  https://*.mynetfair.com  https://*.paypal.com  https://*.sit.az.odj.cloud  https://*.sit.sys.odj.cloud  https://*.vrxs.de  https://api.theadex.com  https://ar.lidl.com  https://balancechecks.tx-gate.com  https://facebook.com  https://h.online-metrix.net  https://lidl-giftcard.eu  https://review.apps.01.cf.eu01.stackit.cloud  https://www.edge-cdn.net  https://www.lidl-gewinnspiel.de  https://www.lidl-giftcard.eu  https://utiq.mno.link; img-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cliplister.com  https://*.cookiebot.com  https://*.criteo.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.experimentation.dev  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.lidlplus.com  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://content.odj.cloud  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://sync.targeting.unrulymedia.com  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://lidl.media.schwarz  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://mycliplister.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://sync.1rx.io  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  https://*.upe.schwarz  https://media.sit-connect.com  https://api.scon-assets.schwarz  moz-extension:  https://*.adition.com  https://*.adscale.de  https://*.advertising.com  https://*.adyen.com  https://*.bizrate.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.pubmatic.com  https://*.semtrack.de  https://*.simplesurance.de  https://*.sit.sys.odj.cloud  https://*.solutenetwork.com  https://*.stickyadstv.com  https://*.taboola.com  https://*.twiago.com  https://*.yahoo.com  https://*.yieldlab.net  https://analytics.google.com  https://analytics.tiktok.com  https://balancechecks.tx-gate.com  https://contextual.media.net  https://dmp.theadex.com  https://facebook.com  https://h.online-metrix.net  https://lh3.googleusercontent.com  https://match.adsrvr.org  https://match.sharethrough.com  https://pubsaf.global.ssl.fastly.net  https://prodeastusmappscreative.azureedge.net  https://sync.outbrain.com  https://translate.google.com  https://via.placeholder.com  https://visitor.omnitagjs.com  https://utiqcontent.com  https://www.econda-monitor.de  https://www.google-analytics.com  https://www.ladenzeile.de  https://www.lead-alliance.net  https://*.tailortool.de  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.criteo.com  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://manuals.sit-connect.com  https://*.lidl-info.com  https://*.online-metrix.net  https://facebook.com  https://h.online-metrix.net; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.adsrvr.org  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.criteo.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.experimentation.dev  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://*.friendlycaptcha.com  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz  'unsafe-eval'  'unsafe-inline'  https://*.8select.io  https://*.adyen.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.semtrack.de  https://*.simplesurance.de  https://adservice.google.de  https://ajax.googleapis.com  https://analytics.tiktok.com  https://api.theadex.com  https://balancechecks.tx-gate.com  https://cdn.ravenjs.com  https://cloud.mail.lidl.de  https://cm.g.doubleclick.net  https://code.etracker.com  https://dmp.theadex.com  https://dsp.adfarm1.adition.com  https://facebook.com  https://h.online-metrix.net  https://s.ytimg.com  https://tracking.s24.com  https://www.dwin1.com  https://www.etracker.de  https://www.google-analytics.com  https://www.lacmp.net  https://www.ladenzeile.de  https://www.moebel.de  https://*.tailortool.de  https://frontend.prod.utiq-aws.net; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.criteo.com  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.experimentation.dev  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz  'unsafe-inline'  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.parcellab.com  https://*.sit.sys.odj.cloud  https://facebook.com; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io  https://beeem.co; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net  https://payments.lidlplus.com  https://*.sit.az.odj.cloud; 5
frame-ancestors 'self' https://*.keenetic.com https://*.facebook.com https://*.google.com 5
frame-ancestors test.lightstream.com www.lightstream.com *.truist.com; 5
default-src 'self'; connect-src 'self' https://*.ingest.sentry.io https://*.sentry-cdn.com https://*.streamlock.net https://*.zdassets.com https://*.zendesk.com https://*.zeturf.be https://*.zeturf.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://region1.analytics.google.com https://www.google.com wss://*.zendesk.com https://*.bing.com https://*.clarity.ms https://*.commander1.com https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.snapchat.com https://*.trustcommander.net https://*.xiti.com https://analytics.twitter.com https://cdn.tagcommander.com https://dqxcjhc.pa-cd.com https://gwkqcts.pa-cd.com https://www.googletagmanager.com https://zz.connextra.com; frame-src 'self' https://*.snapchat.com https://*.zendesk.com https://cdn.trustcommander.net https://consentcdn.cookiebot.com https://td.doubleclick.net https://vision.prod.thebetmakers.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: blob: https://*.adnxs.com https://*.bidr.io https://*.cookiebot.com https://*.googleusercontent.com https://*.zdassets.com https://*.zendesk.com https://*.zdusercontent.com https://*.zeturf.be https://*.zeturf.com https://*.ytimg.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://maps.gstatic.com https://t.co https://www.google.com https://www.google.fr https://www.paypalobjects.com https://*.bing.com https://*.clarity.ms https://*.commander1.com https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.snapchat.com https://*.trustcommander.net https://*.xiti.com https://analytics.twitter.com https://cdn.tagcommander.com https://dqxcjhc.pa-cd.com https://gwkqcts.pa-cd.com https://www.googletagmanager.com https://zz.connextra.com; font-src 'self' https://*.snapchat.com https://*.zeturf.be https://*.zeturf.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://github.com; media-src 'self' https://*.streamlock.net https://*.zeturf.be https://*.zeturf.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.cookiebot.com https://*.sentry-cdn.com https://*.zdassets.com https://*.zendesk.com https://*.zeturf.be https://*.zeturf.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://ga.jspm.io https://maps.googleapis.com https://sc-static.net https://static.ads-twitter.com https://tag.aticdn.net https://www.googleadservices.com https://*.bing.com https://*.clarity.ms https://*.commander1.com https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.snapchat.com https://*.trustcommander.net https://*.xiti.com https://analytics.twitter.com https://cdn.tagcommander.com https://dqxcjhc.pa-cd.com https://gwkqcts.pa-cd.com https://www.googletagmanager.com https://zz.connextra.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://*.zeturf.com https://*.zeturf.be https://*.snapchat.com 5
frame-ancestors 'self' *.commscope.com *.ruckusnetworks.com *.punchout2go.com *.ariba.com; 5
https: 5
frame-ancestors 'self' app.storyblok.com 5
frame-ancestors 'self' https://*.cornerstoneondemand.com https://csod-studio.vercel.app https://*.csod-preview.com https://*.sanity.io https://*.sanity.studio;upgrade-insecure-requests;default-src 'self' https://*.cornerstoneondemand.com;connect-src *;font-src * data:;form-action *;frame-src *;img-src * data:;manifest-src * 'unsafe-inline';media-src *;object-src *;script-src * 'unsafe-eval' 'unsafe-inline' blob:;style-src * 'unsafe-inline';worker-src * blob: 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 5
frame-ancestors 'self' *.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com https://www.home.saxo https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom https://www.investing.com https://*.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com https://zingbot.bz https://m.zingbot.bz https://dev.futuresfirstacademy.com https://uat.futuresfirstacademy.com https://futuresfirstacademy.com http://stage.barchart.com http://www.barchart.com https://www.infinityfutures.com https://kilofutures.com https://m.cqg.com https://mdemo.cqg.com *.chicago.cme.com:7822 https://uatm.cqg.com https://local.zingbot.bz https://www.gulfbondsukuk.org www.kgieworld.sg https://www.propex24.wpcomstaging.com https://www.propex24.com https://*.kapcoclients.com https://kapcoclients.com https://*.wallstreetbound.org https://wallstreetbound.org https://cofcointl.plateau.com https://rise.articulate.com https://members.tradeday.com http://blf-django.herokuapp.com www.bluelinefutures.com www.bluelinefutures.live www.bluelinefutures.trade bluelinefutures.com https://login.chicago.cme.com https://loginnr.chicago.cme.com https://logincert.chicago.cme.com https://login-ny.chicago.cme.com https://ampfutures.com https://cme.ampfutures.com advantagefutures.com *.advantagefutures.com https://*.e-futures.com https://*.etrade.com https://*.gffbrokers.com https://infinityfutures-cn.com https://sweetfutures.com https://*.tradovate.com https://home.saxo https://*.directa.it *.big.pt https://big.pt https://*.tradestation-international.com http://tradinglessons.com https://tradinglessons.com *.ibroker.it *.ibroker.es *.cornertrader.ch *.whselfinvest.com *.banxbroker.de *.ameritrade.com *.sweetfutures.com *.danielstrading.com *.gainfutures.com gainfutures.com *.futuresonline.com *.tdainc.com *.lsvp.com *.schwab.com *.schwab.co.uk *.us.global.schwab.com *.dev.schwab.com *.cmegroupfoundation.org news.cqg.com https://www.banxbroker.de https://www.banxbroker.ch https://www.banxbroker.at https://www.banxbroker.com https://www.gulfcapitalmarket.org https://www.kqmarkets.co.uk https://dev.kqmarkets.co.uk https://www.kqmarkets.de https://dev.kqmarkets.de https://www.kqtrader.com https://dev.kqmarkets.com https://kqmarketportal.24livehost.com *.trendspider.com trendspider.com fxpronode12template.azurewebsites.net uat-fxpro-website.azurewebsites.net fxpro.com *.youfinance.it *.traderlink.it paradigmfutures.net www.e-mini.com www.e-futures.com www.foreigncurrencies.com www.cannontrading.com *.gcs-web.com www.rjobrien.com www.fxpro.com *.rjobrien.com acmfutures.com *.acmfutures.com www.directaccessusa.com *.topsteptrader.com *.progoldtrader.com https://progoldtrader.com *.thetradingpit.com adssgroup.sharepoint.com *.mandaracapital.com *.sidwellstrategies.com sidwellstrategies.com app.melver.com.br dev-phillipcapital-main.pantheonsite.io *.phillipcapital.com *.livesquawk.com *.webull.com *.webull.hk *.webull.sg *.webull.co.jp *.webull.au *.webull.co.za *.webull-uk.com *.comdinheiro.com.br *.invest.academy invest.academy *.nelogica.com.br *.vectorcrypto.com blackarrowtrading.com *.theniba.com *.wpenginepowered.com *.apmcapital.ae *.finanzen.ch apm-capital.webflow.io *.gocharting.com gocharting.com *.thearmchairtrader.com stonexone.com *.stonexone.com stonex.com *.stonex.com *.lynxbroker.de *.avafutures.com unusualwhales.com *.phillip.com.sg *.poems.com.sg *.phillipcapital.us *.qe.com.qa *.dxp.qe.qa straitsfinancial.com *.straitsfinancial.com appdev3.wixstudio.io *.straitsfinancial.gate39tech.com *.sitagri.com *.financeagri.com piqsuite.com *.piqsuite.com *.ironbeam.com insigniafutures.com *.tickmill.com *.cannontrading.com beta.mfpawards.com *.gigatrade.io gigatrade.io *.metrotrade.com metrotrade.com *.tradeday.com *.webullbroker.com *.webullapp.com.my *.schwab.tech *.laohu8.com laohu8.com ttmgoal.com sbisec.co.jp advisor.kgif.com.tw henghua.hk capitalfutures.com.tw *.directaccess.com.hk *.directaccess.com.sg login.prod.gcp.cme.com login.uat.gcp.cme.com login-cert.uat.gcp.cme.com login.cert.gcp.cme.com futures.avatrade.com lunaro.com *.aem.live *.aem.page *.aem.reviews; 5
default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com surfnl.containers.piwik.pro pretalx.surf.nl feedback.communicatie.surf.nl 'unsafe-inline' 'unsafe-eval'  https://app.vwo.com https://d5phz18u4wuww.cloudfront.net/vis_opt.js https://dev.visualwebsiteoptimizer.com  https://eu.frcapi.co; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com surfnl.containers.piwik.pro  surfnl.piwik.pro https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://eu.frcapi.com/; img-src http: https: surfnl.containers.piwik.pro surfnl.piwik.pro data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com https://surf.apnd.me/OWD23/program https://surf.apnd.me/ACUD23/program https://app.vwo.com *.edu.nl  https://eu.frcapi.com/; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com https://app.vwo.com; font-src 'self' fonts.gstatic.com surfnl.containers.piwik.pro surfnl.piwik.pro data:; connect-src 'self' surfnl.piwik.pro webstats.surf.nl surfnl.containers.piwik.pro  surfnl.piwik.pro pretalx.surf.nl *.surf.nl https://app.vwo.com https://dev.visualwebsiteoptimizer.com  https://eu.frcapi.com/; report-uri /report-csp-violation; upgrade-insecure-requests 5
default-src 'self'; script-src 'unsafe-eval' 'self' https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://static.cdn.prismic.io https://prismic.io https://texthelp.tfaforms.net https://www.google.com https://www.gstatic.com https://s.saleswingsapp.com https://static.hotjar.com https://script.hotjar.com https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://wikisum.texthelp.com https://mautic.texthelp.com https://mautic-staging.texthelp.com https://embed.typeform.com/next/embed.js https://connect.facebook.net https://snap.licdn.com https://www.youtube.com https://*.amplitude.com https://a.omappapi.com/ https://player.cloudinary.com https://cloudinary.com https://online4.superoffice.com https://cdn.jsdelivr.net/npm/@rive-app/canvas@2.23.10/rive.js 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.browsealoud.com https://plus.browsealoud.com https://texthelp.tfaforms.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://embed.typeform.com/next/css/widget.css https://*.amplitude.com https://a.omappapi.com/ https://player.cloudinary.com; connect-src 'self' blob: https://plus.browsealoud.com https://www.browsealoud.com https://en.wikipedia.org https://wikisum.texthelp.com https://wiki-summarizer-eu.texthelp.com https://simplify-us.texthelp.com https://browsealoud-webservices-8.texthelp.com https://browsealoud-webservices-eu.texthelp.com https://babm.texthelp.com https://*.speechstream.net https://stats.g.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://everway.cdn.prismic.io https://analytics.formassembly.com https://texthelp.tfaforms.net/api_v2/sst/wf-quick-publish https://typeahead.formassembly.com https://consentcdn.cookiebot.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://to.go.saleswingsapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.typeform.com/single-embed/ https://px.ads.linkedin.com https://*.amplitude.com https://unpkg.com https://cdn.jsdelivr.net https://api.omappapi.com/ https://a.omappapi.com https://z.omappapi.com https://player.cloudinary.com https://res.cloudinary.com https://cloudinary.com; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html; media-src 'self' blob: https://*.speechstream.net https://*.amplitude.com https://res.cloudinary.com https://player.cloudinary.com; font-src 'self' https://fonts.gstatic.com data: https://script.hotjar.com https://a.omappapi.com/ https://api.omappapi.com/; img-src 'self' data: blob: https://webworx.texthelp.com https://browsealoud-webservices-8.texthelp.com https://browsealoud-webservices-eu.texthelp.com https://www.browsealoud.com https://plus.browsealoud.com https://upload.wikimedia.org https://www.google-analytics.com https://stats.g.doubleclick.net https://everway.cdn.prismic.io https://images.prismic.io https://imgsct.cookiebot.com https://*.google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.co.uk https://www.google.ca https://www.google.dk https://www.google.com.au https://www.google.co.in https://www.google.ie https://www.google.co.nz https://www.google.nl https://www.google.it https://www.google.se https://www.google.es https://www.google.com.ph https://www.google.com.mx https://www.google.de https://www.google.com.pk https://www.google.co.id https://www.google.ae https://www.google.fr https://www.google.co.za https://www.google.com.br https://www.google.co.jp https://www.google.com.sg https://www.google.fi https://www.google.co.il https://www.google.ee https://www.google.no https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://px.ads.linkedin.com https://www.facebook.com https://*.amplitude.com https://a.omappapi.com/ https://api.omappapi.com/ https://res.cloudinary.com; object-src 'none'; frame-src 'self' https://content.googleapis.com/ https://everway.prismic.io https://www.youtube.com https://www.google.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://td.doubleclick.net https://mautic.texthelp.com https://mautic-staging.texthelp.com https://form.typeform.com/ https://registration.events.ringcentral.com/ https://player.cloudinary.com https://online4.superoffice.com/; form-action 'self' https://texthelp.tfaforms.net https://mautic.texthelp.com https://mautic-staging.texthelp.com https://event.on24.com https://www.n2y.com/ https://www.texthelp.com; base-uri 'none' 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.nz23.com:8443 https://www.youtube.com https://youtube.com https://youtu.be https://cdn.jsdelivr.net https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://nz14.com https://*.nz14.com https://nz23.space https://*.nz23.space https://nz23.com https://*.nz23.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://youtube.com https://youtu.be https://i.ytimg.com https://img.youtube.com; connect-src 'self' https://www.nz23.com:8443 wss://www.nz23.com:8443 http://localhost:8443 https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.jsdelivr.net https://cloudflareinsights.com; media-src 'self' https://www.nz23.com https://*.nz14.com https://*.nz23.space https://*.nz23.com blob:; object-src 'none'; frame-src 'self' https://www.youtube.com https://youtube.com https://youtu.be; frame-ancestors 'self'; 5
default-src 'self' data: https://fonts.gstatic.com/ https://cdn.podigee.com/ https://*.podigee-cdn.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; connect-src 'self' https://cdn.cookielaw.org/ https://*.onetrust.com/ https://quality.dpdhl.com/ https://t.leadlab.click/ https://insight.adsrvr.org/ https://assets.adobedtm.com/ https://deutschepostag1.d3.sc.omtrdc.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://meinservice-dhl-sites.secure.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://depst-salaut-prod1.pegacloud.net/ https://depst-mara-dt1-decisionhub.pegacloud.net/ https://depst-mara-stg1-decisionhub.pegacloud.net/ https://depst-mara-prod1-decisionhub.pegacloud.net/ https://t.ssl.ak.tiles.virtualearth.net/ https://*.dynamic.tiles.ditu.live.com/ https://*.braintreegateway.com/ https://*.braintree-api.com/ https://braintree-sample-merchant.herokuapp.com/ https://*.heidelpay.com/ https://autocomplete2.postdirekt.de/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; img-src https: data: blob:; form-action 'self' https://*.dhl.de/ https://*.deutschepost.de/ https://www.sofort.com/ https://*.dhl.com/ https://meinservice.my.salesforce-sites.com/; frame-ancestors 'self' https://facebook.com/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://deutschepost.elaine-asp.de/ https://*.plentymarkets-cloud-de.com/ https://*.plentymarkets-cloud-ie.com/ https://dhl.vendidero.de/ https://dhl-paket.plentymarkets-cloud02.com/ https://*.billbee.io/ https://*.dreamrobot.de/ https://tl-meinservice-dhl.cs107.force.com/; frame-src 'self' https://www.simplydhl.com/ https://deutschepost.elaine-asp.de/ https://www.youtube.com/ https://www.google.com/ https://assets.adobedtm.com/ https://rdevpro-meinservice-dhl.cs160.force.com/ https://gateway.zscalerthree.net/ https://*.braintreegateway.com/ https://payment.heidelpay.com/ https://dhlglobalmail.secure.force.com/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://dhlglobalmail.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://dhlglobalmail.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/ https://app.webinargeek.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.youtube.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ https://geolocation.onetrust.com/ https://assets.adobedtm.com/ https://cdn.tt.omtrdc.net/ https://*.google.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://*.virtualearth.net/ https://*.ditu.live.com/ https://*.salesforceliveagent.com/ https://static.lightning.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://meinservice-dhl-sites.secure.force.com/ https://assets.braintreegateway.com/ https://static.heidelpay.com/ https://cdn.jsdelivr.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://cdn.cookielaw.org/ https://googletagmanager.com/ https://track.adform.net/ https://www.youtube.com/ https://connect.facebook.net/ https://*.virtualearth.net/ https://*.ditu.live.com/ https://*.salesforceliveagent.com/ https://static.lightning.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://assets.braintreegateway.com/ https://cdn.jsdelivr.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; style-src 'self' 'unsafe-inline' https://meinservice-dhl-sites.secure.force.com/ https://cdn.tt.omtrdc.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; 5
frame-ancestors https://r1132100004725-eu1-ifwe.3dexperience.3ds.com https://r1132100257819-eu1-ifwe.3dexperience.3ds.com https://dsext001-eu1-215dsi0708-ifwe.3dexperience.3ds.com https://r1132100381839-eu1-academia-ifwe.3dexperience.3ds.com https://dspart004-eu1-partners-ifwe.3dexperience.3ds.com https://dspart011-eu1-partners-ifwe.3dexperience.3ds.com https://my.3dexperience.3ds.com https://www.3ds.com; base-uri 'self' 5
frame-ancestors https://*.bw-infra.de https://*.baden-wuerttemberg.de; 5
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5
object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 5
default-src 'none'; script-src 'self' 'sha256-WN0hqek1jEauhlhWVVXeQPa5BD3f0rsMdmwSZtw1Cys=' 'sha256-VmEf2BGdqVUwcvyhTyarJo/bY7DNqS2+T2sz4IO/kbw=' 'sha256-eIXWvAmxkr251LJZkjniEK5LcPF3NkapbJepohwYRIc=' 'sha256-Jz4XDAN4f076pEj8cOt8mEdISulquB3CBdxFvEpSSyc=' 'sha256-gPxRf/xXylU+m1MS3X2eO2FaXfC4fdHx0TdnWrwGoOI='; child-src 'self'; frame-src https://*.youtube.com  https://*.vimeo.com; font-src 'self'; img-src http: data: *; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' https://tuta.com https://tuta.com data: * wss://app.tuta.com https://app.tuta.com https://api.github.com https://www.reddit.com https://mail.tutanota.com wss://mail.tutanota.com; 5
object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fonts.bunny.net https://js-agent.newrelic.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://a.optnmstr.com https://www.youtube.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://bot.leadoo.com https://www.buzzsprout.com https://www.facebook.com https://platform.marksmen.nl *.mouseflow.com https://js-eu1.hs-scripts.com https://js-eu1.hsforms.net https://js-eu1.hs-banner.com https://js-eu1.hsleadflows.net https://js.hsforms.net https://forms.hsforms.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tag.simpli.fi https://bat.bing.com https://www.bing.com https://i.simpli.fi https://consent.trustarc.com https://ad.doubleclick.net https://js.adsrvr.org js.zi-scripts.com ws.zoominfo.com tags.clickagy.com cdn.jsdelivr.net dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self' https://*.chaosgroup.com https://*.chaos.com https://secure.avangate.com https://secure.2checkout.com https://elmtec.fr https://elmtec.odoo.com 5
default-src 'self' https://horizon-api.www.myprotein.com https://*.rlcdn.com/; child-src 'self' https://pagead2.googlesyndication.com/* https://g.ezoic.net/ https://sgtm.myprotein.com/ https://ams.creativecdn.com https://*.ringcentral.com https://*.cloudfront.net https://*.smct.io/ https://*.rlcdn.com/ https://ct.pinterest.com/ https://*.listrakbi.com/ https://www.googletagmanager.com https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.criteo.com https://static.criteo.net https://www.youtube.com https://youtu.be/ https://www.zenaps.com https://www.instagram.com https://ln-rules.rewardstyle.com https://www.shoplooks.com https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://player.vimeo.com https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://t.lt02.net https://*.dynamicyield.eu/ https://www.googleadservices.com https://*.dynamicyield.com/ *.ezodn.com *.id-mx.com *.yahoo.com *.ad.gt id-sync.com *.crwdcntrl.net *.adsrvr.org *.rubiconproject.org *.adnxs.com onetag-sys.com *.googlesyndication.com *.adtrafficquality.google https://g.ezoic.net/ https://*.seroundprince.com/ https://ams.creativecdn.com wss://*.ringcentral.com https://*.ringcentral.com https://*.amazonaws.com/ https://*.smct.io https://*.snapchat.com/ https://*.rlcdn.com/ https://*.contentsquare.net https://click.prod.mplat-ppcprotect.com https://*.listrakbi.com/ https://*.listrak.com https://www.wepowerconnections.com/ https://analytics.tiktok.com/ https://s.pinimg.com/ https://horizon-api.www.myprotein.com https://*.clarity.ms/ https://static.criteo.net/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://*.baidu.com https://connect.facebook.net https://*.parcellab.com https://www.shoplooks.com https://www.google.co.uk https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com  https://sgtm.myprotein.com; font-src 'self' data: font-src https://cdn.listrakbi.com https://*.dynamicyield.com/ https://*.smct.io/ https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.com https://m.myprotein.com https://checkout.myprotein.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.dynamicyield.com/ https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com https://youtu.be/; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.dynamicyield.com/ *.id5-sync.com id-sync.com https://www.ezojs.com/ https://go.ezodn.com/ https://g.ezoic.net/ https://*.seroundprince.com/ https://tags.creativecdn.com/ https://*.ringcentral.com/ https://*.smct.io https://smct.co/ https://*.smct.co/ https://ct.pinterest.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://*.contentsquare.net https://app.contentsquare.com https://*.listrak.com https://*.listrakbi.com/ https://s.pinimg.com/  https://*.thcdn.com https://lantern.roeyecdn.com/ https://www.hlserve.com/ https://static.criteo.net/ https://www.clarity.ms/ https://*.parcellab.com https://*.thehut.net https://rum-static.pingdom.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://youtu.be/ https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://remote.captcha.com https://ssl.bing.com https://script.hotjar.com https://ssl.google-analytics.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://tr.snapchat.com https://*.sciencebehindecommerce.com https://static.shoplooks.com https://static.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.com; frame-ancestors 'self' https://www.instagram.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.smct.io/ https://cdn.listrakbi.com/ https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com ; upgrade-insecure-requests; report-to report-endpoint 5
default-src 'self' *.wartsila.com *.wistia.com https://t.wartsila.tiedosto.com https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com x.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com www.facebook.com https://innovatics.fi https://*.innovatics.fi cdn.cookielaw.org *.leadoo.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://s.ytimg.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com *.curator.io https://www.youtube.com/iframe_api https://www.youtube.com/s/ *.twitter.com twitter.com https://static.ads-twitter.com https://dec.azureedge.net/ www.googletagmanager.com https://snap.licdn.com www.googleadservices.com https://code.jquery.com https://ajax.microsoft.com cdn.pardot.com https://serve.nrich.ai pi.pardot.com https://cdnjs.cloudflare.com https://tag.nrich.ai https://audience.nrich.ai https://j.nrich.ai *.doubleclick.net doubleclick.net https://app.interactiveads.ai *.wistia.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input kendo.cdn.telerik.com https://unpkg.com tools.euroland.com https://t.wartsila.tiedosto.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://go.pardot.com *.wartsila.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.imp.stackadapt.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com https://code.createjs.com/1.0.0/createjs.min.js https://*.linkedin.com https://*.cdn.bcebos.com js.sentry-cdn.com https://*.bc0a.com https://rum-static.pingdom.net fast.wistia.net *.raffle.ai 'self' cdn.ampproject.org web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js 'unsafe-inline';style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com *.curator.io *.twitter.com twitter.com https://d35islomi5rx1v.cloudfront.net https://d20rdry57v9fzf.cloudfront.net docs.google.com *.wistia.com https://cdnjs.cloudflare.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://go.pardot.com pages.wartsila.digital fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://code.jquery.com https://res.leadoo.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com https://*.baidu.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline';img-src www.linkedin.com data: blob: android-webview-video-poster: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input fast.wistia.net *.wistia.com *.stackadapt.com sitefinity-videos-stage.s3.eu-west-1.amazonaws.com *.google-analytics.com google-analytics.com *.analytics.google.com analytics.google.com https://*.linkedin.com https://mb.cision.com https://cdn.cookielaw.org https://tag.nrich.ai 'self' web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com https://cdn.insight.sitefinity.com https://dec.azureedge.net;font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: themes.googleusercontent.com/static/fonts/inconsolata/v5/BjAYBlHtW3CJxDcjzrnZCIbN6UDyHWBl620a-IRfuBk.woff https://cdnjs.cloudflare.com https://app.powerbi.com https://curatorio.s3.amazonaws.com https://github.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://go.pardot.com fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com *.curator.io https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com https://res.leadoo.com *.stackadapt.com;frame-src 'self' https://fast.wistia.net https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.wartsila.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com tools.euroland.com tools.eurolandir.com asia.tools.euroland.com https://innovatics.fi https://*.innovatics.fi https://www.youtube.com https://*.google.com pages.wartsila.digital meltwater.fi https://s.company-target.com/ https://app.powerbi.com *.leadoo.com *.doubleclick.net doubleclick.net www.googletagmanager.com *.raffle.ai web-chat.nativechat.com forms.hsforms.com; connect-src data: accounts.google.com *.google-analytics.com *.curator.io https://serve.nrich.ai https://j.nrich.ai https://api.company-target.com google-analytics.com *.analytics.google.com analytics.google.com *.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embedwistia-a.akamaihd.net fast.wistia.net https://d20rdry57v9fzf.cloudfront.net https://t.wartsila.tiedosto.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://tag.nrich.ai https://match.prod.bidr.io *.twitter.com https://go.pardot.com pages.wartsila.digital https://*.hotjar.io *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://crmsrv.azurewebsites.net https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input www.facebook.com https://www.quandl.com *.pingdom.net wartsila.avaus.fi https://maps.googleapis.com https://sitefunc1.azurewebsites.net https://bot.leadoo.com https://iapi.leadoo.com https://anl.leadoo.com *.stackadapt.com https://innovatics.fi https://*.innovatics.fi risk.ipmeta.io segments.company-target.com cdn.cookielaw.org *.onetrust.com cdn.linkedin.oribi.io *.leadoo.com application/wasm googlesyndication.com *.googlesyndication.com *.doubleclick.net doubleclick.net https://*.google.com https://*.linkedin.com https://*.baidu.com https://*.safe.baidu.com https://*.bc0a.com *.raffle.ai 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://video-frt3-2.cdninstagram.com https://www.youtube.com https://embedwistia-a.akamaihd.net https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com fast.wistia.net sitefinity-videos-stage.s3.eu-west-1.amazonaws.com https://*.baidu.com; child-src *.twitter.com twitter.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://www.google.com pages.wartsila.digital https://snapwidget.com https://innovatics.fi https://*.innovatics.fi tools.euroland.com *.doubleclick.net doubleclick.net https://app.interactiveads.ai meltwater.fi www.linkedin.com *.wistia.com https://d20rdry57v9fzf.cloudfront.net https://t.wartsila.tiedosto.com t.co https://api.curator.io https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://go.pardot.com *.wartsila.com https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://www.quandl.com https://bot.leadoo.com cdn.linkedin.oribi.io cdn.cookielaw.org *.leadoo.com 'self' web-chat.nativechat.com; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=puba7d8aaaa51b67194b3f1ee591694ee11&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod%2Cservice%3Awartsila.com 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://a.aisiteanalytics.com https://a.usbrowserspeed.com https://d-code.liadm.com https://mm-uxrv.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hubspot.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self'  https://www.google.com/ccm/ https://www.googletagmanager.com https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.google.co.uk/ads/ *.gstatic.com *.googleapis.com *.google-analytics.com *.analytics.google.com https://rp.liadm.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com *.hubspot.com https://*.hsforms.com; media-src 'self' data: blob:; frame-src 'self' https://i.liadm.com colocation-hosting.safenames.net/ https://interactive-img.com https://www.youtube.com https://www.googletagmanager.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' data: a.aisiteanalytics.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.google-analytics.com https://*.analytics.google.com https://*.gstatic.com https://*.hscollectedforms.net https://stats.g.doubleclick.net https://*.googletagmanager.com https://www.google.com/ccm/ https://www.google.co.uk https://*.hubspot.com 5
frame-ancestors 'self' https://*.procaresoftware.com; 5
frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com  quantserv.com  adnxs.com  impactradius-event.com  dgm-au.com  everestjs.net  everesttech.net  yahoo.com  xg4ken.com *.online-metrix.net *.uplift.com  *.quantummetric.com api.securedvisit.com  track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com *.mypurecloud.com  *.nagich.com cloudfront.net  bing.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au *.salecycle.com abgnz.wufoo.com *.youtube-nocookie.com *.mypurecloud.com  *.mypurecloud.com.au; 5
default-src 'none'; media-src 'self' *.scene7.com *.stryker.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.scene7.com *.cookielaw.org *.cvent-assets.com *.cvent.com *.doubleclick.net *.facebook.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.hlx.page *.licdn.com *.marketo.com *.marketo.net *.mktoweb.com *.serving-sys.com *.smtrk.net *.stackadapt.com *.stryker.com *.tribalfusion.com *.zi-scripts.com *.zoominfo.com assets.adobedtm.com bh.contextweb.com magnetic.t.domdex.com maps.googleapis.com pixel.mathtag.com rules.quantcount.com s.ytimg.com secure.quantserve.com ssl.google-analytics.com stryker-h.assetsadobe.com tags.srv.stackadapt.com www.gstatic.com www.youtube.com blob:; connect-src 'self' https://*; img-src 'self' data: https://*; style-src 'self' 'unsafe-inline' *.cvent-assets.com *.mktoweb.com *.scene7.com *.stackadapt.com *.stryker.com fast.fonts.net fonts.googleapis.com www.gstatic.com; font-src 'self' https://*; manifest-src 'self'; frame-src 'self' https://*; frame-ancestors 'self' *.adobecqms.net; block-all-mixed-content; upgrade-insecure-requests; 5
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot *.nhsggc.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 5
default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' https:; media-src 'self' https:; frame-src 'self' https: 5
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net; script-src 'self' 'unsafe-inline' js.driftt.com widget.drift.com ametekemip--dev.sandbox.my.site.com ametekemip.my.site.com enterprise-demo.tfaforms.net js.sentry-cdn.com affimvip.baidu.com static.lightning.force.com b.static.lightning.force.com creaform.my.salesforce.com c.la1-core1.sfdc-58ktaz.salesforceliveagent.com creaform.my.site.com d.la1-core1.sfdc-58ktaz.salesforceliveagent.com chatai-cdn.ametek.com ametekpds.us17.list-manage.com mc.us17.list-manage.com static.addtoany.com fast.wistia.net wappass.baidu.com hmcdn.baidu.com fast.wistia.com static.zdassets.com affim.baidu.com safe.cdn.bcebos.com aifanfan.baidu.com a.omappapi.com go.zygo.com aff-im.cdn.bcebos.com cdnjs.cloudflare.com goutong.baidu.com player.youku.com hm.baidu.com js.hscollectedforms.net dmpstatic.cdn.bcebos.com sofire.bdstatic.com aiff.cdn.bcebos.com cdn.syndication.twimg.com api.twitter.com platform.twitter.com cdn.jsdelivr.net embed.tawk.to shopapi.dunkermotoren.de dwebshoptest.plan-software.de aff-im.cdn.bcebos.com ametekcdn2.azureedge.net ametekcdn.azureedge.net cdn.cookielaw.org go.phantomcamera.es go.phantomcameras.cn go.phantomcamera.fr wistia.com wistia.net go.ametekesp.com go.powervar.com go.precitech.com go.precitech.com.de *.creaform-engineering.com *.zygo.tw *.introtek.com *.alphasense.com *.egsautomation.de *.rtds.com *.skybitz.com *.ametek.com *.ametekweb.com go.sunpowerinc.com go.ameteksi.com go.ortec-online.com ajax.cloudflare.com static.cloudflareinsights.com facebook.com facebook.net connect.facebook.net googleads.g.doubleclick.net google-analytics.com www.google-analytics.com ssl.google-analytics.com google.com www.google.com support.google.com www.googleadservices.com fonts.googleapis.com ajax.googleapis.com maps.googleapis.com fonts.gstatic.com www.gstatic.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.hubspot.com js.hscollectedforms.net t.sharethis.com code.jquery.com ws.sharethis.com info.ametek-land.com go.spectro.com twitter.com player.vimeo.com/api/ webtraxs.com youku.com youtube.com www.youtube.com go.techmfg.com go.techmfg.cn go.techmfg.de go.techmfg.jp go.techmfg.es chimpstatic.com cookie-cdn.cookiepro.com emip.ametek.com emipi.ametek.com geolocation.onetrust.com go.ametekaerospaceanddefense.com go.ametek-airtechnology.com go.ametekcalibration.cn go.ametekcalibration.com go.ametek-coining.com go.ametekfactoryautomation.com *.ametek-measurement.com go.ameteksfms.com go.ametekstc.com go.ametektest.cn go.ametektest.com go.ametektest.fr go.ametekusg.com go.brookfieldengineering.cn go.brookfieldengineering.com go.brookfieldengineering.de go.brookfieldengineering.in go.brookfieldengineering.uk go.drexelbrook.com go.emip.ametek.com go.fmhaerospace.com go.hughes-treitler.com go.hunterspringandreel.com go.pd-tech.com go.phantomcamera.de go.phantomhighspeed.com go.phantomcamera.fr go.phantomcameras.cn go.precitech.cn go.precitech.co.kr go.precitech.com.de go.precitech.jp go.precitech.tw go.rauland.com go.rauland.com go.spectro.de go.spectro.jp go.store.csiheat.com go.zygo.cn go.zygo.com.cn go.zygo.de go.zygo.jp *.zygo.kr go.zygo.sg go.zygo.th info.ametekland.com info.ametek-land.com info.ameteksurfacevision.com listadmin.ametek.com pardot1022173.ametek.com privacyportal.onetrust.com www.linkedin.com players.brightcove.net brightcvove.com brightinfo.com vjs.zencdn.net *.amazonaws.com js.hscta.net js.hs-banner.com js.hsleadflows.net analytics-eu.clickdimensions.com widgets.wp.com snap.licdn.com *.salesforceliveagent.com service.force.com bat.bing.com *.salesforce.com www.googletagmanager.com static.doubleclick.net fwww.surveymonkey.com fr.surveymonkey.com es.surveymonkey.com nl.surveymonkey.com de.surveymonkey.com jp.surveymonkey.com help.surveymonkey.com it.surveymonkey.com apply.surveymonkey.com pt.surveymonkey.com ru.surveymonkey.com sv.surveymonkey.com fi.surveymonkey.com da.surveymonkey.com zh.surveymonkey.com ko.surveymonkey.com no.surveymonkey.com tr.surveymonkey.com secure.surveymonkey.com contribute.surveymonkey.com fdeveloper.surveymonkey.com godaddy.surveymonkey.com linuxfoundation.surveymonkey.com eu.surveymonkey.com cx.surveymonkey.com investor.surveymonkey.com widget.surveymonkey.com engage.surveymonkey.com smenterprise.surveymonkey.com smaudience.surveymonkey.com blog.electiontracking.surveymonkey.com seattle.surveymonkey.com de.eu.surveymonkey.com uber.surveymonkey.com jpmc.surveymonkey.com en.surveymonkey.com ourstory.surveymonkey.com carerstrust.surveymonkey.com lp.surveymonkey.com demo.cx.surveymonkey.com cx-help.surveymonkey.com engage-help.surveymonkey.com images.surveymonkey.com kab.surveymonkey.com sgs.surveymonkey.com mobile.surveymonkey.com att.surveymonkey.com thearcus.surveymonkey.com winnipeg.surveymonkey.com petersburgmedicalcenter.surveymonkey.com cs.surveymonkey.com cy.surveymonkey.com el.surveymonkey.com ro.surveymonkey.com asm.surveymonkey.com cfchildren.surveymonkey.com ga.surveymonkey.com kooziegroup.surveymonkey.com mcafee.surveymonkey.com audience.surveymonkey.com fit.eu.surveymonkey.com click.outbound.surveymonkey.com secure.eu.surveymonkey.com anpost.eu.surveymonkey.com oesb.surveymonkey.com kla.surveymonkey.com nycdohmh.surveymonkey.com csl.surveymonkey.com wwww.surveymonkey.com blumenthalarts.surveymonkey.com api.surveymonkey.com labelmaster.surveymonkey.com thelynxgroup.surveymonkey.com try.surveymonkey.com assets01.surveymonkey.com lcoa.surveymonkey.com bnymellon.surveymonkey.com placer.surveymonkey.com ayuda.surveymonkey.com avon.surveymonkey.com auth0.surveymonkey.com maximus.surveymonkey.com sasb.surveymonkey.com nmhs.surveymonkey.com csp.surveymonkey.com strong365northwell.surveymonkey.com be.surveymonkey.com augustatech.surveymonkey.com woodplc.surveymonkey.com go.surveymonkey.com fr.eu.surveymonkey.com nychealthandhospitals.surveymonkey.com hca.surveymonkey.com nhl.surveymonkey.com slsnz.surveymonkey.com ds.surveymonkey.com ww.surveymonkey.com symplr.surveymonkey.com ca.surveymonkey.com aktionen.surveymonkey.com pncpa.surveymonkey.com seiu1021.surveymonkey.com kornferry.surveymonkey.com streetwisepartners.surveymonkey.com gamechange.surveymonkey.com jp.blog.surveymonkey.com google.surveymonkey.com styles.surveymonkey.com 222.surveymonkey.com pg.surveymonkey.com engineering.surveymonkey.com scitechinstitute.orgwww.surveymonkey.com surveymonkeysv.surveymonkey.com aide.surveymonkey.com levelaccess.surveymonkey.com roamrobotics.surveymonkey.com smonkey.surveymonkey.com resources.surveymonkey.com ar.surveymonkey.com bg.surveymonkey.com bs.surveymonkey.com et.surveymonkey.com hr.surveymonkey.com hu.surveymonkey.com id.surveymonkey.com is.surveymonkey.com lv.surveymonkey.com ms.surveymonkey.com pl.surveymonkey.com sk.surveymonkey.com sl.surveymonkey.com sr.surveymonkey.com th.surveymonkey.com tl.surveymonkey.com uk.surveymonkey.com vi.surveymonkey.com scfirststeps.surveymonkey.com www.qlzn6i1l.com secure.neck6bake.com go.universalanalyzers.com go.store.universalanalyzers.com cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com login.mailchimp.com kb.mailchimp.com blog.mailchimp.com us1.admin.mailchimp.com admin.mailchimp.com styleguide.mailchimp.com polyfill.mailchimp.com developer.mailchimp.com templates.mailchimp.com ux.mailchimp.com api.mailchimp.com connect.mailchimp.com us16.admin.mailchimp.com us19.admin.mailchimp.com us7.admin.mailchimp.com us17.admin.mailchimp.com us3.admin.mailchimp.com us10.admin.mailchimp.com us2.admin.mailchimp.com us11.admin.mailchimp.com us20.admin.mailchimp.com us4.admin.mailchimp.com us12.admin.mailchimp.com us18.admin.mailchimp.com us14.admin.mailchimp.com us8.admin.mailchimp.com apidocs.mailchimp.com us13.admin.mailchimp.com experts.mailchimp.com us1.api.mailchimp.com img.mailchimp.com us15.admin.mailchimp.com status.mailchimp.com us5.admin.mailchimp.com us6.admin.mailchimp.com us9.admin.mailchimp.com us1.mailchimp.com ls.mailchimp.com devs.mailchimp.com shopware.mailchimp.com postcards.mailchimp.com delivery.mailchimp.com plums.mailchimp.com linkedin.mailchimp.com mixpanel.mailchimp.com partner-assets.mailchimp.com patreon.mailchimp.com inspiration.mailchimp.com us11.mailchimp.com us9.mailchimp.com us16.mailchimp.com us19.mailchimp.com us20.mailchimp.com us15.mailchimp.com creative.mailchimp.com posthaste.mailchimp.com us3.mailchimp.com us6.mailchimp.com us4.mailchimp.com us12.mailchimp.com us14.mailchimp.com us2.mailchimp.com us12.api.mailchimp.com us10.mailchimp.com sopresto.mailchimp.com us17.mailchimp.com us7.mailchimp.com us18.mailchimp.com us13.mailchimp.com us8.mailchimp.com us20.api.mailchimp.com meowmart.mailchimp.com fastfives.mailchimp.com us2.api.mailchimp.com us5.mailchimp.com designlab.mailchimp.com us7.api.mailchimp.com img2.mailchimp.com us11.api.mailchimp.com us5.api.mailchimp.com us16.api.mailchimp.com sawa-usercontent.mailchimp.com us9.api.mailchimp.com docmakers.mailchimp.com us6.api.mailchimp.com help.mailchimp.com resources.mailchimp.com us15.api.mailchimp.com nonprofits.mailchimp.com m.mailchimp.com us4.api.mailchimp.com us19.api.mailchimp.com lurvin.mailchimp.com jungle.mailchimp.com us17.api.mailchimp.com us10.api.mailchimp.com us18.api.mailchimp.com us3.api.mailchimp.com privacyportal-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com privacyportal-eu.onetrust.com www.onetrust.com privacyportal.onetrust.com cdn-ukwest.onetrust.com app.onetrust.com privacyportalde-cdn.onetrust.com geolocation.onetrust.com app-de.onetrust.com privacyportal-de.onetrust.com cdn-apac.onetrust.com app-eu.onetrust.com privacyportal-hulu-cdn.onetrust.com privacyportal-uk-cdn.onetrust.com cdn.onetrust.com privacyportal-uk.onetrust.com privacyportal-br-cdn.onetrust.com my.onetrust.com privacyportal-br.onetrust.com cruise-requests.my.onetrust.com privacyportal-na01-cdn.onetrust.com privacyportal-fr.onetrust.com iapp.onetrust.com sncf-portail.my.onetrust.com dpd-paris2.my.onetrust.com app.elq.onetrust.com tastemade-privacy.my.onetrust.com cdn-au.onetrust.com privacyportal-au.onetrust.com images.elq.onetrust.com allegion-privacy.my.onetrust.com privacyportal-ch.onetrust.com tcf.onetrust.com ggoutfitters-requests.my.onetrust.com privacyportal-apac.onetrust.com portal-verint.my.onetrust.com app-au.onetrust.com developer.onetrust.com uat-de.onetrust.com movado-privacy.my.onetrust.com privacyportal-allstate-cdn.onetrust.com proximospirits-privacy.my.onetrust.com free.onetrust.com privacy-portal-manpowergroup.my.onetrust.com privacyportal-discover-cdn.onetrust.com web.onetrust.com privacyportal-uat-cdn.onetrust.com privacyportal-uatde-cdn.onetrust.com info.onetrust.com support.onetrust.com chownow-requests.my.onetrust.com privacyportal-cisco-cdn.onetrust.com tv.onetrust.com data-protection-man-privacy.my.onetrust.com privacyportal-free-cdn.onetrust.com privacyportaluat.onetrust.com privacyportal-apac-cdn.onetrust.com privacyportal-free.onetrust.com smartfit-dsar.my.onetrust.com privacyportal-ch-cdn.onetrust.com privacyportaltrial-cdn.onetrust.com app-uk.onetrust.com app-apac.onetrust.com app-br.onetrust.com app-ca.onetrust.com app-ch.onetrust.com privacyportal-na01.onetrust.com lunagrill-requests.my.onetrust.com cbcfcu-requests.my.onetrust.com dropps-privacy.my.onetrust.com otcc-training.onetrust.com tdic-privacy.my.onetrust.com caire-requests.my.onetrust.com goodworldwide-requests.my.onetrust.com telteclgpd-privacy.my.onetrust.com privacyportaluatde.onetrust.com certain-requests.my.onetrust.com engieimpact-privacy.my.onetrust.com agriness-privacy.my.onetrust.com trial.onetrust.com ideas.onetrust.com lendico-privacy.my.onetrust.com go.pardot.com pi.pardot.com go.obcorp.com go.csiheat.com go.cardinaluhp.com go.barbenanalytical.com optinmonster.com cdn.datatables.net s7.addthis.com v1.addthisedge.com 'unsafe-eval'; style-src * 'unsafe-inline' creaform.my.site.com service.force.com ton.twimg.com platform.twitter.com ametekcdn2.azureedge.net ametekcdn.azureedge.net tagmanager.google.com fonts.googleapis.com; font-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net fonts.gstatic.com data:; img-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net img.mailchimp.com img2.mailchimp.com images.surveymonkey.com images.elq.onetrust.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com data: abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com; frame-src * 'unsafe-inline' js.driftt.com widget.drift.com enterprise-demo.tfaforms.net service.force.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com/video/ ametekcdn2.azureedge.net ametekcdn.azureedge.net; connect-src * 'unsafe-inline' creaform.my.site.com ametekcdn2.azureedge.net ametekcdn.azureedge.net www.google-analytics.com cloudflareinsights.com; worker-src 'self' ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; media-src 'self' *.akamaihd.net manifest.prod.boltdns.net *.wistia.com aifanfan.baidu.com ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; object-src 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net aifanfan.baidu.com 'self' 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.ads-twitter.com *.adyen.com *.agilone.com *.algolia.net *.algolianet.com *.analytics.google.com *.bing.com *.bounceexchange.com *.bouncex.net *.cdnbasket.net *.cdnwidget.com *.collect.igodigital.com *.contentsquare.net *.criteo.com *.facebook.com *.facebook.net *.fls.doubleclick.net *.g.doubleclick.net *.ggpht.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.igodigital.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.liadm.com *.monetate.net *.nextdoor.com *.nr-data.net *.onetrust.com *.pepperjam.com *.pinimg.com *.pinterest.com *.revlifter.io *.rsa3dsauth.co.uk *.scene7.com *.securesuite.co.uk *.smarterhq.io *.snapchat.com *.staging.bigcontent.io *.studentbeans.com *.twitter.com *.ventrica.io *.wknd.ai *.zdassets.com *.zendesk.com *.zopim.com ad.doubleclick.net ade.googlesyndication.com algolia.net algolianet.com analytics.tiktok.com api.addressy.com api.official-coupons.com api.official-deals.co.uk app.contentsquare.com bid.g.doubleclick.net clarks.a.bigcontent.io cdn.c1.amplience.net cdn.cookielaw.org cdn.media.amplience.net cdn.static.amplience.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com clarkscs.zendesk.com cloud.email.clarks.com cookie-cdn.cookiepro.com edgeshoppingstatic.azureedge.net ekr.zdassets.com ekr.zendesk.com fonts.googleapis.com insights.algolia.io int-ds-shared-1.monetate.org js-agent.newrelic.com kargo.clarks.com localhost:2323 marketer.monetate.net pay.google.com pippio.com *.experticity.com *.expertvoice.com private-media-node12.s3.eu-west-1.amazonaws.com res.cloudinary.com sc-static.net static.zdassets.com t.co t.contentsquare.net t.paypal.com t.pepperjamnetwork.com tagmanager.google.com td.doubleclick.net the.sciencebehindcommerce.com tr2.smarterhq.io v2assets.zopim.io zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com wss://clarkscs.zendesk.com www.ascendpartner.com www.awin1.com *.clarity.ms www.dwin1.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com www.upsellit.com www.youtube.com youtube.com https://www.clarks.co.uk/assets/ https://www.clarksusa.com/assets/ https://google.com/pay x.bidswitch.net ib.adnxs.com dis.criteo.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net c1.adform.net cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com ib.adnxs.com dpm.demdex.net gum.criteo.com beacon.krxd.net *.smooch.io metatest.clarks.com metaevents-1p.stitcherads.com kargo.clarks.com metaevents.stitcherads.com prf.hn form.jotform.com/241913106756052 cdn.jotfor.ms/s/umd/latest/for-form-embed-handler.js *.awin1.com *.zenaps.com https://www.dwin1.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com https://*.roeyecdn.com https://*.roeye.com access.myunidays.com images.unidays.world *.myunidays.com *.unidays.world *.prod.unidays.io https://flo.uri.sh/ https://flo.uri.sh/visualisation/* https://public.flourish.studio/resources/* *.attentivemobile.com *.attn.tv https://clarks.attn.tv/* *.klaviyo.com *.gocertify.me *.narvar.com *.trustpilot.com https://d3k81ch9hvuctc.cloudfront.net/company/SzjbVD/images/ https://d3k81ch9hvuctc.cloudfront.net/company/Vi474Y/images/ https://d3k81ch9hvuctc.cloudfront.net/company/X8bLXb/images/ https://d3k81ch9hvuctc.cloudfront.net/company/XyZ4PK/images/ https://d3k81ch9hvuctc.cloudfront.net/company/X68UL9/images/ https://d3k81ch9hvuctc.cloudfront.net/company/TUPhxz/images/ https://d3k81ch9hvuctc.cloudfront.net/company/SCGrft/images/ https://d3k81ch9hvuctc.cloudfront.net/company/TNqrkg/images/ https://d3k81ch9hvuctc.cloudfront.net/company/XPmW2X/images/ cdn.attn.tv sbkpo.clarks.com clarks-us.attn.tv clarks.attn.tv events.attentivemobile.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws https://bff.prod.aws.clarks.com/graphql cognito-idp.eu-west-1.amazonaws.com https://www.clarks.com https://preview.clarks.com; worker-src blob:; font-src 'self' data: fonts.gstatic.com *.klarnacdn.net *.unidays.world *.klaviyo.com; frame-ancestors 'self'; upgrade-insecure-requests ; 5
frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com https://hyland.highspot.com https://view-su2.highspot.com; 5
frame-ancestors 'self' https://betterhearing.lightning.force.com https://betterhearing--staging.sandbox.lightning.force.com; 5
frame-ancestors 'self' https://*.build.com/ https://*.fergusonhome.com https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://bcom.my.salesforce-sites.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ https://*.cybersource.com/ https://*.ferguson.com/ 5
default-src * data: 'unsafe-inline' 'unsafe-eval';  script-src * data: 'unsafe-inline' 'unsafe-eval';  connect-src * data: 'unsafe-inline';  img-src * blob: data: 'unsafe-inline';  frame-src * data:;  style-src * data: 'unsafe-inline';  font-src * data: 'unsafe-inline';  frame-ancestors * data:; 5
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://cdn.ampproject.org https://code.jquery.com https://*.google.com https://*.geetest.com https://*.geevisit.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://connect.facebook.net https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.site https://*.bitget.live https://*.bitget.vin https://*.gdrichem.com https://*.checkout.com https://tcsdk.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.bitget.online https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://*.onfido.com https://www.fedstable.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://*.bitget.style https://api-web.wwmxd.info https://api-web.wwmxd.site https://*.bitget.com https://cdn.dingxiang-inc.com https://*.storm.tg https://*.ston.fi https://*.jarvisbot.ai https://*.pxlvrs.io https://*.onetime.dog https://*.tomarket.ai https://*.newcoolproject.io https://*.catizen.ai https://*.glados.app https://*.yescoin.gold https://*.tonapi.io https://infragrid.v.network https://*.forter.com https://js.volt.io https://static.ads-twitter.com https://goldwater.cloud;connect-src 'self' 'report-sample' data: blob: ws: wss: https://www.turingfraud.net https://cdn.ampproject.org https://*.hdmune.cn https://*.nlviwq.cn https://oauth.telegram.org https://*.qq.com https://*.tencent-cloud.com https://*.intltencentcos.com https://*.tencentcos.cn https://*.tencentcloud.com https://*.my-cpaas.com https://*.tlivewebrtc2.com https://*.tlivecloud.com https://*.rtclivekit.com https://*.xuundv.cn https://*.tencentcloudapi.com https://*.myqcloud.com https://www.googletagmanager.com https://*.rtc-web.com https://*.qcloud.com https://*.my-imcloud.com https://*.tlivewebrtc.com https://*.tliveplay.com https://*.tlivesource.com https://*.rtc-web.io https://*.cloud-rtc.com https://*.vod-qcloud.com https://*.minigitlab.top https://wa.appsflyer.com https://*.google.com https://stats.g.doubleclick.net wss://*.bitgetpro.site https://*.google-analytics.com https://analytics.tiktok.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support wss://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.site https://*.bitget.live https://*.bitget.vin wss://*.bitget.site wss://*.bitget.live wss://*.bitget.vin https://*.gdrichem.com https://*.checkout.com wss://*.checkout.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.bitget.online https://*.bitgettr.com wss://*.bitgettr.com wss://*.gdrichem.com https://pagead2.googlesyndication.com https://megacheck.vip https://*.megacheck.vip wss://megacheck.vip wss://*.megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com wss://*.saintpay.com https://*.skypay.space wss://*.skypay.space https://*.noxiaohao.com wss://*.noxiaohao.com https://*.omkbic.com:8443 https://dn-staticdown.qbox.me https://*.duoyihubei.top https://duoyihubei.top wss://*.duoyihubei.top wss://duoyihubei.top https://*.onfido.com https://cdn.builder.io https://www.fedstable.com wss://www.fedstable.com wss://stream.fedstable.com https://*.glassgs.com wss://*.bitget.style https://*.bitget.style https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443 https://api-web.wwmxd.info https://api-web.wwmxd.site https://www.google.co.kr https://www.google.com.bd https://google.com https://www.google.co.in https://www.google.ru https://sensors-ab.gdrichem.com:8443 https://img.gurenla.com https://img.bitgetimg.com https://*.bitget.com https://cdn.dingxiang-inc.com https://*.storm.tg https://*.ston.fi https://*.jarvisbot.ai https://*.pxlvrs.io https://*.onetime.dog https://*.tomarket.ai https://*.newcoolproject.io https://*.catizen.ai https://*.glados.app https://*.yescoin.gold https://*.tonapi.io https://ton-connect.github.io https://browser-http-intake.logs.datadoghq.com https://infragrid.v.network https://cdnjs.cloudflare.com https://pre.ssqhome.top https://ssqhome.top https://*.forter.com https://*.bgstatic.com https://goldwater.cloud;frame-src 'self' 'report-sample' blob: data: https://callback.osl-pay.com https://ramp.osl-pay.com https://*.bgstatic.com https://*.bitgetimg.com https://*.gurenla.com https://*.google.com https://*.bitgetimg.com https://*.bitgetpro.site https://*.bitget.site https://*.bitget.live https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://*.gdrichem.com https://*.google-analytics.com https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://bitget.banxa.com https://*.onfido.com https://www.bitgetwidget.com https://*.bitget.style https://onramp.money https://*.simplexcc.com https://td.doubleclick.net https://www.bitgetapp.com https://www.bitgetapps.com https://*.bitget.com https://*.revolut.com https://*.multiexc.com https://pre.ssqhome.top https://ssqhome.top https://checkout.volt.io https://openapi-uatdcd.com https://openapi-thedecard.com https://khipu.com https://checkout.pagsmile.com https://gateway.kashio.com.pe https://apiin.monnetpayments.com https://pmt-01.etpayment.com https://registro.pse.com.co https://secure-checkout.payvalida.com https://api.openpay.co https://s.tradingview.com;frame-ancestors 'self' https://ramp.osl-pay.com https://*.bitgetpro.site;report-uri /v1/buried/log/cspSecurity; 5
connect-src 'self' ws: *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com stats.g.doubleclick.net content.hotjar.io *.bing.com bat.bing.net munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com snap.licdn.com px.ads.linkedin.com 106-jev-611.mktoresp.com s3.eu-west-1.amazonaws.com/marker.sessions.prod/ *.hotjar.com https://fast.wistia.com https://*.wistia.com https://*.wistia.net *.wistia.net; default-src 'self' *.google-analytics.com *.googletagmanager.com; font-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com snap.licdn.com px.ads.linkedin.com *.wistia.net; form-action 'self' *.cookiebot.com *.google.com; frame-ancestors 'self'; frame-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com snap.licdn.com px.ads.linkedin.com *.youtube.com https://*.wistia.com *.wistia.net; img-src 'self' data: *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com static.hotjar.com px4.ads.linkedin.com bat.bing.net *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com snap.licdn.com px.ads.linkedin.com https://fast.wistia.com https://*.wistia.com https://*.wistia.net data: *.wistia.net; media-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com  *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com snap.licdn.com px.ads.linkedin.com *.wistia.com https://*.wistia.com https://*.wistia.net blob: *.wistia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com static.hotjar.com script.hotjar.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com unpkg.com *.google.com snap.licdn.com *.pardot.com https://fast.wistia.com *.sentry-cdn.com *.wistia.net; style-src 'self' 'unsafe-inline' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.marker.io *.umbraco.com unpkg.com *.google.com snap.licdn.com px.ads.linkedin.com; worker-src 'self' *.cookiebot.com *.google.com; 5
default-src 'self' * data: blob:;font-src 'self' * data:;script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:;style-src 'self' * 'unsafe-inline';media-src 'self' * blob:;frame-ancestors 'self' http://localhost:3000 https://the-gui.testing.nxt.zone https://the-gui.staging.nxt.zone/ https://the-gui.production.nxt.zone/ https://the-gui.cloud 5
style-src 'unsafe-inline' https://*.sitecore.com https://*.clarity.ms https://*.bing.com;base-uri 'self';connect-src wss://*.qualified.com https://*.qualified.com https://*.sitecore.com https://*.sitecorecloud.io https://*.6sc.co https://*.6sense.com https://*.adnxs.com https://cdn.dreamdata.cloud https://*.google.com https://google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://api.ipify.org https://px.ads.linkedin.com https://*.bing.com https://*.clarity.ms https://*.bing.net https://*.salesloft.com;default-src data: blob: https://*.sitecore.com https://*.sitecore.net https://*.googleapis.com https://*.gstatic.com https://*.6sc.co https://*.6sense.com;font-src https://*.sitecore.com;frame-src https://*.sitecore.com https://*.sitecorecontenthub.cloud https://app.qualified.com https://*.google.com https://td.doubleclick.net https://*.googletagmanager.com https://capture.navattic.com https://sitecore.navattic.com/ https://s.pointerpro.com/ https://*.sequel.io;frame-ancestors 'self' https://*.sitecorecloud.io https://*.sitecore.com https://forresterstage.mainstayadvisor.com https://*.forrester.com;img-src *;media-src https://app.qualified.com 'self' https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud data:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sitecore.com http://localhost http://*.6sc.co https://*.googlesyndication.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.recaptcha.net https://*.gstatic.cn https://*.gstatic.com https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.qualified.com https://*.salesloft.com https://d35vb5cccm4xzp.cloudfront.net https://*.bing-int.com https://cdn.dreamdata.cloud https://cdn.drda.io https://*.g.doubleclick.net https://*.clarity.ms https://*.bing.com;style-src-attr 'unsafe-inline' https://*.sitecore.com;worker-src blob:; 5
object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 5
default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: * ; child-src blob: ; 5
frame-ancestors https://sc10cm https://rg-sitecore-website-qa-330340-single.azurewebsites.net https://web-ih-sc-tst-cd-wus2.azurewebsites.net https://web-ih-sc-prd-cm-wus2.azurewebsites.net https://intermountain.dev.local https://intermountainhealth.formstack.com 5
frame-ancestors 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au https://keepersecurity.jp https://keepersecurity.ca; 5
frame-ancestors 'self' *.bny.com; 5
frame-ancestors           www.kaufland.de www.kaufland-pp.de           media.kaufland.de media.kaufland.com wissen-kaufland.kcenter.usu.com kaufland.staffbase.com leaflets.kaufland.com           www.kaufland.cz www.kaufland-pp.cz           www.kaufland.sk www.kaufland-pp.sk           www.kaufland.pl www.kaufland-pp.pl           www.kaufland.at www.kaufland-pp.at           www.kaufland.fr www.kaufland-pp.fr           'self' 5
frame-ancestors same; report-uri /report-csp-violation 5
default-src 'self'; img-src 'self' https://ak-d.tripcdn.com/images/05E1412000cmevvp5D2FE.png; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://use.fontawesome.com; require-trusted-types-for 'script'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; font-src https://fonts.gstatic.com https://use.fontawesome.com; frame-ancestors 'none'; 5
frame-ancestors 'self' https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; 5
default-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src https: wss: data:; font-src 'self' https: data:; img-src 'self' data: blob: https:; worker-src 'self' http: blob: data: 5
default-src 'self' 'unsafe-inline'; 5
img-src 'self' data: blob: pancake.vn pancake.biz pages.fm pancake.id pancake.in pancake.ph fbcdn.net fbsbx.com facebook.com cdninstagram.com zadn.vn zdn.vn shopee.vn shopee.sg shopee.co.id shopee.co.th shopee.tw shopee.ph shopeemobile.com unpkg.com line-scdn.net openstreetmap.org shptlocal.shpt.com.vn his.benhvienthammyjtangel.com hisjt.shpt.com.vn ibyteimg.com *.pancake.vn *.pancake.biz *.pages.fm *.pancake.id *.pancake.in *.pancake.ph *.fbcdn.net *.fbsbx.com *.facebook.com *.cdninstagram.com *.zadn.vn *.zdn.vn *.shopee.vn *.shopee.sg *.shopee.co.id *.shopee.co.th *.shopee.tw *.shopee.ph *.shopeemobile.com *.unpkg.com *.line-scdn.net *.openstreetmap.org *.shptlocal.shpt.com.vn *.his.benhvienthammyjtangel.com *.hisjt.shpt.com.vn *.ibyteimg.com; 5
default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: https: 'self'; connect-src blob: https: 'self' 'unsafe-inline' wss://*.hotjar.com; frame-ancestors 'self'; report-to csp-endpoint; report-uri https://knxzhhty06.execute-api.eu-west-1.amazonaws.com/prod/browser-reporting/csp; 5
default-src 'self' https://*.magenta.at;      upgrade-insecure-requests;      report-to csp-endpoint;      script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.magenta.at https://*.t-mobile.at https://*.magentabusiness.at https://*.s-budget-mobile.at           https://*.esp.ownsolutions.net           https://magenta-at.cleverq.de           https://*.youtube.com           https://*.youtube-nocookie.com           https://eu-dg.knowmax.ai           https://*.google.com           https://*.google.de           https://*.googletagmanager.com           https://googletagmanager.com           https://tagmanager.google.com           https://*.google-analytics.com           https://*.googleapis.com           https://*.gstatic.com           https://*.tiktok.com           https://*.licdn.com           https://*.sc-static.net           https://*.clarity.ms           https://*.crwdcntrl.net           https://*.cookielaw.org           https://*.cookiebot.com           https://*.googleadservices.com           https://*.doubleclick.net           https://*.medallia.eu           https://*.krxd.net           https://*.snapchat.com           https://*.usercentrics.eu           https://*.facebook.com           https://*.facebook.net           https://*.readpeak.com           https://*.evergage.com           https://*.bing.com           https://*.teads.tv           https://*.adnxs.com           https://*.fusedeck.net           https://*.pinimg.com           https://*.sprinklr.com           https://*.hotjar.com           https://*.googlesyndication.com           https://*.evgnet.com           https://siteimproveanalytics.com           https://sc-static.net           https://form.virtualq.tech           https://magenta.jobbase.io           https://cdn.jsdelivr.net           https://magenta.onlyfy.jobs;      img-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at blob: data:           https://*.google-analytics.com           https://*.tiktok.com           https://*.googletagmanager.com           https://*.googleadservices.com           https://*.googlesyndication.com           https://www.google.de           https://*.google.de           https://www.google.com           https://*.google.at           https://*.gstatic.com           https://*.googleapis.com           https://*.google.com           https://*.doubleclick.net           https://*.licdn.com           https://*.clarity.ms           https://*.siteimproveanalytics.io           https://*.snapchat.com           https://*.facebook.com           https://*.facebook.net           https://*.readpeak.com           https://*.senderinfo.de           https://*.teads.tv           https://*.adnxs.com           https://*.fusedeck.net           https://*.youtube.com           https://*.youtube-nocookie.com           https://*.medallia.eu           https://*.linkedin.com           https://*.usercentrics.eu           https://*.bing.com           https://*.s3.eu-central-1.amazonaws.com           https://magenta.jobbase.io           https://magenta.onlyfy.jobs;      connect-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at           https://*.google-analytics.com           https://*.googlesyndication.com           https://*.googleadservices.com           https://*.tiktokw.us           https://google.com           https://*.googletagmanager.com           https://*.google.com           https://*.googleapis.com           https://*.doubleclick.net           https://*.tiktok.com           https://*.bing.com           https://*.licdn.com           https://*.clarity.ms           https://*.crwdcntrl.net           https://*.cookielaw.org           https://*.cookiebot.com           https://*.snapchat.com           https://*.usercentrics.eu           https://*.facebook.com           https://*.facebook.net           https://*.readpeak.com           https://*.teads.tv           https://*.hotjar.io           wss://*.hotjar.com           https://*.hotjar.com           https://*.adnxs.com           wss://*.fusedeck.net           https://*.fusedeck.net           https://*.pinterest.com           wss://*.sprinklr.com           https://*.sprinklr.com           https://*.linkedin.com           https://*.medallia.eu           https://tmobileaustria.germany-2.evergage.com           https://*.senderinfo.de           https://*.usercentrics.eu           https://*.bing.com           https://form.virtualq.tech           https://magenta.jobbase.io           https://magenta.onlyfy.jobs;      form-action 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at           https://*.facebook.com           https://*.facebook.net           https://form.virtualq.tech;      media-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at blob: data:           https://*.sprinklr.com           https://*.senderinfo.de;      frame-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at           https://*.googletagmanager.com           https://*.google.com           https://google.com           https://*.googleapis.com           https://*.doubleclick.net           https://*.clarity.ms           https://*.usercentrics.eu           https://eu-dg.knowmax.ai           https://*.licdn.com           https://*.sprinklr.com           https://*.bing.com           https://*.readpeak.com           https://*.medallia.eu           https://*.snapchat.com           https://*.usercentrics.eu           https://*.youtube.com           https://*.youtube-nocookie.com           https://magenta-shopfinder.pgsdemo.com           https://*.adnxs.com           https://magenta-at.cleverq.de           https://app.wigeogis.com           https://form.virtualq.tech           https://magenta.onlyfy.jobs;      frame-ancestors 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at;      object-src 'none';      style-src 'self' 'unsafe-inline' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at           https://fonts.googleapis.com           https://form.virtualq.tech;      font-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://fonts.googleapis.com https://fonts.gstatic.com data: 5
default-src 'none'; script-src 'self' 'sha256-LhgjEUDTB5uVcQPxB7ClpuZyNmHM6EsxG6GFSRQyGrM='; img-src 'self' https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://files2.bovision.se https://mb.cision.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.se https://9848475f-428b-4380-8d26-dfe74eb251f7.at.rivsec.eu; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net https://qcnl.tv; connect-src 'self' https://*.demdex.net https://cm.everesttech.net https://feed.jobylon.com https://publish.ne.cision.com https://handelsbanken-marknadsinformation.se https://assets.adobedtm.com https://*.handelsbanken.se https://*.handelsbanken.no https://*.handelsbanken.nl https://*.handelsbanken.com https://*.handelsbanken.co.uk https://*.qbrick.com:443 https://qcnl.tv; style-src 'self' 'unsafe-inline'; frame-src https://assets.adobedtm.com https://handelsbanken-marknadsinformation.se *.demdex.net *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com handelsbanken.fondlista.se secure.msse.se www.efn.se borsrum.episerverhosting.com shbfxcalc.millistream.com mws-2.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com cphspk01.shbmain.shb.biz irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com go.beanstream.com qcnl.tv; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 5
frame-ancestors 'self' https://www.ringier-advertising.ch https://ringier-staging.hacepiby.cyon.site https://blumen.palantirfoundry.de; 5
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.com https://metrica.yandex.ru https://metrica.yandex.com https://webvisor.com https://*.webvisor.com 5
worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://embed.cloudflarestream.com *.google.com *.gstatic.com *.twitter.com *.reddit.com *.googletagmanager.com *.stripe.com *.hscollectedforms.net *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hscollectedforms.net *.hsforms.net *.hsforms.com *.vimeo.com *.hs-scripts.com *.sentry.io *.freshworks.com embed.cloudflarestream.com *.target-video.com *.brid.tv js-agent.newrelic.com *.nr-data.net https://src.litix.io/core/4/mux.js cdn.jsdelivr.net https://www.youtube.com *.b-cdn.net *.r-cdn.net; frame-src 'self' localhost *.realms.tv youtube.com *.youtube.com twitch.tv *.twitch.tv vimeo.com *.vimeo.com facebook.com *.facebook.com transistor.fm *.transistor.fm apple.com *.apple.com spotify.com *.spotify.com rumble.com *.rumble.com 1a-1791.com *.1a-1791.com *.cloudflarestream.com *.soundslice.com *.target-video.com target-video.com *.google.com *.stripe.com *.x.com *.twitter.com *.reddit.com *.hs-sites.com *.hubspot.com *.hsforms.net *.hsforms.com *.freshdesk.com *.audent.ai https://www.youtube-nocookie.com/ https://www.youtube.com *.b-cdn.net *.r-cdn.net; frame-ancestors 'self' popdaze.com; img-src * data: blob: *.b-cdn.net *.r-cdn.net; 5
default-src * https: data: 'unsafe-inline' 'unsafe-eval'; 5
default-src https: data: wss://*.qualified.com wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 5
frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.healthybenefitsplus.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net match.adsrvr.org optum.ceros.site; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.healthybenefitsplus.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.recaptcha.net *.lpsnmedia.net *.liveperson.net https://va.idp.liveperson.net match.adsrvr.org optum.ceros.site; 5
frame-ancestors 'self' *.youtube.com *.vimeo.com; 5
default-src https: 5
base-uri 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.magnolia-platform.com dashboard.trustprofile.com *.unzer.com *.mouseflow.com *.inpost.pl *.unzer.com *.etrusted.com *.campaign.playable.com *.games.playable.com; form-action *.salesforce.com; frame-ancestors 'self' *.magnolia-platform.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt view.publitas.com scripts.publitas.com *.etracker.com *.etracker.de *.campaign.playable.com *.games.playable.com; img-src 'self' data: *.usercentrics.eu *.luigisbox.tech *.luigisbox.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.magnolia-platform.com *.wt-eu02.net bat.bing.com *.google.com *.google.de *.google.at *.google.pl google.com google.de google.at google.pl static.phrase.com *.trustedshops.com *.gstatic.com *.myracloud.com dashboard.trustprofile.com commission.europa.eu *.facebook.net *.heidelpay.com *.unzer.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com *.online-metrix.net *.cdn-apple.com *.mouseflow.com *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de *.campaign.playable.com *.games.playable.com *.app.playable.com *.tiktok.com; object-src 'self' blob:; style-src 'self' *.luigisbox.tech *.luigisbox.com 'unsafe-inline' *.magnolia-platform.com d2bgdldl6xit7z.cloudfront.net *.googletagmanager.com tagmanager.google.com fonts.googleapis.com trck.linkster.co *.visualwebsiteoptimizer.com app.vwo.com *.unzer.com sandbox-easy-geowidget-sdk.easypack24.net *.inpost.pl *.etrusted.com view.publitas.com scripts.publitas.com *.campaign.playable.com *.games.playable.com *.app.playable.com; script-src 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.tech *.luigisbox.com *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com paypalobjects.com *.trustedshops.com blob: *.googleadservices.com googleads.g.doubleclick.net google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl 'self' *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com scripts.publitas.com *.unzer.com *.mouseflow.com *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de *.cdn-apple.com *.campaign.playable.com *.games.playable.com *.app.playable.com *.leadfamly.com; upgrade-insecure-requests; default-src 'self' blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.tech *.luigisbox.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com paypalobjects.com *.magnolia-platform.com bat.bing.com googleads.g.doubleclick.net *.trustedshops.com blob: d2bgdldl6xit7z.cloudfront.net *.smarketer.de trck.linkster.co google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl dashboard.trustprofile.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com scripts.publitas.com *.unzer.com *.online-metrix.net *.cdn-apple.com *.mouseflow.com sandbox-easy-geowidget-sdk.easypack24.net *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de *.campaign.playable.com *.games.playable.com *.app.playable.com *.leadfamly.com *.facebook.net *.tiktok.com; connect-src 'self' *.luigisbox.tech *.luigisbox.com *.usercentrics.eu *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net api.phrase.com d2bgdldl6xit7z.cloudfront.net blob: *.magnolia-platform.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.trustedshops.com *.trustbadge.com *.analytics.google.com bat.bing.com trck.linkster.co *.smarketer.de google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com scripts.publitas.com *.heidelpay.com *.unzer.com *.online-metrix.net *.mouseflow.com *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de *.campaign.playable.com *.games.playable.com *.app.playable.com *.tiktok.com; child-src *.trustedshops.com *.mouseflow.com *.campaign.playable.com *.games.playable.com; frame-src 'self' *.usercentrics.eu dashboard.trustprofile.com *.doubleclick.net parcelshop.dhl.pl *.googletagmanager.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.visualwebsiteoptimizer.com app.vwo.com view.publitas.com scripts.publitas.com *.heidelpay.com *.unzer.com *.online-metrix.net *.cdn-apple.com *.mouseflow.com sandbox-easy-geowidget.easypack24.net *.inpost.pl *.campaign.playable.com *.games.playable.com *.app.playable.com google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl; manifest-src 'self'; media-src 'self' *.magnolia-platform.com; worker-src 'self' blob: *.online-metrix.net; 5
https://dynamic.criteo.comhttps://sslwidget.criteo.com 5
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src blob:; object-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' https:; font-src 'self' https:; connect-src 'self' https: wss:; frame-ancestors 'self' 5
connect-src 'self' https://*.acsbapp.com/ https://*.clarity.ms https://*.clarity.ms/ https://*.equalweb.com https://*.equalweb.com/ https://*.optimizely.com https://*.realtime.webflow.com https://*.snapchat.com/p https://*.website-files.com https://adservice.google.com https://analytics.google.com https://analytics.liftoff.io/pixel/ https://api.griffin-ww-prd.lightricks.com https://api.typeform.com/ https://api.typeform.com/single-embed/01HVKF45154PQMHD8GZ9PZA2ZW https://api.typeform.com/single-embed/01HVKFC1SWRFSXDZE422TF61ZC https://api.typeform.com/single-embed/01HYZ4MM14CHAC8B4S0925JJZE https://aplo-evnt.com/api/v1/intent_pixel/track_request https://assets-global.website-files.com https://bat.bing.com https://bg-removal.api.photoleapapp.com/api/v1/generate https://c.bing.com https://capi.facetuneapp.com https://capi.ltx.studio https://capi.ltx.video https://capi.photoleapapp.com https://capi.videoleapapp.com https://cdn-assets-prod.s3.amazonaws.com/js/preview2/25431500446.js/ https://cdn.acsbapp.com/cache/app/en.build.json https://cdn.acsbapp.com/cache/app/website-staging.videoleapapp.com/config.json https://cdn.cookielaw.org https://cdn.equalweb.com/assets/ https://cdn.equalweb.com/style/ https://cdn.jsdelivr.net/npm/@finsweet/attributes-selectcustom@1/selectcustom.js/ https://cdn.jsdelivr.net/npm/@mediapipe/tasks-vision@latest/wasm/vision_wasm_internal.wasm https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.svg https://cdn.prod.website-files.com https://cdn.segment.com https://cloudflareinsights.com https://editor-api.webflow.com https://errors.client.optimizely.com/log https://face-shape.facetuneapp.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net/pagead/ https://gtm.facetuneapp.com https://gtm.ltx.studio https://gtm.ltx.video https://gtm.ltx.io https://gtm.photoleapapp.com https://gtm.videoleapapp.com https://lightricks.pxf.io https://lightricks.zendesk.com/embeddable/ https://logx.optimizely.com https://ltx.studio/cdn-cgi/ https://ltx.video/cdn-cgi/ https://modest.lightricks.com/apps/ https://pagead2.googlesyndication.com/pagead/ https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://realtime.webflow.com https://rest.iad-05.braze.com/api/ https://sessions.bugsnag.com https://staging.facetuneapp.com/cdn-cgi/challenge-platform/h/b/cv/result/ https://stats.g.doubleclick.net https://storage.googleapis.com https://test-drive-20-1053047382554.us-central1.run.app/events/10b1623b4e72ebe68eb7ef4666d043962b02f8d89cec7b22053de538ceace3cc https://test.res.lightricks.com/ https://tr.snapchat.com/config/com/ https://tracking-api.g2.com/attribution_tracking/conversions/assign https://tracking-api.production.g2.com/ https://tti.photoleapapp.com/api/v1/generate https://tti.stg.photoleapapp.com/api/v1/generate https://uagw.lightricks.com https://uagw.stg.lightricks.com https://web-payment-gtm.wl.r.appspot.com https://web.facebook.com https://webflow-user-file-uploads-tmp-production.s3.amazonaws.com/ https://webflow.com/api/v1/form/ https://www.clarity.ms https://www.facebook.com https://www.facetuneapp.com/api/color-analysis-test/ https://www.facetuneapp.com/api/color-analysis/ https://www.facetuneapp.com/api/face-shape/ https://www.facetuneapp.com/cdn-cgi/ https://www.facetuneapp.com/pv https://www.google-analytics.com https://www.google.co.il/ https://www.google.com/ https://www.googletagmanager.com https://www.photoleapapp.com/cdn-cgi/ https://www.videoleapapp.com/cdn-cgi/ wss://capi.facetuneapp.com wss://capi.ltx.studio wss://capi.ltx.video wss://capi.ltx.io wss://capi.photoleapapp.com wss://capi.videoleapapp.com wss://realtime.webflow.com https://px.ads.linkedin.com https://conversionsapigateway.com https://www.googleadservices.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com/ https://cdn.jsdelivr.net/npm/@splidejs/splide@4.1.4/dist/js/splide.min.js.map https://unpkg.com/lenis@1.1.20/dist/lenis.min.js.map https://demo-1.conversionsapigateway.com/ https://mpc-prod-14-s6uit34pua-ue.a.run.app/ https://lightricks.chilipiper.com/ https://*.sentry.io/ https://mpc-prod-17-s6uit34pua-wl.a.run.app/ https://accounts.google.com/gsi/ https://api.fortress-ww-prd.lightricks.com https://mpc-prod-23-s6uit34pua-ue.a.run.app/events; default-src 'self'; font-src 'self' data: https://*.website-files.com https://acsbapp.com/apps/app/dist/fonts/ https://assets.website-files.com/ https://cdn.prod.website-files.com https://d3e54v103j8qbb.cloudfront.net https://fonts.gstatic.com https://uploads-ssl.webflow.com https://use.fontawesome.com/releases/ https://use.typekit.net; form-action 'self' https://lightricks.pxf.io https://www.facebook.com/tr/; frame-ancestors 'none'; frame-src 'self' https://*.equalweb.com/ https://a24945110014.cdn-pci.optimizely.com https://a24945110014.cdn.optimizely.com https://accounts.google.com/ https://bid.g.doubleclick.net/ https://c.amazon-adsystem.com/aat/amzn.js https://cdn.embedly.com https://embedsocial.com https://form.typeform.com/ https://giphy.com https://google.com/ https://gtm.facetuneapp.com https://gtm.ltx.studio https://gtm.ltx.video https://gtm.ltx.io https://gtm.photoleapapp.com https://gtm.videoleapapp.com https://optimize.google.com https://platform.twitter.com/ https://player.vimeo.com https://s.amazon-adsystem.com/ https://td.doubleclick.net/ https://tpc.googlesyndication.com https://tr.snapchat.com/ https://twitter.com https://webflow.com/ https://www.facebook.com https://www.google.com/ https://www.instagram.com https://www.tiktok.com/ https://www.youtube.com https://lightricks.chilipiper.com/ https://cdn.prod.website-files.com/ https://accounts.google.com/gsi/; img-src 'self' * blob: data: https://cdn.optimizely.com https://lightricks.pxf.io https://logs-01.loggly.com https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.ojrq.net; media-src https://*.website-files.com https://assets-global.website-files.com https://assets.website-files.com https://cdn.prod.website-files.com https://s3.amazonaws.com/webflow-prod-assets/ https://storage.googleapis.com https://uploads-ssl.webflow.com https://videos.facetuneapp.com https://videos.ltx.studio/ https://videos.ltx.video https://videos.ltx.io; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.clarity.ms https://*.equalweb.com/ https://*.optimizely.com https://*.website-files.com https://access.equalweb.com/ https://account.lightricks.com/wp-sdk/ https://acsbapp.com/apps/app/dist/js/app.js https://app-assets.website-files.com/js/jquery-3.5.1.min.dc5e7f18c8.js https://assets-global.website-files.com/ https://assets.apollo.io/micro/website-tracker/ https://assets.website-files.com https://bat.bing.com https://c.amazon-adsystem.com/aat/amzn.js https://c.bing.com https://cdn-assets-prod.s3.amazonaws.com https://cdn-public.liftoffintl.io https://cdn.cookielaw.org https://cdn.embedly.com https://cdn.equalweb.com/core/ https://cdn.finsweet.com/files/cmslibrary-v1.8.js https://cdn.jsdelivr.net/gh/studio-freight/lenis@1.0.23/bundled/lenis.min.js https://cdn.jsdelivr.net/npm/@finsweet/attributes@2/attributes.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-animation@1/animation.esm.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-autovideo@1/autovideo.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmscore@1/cmscore.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsfilter@1/cmsfilter.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsload@1/cmsload.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsnest@1/cmsnest.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-selectcustom@1/selectcustom.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-toc@1/toc.js https://cdn.jsdelivr.net/npm/@mediapipe/tasks-vision@latest/wasm/vision_wasm_internal.js https://cdn.jsdelivr.net/npm/@splidejs/ https://cdn.jsdelivr.net/npm/gsap@3.12.5/dist/Flip.min.js https://cdn.jsdelivr.net/npm/gsap@3.12.7/dist/gsap.min.js https://cdn.jsdelivr.net/npm/gsap@3.12.7/dist/ScrollTrigger.min.js https://cdn.jsdelivr.net/npm/js-cookie@2/ https://cdn.jsdelivr.net/npm/uuid@latest/ https://cdn.jsdelivr.net/npm/vanilla-lazyload@16.1.0/ https://cdn.optimizely.com/js/ https://cdn.plyr.io/3.7.8/plyr.js https://cdn.prod.website-files.com https://cdn.prod.website-files.com/65bb6b901cb133d784d16166/js/webflow.1d27bb018.js https://cdn.prod.website-files.com/65bb6b901cb133d784d16166/js/webflow.7ee8f7d6c.js https://color-analysis.facetuneapp.com https://connect.facebook.net/ https://d3e54v103j8qbb.cloudfront.net/ https://embed.typeform.com/ https://embedsocial.com https://f4tjpw.csb.app/flip.js https://face-shape.facetuneapp.com https://fonts.googleapis.com https://google.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://gtm.facetuneapp.com https://gtm.ltx.studio https://gtm.ltx.video https://gtm.ltx.io https://gtm.photoleapapp.com https://gtm.videoleapapp.com https://js.appboycdn.com/web-sdk/ https://lib.facetuneapp.com https://ltx.studio https://lib.ltx.studio https://ltx.video https://lib.ltx.video https://ltx.io https://lib.ltx.io https://lib.photoleapapp.com https://lib.videoleapapp.com https://lightricks.us4.list-manage.com/subscribe/post-json https://modest.facetuneapp.com/ https://onelinksmartscript.appsflyer.com https://optimize.google.com https://optimize.google.com/optimize/inject/inject.js https://optimizely.s3.amazonaws.com https://platform.twitter.com https://platform.twitter.com/js/tweet.5b94507822be1b77b58bef86fc7cd9f7.js https://platform.twitter.com/widgets.js https://player.vimeo.com https://sc-static.net/scevent.min.js https://sf16-website- https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.js https://static.ads-twitter.com/uwt.js https://static.cloudflareinsights.com https://static.zdassets.com/ https://tagmanager.google.com https://tr.snapchat.com/config/com/ https://tracking.g2crowd.com/attribution_tracking/conversions/ https://unpkg.com/split-type https://use.typekit.net https://utt.impactcdn.com https://web-payment-gtm.wl.r.appspot.com https://webflow-local-dev.ltx.studio https://webflow-local-dev.ltx.video https://webflow-local-dev.ltx.io https://wp-sdk.facetuneapp.com https://wp-sdk.ltx.studio https://wp-sdk.ltx.video https://wp-sdk.ltx.io https://wp-sdk.photoleapapp.com https://wp-sdk.videoleapapp.com https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.instagram.com https://www.tiktok.com/embed.js login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_v1.0.12.js https://ajax.googleapis.com https://snap.licdn.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/@splidejs/splide@4.1.4/dist/js/splide.min.js.map https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.4/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.4/ScrollTrigger.min.js https://cdn.equalweb.com/core/5.2.0/accessibility.js https://cdn.jsdelivr.net/npm/@finsweet/attributes@2/attributes.js https://unpkg.com/lenis@1.1.20/dist/lenis.min.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-scrolldisable@1/scrolldisable.js https://cdn.jsdelivr.net/npm/@finsweet/attributes@2/dist https://haircut.facetuneapp.com https://lightricks.chilipiper.com/ https://cdn.jsdelivr.net/gh/videsigns/webflow-tools@latest/multi-step.js https://tools.refokus.com/cms-tabs/bundle.v1.0.0.js https://accounts.google.com/gsi/client; style-src 'self' 'unsafe-inline' https://*.equalweb.com/ https://*.twimg.com https://*.website-files.com https://assets-global.website-files.com https://assets.website-files.com https://cdn.jsdelivr.net/ https://cdn.prod.website-files.com https://cdn.prod.website-files.com/65bb6b901cb133d784d16166/css/ltx- https://cdn.prod.website-files.com/65bb6b901cb133d784d16166/css/ltx-studio.webflow.baa5d1ac0.min.css https://d3e54v103j8qbb.cloudfront.net/fonts/inter/ https://embed.typeform.com/ https://embedsocial.com https://fonts.googleapis.com https://optimize.google.com https://platform.twitter.com https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.css https://use.fontawesome.com/ ow.baa5d1ac0.min.css studio.webflow.e5748a061.min.css https://www.googletagmanager.com https://unpkg.com/lenis@1.1.20/dist/lenis.css https://lib.facetuneapp.com https://lib.ltx.studio https://lib.ltx.video https://lib.ltx.io https://lib.photoleapapp.com https://lib.videoleapapp.com https://accounts.google.com/gsi/style; upgrade-insecure-requests; worker-src https://cdn.jsdelivr.net; 5
frame-ancestors 'self' *.backushospital.org  *.charlottehungerford.org  *.ctorthoinstitute.org  *.ctorthomidstate.org  *.ctorthostvincents.org  *.hartfordhealthcare.org  *.hartfordhealthcare.org  *.hartfordhealthcareathome.org  *.hartfordhealthcaremedicalgroup.org  *.hartfordhealthcarerehabnetwork.org  *.hartfordhospital.org  *.hartfordhospital.org  *.hhcandme.com  *.hhcbehavioralhealth.org  *.hhcconnect.com  *.hhcconnect.net  *.hhcconnect.org  *.hhchealth.com  *.hhchealth.net  *.hhchealth.org  *.hhcseniorservices.org  *.hhcsystem.org  *.instituteofliving.org  *.integratedcarepartners.org  *.midstatemedical.org  mychartplus.org *.mychartplus.org  *.natchaug.org  *.rushford.org  *.stvincents.org  *.thocc.org 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' 5
default-src 'self' https:; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; form-action 'self' https:; frame-src 'self' https:; frame-ancestors 'self' *.ahc.root.loc *.dirsvcs.org *.epichosted.com *.aah.org *.atriumhealth.org; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: wss:; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 5
connect-src 'self' wss://*.finance.yahoo.com/ https://*.cdn.yimg.com https://*.oath.com https://*.yahoo.com https://*.yahoo.net https://api.alyavista.com https://api.privacy-center.org https://bam.nr-data.net/ https://dpm.demdex.net/ https://guce.yahoofinance.com https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://s.yimg.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://smetrics.att.com/ https://files.quartr.com/streams/ https://b.trueanthem.com/ https://*.emb-api.com/ https://*.googlesyndication.com https://*.adtrafficquality.google https://*.3lift.com https://*.adsrvr.org https://*.casalemedia.com https://*.clean.gg https://*.criteo.com https://*.indexww.com/ https://*.kueezrtb.com https://*.liadm.com https://*.lijit.com/ https://*.media.net https://*.openx.net https://*.pubmatic.com https://*.rubiconproject.com https://*.seedtag.com https://*.sharethrough.com https://*.sonobi.com https://*.taboola.com https://*.yieldmo.com https://csi.gstatic.com https://pbs-yahoo-apac.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-us.ay.delivery https://static.criteo.net https://*.dns-finder.com https://api.rlcdn.com https://*.adnxs.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google.de https://*.google.com.au https://*.google.ca https://*.google.co.uk https://*.google.co.nz https://*.google.com.sg https://*.google.es https://*.google.fr https://*.google.it https://*.google.com.br https://*.google.com.hk https://*.google.co.in; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://s.yimg.com https://cdn.taboola.com; frame-ancestors 'self' https://www.aol.com https://www.aol.co.uk https://www.aol.de https://www.aol.ca https://*.ouryahoo.com https://www.yahoo.com https://news.yahoo.com https://local.cm.yahoo.com https://cm-ui.staging.yahoo.com https://cm-ui.yahoo.com; frame-src 'self' https://*.abcnews.go.com https://*.advertising.com https://*.bbc.co.uk https://*.chartbeat.com https://*.clicktivatedvideoplayer.com https://*.deezer.com https://*.delivery.vidible.tv https://*.dailymotion.com/ https://*.etonline.com https://*.facebook.com https://*.google.com https://*.hulu.com https://*.instagram.com https://*.jac.yahoosandbox.com https://*.livestream.com https://*.mtvnservices.com https://*.myfinance.com https://*.nbc.com https://*.nytimes.com https://*.oath.com https://*.reuters.com https://*.scribd.com https://*.smartasset.com https://*.soundcloud.com https://*.spotify.com https://*.ted.com https://*.theguardian.com https://*.tumblr.com https://*.turner.com https://*.usatoday.com https://*.vimeo.com https://*.washingtonpost.com https://*.wsj.com https://*.yahoo.com https://*.yahoo.net https://abcnews.go.com https://att.demdex.net/ https://bbc.co.uk https://cdn.yahoofinance.com/ https://chartbeat.com https://compass.pressekompass.net https://datawrapper.dwcdn.net https://delivery.vidible.tv https://embed.acast.com https://embed.music.apple.com https://embed.podcasts.apple.com https://embedder.wirewax.com https://flo.uri.sh/ https://flourish.studio https://guce.yahoofinance.com https://interactives.ap.org https://livestream.com https://platform.twitter.com https://s.yimg.com https://service.force.com/ https://smartasset.com https://tsdtocl.com/ https://view.ceros.com https://vimeo.com https://widget-yahoo.ofx.com https://www.bankrate.com https://www.credible.com https://www.surveymonkey.com https://www.youtube.com https://yahoo.crunchbaseembed.com https://yahoo.real-estate.hk https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.adtrafficquality.google https://www.googletagmanager.com https://*.1rx.io https://*.3lift.com https://*.a-mo.net https://*.adnxs.com https://*.adsrvr.org https://*.amazon-adsystem.com https://*.casalemedia.com https://*.cootlogix.com https://*.creativecdn.com https://*.criteo.com https://*.doubleclick.net https://*.emxdgt.com https://*.everesttech.net https://*.gumgum.com https://*.indexww.com https://*.kargo.com https://*.kueezrtb.com https://*.lijit.com https://*.media.net https://*.mediago.io https://*.openx.net https://*.pubmatic.com https://*.rfihub.com https://*.rubiconproject.com https://*.seedtag.com https://*.sharethrough.com https://*.sonobi.com https://*.taboola.com https://*.trustedstack.com https://*.yellowblue.io https://*.yieldmo.com https://jadserve.postrelease.com/ https://yahoo-match.dotomi.com https://ad-delivery.net https://*.dns-finder.com; img-src 'self' data: blob: about: https://*.amazon-adsystem.com https://*.chartbeat.com https://*.chartbeat.net https://*.cloudfront.net/pixel.gif https://*.dotomi.com https://*.wc.yahoodns.net https://*.yahoo.com https://*.yahoo.net https://*.yimg.com https://media.zenfs.com https://o.aolcdn.com/images/dims https://pbs.twimg.com https://pbs-yahoo-us.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-apac.ay.delivery https://platform.twitter.com https://public.flourish.studio/resources/ https://res.cloudinary.com/yfc-nonprod/ https://res.cloudinary.com/yfc-production/ https://s2.coinmarketcap.com/static/img/coins/ https://sb.scorecardresearch.com https://smetrics.att.com/b/ss/attnetprod/ https://syndication.twitter.com https://vop-yahoo.akamaized.net/pixel.gif https://www.facebook.com https://cdn.yodlee.com https://news-assets.stockstory.org https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.1rx.io https://*.3lift.com https://*.adnxs.com https://*.adsafeprotected.com/ https://*.adsrvr.org https://*.adtrafficquality.google https://*.casalemedia.com https://*.cootlogix.com https://*.creativecdn.com https://*.criteo.com https://*.disqus.com https://*.emxdgt.com https://*.everesttech.net https://*.gumgum.com https://*.indexww.com/ https://*.kargo.com https://*.kueezrtb.com https://*.liadm.com https://*.lijit.com https://*.lijit.com/ https://*.media.net https://*.mediago.io https://*.openx.net https://*.pubmatic.com https://*.rfihub.com https://*.rubiconproject.com https://*.sharethrough.com https://*.sonobi.com https://*.taboola.com https://*.yellowblue.io https://*.yieldmo.com https://*.bidswitch.net https://api-taboola.com https://creativecdn.com https://prebid.a-mo.net https://ad-delivery.net https://*.dns-finder.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google.de https://*.google.com.au https://*.google.ca https://*.google.co.uk https://*.google.co.nz https://*.google.com.sg https://*.google.es https://*.google.fr https://*.google.it https://*.google.com.br https://*.google.com.hk https://*.google.co.in https://polymarket-upload.s3.us-east-2.amazonaws.com https://polymarket-upload.s3.amazonaws.com; manifest-src 'self' https://s.yimg.com; media-src 'self' blob: https://s.yimg.com https://res.cloudinary.com/yfc-nonprod/ https://res.cloudinary.com/yfc-production/ https://files.quartr.com/streams/ https://vidstat.taboola.com; object-src 'none'; report-to csp-endpoint; report-uri https://csp.yahoo.com/beacon/csp?src=yahoofinance; sandbox allow-downloads allow-forms allow-modals allow-popups-to-escape-sandbox allow-popups allow-presentation allow-same-origin allow-scripts allow-top-navigation-by-user-activation; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://launcher.spot.im https://*.oath.com https://*.salesforceliveagent.com/ https://*.yahoo.com https://*.yahoo.net https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/dcodeIO/protobuf.js/ https://ec.yimg.com/didomi/ https://jac.yahoosandbox.com/2.0.0/jac.js https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://openweb.jac.yahoosandbox.com/1.5.0/jac.js https://platform.twitter.com https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://s.yimg.com https://service.force.com/embeddedservice/5.0/ https://static.lightning.force.com/ https://static2.chartbeat.com https://*.adtrafficquality.google https://*.googlesyndication.com https://console.googletagservices.com/pubconsole/loader.js https://adservice.google.com/adsid/integrator.js https://cdn.ampproject.org/rtv/ https://www.googletagservices.com/activeview/js https://*.doubleclick.net https://*.taboola.com https://ads.pubmatic.com https://gum.criteo.com https://static.criteo.net https://wnsrvbjmeprtfrnfx.ay.delivery https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.yahoo.com https://cdn.taboola.com https://oathmembershipsupport.my.salesforce-sites.com/ https://platform.twitter.com https://s.yimg.com https://service.force.com/; worker-src 'self' blob: 5
frame-ancestors 'self' *.ci360.sas.com; 5
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 5
frame-ancestors 'self' https://triple.nl/; 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usbrowserspeed.com *.cookielaw.org *.googletagmanager.com *.bing.com *.licdn.com *.hotjar.com *.driftt.com *.terminus.services *.demandbase.com *.doubleclick.net *.vidyard.com *.facebook.com *.facebook.net *.marketo.net *.monitor.azure.com *.googleadservices.com *.adobedtm.com analytics-sm.com *.24-astute.com *.affec.tv  *.adnxs.com *.adentifi.com  *.google.com *.gstatic.com *.cloudflareinsights.com *.redditstatic.com *.bat.bing-int.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.googletagmanager.com *.googleapis.com; img-src 'self' data: *.everesttech.net *.vidyard.com *.cookielaw.org *.ads.linkedin.com *.terminus-services.com *.terminus.services *.bing.com *.rlcdn.com *.google.com *.adsrvr.org *.company-target.com *.adentifi.com *.doubleclick.net *.facebook.com *.linkedin.com driftt.imgix.net *.googleadservices.com *.everesttech.net *.demdex.net *.google.ca analytics-sm.com *.go.affec.tv *.adnxs.com trkn.us *.reddit.com *.googletagmanager.com; font-src 'self' data:; connect-src 'self' wss: https:; media-src 'self' 'unsafe-inline'; frame-src 'self' *.doubleclick.net *.googletagmanager.com *.company-target.com *.driftt.com *.vidyard.com *.demdex.net  *.google.com hackerone.com *.facebook.com; 5
frame-ancestors 'self' https://app.contentstack.com 5
default-src data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src https: wss:; worker-src blob: 5
img-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.flightcentre.com https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.usabilla.com http://*.usabilla.com https://*.newrelic.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.pinterest.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io https://cdn.wisepops.com https://*.quantserve.com https://*.livechatinc.com https://flightcentre.r-cubed.co.uk https://rules.quantcount.com https://*.criteo.com https://code.jquery.com https://*.creativecdn.com https://*.rokt.com https://*.mypurecloud.com.au https://s.yimg.com https://sp.analytics.yahoo.com *.feroot.com https://*.taboola.com https://*.redditstatic.com https://*.reddit.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://register.feefo.com https://cdn.cookielaw.org https://d6tizftlrpuof.cloudfront.net; connect-src https://*.fcl.cloud wss://*.fcl.cloud https://*.flightcentre.com https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://*.fclmedia.com https://fcl-sydney-geo-7.ent.ap-southeast-2.aws.found.io https://flowise-dev.dse.fctg.global https://*.launchdarkly.com https://*.optimizely.com *.nr-data.net https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.google.com.au https://*.google.ca https://*.google.co.nz https://*.google.co.za https://*.google.co.uk https://*.evergage.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://analytics.pangle-ads.com https://*.pinterest.com https://*.linkedin.com https://*.outbrain.com https://*.g.doubleclick.net https://wisepops.net https://*.wisepops.com https://*.feefo.com https://cdn.cookielaw.org https://developer.livehelpnow.net https://*.snapchat.com https://www.facebook.com https://bat.bing.com https://bat.bing.net https://*.onetrust.com https://flightcentre.r-cubed.co.uk https://adservice.google.com https://www.google.com https://analytics.google.com https://www.googleadservices.com https://*.browser-intake-datadoghq.com https://*.criteo.com https://*.usabilla.com https://*.creativecdn.com https://*.mypurecloud.com.au wss://*.mypurecloud.com.au https://*.salesforce.com https://d1nojfewl3tku3.cloudfront.net/assets https://maps.googleapis.com https://s.yimg.com *.feroot.com https://insight.adsrvr.org https://*.taboola.com https://*.reddit.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; font-src https: blob: data:; frame-ancestors 'self'; report-uri /api/csp_report 5
object-src 'self'; manifest-src 'self'; worker-src 'self' blob: https://customer-t79v13gisi5h8yrx.cloudflarestream.com; font-src 'self' data: https://fonts.gstatic.com;; frame-ancestors 'self'; 5
default-src * 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors *.zywave.com *.zywave.net; img-src * data:; font-src * data:; media-src * blob:; report-uri zywave.com 5
frame-ancestors https://faucetpay.io https://coinpayu.com https://cointiply.com https://faucetcrypto.com https://adbtc.top https://viefaucet.com https://firefaucet.win https://autofaucet.dutchycorp.space https://claimfreecoins.io; 5
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https:; object-src 'none'; 5
default-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests 5
frame-src 'self' 5
https://miclarocorp.z01.azurefd.net https://fonts.googleapis.com 5
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 5
default-src blob: https: wss: data: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src https: data:; worker-src blob: data:; 5
default-src http: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self' https://www.google.com 5
object-src 'self';frame-ancestors 'self'; 5
frame-ancestors 'self' *.storyblok.com; 5
frame-ancestors 'self' https://connect.igen.fr https://macg.co https://www.macg.co https://igen.fr https://www.igen.fr https://watchgeneration.fr https://www.watchgeneration.fr; 5
default-src 'self'    ;    script-src 'self' 'unsafe-eval' 'unsafe-inline'      https://*.comici.jp      https://*.corkbooks.com      https://*.rimacomiplus.jp      https://*.bigcomics.jp      https://*.googleapis.com      https://*.facebook.net      https://*.facebook.com      https://*.stripe.com      https://*.cloudflare.com      https://*.twitter.com      https://*.ads-twitter.com      https://*.x.com      https://*.valuecommerce.com      https://*.line-website.com      https://*.datadoghq-browser-agent.com      https://browser-intake-datadoghq.com      https://*.googletagmanager.com      https://*.adtrafficquality.google      https://*.google-analytics.com      https://*.googlesyndication.com      https://*.googleadservices.com      https://cdn.cookielaw.org      https://analytics.google.com      https://*.g.doubleclick.net      https://*.hotjar.com      https://*.tiktok.com      https://*.cookiebot.com    ;    frame-src 'self'      https://comici.jp      https://*.comici.jp      https://corkbooks.com      https://*.corkbooks.com      https://*.rimacomiplus.jp      https://*.bigcomics.jp      https://*.stripe.com      https://*.googletagmanager.com      https://*.adtrafficquality.google      https://*.google.com      https://*.googlesyndication.com      https://www.youtube.com      https://*.doubleclick.net      https://static.ads-twitter.com      https://*.twitter.com      https://*.facebook.com/      https://consentcdn.cookiebot.com    ;    connect-src 'self'      https://*.comici.jp      https://*.corkbooks.com      https://*.rimacomiplus.jp      https://*.bigcomics.jp      https://*.datadoghq-browser-agent.com      https://browser-intake-datadoghq.com      https://*.stripe.com      https://www.googletagmanager.com      https://analytics.google.com      https://*.google-analytics.com      https://*.googlesyndication.com      https://*.adtrafficquality.google      https://*.doubleclick.net      https://www.google.com      https://www.google.co.jp      https://analytics.tiktok.com      https://*.cookielaw.org      https://stbfep.sps-system.com      https://*.hotjar.io      https://www.facebook.com      https://analytics-ipv6.tiktokw.us      https://consentcdn.cookiebot.com      https://consent.cookiebot.com    ;    style-src 'self' 'unsafe-inline'      https://*.comici.jp      https://*.corkbooks.com      https://*.rimacomiplus.jp      https://*.bigcomics.jp      https://*.rimacomiplus.jp      https://*.cloudflare.com      https://*.googleapis.com    ;    worker-src 'self' blob:    ;    img-src * 'self' data: blob:    ;    font-src 'self' data:      https://*.gstatic.com    ;    frame-ancestors 'self'      https://*.google.com    ; 5
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 5
frame-ancestors 'self' *.qidian.com *.hongxiu.com *.yuewen.com *.qq.com *.qdmm.com *.readnovel.com *.xs8.cn *.xxsy.net *.tingbook.com *.lrts.me *.ywurl.cn *.qdwenxue.com *.if.qidian.com www.gameloop.com *.xs.cn *.rongshuxia.com 5
default-src https:; font-src 'unsafe-inline' https: data:; child-src https: blob:; connect-src https: blob:; worker-src https: blob:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https:; object-src; base-uri 'none'; style-src 'unsafe-inline' https: data:; img-src https: data:; 5
default-src 'self'; img-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://trc.taboola.com https://www4.celibest.com https://www.celibest.com https://www.celibnord.com https://www.celibouest.com https://www.celibparis.com https://www.celiblyon.com https://www.celibrhonealpes.com https://www.celibsud.com https://www.celibsudouest.com https://toodate-rekognition.s3.eu-west-1.amazonaws.com https://toodate-rekognition-a.s3.eu-west-1.amazonaws.com *.paypal.com *.paypalobjects.com *.venmo.com data:; script-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://www.googletagmanager.com https://code.createjs.com https://www.paypal.com *.paypal.com *.paypalobjects.com *.venmo.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.paypal.com *.paypal.com *.paypalobjects.com *.venmo.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://systempay.cyberpluspaiement.com https://www.paypal.com; media-src 'self'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://www.paypal.com *.paypal.com *.paypalobjects.com *.venmo.com; frame-src 'self' https://www.paypal.com *.paypal.com *.paypalobjects.com *.venmo.com; frame-ancestors 'self'; child-src 'self' https://www.paypal.com *.paypal.com *.paypalobjects.com *.venmo.com; object-src 'none'; 5
frame-ancestors 'self' *.maxon.net 5
default-src 'self';  img-src 'self' https://syndication.twitter.com https://secure.gravatar.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com https://*.hsforms.net https://*.hubspot.com https://forms.hsforms.com data:;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-eu1.hsforms.net https://*.hsforms.net https://*.hubspot.com https://www.omnicomgroup.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js https://www.omnicomgroup.com https://platform.twitter.com https://www.google-analytics.com https://static.addtoany.com https://code.jquery.com https://cdn.cookielaw.org https://www.googletagmanager.com https://omnicom-privacy-cdn.my.onetrust.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com;  connect-src 'self' https://*.hsforms.net https://*.hubspot.com https://*.hubspotforms.com https://forms.hsforms.com https://forms-eu1.hsforms.com https://investor.omnicomgroup.com https://omnicom.q4web.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.google-analytics.com https://omnicom-privacy-cdn.my.onetrust.com https://omnicom-privacy.my.onetrust.com https://unpkg.com;  style-src 'self' 'unsafe-inline' https://omnicom-privacy-cdn.my.onetrust.com https://fonts.googleapis.com;  frame-src 'self' https://*.hsforms.net https://*.hubspot.com https://static.addtoany.com https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com youtube.com www.youtube.com blob:;  font-src 'self' https://fonts.gstatic.com https://omnicom-privacy-cdn.my.onetrust.com data:;  worker-src 'self' https://www.omnicomgroup.com blob:; 5
default-src ‘self’; object-src ‘none'; form-action 'none’; report-to csp-endpoint; 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' https:; connect-src 'self' https: wss:; frame-src https:; object-src 'none'; frame-ancestors 'self'; form-action 'self' 5
frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 5
default-src 'self' 'unsafe-inline';  script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn-ukwest.onetrust.com https://img.en25.com https://connect.facebook.net https://use.typekit.net https://az416426.vo.msecnd.net https://www.civica.com https://snap.licdn.com https://cdnjs.cloudflare.com https://*.episerver.net https://www.youtube.com https://geolocation.onetrust.com/ https://s3121.t.eloqua.com https://cdn.tiny.cloud/ https://static.oktopost.com/ https://okt.to/ https://*.demandbase.com/ https://s2079104782.t.eloqua.com/ https://cdn.cookielaw.org/ https://*.hotjar.com https://js.monitor.azure.com/;  connect-src 'self' https://*.onetrust.com https://*.visualstudio.com https://*.google-analytics.com https://stats.g.doubleclick.net https://s3121.t.eloqua.com https://civica-privacy.my.onetrust.com https://cookiesuksouth.blob.core.windows.net/  https://cdn.linkedin.oribi.io https://img.en25.com https://*.demandbase.com/ https://api.company-target.com https://www.google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://cdn.cookielaw.org/  https://segments.company-target.com https://tracking.civica.co.uk/ https://*.hotjar.com wss://ws.hotjar.com https://*.hotjar.io https://pagead2.googlesyndication.com/ https://js.monitor.azure.com/;  object-src 'none';  media-src 'self' data:;  img-src 'self' data: https://www.facebook.com https://*.eloqua.com https://p.typekit.net https://*.google-analytics.com https://*.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.co.in https://licensebuttons.net https://p.adsymptotic.com https://sp.tinymce.com https://*.onetrust.com https://www.googletagmanager.com https://id.rlcdn.com/ https://segments.company-target.com/ https://www.hootsuite.com/;  style-src 'self' 'unsafe-inline' data: https://cdn.tiny.cloud;  frame-ancestors 'self';  child-src 'self';  frame-src 'self' https://www.youtube.com https://*.fls.doubleclick.net/ https://player.vimeo.com https://www.facebook.com/ https://s.company-target.com/ https://www.googletagmanager.com/;  font-src 'self' https://use.typekit.net; 5
frame-ancestors 'self';  base-uri 'self'; 5
default-src 'self'; base-uri 'self'; form-action 'self' https://forms.hsforms.com https://forms.hsforms.net; frame-ancestors 'self'; frame-src 'self' https://polaris.brighterir.com https://www.google.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://player.vimeo.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://secure.leadforensics.com; connect-src 'self' https://ws.zoominfo.com https://*.zoominfo.com https://js.zi-scripts.com https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://*.hs-scripts.com https://*.hsadspixel.net https://*.hs-banner.com https://*.hs-analytics.net https://*.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://api.usemessages.com https://*.vimeo.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.leadforensics.com https://js.zi-scripts.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://*.hs-scripts.com https://*.hsadspixel.net https://*.hs-banner.com https://*.hs-analytics.net https://*.licdn.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googleapis.com https://js.usemessages.com https://player.vimeo.com https://cdn.cookielaw.org https://privacyportal.onetrust.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hsappstatic.net; img-src 'self' data: blob: https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hubspotusercontent00.net https://*.hubspotusercontent-na1.net https://*.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://ssl.gstatic.com https://*.vimeo.com https://cdn.cookielaw.org; font-src 'self' data: https://fonts.gstatic.com https://*.hsappstatic.net; media-src 'self' blob: data: https://*.hubspotusercontent00.net https://*.vimeo.com; worker-src 'self' blob:; upgrade-insecure-requests; 5
img-src data: 'self' https: blob: https://www.facebook.com https://content-eu-central-1.knowunity.com https://content-eu-central-1.knowunity.dev; font-src 'self'; connect-src *; object-src data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://apis.google.com https://www.google.com https://appleid.cdn-apple.com https://js.hcaptcha.com https://analytics.tiktok.com https://sc-static.net https://js.stripe.com https://cdnjs.cloudflare.com https://apps.elfsight.com https://static.elfsight.com https://accounts.google.com/gsi/client https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.clarity.ms https://www.paypal.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://assets.calendly.com/assets/external/widget.js https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; style-src-elem 'self' https://accounts.google.com/gsi/style 'unsafe-inline' https://cdn.paddle.com/paddle/v2/assets/css/paddle.css; script-src-elem * 'unsafe-inline' blob: 'self'; media-src https: 'self'; default-src 'self'; worker-src blob:; frame-ancestors 'self'; frame-src https://www.youtube.com https://accounts.google.com https://newassets.hcaptcha.com https://appleid.apple.com https://js.stripe.com https://www.facebook.com https://drive.google.com/ https://js.stripe.com https://hooks.stripe.com https://cloudflarestream.com https://customer-8ik8x9s31pwtfi7p.cloudflarestream.com https://accounts.google.com/gsi/ https://calendly.com https://www.sandbox.paypal.com https://www.paypal.com https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://www.googletagmanager.com/ https://knowunity-learn-ai.bolt.host https://knowunity-web-to-app-r9r7.bolt.host https://buy.paddle.com https://sandbox-buy.paddle.com; 5
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com cash-f.squarecdn.com *.googleapis.net data: *.acsbapp.com *.bootstrapcdn.com *.cloudfare.com mediacdn.espssl.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.facebook.net 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.pinterest.com *.hotjar.com www.google.com *.adyen.com *.addthisedge.com *.addthis.com *.doubleclick.net *.facebook.com *.my.salesforce-sites.com *.secure.force.com *.force.com *.cdn-btsg.com www.commercepartnerhub.com *.adsrvr.org *.facebook.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * www.apptrian.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.facebook.com *.facebook.com *.b0e8.com *.dynamicyield.com *.pinterest.com *.e.aa.online-metrix.net *.acsbapp.com *.cookielaw.org *.bing.com *.yahoo.com *.google.co.in google.co.in *.listrakbi.com all-clad.com *.all-clad.com emjcd.com *.emjcd.com *.dotomi.com *.espssl.com *.clarity.ms *.tagcommander.com *.adsrvr.org *.rubiconproject.com *.g.doubleclick.net *.elfsightcdn.com *.bazaarvoice.com mediacdn.espssl.com *.hotjar.com *.doubleclick.net butterly.com *.butterly-images.com http://butterly.com *.google.com *.facebook.net www.xtento.com *.cdn-btsg.com *.lagostina.ca lagostina.ca magefan.com cm.magefan.com *.disqus.com https://img.youtube.com connect.facebook.net graph.facebook.com business.facebook.com cdn.xtento.com 'self' data: https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://rum.hlx.page www.apptrian.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.ugc.bazaarvoice.com *.listrakbi.com www.facebook.com *.b0e8.com *.bc0a.com *.cookielaw.org *.dynamicyield.com *.tagcommander.com *.cloudflare.com *.yimg.com *.pinimg.com *.hotjar.com www.google.com *.mczbf.com analytics.tiktok.com *.acsbapp.com acsbapp.com *.salesforceliveagent.com *.force.com *.curalate.com *.noibu.com *.pinterest.com *.online-metrix.net *.googleapis.com *.bing.com *.vimeo.com *.amazonaws.com *.clarity.ms click2cart.com *.adsrvr.org *.aggregated-data.com *.cloudfront.net *.amazon-adsystem.com *.tkrconnector.com acds-events.adobe.io static.kyc.red shop.pe *.shop.pe addstrap-ui.addshoppers.com returns.parcellab.com cdn.parcellab.com gstatic.com *.gstatic.com cdn.cookielaw.org cdn.bc0a.com cdn1.b0e8.com service.force.com butterly.com *.moatads.com *.elfsight.com *.addthisedge.com *.addthis.com bam.nr-data.net acsbap.com *.acsbap.com *.facebook.com *.salesforce.com *.bazaarvoice.com *.cdn-btsg.com acdn.adnxs.com *.facebook.net *.disqus.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.magento-datasolutions.com *.magento-ds.com *.cash.app display.ugc.bazaarvoice.com *.listrakbi.com *.ugc.bazaarvoice.com *.typekit.net service.force.com *.bootstrapcdn.com *.espssl.com *.cloudfront.net *.cloudfare.com *.addshoppers.com returns.parcellab.com cdn.parcellab.com *.bazaarvoice.com mediacdn.espssl.com *.hotjar.com *.doubleclick.net *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com www.apptrian.com edge.curalate.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com * www.apptrian.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.dynamicyield.com *.cookielaw.org *.g.doubleclick.net *.listrak.com *.listrakbi.com analytics.tiktok.com *.pinterest.com *.hotjar.com *.yimg.com google.co.in *.mczbf.com *.bc0a.com *.googleapis.com www.facebook.com *.acsbapp.com *.click2cart.com *.clarity.ms *.aggregated-data.com *.curalate.com *.noibu.com wss://input.noibu.com *.onetrust.com *.bing.com insight.adsrvr.org *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.adsrvr.org shop.pe *.shop.pe cdn.cookielaw.org *.elfsight.com *.addthis.com mediacdn.espssl.com bam.nr-data.net fonts.googleapis.com *.facebook.net *.facebook.com *.doubleclick.net wss://*.hotjar.com acsbap.com *.acsbap.com *.elfsightcdn.com *.hotjar.io www.xtento.com butterly.com *.cdn-btsg.com www.google.com *.bazaarvoice.com *.fbcdn.net static.xx.fbcdn.net *.xx.fbcdn.net https://static.xx.fbcdn.net *.commercepartnerhub.com  wss://*.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com account.groupeseb.com *.salesforceliveagent.com *.salesforce.com *.force.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
frame-ancestors 'self' https://console-dev.ps.kz https://console.ps.kz https://*.ps.kz https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com 5
'self' 5
frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 5
frame-ancestors 'self' https://*.tableau.com 5
default-src https://faelix.net; img-src https://faelix.net https://faelix.net/static/ https://analytics.faelix.link https://platform.twitter.com https://syndication.twitter.com; script-src https://faelix.net/static/javascripts/ https://faelix.net/elasticlunr.min.js https://faelix.net/search_index.en.js https://analytics.faelix.link https://platform.twitter.com/widgets.js https://unpkg.com/website-carbon-badges@1.1.3/b.min.js 'unsafe-eval' 'unsafe-inline'; connect-src https://fulcrm.email/webform/1/5/faelix.net/website-enquiry/contact/person.name/person.email/email/8r7lurl0u31535mccf86l0r341l650f3 https://api.websitecarbon.com/b https://analytics.faelix.link; frame-src https://platform.twitter.com https://grafana.faelix.net https://youtu.be https://www.youtube.com; font-src https://faelix.net; style-src 'unsafe-inline' https://faelix.net/static/css/ https://faelix.net/static/main.css https://faelix.net/static/webfonts.css https://faelix.net/static/stylesheets/ https://faelix.net/static/iconoir/ 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.kaltura.com https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://maps.google.com https://hosting.img.dk https://siteimproveanalytics.com https://*.global.siteimproveanalytics.io https://alarmeringsapp.like.st; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.kaltura.com https://platform.twitter.com https://connect.facebook.net https://*.googleapis.com https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://*.googleapis.com https://hosting.img.dk; img-src 'self' 'unsafe-inline' data: https://*.kaltura.com https://*.twimg.com https://*.ggpht https://maps.gstatic.com https://maps.google.com https://hosting.img.dk https://*.siteimproveanalytics.io; frame-src 'self' 'unsafe-inline' https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.google.com https://www.dmi.dk https://surveys.enalyzer.com https://white-meadow-0e5747a03.3.azurestaticapps.net; font-src 'self' https://dhm5hy2vn8l0l.cloudfront.net https://cdnapisec.kaltura.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 5
frame-ancestors 'self' https://app.contentful.com https://anypoint.mulesoft.com 5
default-src 'self' blob: applepay.cdn-apple.com *.almaty-ffin.global bankffin.kz centinelapi.cardinalcommerce.com *.cloudflare.com *.consentmanager.net api.cyberity.ru *.doubleclick.net www.facebook.com ffin.ae ffin.global *.freedom24.com *.google-analytics.com *.analytics.google.com pay.google.com code.jivosite.com code.jivo.ru *.mail.ru api.sumsub.com *.tfos.com *.tradernet.com *.tradernet.kz *.tradernet.global *.tradernet.ru *.tradernet.by widget.trustpilot.com ddc.worldpay.com yastatic.net youtube.com *.youtube.com *.zdassets.com; img-src 'self' 'unsafe-inline' blob: data: *.almaty-ffin.global *.appsflyer.com bat.bing.com *.carrotquest.app *.carrotquest.io inappstory.com/stories/loader.gif *.consentmanager.net *.clarity.ms *.doubleclick.net earn.broker earn.eu *.f.bank www.facebook.com ffin.global *.freedom24.com w8ben.freedomholdingcorp.com cs.getinappstory.com gocpa.cloud www.googletagmanager.com www.google-analytics.com www.google.am www.google.com www.google.kz www.google.ru www.google.com.cy www.google.com.vn google.com.cy google.am google.kz chart.googleapis.com www.gstatic.com trade.inveza.com code.jivosite.com code.jivo.ru *.kursiv.media top-fwz1.mail.ru trade.mind-money.eu content.mql5.com *.onelink.me t.co *.tfos.com *.tradernet.by *.tradernet.com *.tradernet.kz *.tradernet.ru turlov.co.za analytics.twitter.com vk.com login.vk.com ddc.worldpay.com mc.yandex.ru v2.zopim.com mc.yandex.com *.oninvest.com *.ffin.tr *.ffin.ae *.youtube.com static.geetest.com static.geevisit.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: ffin.global *.freedom24.com www.google-analytics.com pay.google.com cdn.jsdelivr.net *.tradernet.com *.tradernet.ru yastatic.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com fonts.googleapis.com www.gstatic.com code.jivosite.com code.jivo.ru cdn.jsdelivr.net yastatic.net static.geetest.com; font-src 'self' data: applepay.cdn-apple.com *.appsflyer.com cdn.carrotquest.app cs.getinappstory.com fonts.gstatic.com v2.zopim.com; connect-src 'self' blob: *.amazonaws.com wss://*.amazonaws.com *.appsflyer.com api.carrotquest.app rts-v2.carrotquest.app/websocket_connect_time wss://rts-v2.carrotquest.app/websocket_connect_time realtime-services-eu.carrotquest.io wss://realtime-services-eu-chat-2.carrotquest.io wss://realtime-services-eu.carrotquest.io api.carrottrack.app/users/$self_user/events api.carrottrack.app/users/$self_user/props wss://wss.cifra-broker.ru *.clarity.ms *.consentmanager.net/delivery/ suggestions.dadata.ru stats.g.doubleclick.net wss://wss.earn.broker wss://wss.ffdigital.ch wss://wss.ffin.ae ffin.global wss://wss.ffin.tr mo.ffinpay.ru eun1.fptls.com eun1.fptls.com *.freedom24.com wss://wss.freedom24.com wss://wss.freedombroker.kz api.getinappstory.com/v2/ *.google-analytics.com *.analytics.google.com analytics.google.com google.com pay.google.com www.google.com pagead2.googlesyndication.com *.gstatic.com iframe.ly wss://wss.inveza.com *.jivo.ru wss://*.jivo.ru *.jivosite.com wss://*.jivosite.com top-fwz1.mail.ru www.mczbf.com wss://wss.mind-money.eu content.mql5.com www.sjwoe.com *.taboola.com wss://wss.almaty-ffin.global wss://wss.tfos.com wss://wss.tradernet.am wss://wss.tradernet.by *.tradernet.com wss://*.tradernet.com wss://wss.tradernet.dev wss://wssdev.tradernet.dev wss://wss.tradernet.global wss://wss.tradernet.kg wss://wss.tradernet.kz admin.tradernet.ru sentry.dev.tradernet.ru tradernet.ru wss://wss.tradernet.ru wss://wss2.tradernet.ru wss://wss.tradernet.ua wss://wss.tradernet.uz wss://*.typi.team *.typi.team wss://wss.walletsolutions.eu wss://wss.wisdompointcapital.com ddc.worldpay.com mc.yandex.com mc.yandex.ru ekr.zdassets.com *.zendesk.com v2.zopim.com widget-mediator.zopim.com wss://widget-mediator.zopim.com; frame-ancestors 'self' https://*.bankffin.kz https://*.f.bank https://*.freedom24.com https://*.tradernet.com https://bankffin.kz https://freedom24.ru; 5
frame-ancestors 'self' *.gestionradioqc.com *.cogecolive.com;upgrade-insecure-requests 5
frame-ancestors 'self' https://login.mtb.com https://businessbanking.mtb.com https://login-tc.mtb.com 5
base-uri 'self'; frame-ancestors 'self' https://*.worldanimalprotection.org.uk; 5
frame-ancestors https:; 5
frame-ancestors 'self' https://*.sonepar.coremedia.cloud/ https://*.sciquest.com https://*.jaggaer.com https://*.danisco.com:57101 https://*.danisco.com:57201 https://*.danisco.com:57301 https://*.danisco.com:44300 http://*.danisco.com:8000 https://*.global.iff.com:8000 https://*.global.iff.com:44300 https://*.global.iff.com:57201 https://*.global.iff.com:57301 https://*.global.iff.com:57101 https://*.ariba.com:44300 https://*.ariba.com:8000 https://*.ariba.com https://*.sirti.net:8001 https://*.sirti.net http://*.sirti.net:8001 https://*.linde.grp:8001 https://*.linde.grp http://*.linde.grp:8001 https://*.linde.grp:44350 https://*.hopperix.it; 5
upgrade-insecure-requests;script-src * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src * 'unsafe-inline';img-src * data:;font-src *;connect-src * ;manifest-src data:;frame-ancestors 'self';form-action *;base-uri 'self';object-src 'none' 5
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 5
object-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ 5
frame-ancestors 'self' http://*.weekendesk.com; 5
upgrade-insecure-requests; default-src *; media-src * data: blob: rtmp: mediastream:; child-src * data: blob: gsa: webviewprogressproxy:; img-src * data: blob: android-webview-video-poster:; script-src * 'unsafe-inline' 'unsafe-eval' data: opera:; frame-src * 'unsafe-inline' data: gsa: webviewprogressproxy:; style-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' ws: wss:; font-src * data:; object-src *; report-uri /members/util/log_csp/ 5
frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/enforce 5
base-uri 'self'; font-src 'self' data: https:; img-src 'self' data: https:; object-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https: wss: blob:; child-src 'self' https: wss: blob:; frame-src 'self' https:; form-action 'self' https: 5
frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa *.mapfreinsurance.com *.mapfre.com.tr *.mapfre.cr; 5
frame-ancestors 'self' https: 5
img-src * data:; font-src * data:; connect-src *; form-action *; default-src 'self'; object-src *; media-src *; child-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; 5
default-src 'none'; script-src 'unsafe-inline'; base-uri 'none'; form-action 'none'; frame-ancestors 'none' 5
default-src 'self' https: blob:;                                                   style-src 'self' 'unsafe-inline' *.ensemblevideo.com *.ntst.com *.marketo.net *.marketo.com *.typekit.net *.bootstrapcdn.com *.googleapis.com *.twitter.com *.twimg.com *.cdn-prod.securiti.ai *.securiti.ai *.app.securiti.ai *.googletagmanager.com *.tagmanager.google.com *.fonts.googleapis.com;                                                    script-src 'self' 'unsafe-inline' 'unsafe-eval' fast.wistia.net fast.wistia.com blob: *.marketo.net *.marketo.com *.mktoresp.com *.terminus.services *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.twimg.com *.sounder.fm *.facebook.net *.ntst.com *.licdn.com dg0hgb42195s9.cloudfront.net *.ramblechat.com *.cdn-prod.securiti.ai *.securiti.ai *.app.securiti.ai *.google.com *.gstatic.com *.tagmanager.google.com *.pagead2.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net googletagmanager.com googleadservices.com google.com *.6sc.co *.6sense.com *.demandbase.com scripts.demandbase.com tag.demandbase.com tag-logger.demandbase.com *.company-target.com api.company-target.com rlcdn.com s.company-target.com segments.company-target.com js.driftt.com *.js.driftt.com *.log.api.drift.com;                                                    object-src 'self';                                                   connect-src 'self' px.ads.linkedin.com stats.g.doubleclick.net analytics.google.com *.wistia.com *.litix.io *.terminus.services *.securiti.ai *.ntst.com dg0hgb42195s9.cloudfront.net wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com *.ramblechat.com *.mktoutil.com *.mktoresp.com *.google-analytics.com *.googleapis.com *.gstatic.com fast.wistia.net *.fast.wistia.net wss://*.ramblechat.com *.googletagmanager.com *.analytics.google.com *.pagead2.googlesyndication.com pagead2.googlesyndication.com *.g.doubleclick.net *.google.com google.com googleads.g.doubleclick.net googletagmanager.com *.gartnerdigitalmarkets.com googleadservices.com *.6sc.co api.company-target.com tag-logger.demandbase.com *.js.driftt.com *.log.api.drift.com data:;                                                    font-src 'self' *.bootstrapcdn.com *.typekit.net *.fonts.gstatic.com *.gstatic.com data:;                                                    img-src * *.jwpltx.com *.google-analytics.com *.googletagmanager.com *.ssl.gstatic.com *.g.doubleclick.net *.google.com *.pagead2.googlesyndication.com *.googleads.g.doubleclick.net googleadservices.com *.gartnerdigitalmarkets.com googleadservices.com google.com data:;                                                   frame-ancestors 'self' *.ensemblevideo.com *.marketo.com *.marketo.net netsmart.highspot.com; 5
manifest-src 'self' 5
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; form-action 'self' 5
frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; script-src 'sha256-7/fy7EjXUskn9MLHbin/b0A7LQ32mACPQ2SdNj/O/vA=' 'unsafe-inline'; require-trusted-types-for 'script'; 5
frame-ancestors 'self'; form-action 'self' 5
default-src 'self' https: ws: data:;   script-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.cpigateway.com *.creditsystem.com *.marketingcloudapis.com *.pendo.io *bank-dns.com;   style-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.cpigateway.com *.creditsystem.com *.marketingcloudapis.com *.pendo.io *bank-dns.com;   img-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.cpigateway.com *.creditsystem.com *.marketingcloudapis.com *.pendo.io *bank-dns.com; 5
block-all-mixed-content; frame-ancestors 'self' https://bots.getskitickets.com; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.clarity.ms *.bing.com *.smooch.io smooch.io https://*.mobinterier.com https://googleapis.com https://*.googleapis.com https://googletagmanager.com https://*.googletagmanager.com https://biano.sk https://*.biano.sk https://biano.cz https://*.biano.cz https://biano.hu https://*.biano.hu https://biano.ro https://*.biano.ro https://biano.hr https://*.biano.hr https://prefixbox.com https://*.prefixbox.com https://gstatic.com https://*.gstatic.com https://novynabytok.sk https://*.novynabytok.sk https://hezkynabytek.cz https://*.hezkynabytek.cz https://zondo.hu https://*.zondo.hu https://zondo.ro https://*.zondo.ro https://zondo.hr https://*.zondo.hr https://*.zdassets.com https://*.zopim.com https://prefixbox.com https://*.prefixbox.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io https://google-analytics.com https://*.google-analytics.com https://clarity.ms https://*.clarity.ms https://*.doubleclick.net https://*.imedia.cz https://*.seznam.cz https://chimpstatic.com https://google.com https://*.google.com https://google.sk https://*.google.sk https://google.cz https://*.google.cz https://google.hu https://*.google.hu https://google.ro https://*.google.ro https://google.hr https://*.google.hr https://google.fr https://*.google.fr https://t.co https://google.de https://*.google.de https://googleadservices.com https://*.googleadservices.com https://*.zopim.io https://meblemirjan.pl https://*.meblemirjan.pl https://youtube.com https://*.youtube.com https://creativecdn.com https://*.creativecdn.com https://zendesk.com https://*.zendesk.com https://sentry.io https://*.sentry.io https://*.amio.io *.getsitecontrol.com https://*.facebook.net https://www.facebook.com/ https://*.mailchimp.com https://*.list-manage.com https://*.cloudfront.net https://*.amazonaws.com https://*.ecomailapp.cz https://scaleflex.cloudimg.io https://*.cloudflareinsights.com https://*.ads-twitter.com https://analytics.twitter.com/ https://*.favicdn.net https://*.favicdn.sk https://*.favicdn.cz https://*.favicdn.hu https://*.favicdn.ro https://*.favicdn.hr https://*.favi.sk https://*.favi.cz https://*.favi.hu https://*.favi.ro https://*.favi.hr https://*.twimg.com https://analytics.x.com https://api.twitter.com https://api.x.com https://platform.twitter.com https://platform.x.com https://syndication.twitter.com https://syndication.x.com https://x.com https://twitter.com https://*.cloudflare.com https://*.zbozi.cz https://static.ads-twitter.com https://tagmanager.google.com https://*.tagmanager.google.com https://analytics.google.com https://*.analytics.google.com https://googlesyndication.com https://*.googlesyndication.com https://*.static-amio.com https://static-amio.com https://*.amio.io https://amio.io 5
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 5
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app data: fonts.googleapis.com *.fontawesome.com *.survicate.com/ *.accessibly.app/ *.oct8ne.com/ *.hotjar.com/ *.modo.com.ar/ *.readysize.ai/ https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.despegar.com *.koin.com.br *.googletagmanager.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.despegar.com *.koin.com.br *.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app cm.everesttech.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.despegar.com *.koin.com.br *.googletagmanager.com fonts.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.mookie1.com/ *.adnxs.com/ *.google.com/ *.bing.com/ *.doubleclick.net/ *.google.com.ar/ *.carocuore.com.ar/ https://mcprod.carocuore.com/ *.groovinads.com/ *.accessibly.app/ *.qrserver.com/ *.oct8ne.com/ *.e-planning.net/ *.facebook.net/ https://www.em.rapsodia.com/ https://www.em.babycottons.com/ *.carocuore.com/ *.clarity.ms/ *.herolens.com/ *.rapsodia.com.ar/ *.rapsodia.cl/ *.rapsodia.com.co/ *.carocuore.com.uy/ *.babycottons.com.ar/ *.babycottons.com/ *.babycottons.com.pe/ *.rapsodia.com.uy/ *.babycottons.mx/ *.modo.com.ar/ *.cloudfront.net/ *.readysize.ai/ *.icommkt.online https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ *.equalweb.com/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.despegar.com *.koin.com.br *.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://maps.googleapis.com *.hotjar.com/ *.adnxs.com/ *.tiktok.com/ *.getblue.io/ *.inspectlet.com/ *.bing.com/ *.clarity.ms/ *.naiz.fit/ *.survicate.com/ *.crazyegg.com/ *.embluemail.com/ *.icommarketing.com/ *.accessibly.app/ *.pinimg.com/ *.pinterest.com/ *.cloudfront.net/ *.oct8ne.com/ *.modo.com.ar/ *.readysize.ai/ *.fitprenda.com/ https://rapsodia.my.site.com/ https://scripts.icommkt.online/ *.icommkt.online https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ https://rum.hlx.page/ *.equalweb.com/ *.wcx.cloud/ *.wcentrix.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app cdn.dnky.co *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com assets.braintreegateway.com *.googletagmanager.com *.cookielaw.org *.survicate.com/ https://rapsodia.my.salesforce-scrt.com/ https://rapsodia.my.site.com/ *.icommkt.online https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ *.equalweb.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://mcprod.carocuore.com/ *.icommkt.online https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com maps.googleapis.com api.comapi.com bam.nr-data.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.despegar.com *.googletagmanager.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cookielaw.org *.tiktok.com/ *.clarity.ms/ *.naiz.fit/ *.run.app/ *.bing.com/ *.doubleclick.net *.accessiblyapp.com/ *.pinterest.com/ https://track-icommkt.com/ https://notifications-icommkt.com/ *.accessibly.app *.inspectlet.com/ *.oct8ne.com/ wss://ws.hotjar.com/ *.hotjar.io/ https://server-side-tagging-f3nc3owz5a-uc.a.run.app/ *.facebook.com/ *.playdigital.com.ar/ *.amplitude.com/ *.modo.com.ar/ *.readysize.ai/ https://rapsodia.my.salesforce-scrt.com/ *.icommkt.online/ https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ *.equalweb.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
manifest-src *; default-src 'self' blob:; media-src * data: blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; img-src * 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src *; connect-src https: wss:; object-src 'none' 5
default-src 'self' wss://ws.salecycle.com *.salecycle.com *.cloudfront.net assets.sc-trc.com mymachine.salecycle.com:8080 *.fanplayr.com *.contentsquare.net *.contentsquare.com *.office.net 'unsafe-inline';     style-src 'self' *.adobe.com *.scene7.com *.adobeaemcloud.com *.algolianet.com *.algolia.net *.dynatrace.com *.go-mpulse.net *.paypal.com *.apple.com *.googleapis.com google.com wss://ws.salecycle.com *.salecycle.com *.thron.com *.privacy-center.org cdn.jsdelivr.net *.fanplayr.com *.criteo.com *.criteo.net *.pinimg.com *.contentsquare.net *.contentsquare.com *.kampyle.com *.medallia.eu *.medallia.com *.trustpilot.com 'unsafe-inline';     script-src 'self' *.adobe.com *.scene7.com *.adobeaemcloud.com *.msccruises.com *.msccruises.co.uk *.msccruises.ie *.msccruises.ch *.msccruises.de *.msccruises.at *.msccrociere.it *.msccroisieres.fr *.msccruceros.es *.msccruisesusa.com *.partnership.msccruises.com *.msccruceros.com *.msc-kreuzfahrten.de *.kreuzfahrten.at *.msckreuzfahrten.at *.kreuzfahrten.ch *.algolianet.com *.algolia.net cdn.jsdelivr.net *.datatrans.com *.dynatrace.com *.go-mpulse.net *.akamaihd.net *.google.com google.com *.paypal.com *.apple.com *.adobedtm.com *.googletagmanager.com *.admo.tv *.facebook.net *.fanplayr.com *.bing.com *.pinimg.com *.cloudfront.net *.tiktok.com *.freespee.com *.google-analytics.com *.pinterest.com *.gstatic.com *.googleadservices.com *.google.it *.google.co.uk *.google.ch *.google.ie *.google.gr *.googleapis.com wss://ws.salecycle.com *.salecycle.com *.doubleclick.net *.thron.com *.privacy-center.org *.clarity.ms blob: 'unsafe-inline' 'unsafe-eval' assets.sc-trc.com mymachine.salecycle.com:8080 *.criteo.com *.criteo.net *.tiktokw.us *.bing-int.com *.google.hr *.google.es *.google.co.in *.google.com.tw *.google.bg *.google.com.tr *.google.fr *.google.com.eg *.google.com.mt *.google.com.au *.google.de *.google.im *.google.co.za *.google.com.hk *.google.co.il *.google.kz *.google.be *.google.pt *.google.lu *.google.pl *.google.nl *.google.hu *.contentsquare.net *.contentsquare.com *.trustpilot.com *.kampyle.com *.medallia.eu *.medallia.com;     img-src 'self' data: *.adobe.com *.scene7.com *.adobeaemcloud.com *.msccruises.com *.msccruises.co.uk *.msccruises.ie *.msccruises.ch *.msccruises.de *.msccruises.at *.msccrociere.it *.msccroisieres.fr *.msccruceros.es *.msccruisesusa.com *.partnership.msccruises.com *.msccruceros.com *.msc-kreuzfahrten.de *.kreuzfahrten.at *.msckreuzfahrten.at *.kreuzfahrten.ch *.assetsadobe.com *.algolianet.com *.algolia.net *.youtube.com *.bing.com *.paypalobjects.com *.paypal.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google.it *.google.com *.google.ch *.google.co.uk *.google.ie *.google.gr *.facebook.com *.datatrans.com *.thron.com *.privacy-center.org *.clarity.ms *.fanplayr.com *.cloudfront.net assets.sc-trc.com *.criteo.com *.criteo.net *.tiktokw.us *.bing-int.com *.google.hr *.google.es *.google.co.in *.google.com.tw *.google.bg *.google.com.tr *.google.fr *.google.com.eg *.google.com.mt *.google.com.au *.google.de *.google.im *.google.co.za *.google.com.hk *.google.co.il *.google.kz *.google.be *.google.pt *.google.lu *.google.pl *.google.nl *.google.hu *.contentsquare.net *.contentsquare.com *.ytimg.com *.emailingnetwork-platform.com *.kampyle.com *.medallia.eu *.medallia.com *.trustpilot.com;     frame-src 'self' *.adobe.com *.youtube.com *.datatrans.com *.msccruises.com *.msccruises.co.uk *.msccruises.ie *.msccruises.ch *.msccruises.de *.msccruises.at *.msccrociere.it *.msccroisieres.fr *.msccruceros.es *.msccruisesusa.com *.partnership.msccruises.com *.msccruceros.com *.paypal.com *.apple.com *.googletagmanager.com *.pinterest.com *.paypalobjects.com *.gstatic.com *.doubleclick.net *.googleadservices.com *.google.it *.google.com *.google.ch *.google.co.uk *.google.ie *.google.gr *.facebook.com *.privacy-center.org wss://ws.salecycle.com *.salecycle.com *.cloudfront.net assets.sc-trc.com mymachine.salecycle.com:8080 *.thron.com *.clarity.ms *.criteo.com *.criteo.net *.tiktokw.us *.contentsquare.net *.contentsquare.com *.trustpilot.com *.kampyle.com *.medallia.eu *.medallia.com *.b2clogin.com;     connect-src 'self' *.adobe.com *.adobeaemcloud.com *.scene7.com *.adobedtm.com *.adobedc.net *.algolia.net *.algolianet.com *.algolia.io *.dynatrace.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.cloudfront.net *.thron.com *.cloudhub.io assets.sc-trc.com mymachine.salecycle.com:8080 *.salecycle.com wss://ws.salecycle.com *.datatrans.com *.paypal.com *.paypalobjects.com *.apple.com google.com *.google.com *.google.it *.google.ch *.google.co.uk *.google.ie *.google.gr *.google.hr *.google.es *.google.co.in *.google.com.tw *.google.bg *.google.com.tr *.google.fr *.google.com.eg *.google.com.mt *.google.com.au *.google.de *.google.im *.google.co.za *.google.com.hk *.google.co.il *.google.kz *.google.be *.google.pt *.google.lu *.google.pl *.google.nl *.google.hu *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.doubleclick.net *.bing.com *.bing.net *.bing-int.com *.facebook.com *.facebook.net *.tiktok.com *.tiktokw.us *.pinterest.com *.pinimg.com *.fanplayr.com *.criteo.com *.criteo.net *.contentsquare.net *.contentsquare.com *.kampyle.com *.medallia.com *.medallia.eu *.trustpilot.com *.privacy-center.org *.clarity.ms *.freespee.com *.demdex.net *.msccruises.com *.msccruises.co.uk *.msccruises.ie *.msccruises.ch *.msccruises.de *.msccruises.at *.msccrociere.it *.msccroisieres.fr *.msccruceros.es *.msccruisesusa.com *.partnership.msccruises.com *.msccruceros.com *.msc-kreuzfahrten.de *.kreuzfahrten.at *.msckreuzfahrten.at *.kreuzfahrten.ch *.b2clogin.com;     font-src 'self' data: *.adobe.com *.scene7.com *.adobeaemcloud.com *.fanplayr.com *.gstatic.com *.office.net *.trustpilot.com;     media-src 'self' *.msccruises.com *.msccruises.co.uk *.msccruises.ie *.msccruises.ch *.msccruises.de *.msccruises.at *.msccrociere.it *.msccroisieres.fr *.msccruceros.es *.msccruisesusa.com *.partnership.msccruises.com *.msccruceros.com *.adobe.com *.scene7.com *.thron.com *.trustpilot.com blob: 5
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 5
frame-ancestors accounts.shopbase.com:443 legacy-templates.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 templates-test.shopbase.com:443 new-templates.shopbase.com:443 themes.shopbase.com:443 *.onshopbase.com:443 *.shopbase.net.cn:443  5
default-src 'self'; script-src 'self'; object-src 'none'; base-uri 'self'; frame-src 'none' 5
default-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.appsflyer.com appsflyer.com *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com *.kfc.com.pe test.ipg-online.com mozbar.moz.com www.kfclesotho.com dev.local.com:8080 *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com analysts.pangle-ads.com ad.doubleclick.net *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.local.com:8080 *.local.com dev.local.com *.kaptcha.com *.smartlook.cloud *.facebook.net *.kvantum-app.com wss://*.visitors.live *.luckyorange.com *.google.co.il *.tictuk-qa.com *.googleoptimize.com wss://collection.decibelinsight.net collection.decibelinsight.net tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx analytics.tiktok.com voices.s1gateway.com *.webeyez.com *.crwdcntrl.net *.braze.com wss://*.hotjar.com *.googleadservices.com *.indigitall.com consentcdn.cookiebot.com *.browser-intake-datadoghq.eu *.g.doubleclick.net *.bringg.com *.ubereats.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.browser-intake-datadoghq.com *.googleapis.com wss://ws.inspectlet.com *.inspectlet.com *.google-analytics.com *.datadoghq.com *.datadoghq.eu *.browser-intake-datadoghq.eu *.hotjar.com *.googletagmanager.com *.googleusercontent.com *.lr-ingest.io *.lji.li *.tictuk.com *.facebook.com *.google.com pay.payphonetodoesposible.com data:;frame-src 'self' *.alignet.io *.entersektehs.com *.klar.mx *.efaka.net *.secureacs.com www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lili.ly *.lytics.io *.groovinads.com global.frcapi.com *.creativecdn.com *.americanexpress.com *.dragontail.com test.ipg-online.com *.kfc.com.pe mozbar.moz.com www.kfclesotho.com dev.local.com:8080 *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com 3ds.eglobal.com.mx *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.tictuk.com telegram.me wa.me m.me powertranztestframeworkdsacssimulator.azurewebsites.net *.kaptcha.com *.ptranz.com *.google.com *.arcot.com *.nutritionix.com *.lji.li lili.ly *.webeyez.com voices.s1gateway.com *.amazon-adsystem.com *.crwdcntrl.net *.mathtag.com *.doubleclick.net docs.google.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.prb.com.mx:* consentcdn.cookiebot.com *.tracker.dragontail.com *.youtube.com *.bringg.com *.ubereats.com *.uber.com *.adyen.com *.oppwa.com *.payeezy.com authentication.cardinalcommerce.com aacsw.3ds.verifiedbyvisa.com ecom.eglobal.com.mx *.modirum.com *.ipg-online.com pay.payphonetodoesposible.com *.mercadopago.com.co *.hotjar.com *.facebook.com *.cardnet.com.do; object-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.local.com:8080 *.local.com kfc.com.mx *.kfc.com.mx *.tictuk.com tacobell.ca *.tacobell.ca *.tictuk.com;style-src 'self' 'unsafe-inline' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com analysts.pangle-ads.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.google.com voices.s1gateway.com use.fontawesome.com www.googletagmanager.com *.adyen.com *.oppwa.com *.lji.li *.tictuk.com fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.appsflyer.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.kaptcha.com web-sdk.smartlook.com *.kfcbotswana.com *.luckyorange.com *.googleoptimize.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx cdn.decibelinsight.net voices.s1gateway.com analytics.tiktok.com *.webeyez.com *.pizzahut.com.ec *.crwdcntrl.net *.mathtag.com  *.gstatic.com *.g.doubleclick.net *.googleadservices.com *.cookiebot.com *.appboycdn.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.maps.yandex.net yastatic.net *.yandex.ru yandex.ru *.payeezy.com cdn.inspectlet.com lab.cardnet.com.do servicios.cardnet.com.do *.google-analytics.com *.hotjar.com *.googletagmanager.com cdn.lr-ingest.io cdn.logrocket.io cdnjs.cloudflare.com *.lji.li *.tictuk.com *.google.com *.facebook.net *.googleapis.com *.facebook.com pay.payphonetodoesposible.com;img-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.appsflyer.com *.groovinads.com appsflyer.com *.lytics.io *.creativecdn.com extranet.prb.com.mx *.dragontail.com dragontail.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.kfc.ph *.fullstory.com analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo media.api-kfc.com xilnexblobs.b-cdn.net www.telepizza.cl *.googletagmanager.com telepizza.cl *.telepizza.cl *.kfcbotswana.com *.xilnex.com *.kfc.co.za *.amazon-adsystem.com *.ofisistemas.com:8096 *.kfc-panama.com habit-images.s3.us-east-2.amazonaws.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.pizzahut.cl pizzahut.cl *.google.co.uk *.s1gateway.com *.pizzahut.com.mx *.mathtag.com *.ofisistemas.com pizzahut.com.co *.pizzahut.com.co nolocdnmsftaznua.azureedge.net *.indigitall-cdn.com *.g.doubleclick.net *.pizzahut.com.br *.pizzahut.com.ec *.google.com.mx *.google.ca *.google.co.il *.google.es *.google.com.do *.google.com *.google.com.ec *.google.com.br *.pizzahut-tt.com *.tacobell.co.nz *.pizzahut.fi  pizzahut.fi nolocdnmsftus.azureedge.net ros-prd.s3.amazonaws.com *.adyen.com *.cookielaw.org *.maps.yandex.net *.yandex.ru yandex.ru *.kfc.tt *.cognizantorderserv.com connect.facebook.net *.inspectlet.com *.google-analytics.com ph-web-bucket.s3.us-east-2.amazonaws.com *.mobstorm.com images-rest.wixmp.com *.googleusercontent.com *.lji.li *.tictuk.com *.googleapis.com *.cloudfront.net/phws/ *.gstatic.com *.wixstatic.com *.facebook.com test.ipg-online.com data:;font-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com voices.s1gateway.com use.fontawesome.com *.tictuk.com fonts.gstatic.com data:;worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.lji.li *.tictuk.com blob: data:;frame-ancestors 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app *.onelink.me *.googletagmanager.com *.lytics.io *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com dev.local.com:8080 test-tictuk.kfc.com.pe *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com kfc.com.mx *.kfc.com.mx *.ipg-online.com  pay.payphonetodoesposible.com *.lji.li http://local.tictuk.com:8080 *.tictuk.com *.facebook.com *.messenger.com facebook.com messenger.com *.telegram.org telegram.org kfc.cw pizzahut.cw kfc.mystagingwebsite.com kfc.com.pe *.kfc.com.pe ; 5
frame-ancestors 'self'; form-action 'self'; 5
default-src https: http: wss: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; object-src 'self' blob:; 5
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go.radancy.com/analytics https://pi.pardot.com/analytics https://pi.pardot.com/pd.js https://pagead2.googlesyndication.com https://www.youtube.com https://www.googleadservices.com https://s45065.pcdn.co https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://*.talentbrew.com/ https://www.google.com https://www.googletagmanager.com/; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://s45065.pcdn.co https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://apply.talentbrew.io https://cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://ad.doubleclick.net https://www.google.com https://*.bugherd.com https://*.analytics.google.com  https://analytics.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://stats.g.doubleclick.net https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://www.facebook.com; font-src 'self' data: https://s45065.pcdn.co; frame-src 'self' blob: https://www.google.com https://*.vimeo.com https://s45065.pcdn.co https://www.radancy.com https://www.googletagmanager.com https://go.pardot.com https://www.youtube.com https://td.doubleclick.net https://s45361.p1717.sites.pressdns.com https://app.survale.com https://3969344.fls.doubleclick.net https://go.radancy.com; img-src 'self' data: https://www.linkedin.com https://www.google.at https://ade.googlesyndication.com https://www.googletagmanager.com https://i.ytimg.com https://ad.doubleclick.net https://s45065.pcdn.co https://www.google-analytics.com https://analytics.twitter.com https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://*.talentbrew.com https://www.facebook.com https://www.google.com; manifest-src 'self'; media-src 'self' https://s45065.pcdn.co https://*.talentbrew.com; worker-src 'self' blob: ; 5
default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.go-mpulse.net maps.googleapis.com;worker-src 'none';object-src *;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' blob: data: *.scalemates.com *.youtube.com *.akstat.io *.gstatic.com *.googleapis.com *.ytimg.com;media-src 'self';frame-src 'self' *.youtube.com;font-src 'self' *.gstatic.com data:;connect-src 'self' *.akstat.io *.scalemates.com *.go-mpulse.net maps.googleapis.com;report-uri https://reporting.go-mpulse.net/report/LLD9T-Q4RA5-2E42A-L3YP5-GSM4N 5
font-src www.paypalobjects.com vbn.hyvatest.vivara.com www.vogelbeschermingshop.nl 'self' 'self' data: https://fonts.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors vivara.hyvatest.vivara.com *.hyvatest.vivara.com self https: 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com *.xlcdn.com *.sz.xlcdn.com *.jetstre.am takeoff.jetstre.am www.googletagmanager.com 'self' https://consentcdn.cookiebot.com https://www.googletagmanager.com https://open.spotify.com https://www.googletagmanager.com/ js.mollie.com *.trustpilot.com 'self' 'unsafe-inline'; img-src webcdn.vivara.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com https://images.unsplash.com https://test.pim-vivara.emico.nl *.googleapis.com webcdn.vbn.hyvatest.vivara.com vbn.hyvatest.vivara.com www.google.nl www.google.com webcdn.vogelbeschermingshop.nl www.vogelbeschermingshop.nl 'self' https://*.omappapi.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com magefan.com cm.magefan.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.disqus.com https://img.youtube.com https://www.mollie.com data: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://maps.googleapis.com https://player.vimeo.com vbn.hyvatest.vivara.com www.googletagmanager.com www.google-analytics.com www.youtube.com googleads.g.doubleclick.net www.vogelbeschermingshop.nl js.mollie.com maps.googleapis.com assets.exatom.io *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://*.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://www.clarity.ms https://www.dwin1.com https://a.omappapi.com https://*.omappapi.com https://squeezely.tech https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.doubleclick.net  https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.yieldify.com https://connect.facebook.net www.facebook.com https://*.roeyecdn.com https://*.clarity.ms *.feefo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com https://cdn.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com vbn.hyvatest.vivara.com www.vogelbeschermingshop.nl 'self' 'unsafe-inline' https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://register.feefo.com https://cdn.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.exatom.io region1.analytics.google.com www.google-analytics.com www.google.com www.vogelbeschermingshop.nl maps.googleapis.com vbn.hyvatest.vivara.com 'self' https://*.google-analytics.com shadowpixel-api-vivara-503839668312.europe-west4.run.app https://bat.bing.com https://bat.bing.net https://*.doubleclick.net https://googleadservices.com https://*.omappapi.com https://squeezely.tech https://pagead2.googlesyndication.com https://www.google.com https://google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://connect.facebook.net www.facebook.com https://*.roeyecdn.com https://*.clarity.ms *.feefo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src vbn.hyvatest.vivara.com www.vogelbeschermingshop.nl www.google.com 'self' https://*.omappapi.com https://*.clarity.ms https://c.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: amazon-adsystem.com *.amazon-adsystem.com  paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *; frame-ancestors 'self' ekat.festool.de *.festool.com 5
frame-ancestors 'none'; base-uri 'self'; object-src 'none'; form-action 'self'; upgrade-insecure-requests; report-uri https://sitesnel.uriports.com/reports/report; report-to default 5
frame-ancestors https://lk.udpauto.ru https://metrika.yandex.ru https://webvisor.com http://webvisor.com 5
frame-ancestors 'self' svb.matomo.cloud cbs.svb-hb.de cbs-local.svb-hb.de 5
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com https://*.fonts.net https://cdnjs.cloudflare.com/ ; script-src 'self' 'unsafe-inline' *.invocacdn.com pnapi.invoca.net *.invoca.net *.bridgestoneresources.com *.bridgestonetire.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.contentsquare.net *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.jquery.com *.twitter.com *.ads-twitter.com https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://login.dotomi.com/ https://www.youtube.com/ https://*.cloudfront.net/ https://*.incontact.com/ https://*.dialogtech.com/ https://js-cdn.dynatrace.com/ https://snap.licdn.com/ https://s.go-mpulse.net/ https://analytics.tiktok.com/ ; img-src * data: blob: https://s7d1.scene7.com; connect-src * data: ; frame-src *; font-src 'self' https://*.fonts.net https://fonts.bridgestoneresources.com/ data: 5
default-src 'self' *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; font-src * data:; img-src * data:; media-src 'self' * blob: data:; 5
frame-ancestors 'self' *.roomlynx.net 5
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' blob: *; img-src * 'self' blob: data:; connect-src *; font-src *; frame-src *; object-src 'none'; base-uri 'self' https://static-2v.gitbook.com; form-action 'self' https://static-2v.gitbook.com *; frame-ancestors https: ; 5
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' unsafe-inline; script-src 'self' * data: blob: unsafe-inline 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: unsafe-inline 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: unsafe-inline 'unsafe-inline'; img-src * data: blob: unsafe-inline 'unsafe-inline'; media-src * data: blob: unsafe-inline 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: unsafe-inline 'unsafe-inline'; font-src * data: blob: unsafe-inline 'unsafe-inline'; frame-ancestors 'none' 5
frame-ancestors 'self' *.appcard.com 5
frame-ancestors 'self' ;upgrade-insecure-requests; 5
script-src * 'unsafe-eval' 'unsafe-inline'; worker-src data: blob: * 5
default-src  'self'; frame-src 'self' blob: data: application/pdf *.vimeo.com  *.fnb.co.za *.ebucks.com authentication.cardinalcommerce.com  *.fnbbotswana.co.bw *.doubleclick.net *.fnbconnect.co.za  *.rmb.co.za:10443 *.fnbswaziland.co.sz:10443 *.fnbzambia.co.zm:10443  *.firstnationalbank.com.gh:10443 *.fnb.co.ls:10443 *.fnbci.co.uk:10443  *.fnbnamibia.com.na:10443 *.rmbprivatebank.com:10443 *.fnb.co.za:10443  *.rmb.co.za *.fnbswaziland.co.sz *.google.com *.gstatic.com  *.fnbzambia.co.zm msgfnb.bankserv.co.za *.firstnationalbank.com.gh  *.fnb.co.ls *.fnbci.co.uk *.fnbnamibia.com.na *.id.opendns.com  *.rmbprivatebank.com https://*.googletagmanager.com; frame-ancestors  'self' *.fnb.co.za *.doubleclick.net https://*.fnbnamibia.com.na  https://*.firstrand.co.za https://*.fnb.co.ls  https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz  https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com  https://*.googletagmanager.com https://*.googleapis.com  https://*.google-analytics.com https://*.googleadservices.com  https://connect.facebook.net https://*.doubleclick.net  https://*.fnb.co.za https://*.google.com https://*.google.co.za;  worker-src 'self'; style-src 'self' 'unsafe-inline'  https://*.googleapis.com; object-src 'self';  img-src 'self'  https://*.google.com https://*.google.co.za https://www.facebook.com  https://*.google-analytics.com *.doubleclick.net https://*.fnb.co.za  https://*.fnbnamibia.com.na https://*.firstrand.co.za  https://*.fnb.co.ls https://*.fnbbotswana.co.bw  https://*.fnbswaziland.co.sz https://*.vimeocdn.com https://*.vimeo.com  https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com blob:  data: https://*.google.co.za https://*.googletagmanager.com  https://*.googleapis.com https://*.gstatic.com https://media.tenor.com  https://media.giphy.com https://*.googlesyndication.com; media-src  'self' blob: data: https://*.fnb.co.za https://*.fnbnamibia.com.na  https://*.firstrand.co.za https://*.fnb.co.ls  https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz  https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com  https://*.cloudfront.net https://download-video.akamaized.net  https://*.vimeo.com https://*.googleapis.com; font-src 'self'  https://*.gstatic.com; connect-src 'self' https://*.fnbconnect.co.za  https://eu.whatfix.com https://*.gstatic.com  https://*.fnbwealthandinvestments.co.za wss://*.fnbconnect.co.za:*  https://*.googleapis.com https://media.tenor.com https://media.giphy.com  https://*.fnb.co.za https://*.fnbnamibia.com.na  https://*.firstrand.co.za https://*.fnb.co.ls  https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz  https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com  https://*.google.com https://*.google.co.za  https://*.google-analytics.com https://*.googlesyndication.com  https://qa-sgtm-kdhtvzc.uc.r.appspot.com  https://fnb-za-sgtm-km7z7r4k.ey.r.appspot.com *.doubleclick.net;  form-action 'self' https://*.fnb.co.za  https://*.fnbwealthandinvestments.co.za https://*.fnbnamibia.com.na  https://*.firstrand.co.za https://*.fnbci.co.uk https://*.fnb.co.ls  https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz  https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com; 5
frame-ancestors 'self' https://*.negocom-atlantique.com, base-uri 'self', script-src 'self' 'unsafe-inline' 'unsafe-eval' *.negocom-atlantique.com *.point-sys.com *.googletagmanager.com *.google-analytics.com *.google.fr *.googleapis.com *.youtube.com *.dmcdn.net *.jsdelivr.net *.mapbox.com blob: 5
frame-ancestors 'none' ; 5
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 5
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 5
frame-ancestors 'self' https://webvisor.com https://metrika.yandex.ru https://metrica.yandex.ru https://metrika.yandex.com https://metrica.yandex.com; 5
frame-ancestors 'self' https://brita-int.ff360.de 5
script-src 'nonce-e3490acf-ca5c-45ea-8470-b0c629591da1' 'strict-dynamic';media-src 'self' 'self' blob:;; 5
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; 5
frame-ancestors 'self'; img-src *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.frontify.com *.cloudinary.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data:; default-src *.doubleclick.net 'self'; script-src https://*.googletagmanager.com 'self' *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net unpkg.com/@frontify/ *.cloudinary.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; style-src https://fonts.google.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; connect-src https://*.googletagmanager.com 'self' *.mktoresp.com *.google-analytics.com *.frontify.com *.cloudinary.com https://analytics.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src *.frontify.com *.cloudinary.com 'self'; child-src 'self' *.frontify.com cloudinary.com *.cloudinary.com 5
font-src data: https: 'self';connect-src data: https: wss: blob:;default-src 'unsafe-eval' 'unsafe-inline' data: https:;form-action https:;img-src 'self' data: https: blob:;media-src 'self';object-src 'none';script-src data: https: blob: 'unsafe-inline' 'unsafe-eval' id3.expertus.com.ua;style-src data: https: 'self' 'unsafe-inline' 5
worker-src blob:; 5
frame-ancestors 'self' https://panel.onbolder.com; 5
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.marinetraffic.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; frame-ancestors 'self' https://app.socialscreen.com; media-src 'self' blob: https:; worker-src 'self' blob:; 5
default-src 'self'; connect-src *.managecontent.info *.inquence.com *.diagnoze-netsupport24.de *.netsupport24.de *.netsupport24.net *.netsupport24.eu *.regiowerbung.info *.cloudinary.com *.googleapis.com *.openweathermap.org *.cloudflare.com *.meine-ticketbuchung.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' unpkg.com *.diagnoze-netsupport24.de *.netsupport24.net *.netsupport24.de *.netsupport24.eu *.accounts.managecontent.info *.inquence.com *.regiowerbung.info *.cloudinary.com *.googleapis.com *.gstatic.com *.openweathermap.org *.cloudflare.com; img-src 'self' data: *.diagnoze-netsupport24.de *.netsupport24.net *.netsupport24.eu *.netsupport24.de *.netsupport24.com *.regiowerbung.info *.cloudinary.com openweathermap.org *.inquence.com *.openstreetmap.org *.cloudflare.com; style-src 'self' 'unsafe-inline' unpkg.com *.netsupport24.net *.netsupport24.com *.netsupport24.eu *.regiowerbung.info *.openstreetmap.org *.cloudflare.com; frame-ancestors 'self'; frame-src 'self' *.openstreetmap.org; font-src 'self' *.netsupport24.net *.netsupport24.eu *.googleapis.com *.gstatic.com *.cloudflare.com; 5
frame-ancestors ; upgrade-insecure-requests; 5
font-src portal.bulkgate.com *.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.foxentry.cz *.foxentry.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com portal.bulkgate.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com portal.bulkgate.com youtu.be *.vimeo.com *.addthis.com *.meetanshi.com www.googletagmanager.com *.packeta.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io portal.bulkgate.com https://files.zakeke.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.magezon.com meetanshi.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://tile.openstreetmap.org https://balikomat.sps-sro.sk https://i.alza.cz https://cdn.alza.cz maps.gstatic.com bat.bing.net bat.bing.com seznam.cz *.seznam.cz *.foxentry.cz *.foxentry.com cdn.r2.zakeke.com im9.cz *.cloudfront.net *.clarity.ms *.vsetkonamobil.sk *.google.sk *.bing.com *.emjcd.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com portal.bulkgate.com *.gstatic.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.cloudflare.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io *.meetanshi.com connect.facebook.net *.googletagmanager.com *.packeta.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://unpkg.com https://balikomat.sps-sro.sk/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com ajax.cloudflare.com static.cloudflareinsights.com *.smartlook.com *.smartlook.cloud bat.bing.net bat.bing.com seznam.cz *.seznam.cz *.luigisbox.tech *.foxentry.cz *.foxentry.com *.im9.cz *.freshchat.com *.freshworks.com *.mczbf.com *.clarity.ms *.luigisbox.com *.cloudfront.net *.bing.com *.tiktok.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com portal.bulkgate.com *.gstatic.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com unsafe-inline assets.braintreegateway.com https://unpkg.com *.stripe.network *.stripecdn.com *.amazon.com *.luigisbox.tech *.foxentry.cz *.foxentry.com *.freshworks.com *.luigisbox.com *.freshchat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com portal.bulkgate.com *.gstatic.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.cloudflare.com *.paypal.com *.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.packeta.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://unpkg.com https://balikomat.sps-sro.sk https://nominatim.openstreetmap.org *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com static.cloudflareinsights.com *.smartlook.com *.smartlook.cloud bat.bing.net bat.bing.com seznam.cz *.seznam.cz *.luigisbox.tech *.foxentry.cz *.foxentry.com *.freshchat.com *.freshworks.com *.mczbf.com *.luigisbox.com *.clarity.ms *.jsdelivr.net *.doubleclick.net *.tiktok.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src zbozi.cz *.zbozi.cz seznam.cz *.seznam.cz *.foxentry.cz *.foxentry.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
frame-ancestors https://*.enjoy4fun.com https://*.beesads.com 5
require-sri-for script style 5
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https:;connect-src 'self' https:;img-src 'self' data: https:;style-src 'self' 'unsafe-inline' https:;font-src 'self' data: https:;worker-src 'self' blob: data:;media-src 'self' https:;frame-src 'self' https: 5
report-to default 5
default-src 'self'; img-src 'self' https://dovendi.b-cdn.net data:; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://dovendi.b-cdn.net https://www.feedbackcompany.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https://dovendi.b-cdn.net https://www.feedbackcompany.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://dovendi.b-cdn.net https://fonts.googleapis.com; frame-src 'self' https://www.feedbackcompany.com; connect-src 'self' https://www.feedbackcompany.com; 5
frame-ancestors *;  report-uri /log/csp-violation 5
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; font-src 'self' * http://* data: https://*; object-src * blob:;  worker-src 'self' blob:; media-src * blob: data: http: https:; 5
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.trustedshops.com *.trustindex.io *.cookiebot.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.bootstrapcdn.com *.hotjar.io *.hotjar.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://static.addtoany.com/ *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com https://*.dpdconnect.nl *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.trustedshops.com *.trustindex.io *.cookiebot.com https://www.magezon.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.google.nl *.usercentrics.eu *.etrusted.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.trustedshops.com *.trustindex.io *.cookiebot.com https://*.dpdconnect.nl *.avada.io *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com googletagmanager.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.clarity.ms *.hotjar.io *.hotjar.com *.usercentrics.eu *.cloudwaysapps.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.trustedshops.com *.trustindex.io *.cookiebot.com *.fontawesome.com *.multisafepay.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.typekit.net *.bootstrapcdn.com *.etrusted.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.trustedshops.com *.trustindex.io *.cookiebot.com https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.cloudflare.com *.twitter.com *.clarity.ms *.usercentrics.eu *.hotjar.io *.hotjar.com wss://*.hotjar.com *.cloudwaysapps.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://facebook.com https://graph.facebook.com https://staticxx.facebook.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' data: blob: https://api.qrserver.com https://shippingsky.s3.amazonaws.com https://rifarito.s3.amazonaws.com https://www.facebook.com https://facebook.com https://staticxx.facebook.com https://connect.facebook.net https://graph.facebook.com; connect-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://facebook.com https://graph.facebook.com https://connect.facebook.net https://capig.datah04.com https://shippingsky.s3.amazonaws.com https://rifarito.s3.amazonaws.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com https://www.recaptcha.net https://recaptcha.google.com https://www.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.google.com 5
frame-ancestors 'self' *.netcinete.lat netcinete.lat 5
report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=uN679hZcGefFeJYCZRMXPe&v=2&s=439&b=oab; report-to csp-endpoint; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok-usts.com *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokglobalshop.us *.tiktokmusic.me *.tiktokshop.com *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttcdn-us.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com api.music.apple.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com interactives.ap.org media.ticketmaster.eu newassets.hcaptcha.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com static.captchami.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com tx41v.arkoselabs.com unpkg.com vimeo.com lf-tiktok-web-bak.tiktokcdn-us.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: http://localhost:* https://localhost:* wss://im-ws.tiktok.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-usts.com *.tiktok.com/passport/ *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.us *.tiktokglobalshopv.us *.tiktokmusic.me *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv-us.com *.tiktokv.us *.tiktokw.eu/passport/ *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.us.tiktok.com *.us.tiktokv.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com affiliate-us.tiktok.com analytics.tiktok.com api.music.apple.com code.jquery.com effecthouse.tiktok.com facebook.com google.com i.ticketweb.com im-api.tiktok.com im-image.tiktokv.com im-ws.tiktok.com image-va.tiktok.com images.universe.com interactives.ap.org livecenter.tiktok.com login-eu.www.tiktok.com login-no1a.www.tiktok.com login-row.www.tiktok.com login-us.www.tiktok.com media.ticketmaster.eu newassets.hcaptcha.com newsroom.tiktok.com p0-pu-private-useast8.tiktok.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net scm-us.tiktok.com seller-us.tiktok.com shop.tiktok.com starling-i18n.tiktokv.com/check_and_get_text/ starling-sg.tiktokv.com/check_and_get_text/ starling-va.tiktokv.com/check_and_get_text/ static-label.frontgatetickets.com static.captchami.com support.tiktok.com t.co t.tiktok.com tikitoks.com tiktok.captchami.com tiktokfollowersfree.com tv.tiktok.com tx41v.arkoselabs.com unpkg.com us.tiktok.com v16-webapp-prime.tiktok.com v16-webapp.tiktok.com v19-webapp-prime.tiktok.com vas-alisg16.tiktokv.com vas-maliva16.tiktokv.com vas-useast2a.tiktokv.com vas-va.tiktokv.com vcs-sg.tiktokv.com vcs-va.byteoversea.com vcs-va.tiktokv.com verification-i18n.tiktok.com verification-sg.tiktok.com verification-va.byteoversea.com verification-va.tiktok.com verification.tiktokw.eu verification16-normal-no1a.tiktokw.eu verify-sg.byteoversea.com vimeo.com web-i18n.tiktok.com/passport/ web-sg.tiktok.com/passport/ web-va.tiktok.com/passport/ webapp-sg.tiktok.com webapp-va.tiktok.com www.tiktok.com; script-src 'inline-speculation-rules' 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com accounts.google.com apis.google.com billshark-cdn.s3.amazonaws.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net interactives.ap.org js-cdn.music.apple.com/musickit/v3/musickit.js js.braintreegateway.com js.hcaptcha.com js.hsforms.net recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/bric-captcha-ttweb/core-captcha/ static.captchami.com tiktok.captchami.com tx41v.arkoselabs.com unpkg.com vimeo.com www.facebook.net www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com lf-tiktok-web-bak.tiktokcdn-us.com lf16-tiktok-web.tiktokcdn-us.com/obj/tiktok-web-tx/obj/waf-aiso/; worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/legal/report/verification/uploader-oversea-crc32.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js www.tiktok.com/tiktokstudio/static/worker/ www.tiktok.com/tiktokstudio/sw.js www.tiktok.com/web-static-js/ www.tiktok.com/webapp-desktop/static/worker/ 4
default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://yandex.ru https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com https://*.vkvideo.ru 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com https://*.vkvideo.ru 'self' 'unsafe-inline' 4
frame-ancestors *.mi.com; 4
upgrade-insecure-requests; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src 'self' https://assets.guim.co.uk https://pasteup.guim.co.uk https://interactive.guim.co.uk https://dashboard.ophan.co.uk data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none'; base-uri 'none' 4
frame-ancestors 'self' app.storyblok.com; 4
frame-ancestors 'self' https://*.un.org; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com https://resources.trendmicro.com 4
default-src 'self' *.techcrunch.com; frame-ancestors 'self'; frame-src 'self' https: data:; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; connect-src 'self' https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' blob:; media-src 'self' blob: *.youtube.com *.jetpackdigital.com *.jwplayer.com *.jwpsrv.com; font-src 'self' * data:; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; 4
default-src *.asus.com *.asus.com.cn *.freshworksapi.com http://127.0.0.1:24830 http://127.0.0.1:24831 http://127.0.0.1:24832 https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:;style-src * 'unsafe-inline';object-src *; script-src *.asus.com *.asus.com.cn https: 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors 'self' *.asus.com; 4
default-src * 'self' blob: data: 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 4
frame-ancestors 'self' https://onlinexperiences.com https://next.brella.io https://pheedloop.com https://gather.town https://datadog.docebosaas.com/ 4
default-src 'self' *.livejournal.com *.livejournal.net *.dsp-rambler.ru *.google.com google.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru *.tiktok.com tiktok.com *.youtube.com youtube.com; script-src 'self' *.livejournal.com *.livejournal.net *.24smi.net *.adfox.ru *.adlooxtracking.com adlooxtracking.com *.adlooxtracking.ru adlooxtracking.ru ad.mail.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org cdn.jsdelivr.net cdnjs.smi2.ru *.cdn-vk.ru content.adriver.ru *.criteo.com *.criteo.net *.doubleclick.net *.dropbox.com dsp-rambler.ru *.dsp-rambler.ru embed.bsky.app *.exelator.com *.facebook.com *.facebook.net gist.github.com googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.google.ru *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.googletagservices.com *.gstatic.com id.sber.ru *.instagram.com js.mamydirect.com *.lj.ru mc.yandex.com mc.yandex.ru *.newrelic.com *.nr-data.net *.ok.ru openstat.net pingback.giphy.com *.pingdom.com *.pingdom.net *.pinterest.com *.plista.com privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg r.mradx.net *.rnet.plus *.rubiconproject.com r.webturn.ru *.scorecardresearch.com sdk.canva.com *.services.livejournal.com smi2.ru ssl.p.jwpcdn.com static.smi2cdn.ru static.smi2.net static.xx.fbcdn.net stat.media telegram.org tiktokcdn-us.com *.tiktok.com tiktok.com tns-counter.ru *.top100.ru top-fwz1.mail.ru tpc.googlesyndication.com *.ttwstatic.com twemoji.maxcdn.com *.twimg.com *.twitter.com *.videos.livejournal.com vk.com *.vk.com vk.ru *.vk.ru *.weborama.fm weborama.fm *.weborama.fr weborama.fr *.weborama.ru weborama.ru *.weborama-tech.ru weborama-tech.ru *.webturn.ru *.webvisor.org *.yahooapis.com *.yandex.ru yandex.ru yastatic.net ymetrica.com *.youtube.com youtube.com z.moatads.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src blob: http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src 'self' *.livejournal.com *.livejournal.net ad.adriver.ru ad.mail.ru *.ad-tech.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org *.criteo.com csi.gstatic.com data00.adlooxtracking.com dsp-rambler.ru *.dsp-rambler.ru *.eaglecdn.com event.top100.su export-download.canva.com ext.clickstream.sberbank.ru sdk.canva.com *.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com graph.facebook.com gstatic.com id.sber.ru *.lj.ru lj.stat.eagleplatform.com mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.ru pingback.giphy.com *.pingdom.net privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg *.rnet.plus *.services.livejournal.com *.ssp.rambler.ru ssp.rambler.ru static-mon.yandex.net static.xx.fbcdn.net stat.media stats.g.doubleclick.net smi2.net smi2.ru sve.online.sberbank.ru *.tiktok.com tiktok.com top-fwz1.mail.ru *.twitter.com *.webturn.ru *.webvisor.org wss://mc.yandex.ru wss://www.livejournal.com yandexmetrica.com yandexmetrica.com:29010 yandexmetrica.com:30103 *.yandex.net *.yandex.ru yandex.ru yastatic.net ymetrica1.com ymetrica.com *.youtube.com youtube.com; report-uri https://www.livejournal.com/csp_reports; report-to livejournal; media-src http: https: blob: data: storage.mds.yandex.net; frame-ancestors 'self'; worker-src 'self' blob:; object-src 'self' blob: *.livejournal.net youtube.com *.youtube.com; child-src 'self' blob:; 4
frame-ancestors nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com *.thesun.co.uk *.the-sun.com *.thescottishsun.co.uk *.thesun.ie *.staging-thesun.co.uk *.staging-the-sun.com *.staging-thescottishsun.co.uk *.staging-thesun.ie au-script.dotmetrics.net; form-action 'self' *.nypdev.com nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com *.thesun.co.uk *.the-sun.com *.thescottishsun.co.uk *.thesun.ie *.staging-thesun.co.uk *.staging-the-sun.com *.staging-thescottishsun.co.uk *.staging-thesun.ie au-script.dotmetrics.net 4
default-src 'self' https://*.queue-it.net/ https://*.costco.ca/ https://*.costco.com/ https://*.costcobusinessdelivery.com/ https://*.costcobusinesscentre.ca/ https://*.costcobusinesscenter.ca/ https://*.costco-static.com/ https://display.ugc.bazaarvoice.com/ https://api.bazaarvoice.com/; script-src 'self' https://h.costco.com/ https://h.online-metrix.net/ https://*.cybersource.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.cdn-path.com/ https://h.costco.com/ https://dev.virtualearth.net/ https://sdk.virtualearth.net/ https://*.queue-it.net/ https://*.costcobusinessdelivery.com https://*.costcobusinesscenter.ca/ https://cdn.intake-lr.com/ https://cdn.cookielaw.org/ https://*.criteo.com/ http://*.criteo.com/ https://assets.adobedtm.com/ https://s.go-mpulse.net/ https://transcend-cdn.com/ https://apps.bazaarvoice.com/ https://display.ugc.bazaarvoice.com/ https://mobilecontent.costco.com/ https://mobilecontent-qa.costco.com/ https://*.pxlecdn.com https://*.pixlee.com https://*.pixlee.co 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://dev.virtualearth.net/ https://sdk.virtualearth.net/ https://cdn.fonts.net/ 'unsafe-inline' https://transcend-cdn.com/ https://consent.costco.com/ https://consent.costco.ca/ https://consent.costco.com https://display.ugc.bazaarvoice.com/; img-src 'self' https://*.costcobusinessdelivery.com https://*.tiles.virtualearth.net/ https://dev.virtualearth.net/ https://sdk.virtualearth.net/ https://*.costco.ca/ https://*.costco.com/ https://*.costcotravel.com/ https://*.costcotravel.ca/ https://cdn.bfldr.com/ https://*.contentstack.com/ https://*.costco-static.com/ https://cdn.cookielaw.org/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://display.ugc.bazaarvoice.com https://retailmedia-static.azureedge.net https://retailmedia-static.azureedge.net/ https://network-a.bazaarvoice.com https://network-stg-a.bazaarvoice.com https://retailmedia-static.criteo.com/ blob: data:; media-src 'self' https://*.costcobusinessdelivery.com https://*.costco.ca/ https://*.costco.com/ https://cdn.bfldr.com/ https://*.contentstack.com/ https://*.costco-static.com/ https://*.criteo.net/ https://retailmedia-static.criteo.com/ https://*.criteo.net; font-src 'self' https://cdn.bfldr.com/ https://*.costco-static.com/ https://fonts.gstatic.com data:; object-src 'none'; base-uri 'self' about:; form-action 'self' https://www.cdn-path.com/ https://*.costcobusinessdelivery.com https://*.costco.ca/ https://*.costco.com/ https://r.intake-lr.com/ https://*.akstat.io https://*.opinionlab.com; frame-src https://www.cdn-path.com/ https://h.costco.com/ https://h.online-metrix.net/ https://*.cybersource.com/ https://*.costcobusinessdelivery.com https://*.costcobusinesscentre.ca/ https://*.ct-costco.com https://costco.demdex.net/ https://costco.centah.com/ https://consent-sync.costco.com/ https://consent-sync.costco.ca/ https://*.criteo.com/ http://*.criteo.com https://*.pixlee.com https://*.pixlee.co https://*.costco.com/ https://*.costco.ca/ https://*.dynatrace.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://h.costco.com/ https://cdn.bfldr.com/ https://*.dynatrace.com https://www.google.com/recaptcha/ https://gdx-api.costco.com https://gdx-npd.np.api.cc-costco.com https://api-tst.np.gdx.cc-costco.com https://dev.virtualearth.net/ https://sdk.virtualearth.net/ https://spatial.virtualearth.net/ https://*.queue-it.net/ https://*.costcobusinessdelivery.com/ https://*.costcobusinesscenter.ca/ https://*.costcobusinesscentre.ca/ https://*.costco.ca/ https://*.costco.com/ https://*.costco-static.com/ https://*.ct-costco.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://costco.demdex.net/ https://dpm.demdex.net/ https://costco.tt.omtrdc.net/ https://*.criteo.com/ http://*.criteo.com/ https://*.criteo.net/ https://cm.everesttech.net/ https://r.intake-lr.com/ https://*.contentstack.com/ https://assets.adobedtm.com/ https://dcs.adobedc.net/ https://*.akstat.io https://*.go-mpulse.net/ https://*.akamaihd.net https://adobedc.demdex.net/ https://sync-transcend-cdn.com https://transcend-cdn.com/ https://telemetry.transcend.io/ https://telemetry.us.transcend.io/ https://privacyportal.onetrust.com/ https://consent.us.transcend.io/ https://api.bazaarvoice.com/ https://stg.api.bazaarvoice.com/; child-src 'self' blob: data:; upgrade-insecure-requests; 4
frame-ancestors 'self' https://support.ancestry.com 4
default-src 'self' https://www.rapid7.com https://old.rapid7.com https://rapid7-website-development.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website.contentstackapps.com https://newdev.rapid7.com https://staging.rapid7.com https://assets.contentstack.io https://*.qualified.com https://*.vwo.com; script-src 'self' blob: https://www.rapid7.com https://old.rapid7.com https://www.googletagmanager.com http://997-fka-652.mktoweb.com https://997-fka-652.mktoweb.com http://411-nak-970.mktoweb.com https://411-nak-970.mktoweb.com http://information.rapid7.com http://munchkin.marketo.net https://cdn.cookielaw.org https://play.vidyard.com https://packages.prmcdn.io https://connect.facebook.net https://*.6sc.co https://cdn.bizible.com https://*.g2crowd.com https://snap.licdn.com https://px.ads.linkedin.com https://munchkin.marketo.net https://*.clarity.ms https://ws.zoominfo.com https://bat.bing.com https://googleads.g.doubleclick.net https://*.google.com https://www.gstatic.com https://*.impartner.live https://*.qualified.com https://*.googleadservices.com https://*.zi-scripts.com https://*.vwo.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://cdn.pushcrew.com 'unsafe-inline'; style-src 'self' https://www.rapid7.com https://old.rapid7.com https://use.typekit.net https://p.typekit.net https://packages.prmcdn.io https://997-fka-652.mktoweb.com http://997-fka-652.mktoweb.com https://411-nak-970.mktoweb.com http://411-nak-970.mktoweb.com https://information.rapid7.com https://*.vwo.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://cdn.pushcrew.com 'unsafe-inline'; font-src 'self' data: https://www.rapid7.com https://old.rapid7.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://*.vwo.com; img-src 'self' data: blob: https: https://www.rapid7.com https://old.rapid7.com http://play.vidyard.com http://*.6sc.co https://*.6sc.co https://px.ads.linkedin.com https://bat.bing.com https://googleads.g.doubleclick.net https://*.vwo.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://useruploads.vwo.io https://cdn.pushcrew.com; connect-src 'self' https://www.rapid7.com https://old.rapid7.com https://*.googletagmanager.com https://*.adnxs.com https://*.6sense.com https://rapid7-website-development.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website.contentstackapps.com https://graphql.contentstack.com https://*.insight.rapid7.com https://newdev.rapid7.com https://staging.rapid7.com https://cdn.cookielaw.org https://*.google-analytics.com https://partners.rapid7.com https://*.algolia.net https://*.algolianet.com https://*.googlesyndication.com http://997-fka-652.mktoresp.com http://411-nak-970.mktoresp.com http://*.6sc.co https://*.6sc.co https://munchkin.marketo.net https://997-fka-652.mktoresp.com https://411-nak-970.mktoresp.com https://ws.zoominfo.com https://*.bing.com https://*.doubleclick.net https://google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.gstatic.com https://*.clarity.ms https://*.6sc.co https://*.onetrust.com https://*.my.onetrust.com https://*.google-analytics.com https://sessions.bugsnag.com https://*.pusher.com https://*.brighttalk.com https://*.g2.com https://*.qualified.com https://*.ads.linkedin.com https://*.zi-scripts.com https://*.bing.net https://*.analytics.google.com https://*.doubleclick.net wss://*.qualified.com wss://ws-mt1.pusher.com https://*.facebook.net https://*.facebook.com https://*.googleadservices.com https://*.vwo.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://play.vidyard.com https://*.grafana.net; frame-src https://product-tour.rapid7.com https://www.rapid7.com https://old.rapid7.com https://rapid7-website-development.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website.contentstackapps.com https://newdev.rapid7.com https://staging.rapid7.com https://play.vidyard.com https://*.googletagmanager.com https://997-fka-652.mktoweb.com http://997-fka-652.mktoweb.com https://www.brighttalk.com https://411-nak-970.mktoweb.com http://411-nak-970.mktoweb.com https://google.com https://www.rapid7.com/impartner.html https://rapid7-website.contentstackapps.com/impartner.html https://*.doubleclick.net https://*.qualified.com https://*.facebook.com https://information.rapid7.com https://www.google.com https://*.vwo.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://www.youtube.com; worker-src 'self' blob:; frame-ancestors 'self' https://www.rapid7.com https://old.rapid7.com https://newdev.rapid7.com https://staging.rapid7.com https://rapid7-website.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website-development.contentstackapps.com https://app.contentstack.com 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io	 https://solve-widget.forethought.ai https://decagon.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://ucv.bynder.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://app.cal.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://cdn.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://wcs.naver.com https://wcs.naver.net https://cdn01.boxcdn.net https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://cdn.sprig.com https://assets.customer.io https://track.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://maps.googleapis.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4 https://unpkg.com/d3@7.9.0/dist/d3.min.js https://unpkg.com/three@0.150.0/build/three.min.js https://dev-custom-views-modules-usw2.s3.us-west-2.amazonaws.com/components.js https://pagead2.googlesyndication.com https://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://static.hotjar.com https://script.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com;connect-src 'self' data: blob: https://img.notionusercontent.com https://notion.so/eap https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com	 https://makenotion.zendesk.com	 https://api.smooch.io	 wss://api.smooch.io	 https://api.forethought.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://library.notion.com https://d8ejoa1fys2rk.cloudfront.net https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://api.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://assets.customer.io https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://www.google.com https://hcaptcha.com https://*.hcaptcha.com https://tiles.versatiles.org https://maps.googleapis.com https://places.googleapis.com https://api.ipify.org https://pagead2.googlesyndication.com https://google.com https://x.clearbitjs.com https://app.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://*.mktoresp.com https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://grsm.io https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://api.mail.dev.notion.so/graphql https://api.mail.notion.so/graphql https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://d8ejoa1fys2rk.cloudfront.net https://cdn01.boxcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: https: https://img.notionusercontent.com https://mail-resource-proxy.mail.notion.so https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://github.githubassets.com https://d8ejoa1fys2rk.cloudfront.net https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com;frame-src 'self' https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://notion.notion.site https://notion-templates.notion.site;frame-ancestors 'self' https://www.notion.so notion://www.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com 4
default-src https: 'unsafe-inline' 'unsafe-eval'; script-src  https: 'unsafe-inline' 'unsafe-eval'; connect-src  https: 'unsafe-inline'; img-src  https: data: blob: 'unsafe-inline'; frame-src https:; style-src https: 'unsafe-inline'; font-src data:  https: 'unsafe-inline'; 4
frame-ancestors 'self' http://*.almamedia.net https://*.almamedia.net https://app.powerbi.com 4
frame-ancestors 'self' https://console.dnspod.cn 4
default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: com.mmm.postit.miro: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 4
object-src 'none'; frame-ancestors 'self' https://vwo.com https://wingify.com https://*.vwo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://vwo.com https://*.vwo.com https://www.instagram.com/embed.js https://googletagmanager.com https://pulse.vwo.io https://pxl.sprouts.ai https://fast.wistia.net https://fast.wistia.com https://api.cr-relay.com https://cdn.cr-relay.com https://cdn.vector.co https://static.licdn.com https://www.googletagmanager.com https://research.landingpageanalyzer.io https://www.google.com https://cdnjs.cloudflare.com https://alfred-chat.paramize.com https://cse.google.com https://static.getclicky.com https://stats.g.doubleclick.net https://code.jquery.com https://cdn.cookielaw.org https://platform.twitter.com https://js.sentry-cdn.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://www.google-analytics.com https://munchkin.marketo.net https://platform.linkedin.com https://widget.intercom.io https://js.intercomcdn.com https://snap.licdn.com https://pagead2.googlesyndication.com https://*.visualwebsiteoptimizer.com https://www.linkedin.com https://unpkg.com https://connect.facebook.net https://www.redditstatic.com https://bat.bing.com https://bat.bing-int.com https://s.adroll.com https://js.partnerstack.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://d.adroll.com https://cdn.pushcrew.com https://cdn.segment.com https://www.gstatic.com https://vwo-stats-blog.disqus.com https://c.disquscdn.com https://apis.google.com https://glitter.services.disqus.com https://referrer.disqus.com; style-src 'self' 'unsafe-inline' https://*.vwo.com https://player.vwo.me https://static.licdn.com https://s3.amazonaws.com https://*.visualwebsiteoptimizer.com https://cdn.pushcrew.com https://cdn.cookielaw.org https://www.googletagmanager.com https://research.landingpageanalyzer.io https://app.vwo.com https://fast.wistia.com https://www.gstatic.com https://alfred-chat.paramize.com https://c.disquscdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net; frame-src 'self' blob: mailto: https://fast.wistia.net https://fast.wistia.com https://embed.wistia.com https://*.wistia.com https://www.instagram.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://player.vwo.me https://research.landingpageanalyzer.io https://spreadsheets.google.com https://www.linkedin.com https://platform.twitter.com https://www.slideshare.net https://es.slideshare.net https://player.vimeo.com https://docs.google.com https://demo.arcade.software https://open.spotify.com https://pca.st https://www.youtube-nocookie.com https://www.youtube.com https://td.doubleclick.net https://x.adroll.com https://app.vwo.com https://disqus.com https://pippio.com https://live.rezync.com https://accounts.google.com https://www.facebook.com https://www.google.com; worker-src 'self' blob:; report-uri https://o10907.ingest.us.sentry.io/api/4508420150788096/security/?sentry_key=8554c521f7daece1fb5ae0ba9ce98b2b; 4
form-action https: 4
default-src 'self'; img-src data: blob: *; script-src-elem 'self' assets.ubuntu.com www.google-analytics.com www.googletagmanager.com www.youtube.com asciinema.org player.vimeo.com script.crazyegg.com www.googleadservices.com js.zi-scripts.com *.g.doubleclick.net www.google.com www.gstatic.com www.brighttalk.com snap.licdn.com connect.facebook.net maps.googleapis.com www.redditstatic.com munchkin.marketo.net w.usabilla.com api.usabilla.com *.googlesyndication.com cdn.jsdelivr.net https://esm.sh https://cdn.jsdelivr.net buttons.github.io cdn.livechatinc.com api.livechatinc.com secure.livechatinc.com www.tfaforms.com 'unsafe-inline'; font-src 'self' assets.ubuntu.com fonts.google.com cdn.livechatinc.com secure.livechatinc.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; connect-src 'self' www.google.com ubuntu.com analytics.google.com www.googletagmanager.com o4510662863749120.ingest.de.sentry.io www.google-analytics.com *.crazyegg.com *.g.doubleclick.net js.zi-scripts.com *.google-analytics.com px.ads.linkedin.com ws.zoominfo.com youtube.com google.com fonts.google.com maps.googleapis.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com https://esm.sh https://lottie.host https://cdn.jsdelivr.net *.analytics.google.com www.facebook.com *.googlesyndication.com *.mktoresp.com assets.ubuntu.com api.github.com api.livechatinc.com cdn.livechatinc.com secure.livechatinc.com web.facebook.com www.tfaforms.com; frame-src 'self' *.doubleclick.net www.youtube.com/ asciinema.org player.vimeo.com www.googletagmanager.com www.google.com www.brighttalk.com cdn.livechatinc.com secure.livechatinc.com cdn.livechat-static.com; style-src 'self' cdn.jsdelivr.net 'unsafe-inline' www.tfaforms.com; media-src 'self' res.cloudinary.com assets.ubuntu.com; child-src 'self' blob: youtube.com google.com fonts.google.com api.livechatinc.com cdn.livechatinc.com secure.livechatinc.com; 4
frame-ancestors 'self' appsec.aarp.org  secure.aarp.org  cms.aarp.org arenax-testing2-games.aarp.org test.giveback.aarp.org giveback.aarp.org aarpvolunteer.my.site.com aarp.staging.jibeapply.com aarp.devserver.cloud navigator.aarp.org earnpoints.aarp.org events.xg4ken.com ayuda-sp.aarp.org ayuda-s.aarp.org ayuda.aarp.org app.devserver.cloud nutrition.aarp.org aarp.jibeapply.com arenax-testing3-games.aarp.org aarp.theworkademy.com stage.jobskills.aarp.org jobskills.aarp.org feeds.aarp.org memberoffers.aarp.org aarp.org cdn.aarp.net appsec.aarp.org secure-pi.aarp.org test.elearn.aarp.org dev.livablemap.aarp.byf1.dev livablemap.aarp.org nextgen.jobs.aarp.org jobs.aarp.org arenax-testing-games.aarp.org games.aarp.org futureofhousing.aarp.org  aarpfutureodev.wpengine.com aarpfohstage.wpengine.com help-s.aarp.org test.elearn.aarp.org elearn.aarp.org local.aarp.org staging.local.aarp.org longtermscorecard.org careers.aarp.org www.aarp.org yqa.livetech.dev yqa.test caretotalk.aarp.org policybook.aarp.org  policybookdb8jfimehk.devcloud.acquia-sites.com livindexhub.aarp.org livabilityindex.aarp.org livablemap.aarp.org press.aarp.org stage.mediaroom.com policybookwmcd4qm5qv.devcloud.acquia-sites.com dev.livindex-21.aarp.byf1.dev stage.livindex-21.aarp.byf1.dev veterans.aarp.org learn.aarp.org help.aarp.org community.aarp.org services.share.aarp.org secure.aarp.org virtualevents.aarp.org cdn.kitewheel.com aarp.brand.live aarpsandbox.brand.live test.virtualevents.aarp.org elearn.aarp.org blog.aarp.org taxappointment.aarp.org banksafetraining.aarp.org virtualevents.aarp.org; 4
default-src 'none'; form-action 'self' https://login.microsoftonline.com https://madmimi.com https://www.facebook.com; frame-ancestors 'self' https://*.matomo.cloud https://*.innocraft.cloud http://localhost; base-uri 'self' https://demo-web.matomo.org https://web.innocraft.cloud; connect-src 'self' https://matomo.org https://web.innocraft.cloud https://www.userlike.com https://cdn.plyr.io https://demo-web.matomo.org https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://chat.userlike.com wss://umd.userlike.com https://api.userlike.com https://video.matomo.org https://api.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://v1.api.service.cmp.usercentrics.eu https://privacy-proxy.usercentrics.eu https://graphql.usercentrics.eu; script-src 'self' https://snap.licdn.com  https://userlike-cdn-umm.b-cdn.net https://web.innocraft.cloud https://cdn.matomo.cloud https://embed.clickmeeting.com https://madmimi.com https://cdn.shortpixel.ai https://cdnjs.cloudflare.com https://www.youtube.com api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://demo-web.matomo.org https://m-img.org 'unsafe-eval' 'unsafe-inline' https://app.usercentrics.eu https://api.usercentrics.eu https://web.cmp.usercentrics.eu https://privacy-proxy.usercentrics.eu; style-src 'self' 'unsafe-inline' https://demo-web.matomo.org https://web.innocraft.cloud https://app.usercentrics.eu; img-src 'self' https://*.matomo.org https://demo-web.matomo.org https://web.innocraft.cloud https://plugins.matomo.org https://qrcode.kaywa.com https://raw.githubusercontent.com https://user-images.githubusercontent.com https://m-img.org https://piwik.org https://matomo.org https://video.matomo.org https://app.usercentrics.eu https://uct.service.usercentrics.eu api.userlike.com https://userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com data:; media-src 'self' https://video.matomo.org https://www.matomo.org https://matomo.org blob:; font-src 'self' https://matomo.org https://*.matomo.org https://userlike-cdn-umm.b-cdn.net https://demo-web.matomo.org https://web.innocraft.cloud data:  https://github.com https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://www.facebook.com https://play.quickchannel.com https://matomo.clickmeeting.com https://embed.clickmeeting.com https://www.youtube-nocookie.com https://demo.matomo.cloud https://demo-web.matomo.org https://demo2.piwik.org https://demo2.matomo.org https://app.usercentrics.eu https://web.cmp.usercentrics.eu; 4
frame-ancestors 'self' https://guides.opentext.com wss://ws8.qualified.com https://opentext.sl.smartling.com https://assets.opentext.com https://partnermarketing.opentext.com https://content.microfocus.com; default-src data: 'unsafe-inline' 'unsafe-eval' https:;style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src  https:; connect-src https:; object-src https:; child-src https:; 4
frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz https://nzme.coral.coralproject.net/; 4
frame-ancestors 'self' https://portal.watchguard.com https://portal.staging.watchguard.com https://portal.test.watchguard.com https://portal.devci.watchguard.com; report-uri /report-csp-violation 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 4
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self'; 4
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: wss: *.2o7.net *.ac-systems.com *.adobe.com *.adobe.io *.adobedtm.com *.adoberesources.net *.adsymptotic.com *.akamaihd.net *.amazonaws.com *.amelia.com *.arcgis.com *.atdmt.com *.base.be *.bbvms.com *.bluebillywig.com *.bluecoat.com bf72526xwo.bf.dynatrace.com *.clarity.ms *.cloudfront.net *.companymatch.me *.contentsquare.com *.contentsquare.net *.cookielaw.org *.customersaas.com *.day.com *.demdex.net *.doubleclick.net *.driftqa.com *.driftt.com *.everesttech.net *.facebook.com *.facebook.net *.fontawesome.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io *.licdn.com *.linkedin.com *.litix.io *.loadinggif.com *.luckycycle.com *.marketo.net *.mktoresp.com *.mktoutil.com *.mobistar.be *.nettjar.com *.omtrdc.net *.onetrust.com *.oribi.io *.pegacloud.net *.pingvp.com *.pinimg.com *.pinterest.com *.premiumplus.io *.qelpcare.com *.salesforce.com *.salesforceliveagent.com *.sfdcstatic.com *.snapchat.com *.speedtestcustom.com *.telenet-ops.be *.telenet.be *.telenet.be:* *.telenet.be.seg.js *.telenetcampagnes.be *.typekit.net *.typography.com *.unpkg.com *.upc.ch *.usabilla.com *.vimeo.com *.webgains.com *.webgains.io *.wista.com *.wistia.com *.wistia.net *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com *.zentr.cc *.zentrick.com *.zopim.com *.zopim.io *.binkies3d.com app.insites.com cdn.clinch.co trk.clinch.co cookies-data.onetrust.io eur01.safelinks.protection.outlook.com html5-player.libsyn.com playlist.megaphone.fm widget.euw1.chat.pega.digital sc-static.net binkiesproductionweu.servicebus.windows.net binkiescontentnode.blob.core.windows.net binkiesteaserstorage.blob.core.windows.net online.publuu.com *.bing.com bytedance.com sslocal.com analytics.tiktok.com widget.trustpilot.com;img-src 'self' blob: data: *.telenet.be *.telenet.be:* https: http://loadinggif.com *.doubleclick.net *.loadinggif.com binkiescontentnode.blob.core.windows.net binkiesdevnode.blob.core.windows.net *.tiktok.com; 4
frame-ancestors 'self' https://*.adobe.com; 4
upgrade-insecure-requests; frame-ancestors 'self' https://www.elespanol.com https://*.elespanol.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org 4
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleoptimize.com https://*.cookielaw.org https://*.cloud.coveo.com https://*.googletagmanager.com https://*.fundraiseup.com https://*.google-analytics.com https://*.hotjar.com https://*.facebook.net https://*.quantserve.com https://*.adsrvr.org https://*.vimeocdn.com https://*.pixel.ad https://*.pardot.com https://*.optimizely.com https://*.doubleclick.net https://*.googleadservices.com https://*.sascdn.com https://*.id5-sync.com https://*.licdn.com https://*.ads-twitter.com https://*.googlesyndication.com *; style-src 'self' 'unsafe-inline' *; connect-src 'self' 'unsafe-inline' *; font-src 'self' data: *; img-src 'self' data: *; frame-src 'self' *; media-src 'self' blob: data: * 4
default-src 'self' *.alamy.com *.alamyimages.de *.alamyimages.it *.alamyimages.fr; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.alamy.com *.alamyimages.fr *.notifpush.com *.notifpush.com *.gjigle.com *.gddglis.com *.notifadz.com notifpush.com notifpush.com gjigle.com gddglis.com notifadz.com *.live.net *.link5view.com *.termly.io *.usersnap.com usersnap.com *.leadinfo.com alamy.my.site.com *.ads.google.com ads.google.com *.surveymonkey.com *.formisimo.com *.facebook.net *.impactradius-event.com *.cookieyes.com *.cdn-cookieyes.com *.leadinfo.net *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.depositphotos.com *.amazonaws.com *.addthis.com *.jquery.com *.cardinalcommerce.com *.postcodeanywhere.co.uk *.salesforce.com *.commercetools.com *.cybersource.com *.salesforceliveagent.com *.googleapis.com *.newrelic.com *.trackedlink.net *.force.com *.licdn.com *.trackedweb.net *.stackadapt.com *.abtasty.com *.clarity.ms *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com; style-src * 'unsafe-inline' data:; img-src * data:; font-src * data:; frame-ancestors 'self' *.alamy.com; frame-src 'self' https: http: ws: wss: data: mailto:; connect-src *; object-src 'none'; base-uri 'self'; manifest-src 'self' *.alamy.com; media-src 'self' *.alamy.com *.amazonaws.com *.depositphotos.com; worker-src 'self' *.alamyimages.fr notifpush.com gjigle.com gddglis.com notifadz.com *.notifpush.com *.gjigle.com *.gddglis.com *.notifadz.com; 4
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.cloudflare.com www.yola.com unpkg.com       *.yolacdn.net cdn.ravenjs.com *.googleapis.com *.sharethis.com www.googleoptimize.com www.googletagmanager.com *.googleusercontent.com       *.gstatic.com secure.gravatar.com www.facebook.com www.google-analytics.com *.google.com *.yola.net *.yola.com *.yolaqa.com       *.storylane.io *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.f.vimeocdn.com *.i.vimeocdn.com jitter.video       stats.g.doubleclick.net *.fullstory.com s.w.org *.sitewit.com *.wikimedia.org www.youtube.com wp-themes.com *.sitebuilderhostqa.net       data: blob:;frame-ancestors 'self'; form-action 'self'; 4
default-src 'self' *.brightcove.com *.browser-intake-datadoghq.com *.coveo.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.teads.tv *.pinterest.com *.hotjar.com *.iesnare.com *.infogram.com *.liadm.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.reddit.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net *.yobi.ai adobetag.com analytics-ipv6.tiktokw.us api-js.mixpanel.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.measureone.com api.omniture.com app.optinmonster.com apps.rokt.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com cdn.lr-ingest.com cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com ik.imagekit.io img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com libraweb.tiktokw.us loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com https://sc-static.net *.snapchat.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com https://cdn.allitrk.com https://apps.rokt-api.com https://www.redditstatic.com https://collector.allitrk.com ws://*.hotjar.com wss://*.hotjar.com *.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com *.mczbf.com *.sjwoe.com analytics.tiktok.com cdn.pdst.fm *.trustpilot.com trkn.us us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm *.qualtrics.com analytics.google.com *.nextdoor.com *.google.com *.yoast.com yoast.com *.datadoghq-browser-agent.com *.datadoghq.com *.yieldmo.com pix.pub *.biocatch.com *.we-stats.com activitymap.adobe.com *.branch.io app.link *.app.link s.pinimg.com unpkg.com *.inmobicdn.net analytics-sm.com browser-intake-datadoghq.com google.com tags.srv.stackadapt.com nextinsure.com *.nextinsure.com *.save.auto *.supermoney.com *.ownup.com pixels.spotify.com js.adsrvr.org match.adsrvr.org sync.adsrvr.org insight.adsrvr.org pixel.adsrvr.org servedby.thedmp.com global.prod.uidapi.com prod.euid.eu *.money.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; font-src * data:; frame-ancestors 'self' 4
base-uri 'none';              connect-src 'self' https:;              default-src 'self';              font-src 'self';              form-action 'self';              frame-ancestors files.prismic.io;              frame-src vercel.live prismic.io *.prismic.io *.oncehub.com *.youtube.com *.twitter.com *.facebook.com *.google.com *.googletagmanager.com;              img-src * data:;              manifest-src 'self';              media-src *.prismic.io;              object-src 'none';              script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io www.google.com www.gstatic.com *.doubleclick.net *.g2crowd.com;              style-src 'self' 'unsafe-inline';              worker-src 'self'; 4
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 4
SAMEORIGIN 4
frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests; 4
default-src 'self' *.usbank.com 'unsafe-inline' 'unsafe-eval' blob: data:  cdn.appsflyer.com cdn.pdst.fm connect.facebook.net conv-tm.everesttech.net ct.pinterest.com d.agkn.com www.datadoghq-browser-agent.com browser-intake-datadoghq.com display.powerreviews.com dsum-sec.casalemedia.com eb2.3lift.com edge.adobedc.net assetts.adobedtm.com fast.fonts.net fonts.gstatic.com google.com hb.yahoo.net ib.adnxs.com idpix.media6degrees.com jadserve.postrelease.com match.sharethrough.com mid.rkdms.com mpsnare.iesnare.com opreq.observepoint.com partners.tremorhub.com pippio.com pixel.rubiconproject.com pixel.tapad.com players.brightcove.net *.invoca.net s.pinimg.com schema.milestoneinternet.com sc-static.net simage2.pubmatic.com siteimproveanalytics.com snap.licdn.com solutions.invocacdn.com ssa.gov static.3playmedia.com sync.bfmio.com sync.taboola.com sync.teads.tv sync-stgz.ads.yieldmo.com t.co tags.tiqcdn.com usbankinteractive.postclickmarketing.com utt.impactcdn.com vjs.zencdn.net websdk.appsflyer.com www.emjcd.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.mczbf.com www.usbankedge.com x.bidswitch.net *.adoberesources.net *.adsrvr.org *.ads-twitter.com *.akamaihd.net *.amazonaws.com *.appdynamics.com *.bing.com *.boltdns.net *.brightcove.com *.brightcovecdn.com *.c3tag.com *.casalemedia.com *.company-target.com *.demandbase.com *.demdex.net *.doubleclick.net *.eum-appdynamics.com *.force.com *.glance.net *.glancecdn.net *.google.co.in *.google.com *.googleapis.com *.gstatic.com *.impactradius-event.com *.jsdelivr.net *.kitewheel.com *.knotch.com *.knotch-cdn.com *.krxd.net *.leadfusion.com *.linkedin.com *.loggly.com *.marketo.net *.miaprova.com *.mktoresp.com *.mktoutil.com *.mrpdata.net *.mykukun.com *.nextdoor.com *.ojrq.net *.omtrdc.net *.onetrust.com *.powerreviews.com *.pxf.io *.qualtrics.com *.quantummetric.com *.rlcdn.com *.ru4.com *.salesforceliveagent.com *.sandbox.file.force.com *.siteimproveanalytics.io *.sjv.io *.snapchat.com *.storygize.net *.tealiumiq.com *.turn.com *.typekit.net *.us.bank-dns.com *.videoamp.com *.yahoo.com *.youtube.com *.byspotify.com *.spotify.com *.dianomi.com *.pixel.admedia.com *.schemaapp.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.clickagy.com *.rokt.com *.rokt-api.com *.roktinternal.com *.zi-scripts.com *.zoominfo.com *.ispot.tv wss://*.amazonaws.com wss://*.glance.net wss://mpsnare.iesnare.com; report-uri /svt/ecm/csp-violation-report 4
default-src 'self' data: blob:; 4
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://js.adsrvr.org https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://*.decibelinsight.net https://*.decibel.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://*.razorpay.com https://public.flourish.studio/resources/embed.js https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv https://*.kampyle.com https://*.medallia.eu; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://insight.adsrvr.org https://t.teads.tv https://l.teads.tv https://ade.googlesyndication.com https://match.adsrvr.org https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com https://maersk.my.salesforce-sites.com https://public.flourish.studio https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv https://*.kampyle.com https://*.medallia.eu https://server.arcgisonline.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; frame-src https://*.maersk.com https://*.maersk.com.cn https://insight.adsrvr.org https://www.googletagmanager.com https://match.adsrvr.org https://*.maersk.io https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://*.razorpay.com  https://flo.uri.sh/ https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://maersk-designsystem.azureedge.net https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; connect-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://login.microsoftonline.com https://t.teads.tv https://cm.teads.tv https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://maersk.my.salesforce-scrt.com https://chatbot-test-app.herokuapp.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com wss://proxy2.scm.maersk.com https://*.razorpay.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://*.kampyle.com https://*.medallia.eu; worker-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv blob:; 4
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 4
frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks 4
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data:; form-action 'self' *; frame-src 'self' *; 4
upgrade-insecure-requests; frame-ancestors *.brigitte.de *.gala.de *.guj.digital *.wpf.digital *.guj.rocks *.eltern.de *.essen-und-trinken.de *.urbia.de *.vorname.com; frame-src *; 4
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 4
frame-ancestors 'self' https://adobemc.com https://nfcu.experiencecloud.adobe.com https://experience.adobe.com 4
frame-ancestors 'self' https://frida.main.messefrankfurt.com/ *.messefrankfurt.com 4
frame-ancestors 'self' https://app.eu.contentful.com 4
default-src *; script-src 'unsafe-inline' 'unsafe-eval' * https://*.tuurbo.ai https://*.cloudflareinsights.com; worker-src 'self' 'unsafe-eval' blob: http: https: ; style-src 'unsafe-inline' * https://*.tuurbo.ai; img-src http: https: data:  https://*.tuurbo.ai; font-src http: https: data: blob: ; media-src * blob: 4
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com wss://*.hunqz.com *.planetromeo.com *.romeo.com offline-page.pages.dev *.facebook.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net https://challenges.cloudflare.com *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.blufm.de blufm.de *.firebaseio.com *.youtube.com *.facebook.com *.twitter.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com https://challenges.cloudflare.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.twitter.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 4
connect-src 'self' * https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com; default-src 'self'; form-action 'self'; font-src 'self' * data: 'unsafe-inline' 'unsafe-eval' *.useinsider.com *.api.useinsider.com; frame-ancestors 'none'; frame-src 'self' * blob: 'unsafe-inline' 'unsafe-eval' *.useinsider.com *.api.useinsider.com; img-src 'self' * data: 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com; manifest-src 'self'; media-src 'self' * blob: 'unsafe-inline' 'unsafe-eval'; object-src 'self' * 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com; script-src-attr 'self' * 'unsafe-eval' 'unsafe-inline'; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.useinsider.com *.api.useinsider.com; script-src-elem 'self' * 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com; style-src-attr 'self' * 'unsafe-eval' 'unsafe-inline'; style-src 'self' * 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com; style-src-elem 'self' * 'unsafe-eval' 'unsafe-inline'; worker-src 'self' *  blob: 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com; 4
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src * ; frame-ancestors 'self' ; style-src * data: 'unsafe-inline' ; font-src * data: ; 4
child-src 'self' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.hotjar.com https://*.hsforms.com https://*.sitescout.com https://www.databank.com; connect-src 'self' https://*.akamaihd.net https://*.amazonaws.com https://*.company-target.com https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.hs-sites.com https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hubspot.com https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.mktoutil.com https://*.omappapi.com https://*.optimizely.com https://*.parsely.com https://*.salesloft.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wp.com https://*.youtube.com https://bat.bing.com https://bat.bing.net https://maps.googleapis.com https://obseu.bmccfortress.com https://tagmanager.google.com https://www.databank.com https://www.googletagmanager.com wss://*.hotjar.com; default-src 'self' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://www.databank.com; font-src 'self' data: https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.gstatic.com https://*.wp.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.databank.com; frame-src 'self' https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.hs-sites.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.instagram.com https://*.issuu.com https://*.marketo.com https://*.sitescout.com https://*.vimeo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com/ https://*.wordpress.com https://*.wp.com https://*.youtube.com https://s-static.ak.facebook.com https://tagmanager.google.com https://www.databank.com https://www.googletagmanager.com; img-src 'self' data: https://*.adentifi.com https://*.adnxs.com https://*.adroll.com https://*.adsymptotic.com https://*.agkn.com https://*.akamaihd.net https://*.bidr.io https://*.bidswitch.net https://*.bing.com https://*.cardlytics.com https://*.company-target.com https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.hubspotusercontent-na1.net https://*.instagram.com https://*.linkedin.com https://*.openx.net https://*.owneriq.net https://*.parsely.com https://*.predictiveresponse.net https://*.reson8.com https://*.rlcdn.com https://*.sitescout.com https://*.usbrowserspeed.co https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wordpress.com https://*.wp.com https://*.yahoo.com https://*.youtube.com https://amps-production.imgix.net https://bat.bing.net https://googleads.g.doubleclick.net https://img.youtube.com https://maps.googleapis.com https://obseu.bmccfortress.com https://storage.pardot.com https://www.databank.com https://www.googletagmanager.com; media-src 'self' blob: data: file: https://*.akamaihd.net https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.wistia.com/ https://www.databank.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adnxs.com/ https://*.adroll.com https://*.ads-twitter.com https://*.bing.com https://*.convertiv.com https://*.cookiebot.com https://*.crazyegg.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.demandbase.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.hsleadflows.net https://*.hubapi.com https://*.hubspot.com https://*.hubspot.net https://*.hubspotfeedback.com https://*.instagram.com https://*.jsdelivr.net https://*.licdn.com https://*.marketo.com https://*.marketo.net https://*.ml314.com https://*.optmnstr.com https://*.pardot.com https://*.parsely.com https://*.pixel.ad https://*.predictiveresponse.net https://*.remarketstats.com https://*.salesloft.com https://*.scriptintel.io https://*.twitter.com https://*.usbrowserspeed.com https://*.vimeo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wp.com https://connect.facebook.net https://ml314.com https://obseu.bmccfortress.com https://tagmanager.google.com https://unpkg.com https://wistia.com https://www.clickcease.com https://www.databank.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.googleapis.com https://*.gravatar.com https://*.jsdelivr.net https://*.marketo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wp.com https://tagmanager.google.com https://www.databank.com; worker-src 'self' blob: data: file: filesystem: https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://www.databank.com 4
frame-ancestors 'self' *.wd.com centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net static.westerndigital.com cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.sandbox.affirm.com cdn1-sandbox.affirm.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com *.bazaarvoice.com mpsnare.iesnare.com *.googleapis.com *.paypal.com tracking.channelsight.com gateway.foresee.com sc-static.net qoe-1.yottaa.net cdn.yottaa.com ecwportal.vertexsmb.com j.6sc.co s.yjtag.jp yjtag.yahoo.co.jp s.yimg.jp tag.demandbase.com paapi8935.d41.co cdn-0.d41.co id.rlcdn.com ecf.d41.co *.googlesyndication.com *.zinrelo.com wd-en.widget.custhelp.com script.mfilterit.net  wafs.mfilterit.net  'unsafe-eval' apps.usw2.pure.cloud 'unsafe-inline'; 4
frame-ancestors 'self' *.americangreetings.com *.bluemountain.com *.jacquielawson.com *.justwink.com *.agpre.net *.imgag.com carltoncards.ca *.papyrusonline.com *.facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com *.contentstack.com papyrus-develop.go-vip.net papyrus-preprod.go-vip.net papyrus.go-vip.net homeiswherethemanais.webflow.io holidayhouse.teremana.com 4
default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://*.google.com https://*.youtube.com https://*.gstatic.com https://*.gstatic.cn https://*.ul.com https://player.vimeo.com https://www.recaptcha.net *.salesforce-sites.com data: blob:; connect-src 'self' https://*.acsbapp.com https://*.wistia.com http://*.wistia.com https://*.wistia.net *.wistia.cdn.com https://*.ul.com https://www.google-analytics.com https://*.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com http://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://*.nr-data.net https://sheets-proxy.knightlab.com wss://*.hotjar.com https://csp.withgoogle.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://*.litix.io https://*.qualtrics.com https://en.wikipedia.org/ *.my.salesforce-sites.com https://api.company-target.com https://acsbapp.com https://cdn.acsbapp.com https://*.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://uliodev.azure-api.net/informatica-email-phone/Global_Email_Phone_Validation https://io.ul.com/informatica-email-phone/Global_Email_Phone_Validation https://na1.ai.dm-us.informaticacloud.com/active-bpel/public/rt/cTHkDDQ8MOqgFALFbuPY0C/Global_Email_Phone_Validation_test https://ulenterpriseorg--devservice.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--intdev.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--sit.sandbox.my.salesforce-scrt.com *.my.salesforce-scrt.com *.adobe.io wss://*.adobe.io https://adobeid-na1.services.adobe.com https://*.adobelogin.com https://auth.services.adobe.com https://delegated.identity.adobe.com https://www.recaptcha.net *.doubleclick.net *.6sc.co *.zi-scripts.com *.zoominfo.com https://*.algolia.net *.clickcease.com bat.bing.com https://www.googletagmanager.com; font-src 'self' https://*.wistia.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.gstatic.com https://*.gstatic.cn https://script.hotjar.com https://*.ul.com https://fast.wistia.com/ https://acsbapp.com https://consent.trustarc.com https://cdnjs.cloudflare.com https://*.typekit.net data: https://cdn.jsdelivr.net; frame-src 'self' https://*.marketo.com https://*.google.com https://player.vimeo.com https://*.youtube.com https://fast.wistia.com https://fast.wistia.net https://vars.hotjar.com https://www.facebook.com http://*.ul.com https://*.ul.com https://www.recaptcha.net https://*.addtoany.com https://*.doubleclick.net https://airtable.com https://ulsolutions.qualtrics.com *.salesforce.com *.salesforce-sites.com http://consent-pref.trustarc.com company-target.com *.company-target.com https://documentcloud.adobe.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com experience.adobe.com js.stripe.com www.googletagmanager.com https://ulsolutions.outgrow.us; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://fast.wistia.com https://fast.wistia.net https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.ul.com https://s.ml-attr.com https://*.adnxs.com https://attr.ml-api.io https://pixel.mathtag.com https://*.amazonaws.com https://*.acsbapp.com https://*.qualtrics.com *.trustarc.com https://ul.com https://id.rlcdn.com https://segments.company-target.com/validateCookie https://assets.adoberesources.net https://lh3.googleusercontent.com data: *.adobeaemcloud.com https://ulsolutions.outgrow.us *.kickfire.com *.6sc.co https://live-shimadzu.pantheonsite.io https://live-wwwul.pantheonsite.io https://live-latamul.pantheonsite.io https://live-emergo1.pantheonsite.io https://live-aunzul.pantheonsite.io https://live-vietnam-ul.pantheonsite.io https://test-shimadzu.pantheonsite.io https://test-wwwul.pantheonsite.io https://test-latamul.pantheonsite.io https://test-emergo1.pantheonsite.io https://test-aunzul.pantheonsite.io https://dev-shimadzu.pantheonsite.io https://dev-wwwul.pantheonsite.io https://dev-latamul.pantheonsite.io https://dev-emergo1.pantheonsite.io https://dev-aunzul.pantheonsite.io https://develop-shimadzu.pantheonsite.io https://develop-wwwul.pantheonsite.io https://develop-latamul.pantheonsite.io https://develop-emergo1.pantheonsite.io https://develop-aunzul.pantheonsite.io https://aunz.psapp.dev https://emergo.psapp.dev https://latam.psapp.dev https://shimadzu.psapp.dev https://ul.psapp.dev https://test-vietnam-ul.pantheonsite.io https://dev-vietnam-ul.pantheonsite.io https://develop-vietnam-ul.pantheonsite.io bat.bing.com; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.wistia.net *.wistia.cdn.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sentry-cdn.com https://*.wistia.com http://*.wistia.net https://*.wistia.net https://*.youtube.com http://*.youtube.com https://*.vimeo.com https://connect.facebook.net https://*.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://googleads.g.doubleclick.net https://*.ul.com https://*.ul-renewables.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.c212.net https://c212.net https://pixel.mathtag.com *.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.marketo.com https://browser-update.org http://browser-update.org https://acsbapp.com https://cdn.acsbapp.com https://*.qualtrics.com https://en.wikipedia.org https://tag.demandbase.com http://munchkin.marketo.net http://consent.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://assets.adoberesources.net https://documentcloud.adobe.com https://service.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.lightning.force.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com blob: https://ulsolutions.outgrow.us *.adobedtm.com *.doubleclick.net *.kickfire.com *.6sc.co *.zi-scripts.com https://src.litix.io *.clickcease.com bat.bing.com consent.trustarc.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://commons.ul.com https://experience.adobe.com https://fast.wistia.com https://js.stripe.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://static.addtoany.com https://*.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.typekit.net *.salesforce.com *.salesforce-sites.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com https://ulsolutions.outgrow.us https://fast.wistia.com cdnjs.cloudflare.com https://cdn.knightlab.com; frame-ancestors 'self' *.salesforce-sites.com *.force.com 4
frame-ancestors 'self' https://admarket.no https://admarket.schibsted.se https://frontpage-wayback-machine.sls.schibsted.tech/ https://front-video-tool.aftenposten.no/ https://*.pr.sls.schibsted.tech; upgrade-insecure-requests 4
report-uri https://gcp.api.snapchat.com/web-reporting/report;report-to main-endpoint 4
default-src 'self' https:; connect-src 'self' https: wss://realtime.luckyorange.com wss://in.visitors.live; font-src 'self' https: data:; img-src 'self' https: data: blob:; media-src 'self' blob:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'report-sample' 'unsafe-inline' https:; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 4
require-trusted-types-for 'script';report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport 4
frame-ancestors 'self' www.liligo.fr; 4
default-src 'self' https://brightdata.com media.brightdata.com 'unsafe-inline' 'unsafe-eval' data: google.com *.google.com *.google.ad *.google.ae *.google.com.tr *.google.co.il *.google.co.cr *.google.ca *.google.com.ua *.google.es *.google.co.in *.google.com.sg *.google.com.np *.google.com.mt *.google.de *.google.com.bd *.google.co.id *.google.it *.google.co.uk *.google.co.th  *.google.co.kr *.google.fr *.google.co.za *.google.com.my *.google.com.co *.google.co.ve *.google.com.sa *.google.pt *.google.be *.google.cz *.google.co.ma *.google.com.br *.google.com.cy *.google.co.jp *.google.com.vn *.google.com.tw *.google.ro *.google.co.ke *.google.com.ng *.google.hu *.google.pl *.google.ie *.google.nl *.google.se *.google.com.do *.google.com.mx *.google.co.mz *.google.at *.google.com.ph *.google.ge *.google.com.au *.google.dz *.google.ch *.google.rs *.google.cn *.google.la *.google.by *.google.com.gt *.google.tn *.google.cl *.google.com.py *.google.ge *.google.com.ar *.google.lk *.google.com.kh *.google.ru *.google.com.mm *.google.az *.google.com.hk *.google.kz *.google.com.gh *.google.am *.google.me *.google.com.et *.google.no *.google.md *.google.com.pk *.google.bj *.google.com.af *.google.hr *.google.co.uz *.google.com.pa *.google.com.sv *.google.cm *.google.bg *.google.sk *.google.com.pr *.google.com.eg *.google.lu *.google.al *.google.si *.google.com.jm *.google.iq *.google.lu *.google.com.pe *.google.com.ec *.google.com.bo *.google.kg *.google.mu *.google.sn *.google.rw *.google.co.ug *.google.gr *.google.fi *.google.mk *.google.com.lb *.google.ee *.google.jo *.google.ba *.google.com.sv *.google.ps *.google.com.fj *.google.co.ao *.google.com.gi *.google.com.qa *.google.tt *.google.gy *.google.lt *.google.com.sv *.google.mg *.google.tm *.google.gm *.google.so *.google.cz *.google.co.tz *.google.com.uy *.google.bf *.google.vg *.google.com.cu *.google.sm *.google.com.bn *.google.hn *.google.ci *.google.com.na *.google.co.ls *.google.dk *.google.co.nz *.google.ht *.google.cv *.google.ne *.google.mv google.com.sb google.is google.com.ly google.com.kw google.co.vi google.je google.sc google.cd google.mg google.cg google.lv google.tg google.bt google.vu google.dz google.com.pg google.ht google.com.ni google.co.id google.com.uy google.mn google.bs google.tj google.co.uk google.com.sl google.com.bz google.ml google.com.ph google.co.in google.tm google.ms google.com.tj *.googletagmanager.com *.google-analytics.com www.pagespeed-mod.com *.doubleclick.net http://ad.doubleclick.net www.youtube.com i.ytimg.com *.userway.org *.gravatar.com cdn.jsdelivr.net widget.trustpilot.com ajax.cloudflare.com yoast.com *.clarity.ms *.bing.com bat.bing.net px.ads.linkedin.com snap.licdn.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com *.hubspot.com *.hsforms.net *.hsforms.com api.hubapi.com *.hsappstatic.net www.googleadservices.com *.googlesyndication.com *.googleapis.com assets.calendly.com calendly.com *.vwo.com *.visualwebsiteoptimizer.com *.zdassets.com assets.brightdata.com *.thesmilingelbows.com *.mxpnl.net cdn.mxpnl.com widget-mediator.zopim.com *.yandex.ru *.yandex.net yastatic.net *.facebook.com *.facebook.net *.comeet.com www.comeet.co *.reddit.com js.usemessages.com *.geetest.com brightdata.com *.brightdata.com media.brightdata.com api.openai.com hola.org widget.intercom.io *.linkedin.com js.intercomcdn.com api-iam.intercom.io hubspot-forms-static-embed.s3.amazonaws.com api-js.mixpanel.com *.oribi.io code.jquery.com unpkg.com *.yandex.com *.yandex.md *.yandex.by *.netstar-inc.com *.gstatic.com cdn.datatables.net *.redditstatic.com *.6sc.co *.6sense.com *.entail-insights.com widgets.entail.ai *.quora.com *.ipqualityscore.com *.debugbear.com *.cloudflare.com cdnjs.cloudflare.com js.hsadspixel.net px.ads.linkedin.cn brightdata.chilipiper.com fast.wistia.com *.warmwelcome.com *.cloudfront.net wa.onelink.me czedgingtenges.com brightdata.zendesk.com app.vwo.com useruploads.vwo.io *.taboola.com; frame-ancestors 'self'; worker-src blob: 'self'; report-uri https://brightdata.com/web_api/report_csp 4
upgrade-insecure-requests;block-all-mixed-content 4
frame-ancestors 'self' https://trustseal.enamad.ir; 4
frame-ancestors https://trustseal.enamad.ir 4
frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com https://siteblocks.com; 4
frame-ancestors chrome-extension://mbofgadpoeclogccaclfpdpnclommnmi chrome-extension://ekbmjlhcmklhfndhclgcgpghpgmlcaof chrome-extension://bpamhfbbljgioillepebmmegmjdkaoge chrome-extension://joccojpbogmpagfepecinlmiibacfhlb; 4
script-src 'unsafe-inline' 'unsafe-eval' http: https: blob: 4
frame-ancestors https://blog.sherwin-williams.com https://www.sherwin-williams.com https://*.sherwin-williams.com 4
default-src 'self' 'unsafe-inline' 'unsafe-eval';      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.boomtrain.com https://c1.rfihub.net https://live.rezync.com https://assets.adobedtm.com https://bat.bing.com https://bat.bing-int.com https://kit.fontawesome.com   players.brightcove.net     vjs.zencdn.net     https://www.buzzsprout.com     https://static.zohocdn.com     https://sdk.ceros.com     https://labs.ceros.com     https://trk.techtarget.com     https://connect.facebook.net     https://creative-services.ceros.com     https://www.googleadservices.com     https://connect.facebook.net     https://eloquatracking.iqvia.com           https://script.hotjar.com               https://img03.en25.com           https://static.hotjar.com           https://snap.licdn.com           https://edge.fullstory.com           https://www.clickcease.com           https://cdn.pagesense.io           https://www.google-analytics.com           https://googleads.g.doubleclick.net         https://www.googletagmanager.com            https://dev.visualwebsiteoptimizer.com            https://unpkg.com            https://cdn.jsdelivr.net            https://cdnjs.cloudflare.com            https://kit.fontawesome.com            https://players.brightcove.net            https://ajax.googleapis.com            https://static.cloud.coveo.com            https://tag.demandbase.com            https://cookie-cdn.cookiepro.com     https://www.google.com      https://www.gstatic.com     https://view.ceros.com      https://tag.simpli.fi;     img-src 'self' blob: data: https://i.liadm.com https://live.rezync.com https://bat.bing.com https://s.gravatar.com https://www.google.pl https://www.linkedin.com    players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com     https://i.ibb.co     https://ad.doubleclick.net     https://www.google.co.in     https://www.google.com     https://googleads.g.doubleclick.net     https://www.googletagmanager.com     https://attr.ml-api.io     https://secure.adnxs.com     https://www.google-analytics.com     https://www.facebook.com     https://attr.ml-api.ios     https://secure.adnxs.com           https://s.ml-attr.com               https://eloquatracking.iqvia.com         https://metrics.brightcove.com            https://cf-images.us-east-1.prod.boltdns.net            https://id.rlcdn.com            https://cookie-cdn.cookiepro.com      https://www.iqvia.com      https://*.wp.com/cdn.auth0.com     https://px.ads.linkedin.com     https://segments.company-target.com     https://ade.googlesyndication.com/;       style-src 'self' 'unsafe-inline'     https://use.fontawesome.com     players.brightcove.net           https://maxcdn.bootstrapcdn.com         https://fonts.googleapis.com      https://unpkg.com            https://cdn.jsdelivr.net            https://cdnjs.cloudflare.com;       connect-src 'self' https://geolocation.onetrust.com https://report.clarity.ms https://events.api.boomtrain.com https://people.api.boomtrain.com https://unpkg.com https://bat.bing.com https://bat.bing-int.com https://region1.analytics.google.com    *.boltdns.net players.brightcove.net edge.api.brightcove.com *.akamaihd.net *.brightcovecdn.com     https://region1.google-analytics.com     https://metrics.hotjar.io     https://stats.g.doubleclick.net     https://analytics.google.com     https://ibc-flow.techtarget.com     https://vc.hotjar.io     https://googleads.g.doubleclick.net           https://px.ads.linkedin.com           https://pagesense-collect.zoho.com           https://edge.fullstory.com           https://rs.fullstory.com     https://www.google-analytics.com     https://td.doubleclick.net     https://www.google.com           https://bcbolt446c5271-a.akamaihd.net           https://house-fastly-signed-us-east-1-prod.brightcovecdn.com      https://manifest.prod.boltdns.net     https://ka-f.fontawesome.com            https://edge.api.brightcove.com            https://cookie-cdn.cookiepro.com            https://api.company-target.com https://pagead2.googlesyndication.com            https://ad.doubleclick.net/            https://static.cloud.coveo.com            https://privacyportal.cookiepro.com;      font-src 'self' 'unsafe-inline' https://kit.fontawesome.com    players.brightcove.net     https://use.fontawesome.com           https://maxcdn.bootstrapcdn.com         https://fonts.gstatic.com      https://ka-f.fontawesome.com data:;      worker-src 'self' 'unsafe-inline' blob:;     media-src 'self' blob:     *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com;     frame-src 'self' https://a.rfihub.com https://20874701p.rfihub.com    players.brightcove.net     https://www.buzzsprout.com     https://view.ceros.com     https://11057559.fls.doubleclick.net           https://www.facebook.com         https://td.doubleclick.net     https://s.company-target.com      https://www.google.com     https://view.ceros.com https://www.googletagmanager.com  https://*.fls.doubleclick.net;     upgrade-insecure-requests; 4
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: ; 4
frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu oc-cdn-public-eur.azureedge.net global.frcapi.com eu.frcapi.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu oc-cdn-public-eur.azureedge.net *.facebook.com *.facebook.net global.frcapi.com eu.frcapi.com; report-uri https://www.gdatasoftware.com/__cspreporting__ 4
frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu *.providence.org provcustomerservicedev.crm.dynamics.com provcustomerserviceuat.crm.dynamics.com provcustomerservice.crm.dynamics.com ; 4
default-src 'self' https: blob:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://build.cloudbees.com;font-src 'self' https: data:;img-src 'self' https: data:;frame-ancestors 'self' https://*.contentful.com;object-src 'none';upgrade-insecure-requests 4
frame-ancestors 'self' *.model-t.cc.commerce.ondemand.com *.devleaseweb.com *.leaseweb.com 4
frame-ancestors 'self' *.trendemon.com *.rithum.com 4
upgrade-insecure-requests; frame-ancestors 'self' https://*.01net.com 4
object-src 'none'; frame-ancestors 'self'; 4
Content-Security-Policy 4
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 4
frame-ancestors 'self' https://data.disneystreaming.com https://data-staging.disneystreaming.com https://data-dev.disneystreaming.com https://outlooksts.disney.com 4
frame-ancestors 'self' https://*.breuninger.com 4
default-src'self'; 4
default-src 'self'; style-src https://*.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval' https://ams.wpml.org; frame-ancestors 'self' https://partner.hornetsecurity.com; img-src 'self' data: https://track.hubspot.com https://bat.bing.com https://bat.bing.net https://*.reddit.com https://*.g.doubleclick.net https://www.google.nl https://www.google.ca https://www.google.com https://logo.clearbit.com https://www.google.de https://www.googletagmanager.com https://*.linkedin.com https://www.facebook.com https://cdn-public.borlabs.io https://*.ytimg.com https://forms-eu1.hsforms.com https://*.adroll.com; media-src 'self' https://cdn-public.borlabs.io; frame-src 'self' blob: https://*.doubleclick.net https://vade.storylane.io https://*.livechatinc.com https://*.typeform.com https://www.googletagmanager.com https://play.libsyn.com https://www.youtube-nocookie.com https://www.youtube.com https://*.hsforms.net https://youtube.de https://*.frcapi.com; connect-src 'self' https://static.hsappstatic.net https://api.typeform.com https://tracking-api.g2.com https://trk.hornetsecurity.com https://google.com/pagead/ https://track.hubspot.com https://api.hsforms.com https://*.hscollectedforms.net https://*.hubapi.com https://bat.bing.net https://bat.bing.com https://www.redditstatic.com https://*.reddit.com https://analytics.google.com https://www.google.com https://www.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://www.facebook.com https://*.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://yoast.com https://my.yoast.com https://*.friendlycaptcha.com https://*.friendlycaptcha.eu https://ams.wpml.org https://*.sendmarc.com; script-src-elem 'self' data: 'unsafe-inline' https://embed.typeform.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hsforms.net https://*.hs-analytics.net https://*.hsforms.com https://tracking-api.g2.com https://trk.hornetsecurity.com https://bat.bing.com https://*.googlesyndication.com https://www.redditstatic.com https://www.googleadservices.com https://*.doubleclick.net https://*.livechatinc.com https://connect.facebook.net https://www.googletagmanager.com https://www.youtube.com https://ams.wpml.org https://yoast.com https://snap.licdn.com https://*.sendmarc.com https://cdnjs.cloudflare.com https://js.storylane.io https://cdn.jsdelivr.net https://*.adroll.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'; font-src https://*.gstatic.com https://cdnjs.cloudflare.com 'self' data:; worker-src 'self' blob: 4
frame-ancestors depositfiles.com *.depositfiles.com depositfiles.org *.depositfiles.org dfiles.eu *.dfiles.eu dfiles.com *.dfiles.com 4
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' data: blob: *;font-src 'self' data: *;connect-src 'self' *;media-src 'self' blob: *;frame-ancestors 'self' *.paragonrels.com *.sigmacomputing.com *.bkfsconnect.com *.bkfstest.com;frame-src *;worker-src 'self' blob: *;object-src 'self' *;manifest-src 'self' *;upgrade-insecure-requests;base-uri 'self';form-action 'self';script-src-attr 'none' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rtx.com https://*.raytheon.com https://*.rtxapps.com https://*.prattwhitney.com blob: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://*.crazyegg.com https://ipmeta.io https://*.licdn.com https://*.linkedin.com https://static.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://www.googleadservices.com https://*.twimg.com https://*.twitter.com https://static.ctctcdn.com https://listgrowth.ctctcdn.com https://visitor2.constantcontact.com/api/v1/signup_forms/209bf8ea-ae37-4c00-b293-172a892f887b https://siteimproveanalytics.com https://rockwellcollinsaerospace.us-7.evergage.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: data: https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/development/scripts/evergage.min.js  https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/production/scripts/evergage.min.js;          img-src 'self' https://*.rtx.com data: www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.linkedin.com https://p.adsymptotic.com https://*.licdn.com https://t.co https://www.facebook.com https://*.twimg.com https://*.twitter.com https://static.ctctcdn.com https://*.siteimproveanalytics.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.ggpht.com data:;            style-src 'self' 'unsafe-inline' https://*.rtx.com https://*.raytheon.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.licdn.com https://*.twitter.com https://*.twimg.com https://static.ctctcdn.com;            font-src 'self' https://*.rtx.com https://cdnjs.cloudflare.com https://fonts.gstatic.com;            frame-src 'self' https://app.prattwhitney.com https://*.twitter.com https://*.fls.doubleclick.net https://*.rtx.com https://*.youtube.com/ https://*.raytheon.com https://www.rockwellcollins.com https://*.salesforce.com *.google.com; upgrade-insecure-requests; block-all-mixed-content; worker-src blob: ; 4
default-src 'self' *.bim.com.tr *.bim.ma *.bim.eg *.bimcell.com.tr *.file.com.tr *.google.com  *.google.com.tr *.cloudflare.com *.gstatic.com *.doubleclick.net *.bootstrapcdn.com *.googletagmanager.com  *.google-analytics.com *.googleapis.com *.jquery.com *.facebook.net *.youtube.com *.youtube-nocookie.com *.hr-link.net hr-link.net 'unsafe-inline' 'unsafe-eval' data:; 4
frame-ancestors https://*.gsmaevents.com https://gsma.force.com https://gsma.my.site.com 4
frame-ancestors 'self' http://renaissance.lookbookhq.com https://renaissance.lookbookhq.com http://renaissance.pathfactory.com https://renaissance.pathfactory.com http://content.renaissance.com https://content.renaissance.com 4
frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 4
default-src 'self' *.hadev.co.za *.hostafrica.ke *.hostafrica.com *.tawk.to; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.semrush.com cdn.simplesat.io https://maillist-manage.com *.maillist-manage.com *.mxpnl.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.clarity.ms *.jsdelivr.net *.typekit.net *.fontawesome.com *.google.com *.twitter.com *.tawk.to *.google-analytics.com *.doubleclick.net *.youtube.com https://tally.so; style-src 'self' 'unsafe-inline' *.typekit.net cdn.simplesat.io *.googletagmanager.com *.googleadservices.com *.gstatic.com *.tawk.to *.jsdelivr.net *.fontawesome.com *.googleapis.com; img-src 'self' * *.hadev.co.za *.hostafrica.ke *.hostafrica.com data: *.google.com *.google.co.za *.googletagmanager.com *.bing.com *.clarity.ms *.gstatic.com *.google-analytics.com *.tawk.to *.doubleclick.net; font-src 'self' data: *.gstatic.com *.tawk.to *.fontawesome.com *.typekit.net *.gstatic.com; connect-src 'self' wss://*.semrush.com api.simplesat.io *.semrush.com api.amplitude.com *.hostafrica.com *.mixpanel.com *.maillist-manage.com *.googlesyndication.com *.google.com *.fontawesome.com wss://*.tawk.to *.tawk.to *.googletagmanager.com *.clarity.ms *.google-analytics.com *.doubleclick.net *.googleadservices.com; frame-src 'self' blob: *.semrush.com *.groovefunnels.com *.groove.cm *.doubleclick.net *.gstatic.com *.twitter.com *.youtube.com *.tawk.to *.google.com *.googleadservices.com https://tally.so https://www.googletagmanager.com; frame-ancestors 'self'; worker-src 'self' blob:; 4
base-uri self 4
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' data: https://js.driftt.com https://widget.drift.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://www.youtube.com https://cdnjs.cloudflare.com https://www.google.com https://tagmanager.google.com https://www.googleoptimize.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://adservice.google.com https://adservice.google.ca https://tpc.googlesyndication.com https://cookie-cdn.cookiepro.com https://hubspot.clearbit.com https://forms.hsforms.com https://client-registry.mutinycdn.com https://js.hs-scripts.com https://js.hsforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://client.mutinycdn.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://tag.clearbitscripts.com https://j.6sc.co https://www.clickcease.com https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://script.hotjar.com https://reveal.clearbit.com https://x.clearbitjs.com https://snap.licdn.com https://tag.demandbase.com https://tribl.io https://hackerone.com https://www.clarity.ms https://k.clarity.ms https://js.chilipiper.com/marketing.js https://tracking.g2crowd.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://serve.nrich.ai https://tag.nrich.ai https://tag.unifyintent.com https://cdn.dreamdata.cloud https://js.partnerstack.com https://cdn.jsdelivr.net https://js-na1.hs-scripts.com https://rechargeapps.chilipiper.com/concierge-js/cjs/concierge.js https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://www.redditstatic.com https://scripts.clarity.ms; 4
connect-src wss: https:; upgrade-insecure-requests; object-src blob: 'self'; frame-ancestors 'self' *.dev.wdr.io https://content.tuni.fi; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' https://*.ensineme.com.br https://*.estacio.br https://*.yduqs.com.br https://*.wyden.com.br https://*.ibmec.br https://*.idomed.com.br https://*.damasio.com.br 4
img-src 'self' data: https: 4
frame-ancestors 'self' https://commerceinsights.ibmcloud.com 4
object-src 'none'; frame-ancestors https://*.neoed.ca https://*.neoed.com https://*.neoed.net https://*.neogov.com https://*.neogov.net https://*.planitpolice.com https://*.powerdms.com https://*.powerdms.net; upgrade-insecure-requests; 4
frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com 4
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; object-src 'self' https://www.veeva.com; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.cookielaw.org https://veeva.matomo.cloud https://cdn.matomo.cloud https://fast.wistia.com https://fast.wistia.net https://cdn.jsdelivr.net https://lltrck.com https://js-agent.newrelic.com https://momentjs.com https://explore.veeva.com https://js.hcaptcha.com https://www.veeva.com; style-src 'self' 'unsafe-inline' https://www.veeva.com https://fonts.googleapis.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://explore.veeva.com; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fast.wistia.net https://fast.wistia.com; img-src 'self' data: blob: https://www.veeva.com https://veevabasics.veeva.com https://vaultbasics.veeva.com https://cdn.cookielaw.org https://lltrck.com https://*.wistia.com https://fast.wistia.net; connect-src 'self' https://www.veeva.com https://veeva.matomo.cloud https://cdn.matomo.cloud https://cdn.cookielaw.org https://cdn.jsdelivr.net https://lltrck.com https://bam.nr-data.net https://nr-data.net https://*.wistia.com https://*.litix.io/ https://fast.wistia.net https://cdnjs.cloudflare.com https://veeva.theorgwiki.com; frame-src 'self' https://www.veeva.com https://*.wistia.com https://explore.veeva.com https://newassets.hcaptcha.com https://*.arcade.software https://www.surveymonkey.com/; media-src 'self' blob:; worker-src 'self' blob:; upgrade-insecure-requests 4
frame-src *; frame-ancestors 'self'; 4
child-src 'self' https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com https://apps.rokt.com https://sgtm.dermstore.com https://us.creativecdn.com https://dermstore.attn.tv https://creatives.attn.tv https://*.ringcentral.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://tpc.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://api.bam-x.com https://*.attn.tv https://ln-rules.rewardstyle.com https://cdn.pbbl.co https://www.pinterest.com https://app.qubit.com blob: https://*.awin1.com https://*.zenaps.com https://gum.criteo.com https://*.abtasty.com https://events.release.narrativ.com https://*.powerreviews.com https://ct.pinterest.com https://fledge.eu.criteo.com https://static.criteo.net https://ams.creativecdn.com https://www.provenance.org https://*.bazaarvoice.com https://www.youtube.com/ https://uk.cdn-net.com/;connect-src 'self' https://api.stripe.com https://api-dev.pogodonate.com https://api.pogodonate.com https://app-dev.pogodonate.com https://app.pogodonate.com  https://www.googleadservices.com https://pagead2.googlesyndication.com https://obseu.seroundprince.com https://us.creativecdn.com https://dermstore.attn.tv https://ilarh.dermstore.com https://events.attentivemobile.com wss://*.ringcentral.com https://*.dynamicyield.com/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://api.bam-x.com https://www.emjcd.com https://www.mczbf.com https://www.sjwoe.com https://*.attn.tv https://events.attentivemobile.com https://events.release.narrativ.com https://tr.snapchat.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.dermstore.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://cdn.cookielaw.org https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://*.abtasty.com data: https://storyboard.storystream.ai https://content.storystream.ai https://*.powerreviews.com https://sgtm.dermstore.com https://w0a7cq3k2e.execute-api.us-west-1.amazonaws.com https://vhw8mjja9e.execute-api.us-west-1.amazonaws.com https://sd7sf8u3fj.execute-api.us-west-1.amazonaws.com https://*.gethumankind.com https://cognito-identity.us-west-1.amazonaws.com https://*.criteo.net https://*.ringcentral.com https://ams.creativecdn.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://api.provenance.org https://www.provenance.org https://api.segment.io https://appsignal-endpoint.net https://*.bazaarvoice.com https://mpsnare.iesnare.com; default-src 'self' https://*.lpsnmedia.net https://*.bazaarvoice.com; font-src 'self' https://app-dev.pogodonate.com https://app.pogodonate.com data: https://*.dynamicyield.com/ https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://*.ringcentral.com https://*.bazaarvoice.com;form-action 'self' https://www.facebook.com https://checkout.dermstore.com https://connect.facebook.net https://tr.snapchat.com;frame-ancestors 'self';img-src 'self' https://pogodonate.s3.eu-west-2.amazonaws.com https://app-dev.pogodonate.com https://app.pogodonate.com  data: https://*.dynamicyield.com/ https://events.attentivemobile.com https://dermstore-us.attn.tv https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://res.cloudinary.com https://www.provenance.org https://*.bazaarvoice.com https: blob:;media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://*.bazaarvoice.com https://mpsnare.iesnare.com blob: https://media.gethumankind.com;object-src 'self' https://*.thcdn.com https://www.youtube.com https://*.bazaarvoice.com;report-uri https://csp.thehut.net/cspReport.txt;script-src 'self' https://*.js.stripe.com https://js.stripe.com 'unsafe-eval' 'unsafe-inline' data: https://cdn.attn.tv https://ilarh.dermstore.com https://apps.rokt.com https://euob.seroundprince.com https://obseu.seroundprince.com https://*.dynamicyield.com/ https://us.creativecdn.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://s.pinimg.com https://static.narrativ.com https://cdn.attn.tv https://ln-rules.rewardstyle.com https://collector-8550.tvsquared.com https://static.goqubit.com https://*.qubit.com https://*.contentsquare.net https://app.contentsquare.com https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://*.criteo.com https://analytics.tiktok.com https://*.ibytedtos.com https://cdn.cookielaw.org blob: https://*.abtasty.com https://app-dev.pogodonate.com https://app.pogodonate.com https://tr.snapchat.com https://*.powerreviews.com https://mpsnare.iesnare.com https://sgtm.dermstore.com https://*.gethumankind.com https://prod-ui-entry-widget-sta-createproduientrywidgetb-mi53q2gqfpif.s3.us-west-1.amazonaws.com https://prod-ui-customer-survey-createproduicustomersurv-1nj0gmnhljhot.s3.us-west-1.amazonaws.com https://*.ringcentral.com https://tags.creativecdn.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://consent.cookiebot.com https://www.provenance.org https://*.bazaarvoice.com;style-src 'self' https://*.js.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com  'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com https://*.powerreviews.com https://assets.gethumankind.com https://prod-ui-entry-widget-sta-createproduientrywidgetb-mi53q2gqfpif.s3.us-west-1.amazonaws.com https://prod-ui-customer-survey-createproduicustomersurv-1nj0gmnhljhot.s3.us-west-1.amazonaws.com https://*.ringcentral.com https://*.bazaarvoice.com;upgrade-insecure-requests;report-to csp-endpoint 4
default-src 'self' wss://socket.24live.co https: data: blob: 'unsafe-inline' 'unsafe-eval' 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-eu1.hubspot.com/ cdn.jsdelivr.net *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.usemessages.com cdn.cookielaw.org t.contentsquare.net track.gaconnector.com tracker.gaconnector.com app.contentsquare.com ma.zoho.eu maillist-manage.eu pagesense-proxy.eu js.stripe.com scout-cdn.salesloft.com secure.seat6worn.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net player.vimeo.com chat.puzzel.com *.google.com t.gatorleads.co.uk www.gstatic.com snap.licdn.com js.driftt.com js.driftqa.com www.googletagmanager.com static.hotjar.com script.hotjar.com www.google-analytics.com www.googleadservices.com connect.facebook.net pi.pardot.com; default-src 'self' 'unsafe-inline' ma.zoho.eu maillist-manage.eu idx.liadm.com cdn.linkedin.oribi.io ws://127.0.0.1:35729 *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com bat.bing.com scout.salesloft.com js.driftqa.com js.driftt.com chat.puzzel.com www.google-analytics.com script.hotjar.com stats.g.doubleclick.net in.hotjar.com; frame-src 'self' *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com *.hubspot.com td.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net js.stripe.com https://player.vimeo.com https://youtu.be https://www.youtube.com/ *.google.com www.googletagmanager.com js.driftt.com vars.hotjar.com www.facebook.com; style-src-elem 'self' 'unsafe-inline' blob: *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com fonts.googleapis.com; img-src 'self' blob: data: https://bat.bing.net/ do.oncdn.uk *.hsforms.com *.hubspot.com cdn.cookielaw.org *.contentsquare.net i.vimeocdn.com *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com scout.eu1.salesloft.com bat.bing.com chat.puzzel.com *.linkedin.com p.adsymptotic.com popup.communigator.co.uk www.facebook.com www.google-analytics.com www.google.com www.google.co.uk googleads.g.doubleclick.net script.hotjar.com; font-src data: 'self' *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com script.hotjar.com fonts.gstatic.com; child-src blob:; worker-src blob:; connect-src thghosting.local *.thghosting.local gb1-li-thghostinguat-001.io.thehut.local *.gb1-li-thghostinguat-001.io.thehut.local gb4-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local ingenuitycloudservices.com *.ingenuitycloudservices.com *.hubspot.com *.hs-banner.com *.hscollectedforms.net cdn.cookielaw.org track.gaconnector.com www.google.com *.contentsquare.net ma.zoho.eu cdn.linkedin.oribi.io idx.liadm.com *.google-analytics.com ma.zoho.eu maillist-manage.eu scout.salesloft.com js.stripe.com px.ads.linkedin.com idx.liadm.com; 4
default-src 'self' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com *.googleadservices.com optimize.google.com *.googleapis.com js.hs-banner.com js.hs-scripts.com www.google-analytics.com *.google-analytics.com static.hotjar.com script.hotjar.com *.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk services.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com api.addressy.com *.gbgplc.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net sjs.bizographics.com px.ads.linkedin.com analytics.twitter.com www.google.com *.google.com *.gstatic.com platform.linkedin.com js.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com js.hsforms.net forms.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io *.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com npmcdn.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com www.clickcease.com monitor.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.sg.va.sabio.cloud js.monitor.azure.com *.monitor.azure.com j.6sc.co *.6sc.co *.6sense.com tracking.g2crowd.com js.hubspot.com *.customersure.com *.visualwebsiteoptimizer.com www.atmrum.net *.atmrum.net *.cloudfront.net scout-cdn.salesloft.com *.maze.co esm.sh *.esm.sh secure.imaginative-24.com webeo-web-content.s3-eu-west-1.amazonaws.com www.clarity.ms scripts.clarity.ms *.clarity.ms secure.intelligent-business-7.com secure.agile-company-365.com ldynamicspublicapi.leadforensics.com secure.leadforensics.com scripts.webeo.com my.g2.com *.g2.com *.sentry-cdn.com cdn.segment.com api.segment.io hm.baidu.com s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com *.bing.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.googletagmanager.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud ifaqs.flexanswer.com *.cloudfront.net unpkg.com *.maze.co webeo-web-content.s3-eu-west-1.amazonaws.com *.hotjar.com; img-src 'self' data: blob: *.gravatar.com gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com t.co *.google.com *.gstatic.com www.glassdoor.co.uk glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.googletagmanager.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net googleads.g.doubleclick.net pagead2.googlesyndication.com maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com *.vimeocdn.com i.vimeocdn.com p.typekit.net bat.bing.com c.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com analytics.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com *.hsforms.com b.6sc.co *.6sc.co *.visualwebsiteoptimizer.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net *.maze.co secure.imaginative-24.com *.clarity.ms webeo-web-content.s3-eu-west-1.amazonaws.com images.g2crowd.com www.g2.com hm.baidu.com *.hotjar.com secure.adnxs.com; font-src 'self' data: *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud *.maze.co cdn.jsdelivr.net unpkg.com; media-src 'self' data: blob: *.wistia.net *.wistia.com embedwistia-a.akamaihd.net static.zdassets.com *.vimeo.com *.vimeocdn.com; worker-src 'self' blob:; child-src 'self' blob:; connect-src 'self' *.google-analytics.com *.analytics.google.com api.hubapi.com *.hubspot.com *.hsappstatic.net *.hotjar.com vc.hotjar.io content.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com gbgplc.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net gbg-cms-web-uat-staging.azurewebsites.net gbg-cms-web-dev.azurewebsites.net gbg.local maps.googleapis.com *.execute-api.ap-southeast-2.amazonaws.com *.execute-api.us-west-2.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com m1.openfpcdn.io *.applicationinsights.azure.com js.monitor.azure.com *.monitor.azure.com ipv6.6sc.co *.6sc.co *.6sense.com *.customersure.com demotiles.maplibre.org api.maptiler.com scout.salesloft.com *.maze.co cdn.jsdelivr.net tracking.g2crowd.com tracking-api.g2.com secure.adnxs.com *.clarity.ms ldynamicspublicapi.leadforensics.com www.google.com *.google.com *.googleadservices.com googleads.g.doubleclick.net pagead2.googlesyndication.com my.g2.com www.g2.com *.g2.com api.segment.io cdn.segment.com unpkg.com pro.ip-api.com alocdn.com a.usbrowserspeed.com esm.sh *.esm.sh *.bing.com *.googletagmanager.com; frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net td.doubleclick.net vars.hotjar.com *.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com *.hs-sites.com codepen.io *.loqate.com *.buzzsprout.com *.umbraco.com www.edisoninvestmentresearch.com *.customersure.com docs.google.com www.g2.com www.fxiaoke.com www.googletagmanager.com *.googletagmanager.com bid.g.doubleclick.net; frame-ancestors 'self' *.loqate.com gbgplc.sharepoint.com; 4
default-src * data: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self'; 4
frame-ancestors https://*.ptc.com https://livesocial.seismic.com https://*.qualified.com https://ptc.seismic.com https://liveshareeast3.seismic.com https://*.mouseflow.com https://resources.servicemax.com https://servicemax.pathfactory.com https://support.rockwellautomation.com 4
frame-ancestors https://tongji.baidu.com 4
default-src 'self' data: gap: ws: wss: blob: https://api-js.datadome.co https://*.google-analytics.com https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://*.gstatic.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.optimizely.com https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.typekit.net https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.quadpay.com https://*.shopperapproved.com https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.trustarc.com https://consent-pref.trustarc.com https://*.cloudflare.com https://*.cloudfront.net https://*.adobeaemcloud.com https://*.smartystreets.com https://*.smarty.com https://*.microsoft.com https://*.wistia.com https://*.wistia.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.nr-data.net https://greensock.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://connect.facebook.net https://*.clarity.ms https://d-ipv6.mmapiws.com https://*.sharpen.cx https://*.sharpencx.com https://*.fortawesome.com https://*.newrelic.com https://*.googleusercontent.com https://*.bing.com https://*.mmapiws.com https://*.posthog.com https://m1.openfpcdn.io https://*.ssl.cf2.rackcdn.com https://js.captcha-display.com https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://*.salecycle.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://*.criteo.net https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.agkn.com https://*.tpmn.co.kr https://*.tremorhub.com https://*.mediavine.com https://*.liadm.com https://*.postrelease.com https://*.sharethrough.com https://*.mediawallahscript.com https://*.tapad.com https://*.revcontent.com https://*.tt.omtrdc.net https://*.omnitagjs.com https://*.adgrx.com https://*.googleadservices.com https://*.doubleclick.net https://assets.sc-trc.com https://*.listrakbi.com https://*.emjcd.com https://*.xg4ken.com https://*.stickyadstv.com https://*.ads.linkedin.com https://*.dlx.addthis.com https://*.tpmn.io https://*.emxdgt.com https://*.rezync.com https://*.rakuten.com https://omnicard.com https://www.omnicard.com https://*.rd.linksynergy.com https://www.google.co.in https://t.lt02.net https://cdn.listrakbi.com https://intljs.rmtag.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://*.kore.ai https://*.shareasale.com https://*.niceincontact.com  https://cdn.jsdelivr.net https://*.adyen.com https://*.klarna.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.sentry.io https://*.wisepops.com https://*.px-cloud.net https://*.px-cdn.net https://*.pxchk.net https://id5-sync.com https://lbs.eu-1-id5-sync.com https://*.wisepops.net  https://wisepops.net https://*.ada.support https://testing.conversionteam.com https://api.adtraction.net https://cnv.adt623.net https://log.adtraction.fail;script-src 'self' 'unsafe-inline' 'unsafe-eval' nonce-l-NjL0Hm00yqhriGLLlf8w data: gap: ws: wss: blob: https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://device.maxmind.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.microsoft.com https://*.adobeaemcloud.com https://*.adobedtm.com https://cdn.id5-sync.com https://*.demdex.net https://edge.adobedc.net https://unpkg.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://gsap.com https://*.google-analytics.com https://*.trustarc.com https://consent-pref.trustarc.com https://*.cloudflare.com https://*.cloudfront.net https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.paypalobjects.com https://*.smartystreets.com https://*.smarty.com https://*.shopperapproved.com https://*.wistia.com https://*.wistia.net https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://fpnpmcdn.net https://greensock.com https://connect.facebook.net https://*.clarity.ms https://*.sharpen.cx https://use.fonticons.com https://*.newrelic.com https://*.posthog.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://*.criteo.net https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.xg4ken.com https://*.listrakbi.co https://*.sentry-cdn.com https://*.rd.linksynergy.com https://*.googleadservices.com https://*.doubleclick.net https://*.listrakbi.com https://*.googlesyndication.com https://t.lt02.net https://intljs.rmtag.com https://analytics.tiktok.com https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://js.sentry-cdn.com https://*.gstatic.com  https://*.shareasale.com https://*.niceincontact.com https://*.wisepops.net https://*.wisepops.com https://wisepops.net https://*.ada.support https://*.kore.ai https://*.adyen.com https://*.klarna.com https://*.klarnacdn.net https://*.px-cloud.net https://valuesportal.com https://cdn.adt348.net https://cdn.mgln.ai https://gtm.adt313.net https://cnv.adt623.net;img-src 'self' data: blob: https://google.com https://*.google.com https://*.google.co.uk https://*.googleapis.com https://*.googletagmanager.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.adobeaemcloud.com https://*.adobedtm.com https://id5-sync.com https://p.veritone-ce.com https://ad.yieldlab.net https://*.demdex.net https://edge.adobedc.net https://*.trustarc.com https://consent-pref.trustarc.com https://*.wistia.com https://*.wistia.net https://*.cloudfront.net https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.paypalobjects.com https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.shopperapproved.com https://*.gstatic.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://fpnpmcdn.net https://*.day.com https://greensock.com https://*.clarity.ms https://*.googleusercontent.com https://*.bing.com https://*.cloudflare.com https://*.ssl.cf2.rackcdn.com https://*.google-analytics.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://connect.facebook.net https://pixels.spotify.com https://data.adxcel-ec2.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.listrakbi.com https://*.bidswitch.net https://*.smartadserver.com https://*.taboola.com https://*.socdm.com https://*.casalemedia.com https://*.dable.io https://*.adingo.jp https://*.360yield.com https://*.media.net https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.ad.smaato.net https://*.clmbtech.com https://*.3lift.com https://*.1rx.io https://*.adnxs.com https://*.teads.tv https://*.ads.yieldmo.com https://sync.aralego.com https://cdn.aralego.net https://sync.ad-stir.com https://ad.as.amanad.adtdp.com https://*.send.microad.jp https://*.bluekai.com https://creativecdn.com https://sync.targeting.unrulymedia.com https://public-prod-dspcookiematching.dmxleo.com https://*.agkn.com https://*.tpmn.co.kr https://*.tremorhub.com https://*.mediavine.com https://*.liadm.com https://*.postrelease.com https://*.sharethrough.com https://*.mediawallahscript.com https://*.tapad.com https://*.revcontent.com https://*.omnitagjs.com https://*.adgrx.com https://cm.g.doubleclick.net https://sync.srv.stackadapt.com https://sync-tm.everesttech.net https://*.adform.net https://*.simpli.fi https://*.ybp.yahoo.com https://*.turn.com https://*.analytics.yahoo.com https://*.dotomi.com https://*.googleadservices.com https://*.doubleclick.net https://assets.sc-trc.com https://*.xg4ken.com https://*.stickyadstv.com https://*.ads.linkedin.com https://*.dlx.addthis.com https://*.tpmn.io https://*.emxdgt.com https://*.rezync.com https://*.rd.linksynergy.com https://bh.contextweb.com https://sync.crwdcntrl.net https://*.v.fwmrm.net https://ws.rgtrk.eu https://www.google.co.in https://thrtle.com https://a.usbrowserspeed.com https://match.prod.bidr.io https://he.lijit.com https://email.traversedlp.com https://cdn.listrakbi.com https://pixel-config.reddit.com https://alb.reddit.com https://pm.w55c.net https://p.rfihub.com https://pippio.com https://sync.graph.bluecava.com https://*.thebrighttag.com https://mid.rkdms.com https://*.redinuid.imrworldwide.com https://*.disqus.com https://*.lijit.com https://*.springserve.com https://*.kore.ai  https://*.shareasale.com https://*.nimbledeals.com https://*.adyen.com https://*.ada.support https://*.klarna.com https://cdn.valuesportal.com https://log.adtraction.fail;frame-ancestors 'self' https://*.paypal.com https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.adobedtm.com https://*.giftcardsstage.com;style-src 'self' data: blob: https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.googleapis.com https://*.googletagmanager.com https://google.com https://*.google.com https://*.typekit.net https://*.gstatic.com https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.shopperapproved.com https://greensock.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://cdn.jsdelivr.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://connect.facebook.net https://*.sharpen.cx https://use.fonticons.com https://*.fortawesome.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.googleadservices.com https://*.doubleclick.net https://cdn.listrakbi.com https://*.niceincontact.com https://*.ada.support https://*.adyen.com https://*.klarna.com https://*.klarnacdn.net 'unsafe-inline';frame-src 'self' https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://egift.activationspot.com https://*.blackhawknetwork.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.nsureapi.com https://api.sardine.ai https://www.securesuite.co.uk https://www.rsa3dsauth.co.uk https://api.sandbox.sardine.ai https://pay.google.com https://collect.giftcards.com https://*.wistia.com https://*.wistia.net https://*.adobeaemcloud.com https://consent-pref.trustarc.com https://*.google.com https://google.com https://connect.facebook.net https://www.facebook.com https://*.sharpen.cx https://*.paypalobjects.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.salecycle.com https://*.adsrvr.org https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.linksynergy.com https://*.criteo.com https://*.criteo.net https://*.rokt.com https://*.googleadservices.com https://*.doubleclick.net https://*.emjcd.com https://fpt.dfp.microsoft.com https://*.googletagmanager.com https://*.adyen.com https://*.klarna.com https://*.niceincontact.com https://*.klarnaservices.com https://*.arcot.com https://*.icicibank.com https://*.klarnacdn.net https://*.ada.support data: blob:;worker-src 'self' https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.adyen.com https://*.klarna.com data: blob:;object-src 'none';base-uri 'self'; 4
default-src 'none'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; webrtc 'block'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; require-trusted-types-for 'script'; trusted-types 'none' 4
default-src 'self' s.toursites.ru video.tophotels.ru video2.tophotels.ru *.tophotels.ru travelbooking.ru carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru ; connect-src 'self' amc.yandex.ru s.toursites.ru *.netlog.ru video.tophotels.ru video2.tophotels.ru travelbooking.ru carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'unsafe-eval' 'self'; font-src 'self' tophotels.ru s.toursites.ru hotelscheck.com.ru; img-src 'self' s.toursites.ru amc.yandex.ru blob: data: *; media-src 'self' s.toursites.ru blob: video.tophotels.ru video2.tophotels.ru tophotels.ru *.tophotels.ru; frame-src 'self' s.toursites.ru *.tophotels.ru tophotels.ru *.tophotels.ru carsrent.ru *.carsrent.ru youtu.be youtube.com *.youtube.com google.com *.google.com gstatic.com *.gstatic.com *.vimeo.com vimeo.com *.dailymotion.com *.vk.com vk.com *.adriver.ru; script-src 'self' s.toursites.ru *.tophotels.ru tophotels.ru carsrent.ru *.carsrent.ru api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'unsafe-eval' 'self';  style-src 'self' s.toursites.ru carsrent.ru tophotels.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'self'; 4
default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; style-src * 'unsafe-inline'; object-src 'self' *.youtube.com youtube.com; img-src * data:; frame-src * blob:; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 4
frame-ancestors 'self' https://lojaonline.nos.pt 4
frame-ancestors 'self' *.ncmec.org *.missingkids.org *.adobecqms.net *.ncmecad.net *.articulate.com articulateusercontent.com ncmec.docebosaas.com learn.secondcity.com *.dcbstatic.com; 4
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 4
default-src 'self' https://*.wistia.com https://*.wistia.net https://*.vimeo.com https://*.vimeocdn.com https://*.youtube.com https://*.youtube-nocookie.com https://*.googlevideo.com https://cdn.sanity.io https://consentcdn.cookiebot.com https://*.bugherd.com ws.pusherapp.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.vimeo.com https://*.youtube.com https://www.youtube.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://*.firstup.io https://*.bugherd.com https://js.storylane.io https://ssl.google-analytics.com https://code.jquery.com https://ws.pusherapp.com https://consent.cookiebot.com https://*.pusher.com https://*.marketo.com https://dx.mountain.com https://www.redditstatic.com https://www.clickcease.com https://*.stackadapt.com https://cdn.jsdelivr.net https://snap.licdn.com https://qvdt3feo.com https://px.mountain.com https://*.doubleclick.net https://*.googleadservices.com https://js.zi-scripts.com https://bat.bing.com https://*.hotjar.com https://tracking.g2crowd.com https://munchkin.marketo.net https://consentcdn.cookiebot.com;  style-src 'self' 'unsafe-inline' blob: https://*.vimeo.com *.firstup.io https://*.bugherd.com https://express.theroishop.com https://fonts.googleapis.com *.marketo.com https://*.stackadapt.com;  img-src 'self' blob: data: https://cdn.sanity.io https://*.wistia.com https://*.wistia.net https://*.vimeo.com https://*.vimeocdn.com https://*.ytimg.com https://i.ytimg.com https://*.bugherd.com https://imgsct.cookiebot.com https://alb.reddit.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net *.bugherd.com https://*.linkedin.com https://px.ads.linkedin.com https://ssl.google-analytics.com;  connect-src 'self' https://*.wistia.com https://*.wistia.net http://*.wistia.com http://*.wistia.net https://*.litix.io https://*.algolia.net https://*.vimeo.com https://*.vimeocdn.com https://*.youtube.com https://*.google.com https://cdn.sanity.io https://consentcdn.cookiebot.com https://*.bugherd.com https://imgsct.cookiebot.com ws.pusherapp.com https://*.pusher.com wss://*.pusher.com sessions.bugsnag.com https://api.storylane.io ats.comparably.com https://*.hockeystack.com https://*.stackadapt.com https://*.linkedin.com https://px.ads.linkedin.com https://*.reddit.com https://pixel-config.reddit.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://*.google-analytics.com https://*.doubleclick.net https://*.zi-scripts.com https://*.zoominfo.com https://*.hotjar.com https://*.hotjar.io https://api.lever.co;  frame-src https://fast.wistia.com https://fast.wistia.net https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://express.theroishop.com https://player.simplecast.com https://*.bugherd.com *.marketo.com https://consentcdn.cookiebot.com *.firstup.io https://www.googletagmanager.com;  media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://*.vimeo.com https://*.vimeocdn.com https://cdn.sanity.io https://*.bugherd.com https://imgsct.cookiebot.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net;  font-src 'self' data: https://*.wistia.com https://*.wistia.net https://*.vimeo.com https://*.firstup.io https://*.bugherd.com https://fonts.googleapis.com https://d2iiunr5ws5ch1.cloudfront.net;  object-src 'none';  base-uri 'self';  form-action 'self' https://*.marketo.com https://*.mktoweb.com https://*.bugherd.com https://sessions.bugsnag.com https://sockjs.pusher.com https://*.firstup.io;  frame-ancestors 'none';  upgrade-insecure-requests; 4
default-src 'self' region1.analytics.google.com *.doubleclick.net my.blendee.com c.blendee.com www.google.com www.ferrero.com acsbapp.com www.google-analytics.com cdn.acsbapp.com region1.google-analytics.com fonts.gstatic.com analytics.ferrero.com privacyportal-eu.onetrust.com static.addtoany.com vod.ferrero.com cdn.cookielaw.org geolocation.onetrust.com ssl.google-analytics.com privacyportal-eu-cdn.onetrust.com; script-src 'self' 'unsafe-eval'; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' carewebform-uix.ferrero.com privacyportal-eu-cdn.onetrust.com fonts.googleapis.com cdn.userway.org; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' carewebform-uix.ferrero.com cdn.userway.org tra.neodatagroup.com googleads.g.doubleclick.net c.neodatagroup.com ssl.google-analytics.com privacyportal-eu-cdn.onetrust.com eu-ma.sam4m.com tracker.marinsm.com www.youtube.com www.gstatic.com c.blendee.com www.google.com www.google-analytics.com acsbapp.com analytics.ferrero.com cdn.cookielaw.org www.googletagmanager.com static.addtoany.com cdn.acsbapp.com; img-src 'self' data: blob: carewebform-uix.ferrero.com www.google.be www.youronlinechoices.com cdn.userway.org aax-eu.amazon-adsystem.com tracker.neodatagroup.com www.google.com www.google.it ssl.google-analytics.com www.googletagmanager.com *.doubleclick.net cdn.cookielaw.org privacy-policy.truste.com fonts.gstatic.com lh3.googleusercontent.com *.googleusercontent.com; style-src 'self' 'unsafe-inline' *.onetrust.com www.googletagmanager.com fonts.googleapis.com; object-src 'none'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.userway.org cdn77.api.userway.org www.googletagmanager.com fast.wistia.net fast.wistia.com static.addtoany.com www.facebook.com *.doubleclick.net www.youtube.com www.youtube-nocookie.com geolocation.onetrust.com ssl.google-analytics.com privacyportal-eu-cdn.onetrust.com c.blendee.com www.google.com; connect-src 'self' carewebformbackend.ferrero.com www.googleadservices.com www.google.be ad.doubleclick.net region1.analytics.google.com www.google.com my.blendee.com cdn77.api.userway.org cdn.userway.org www.googletagmanager.com www.googleservices.com googleads.g.doubleclick.net analytics.ferrero.com privacyportal-eu.onetrust.com cdn.cookielaw.org cdn.acsbapp.com region1.google-analytics.com api.userway.org; font-src 'self' 'unsafe-inline' 'unsafe-eval' carewebform-uix.ferrero.com cdn.userway.org cdn77.api.userway.org fonts.gstatic.com; 4
frame-ancestors 'self'; block-all-mixed-content 4
frame-ancestors 'self' *.evergage.com *.evgnet.com *.vimeo.com *.hotjar.com *.apps.bsci.com https://fuse-event.com farapulse.stage.apps.bsci.com eligibility.farapulse.com www.relievant.com www.intracept.com relievantstage.wpengine.com https://urologynation.com https://urologynationsandbox.skipta.com;                               frame-src 'self' blob: https:;                               default-src 'self' 'unsafe-inline' blob: https:;                               font-src 'self' https: data:;                               script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval';                               img-src 'self' https: data:;                               connect-src 'self' wss: data: https: blob:; 4
frame-ancestors 'self' https://*.paperflite.com 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.azureedge.net *.monitor.azure.com *.livechatinc.com https://static.meiqia.com secure-fra.livechatinc.com *.google.com *.gstatic.com/ procentec.com *.procentec.com https://cdn.matomo.cloud https://hms.matomo.cloud https://cdn.cookielaw.org/ https://snap.licdn.com/ https://cdn.leadinfo.net https://*.ldnfrpl.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ *.baidu.com use.typekit.net https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api https://cdn.matomo.cloud; font-src 'self' data: api.stockdio.com *.googletagmanager.com *.gstatic.com https://at.alicdn.com/ https://cdn.leadinfo.net use.typekit.net; connect-src 'self' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.onetrust.com dc.services.visualstudio.com *.azureedge.net *.hms-networks.com https://api.instatus.com  *.meiqia.com procentec.com *.procentec.com *.livechatinc.com https://hms.matomo.cloud/ https://cdn.cookielaw.org/ https://px.ads.linkedin.com/ wss://camorope-client-a.meiqia.com/ https://collector.leadinfo.net www.hms-networks.cn https://api.leadinfo.com https://*.ldnfrpl.com https://li-replay.s3-accelerate.amazonaws.com https://www.google.com/ https://pagead2.googlesyndication.com *.baidu.com https://mobile.events.data.microsoft.com/ https://www.googleadservices.com/ https://collector4.leadinfo.net/ performance.typekit.net use.typekit.net p.typekit.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com; img-src data: 'self' blob: * *.cookielaw.org https://cdn.cookielaw.org/ https://hm.baidu.com/ https://px.ads.linkedin.com/ https://tenant-assets.meiqiausercontent.com/ https://cdn.livechat-static.com/ https://cdn.livechat-files.com/ https://*.meiqiausercontent.com https://cdn.files-text.com/ https://collector.leadinfo.net https://cdn.leadinfo.net https://www.google.com/ p.typekit.net https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src 'unsafe-inline' 'self' api.stockdio.com *.googletagmanager.com *.googleapis.com https://cdn.leadinfo.net use.typekit.net https://cdn.insight.sitefinity.com https://dec.azureedge.net; frame-src 'self' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.azureedge.net *.bihl-wiedemann.de secure-fra.livechatinc.com *.google.com https://www.youtube.com warranty.hms-networks-data.com https://td.doubleclick.net/ *.baidu.com; media-src 'self' data: blob: *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.azureedge.net https://static.meiqia.com/; child-src 'self' blob: *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.bihl-wiedemann.de; style-src-elem 'unsafe-inline' 'self' use.typekit.net p.typekit.net 4
frame-ancestors experience.adobe.com service.experiencecloud.adobe.com scandichotelsab.experiencecloud.adobe.com 4
frame-ancestors intapp.seismic.com intapp.com www.intapp.com seismic.com www.seismic.com intapp.wpengine.com intapp.gcs-web.com investors.intapp.com; 4
default-src 'self' https:;   base-uri 'self';   frame-ancestors *;   frame-src * data:;   object-src 'none';   img-src 'self' https: data: blob:;   font-src 'self' https: data:;   style-src 'self' https: 'unsafe-inline';   script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com;   script-src-elem 'self' https: 'unsafe-inline' https://www.gstatic.com;   worker-src 'self' blob:;   child-src 'self' blob:;   connect-src 'self' https: wss://*.salesmanago.com https://*.userpilot.io wss://*.userpilot.io;   form-action *;   upgrade-insecure-requests; 4
base-uri 'none' 4
frame-ancestors 'self' https://desipapa.com https://www.desipapa.com https://desipapa.vip https://www.desipapa.vip http://desi-fantasy.com http://www.desi-fantasy.com http://indiansexstories.desipapa.com http://www.suniasharma.com https://www.doodhwali.com https://www.doodhwali.xxx 4
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; 4
connect-src 'self' https://*.hotjar.io wss://ws.hotjar.com cdn.linkedin.oribi.io https://px.ads.linkedin.com *.linkedin.com *.licdn.com *.hotjar.com *.ncino.com stats.g.doubleclick.net *.analytics.google.com analytics.google.com *.google-analytics.com *.pathfactory.com *.6sc.co *.6sense.com *.adnxs.com https://images.ctfassets.net https://assets.ctfassets.net https://adservice.google.com js.zi-scripts.com ws.zoominfo.com *.pusher.com https://idx.liadm.com/idex https://775-trd-708.mktoresp.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.net https://*.algolia.net https://www.google.com https://google.com https://api.consentjs.datagrail.io https://api.contentful.com https://tags.srv.stackadapt.com https://www.googleadservices.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.ncino.com https://*.hotjar.io wss://ws.hotjar.com cdn.linkedin.oribi.io https://px.ads.linkedin.com *.linkedin.com *.licdn.com *.hotjar.com *.ncino.com stats.g.doubleclick.net *.analytics.google.com analytics.google.com www.googletagmanager.com *.google-analytics.com www.gstatic.com www.google.com https://vercel.live *.pathfactory.com https://www2.ncino.com *.6sc.co cdn.sendergen.com js.zi-scripts.com ws-assets.zoominfo.com *.pusher.com va.vercel-scripts.com/v1/speed-insights/script.debug.js cdn.bizible.com munchkin.marketo.net *.doubleclick.net https://secure.detailsinventivegroup.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://js.sentry-cdn.com https://api.consentjs.datagrail.io https://www.googleadservices.com https://tags.srv.stackadapt.com; img-src 'self' *.linkedin.com https://www.google.com data: images.ctfassets.net www.googletagmanager.com *.google-analytics.com assets.vercel.com *.wistia.com *.wistia.net *.6sc.co *.pathfactory.com d2iiunr5ws5ch1.cloudfront.net https://cdn.bizible.com https://cdn.bizibly.com https://googleads.g.doubleclick.net; child-src *.wistia.net www.google.com https://vercel.live; style-src 'self' 'unsafe-inline' *.pathfactory.com https://info.ncino.com https://fast.wistia.com https://fast.wistia.net https://tags.srv.stackadapt.com; font-src 'self' data: *.pathfactory.com https://fast.wistia.com https://fast.wistia.net; object-src 'none'; frame-src *.wistia.net www.google.com explore.ncino.com https://vercel.live *.pathfactory.com *.doubleclick.net https://www.googletagmanager.com https://fast.wistia.com https://fast.wistia.net https://info.ncino.com; frame-ancestors 'self' *.wistia.net bankr.cloudforce.com *.ncino.com https://vercel.live https://ncino-fe-preview.vercel.app https://ncino-fe-dev.vercel.app https://app.contentful.com *.salesforce.com *.pathfactory.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; 4
default-src data: https: blob: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; report-uri /_csp; report-to default 4
default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src www.linkedin.com disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com static.cloudflareinsights.com ajax.cloudflare.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 4
frame-ancestors 'self' mijn.hosting.nl 4
frame-ancestors 'self' https://cms.hanleywood.com 4
default-src 'self' *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; media-src blob: 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.qualtrics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com picturemosaics.com *.picturemosaics.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zuora.com tags.tiqcdn.com *.brightcove.net *.brightcove.com blob: vjs.zencdn.net d2qrdklrsxowl2.cloudfront.net www.googletagmanager.com connect.facebook.net static.ads-twitter.com *.twitter.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.gstatic.com *.ceros.com *.turtl.co trustspot.io cdn.jsdelivr.net my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com adservice.google.com www.googletagservices.com *.qualtrics.com *.service.force.com c.paypal.com *.doublethedonation.com doublethedonation.com *.adtrafficquality.google *.ep2.adtrafficquality.google js.zi-scripts.com/zi-tag.js d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com picturemosaics.com *.picturemosaics.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.turtl.co trustspot.io s3.amazonaws.com my.tealiumiq.com *.my.tealiumiq.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com picturemosaics.com *.picturemosaics.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; img-src 'self' data: images.ctfassets.net aicpa.sc.omtrdc.net media.aicpa.org *.rackcdn.com cm.everesttech.net dpm.demdex.net content.psplugin.com *.brightcove.com *.boltdns.net players.brightcove.net static.ads-twitter.com t.co www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.google.co.uk *.facebook.com trustspot.io * c.paypal.com b.stats.paypal.com trk.osdrtb.net/u d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com picturemosaics.com *.picturemosaics.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; font-src 'self' data: fonts.gstatic.com d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com content.psplugin.com s3.amazonaws.com trustspot.io d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com picturemosaics.com *.picturemosaics.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; connect-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com https://us.aicpa.org/bin/aicpaorg/uca assets.ctfassets.net downloads.ctfassets.net sentry.io app.getsentry.org app.getsentry.com dpm.demdex.net aicpa.demdex.net collect.tealiumiq.com aicpa.sc.omtrdc.net players.brightcove.net *.brightcove.com *.hapyak.com *.boltdns.net *.brightcovecdn.com *.akamaihd.net *.akafms.net *.vergic.com wss://*.vergic.com *.facebook.com *.google.com trustspot.io my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com *.qualtrics.com sit.test-aicpa.org *.adtrafficquality.google analytics-ipv6.tiktokw.us https://google.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com picturemosaics.com *.picturemosaics.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com apisandbox.zuora-cima.dev.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.com api.zuora-cima.securedataplatform.com api.zuora-cima.securedataplatform.co.uk zuora-cima.securedataplatform.com sandbox.na.zuora-cima.uat.securedataplatform.co.uk sandbox.na.zuora-cima.uat.securedataplatform.com na.zuora-cima.securedataplatform.co.uk na.zuora-cima.securedataplatform.com sandbox.na.zuora.com *.aicpa-cima.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com www.facebook.com m.facebook.com html5-player.libsyn.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net vjs.zencdn.net *.podomatic.com podomatic.com *.youtube.com apisandbox.zuora.com aicpa.demdex.net www.zuora.com *.doubleclick.net bid.g.doubleclick.net td.doubleclick.net *.ceros.com *.google.com my.tealiumiq.com *.my.tealiumiq.com *.safeframe.googlesyndication.com tpc.googlesyndication.com *.qualtrics.com *.zuora.com c.paypal.com www.googletagmanager.com ep2.adtrafficquality.google d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com picturemosaics.com *.picturemosaics.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-ancestors 'self' *.aicpa.org *.cgma.org; manifest-src 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://sentry.io/api/3382497/security/?sentry_key=9aee855e0ce84a1db4b69530c6b45163@sentry.io/3382497 4
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors https://*.lifecell.ua https://*.lifecell.com.ua 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com accounts.google.com widget.helpcrunch.com connect.facebook.net secure.payu.com script.hotjar.com static.hotjar.com js.stripe.com chat.dropped.net.pl widget.trustpilot.com;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com accounts.google.com chat.dropped.net.pl; 4
base-uri none; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://dpm.demdex.net https://kbc.symex.be https://uat.serversidegraphics.com https://*.trustarc.com https://uk.personalcard.net https://www.facebook.com https://*.contentsquare.net https://admp-tc-mediahuis.adtlgc.com https://es6-elasticapm.kbc.be https://es6-elasticapm-a.kbc.be https://onesignal.com https://*.googleapis.com https://www.google.com https://adservice.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.adobe.com https://viewlicense.adobe.io https://*.adobedc.net https://adobedc.demdex.net http://localhost:8443 https://x9y-p.local.intapp.eu/ https://d36ygvu01nuobw.cloudfront.net https://*.komgo.io; child-src 'self' blob: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/ https://*.adobedc.net; default-src 'self'; font-src 'self' data: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.googleapis.com https://fonts.gstatic.com https://*.trustarc.com; frame-ancestors 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbcgroup.com https://*.kbc-group.com https://*.kbcgroup.eu https://*.adobe.com; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.contentsquare.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://*.adobemc.com https://action.metaffiliation.com https://*.instagram.com https://scontent.cdninstagram.com https://cbc.azureedge.net https://cm.everesttech.net https://csi.gstatic.com https://*.linkedin.com https://dpm.demdex.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://*.googleapis.com https://maps.gstatic.com https://mba.azureedge.net https://mbj.azureedge.net https://pixel.everesttech.net https://scomcluster.cxense.com https://secure.adnxs.com https://t.co https://touch.azureedge.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.be https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://img.youtube.com https://youtu.be https://*.truste.com https://*.trustarc.com https://cdn.publish.macrobond.net https://*.cxense.com https://*.contentsquare.net https://refini.tv https://product.datastream.com https://d36ygvu01nuobw.cloudfront.net https://*.komgo.io; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cbc.azureedge.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://touch.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' data: blob: filesystem: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kbc-group.com https://*.24plus.be https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://*.instagram.com https://scontent.cdninstagram.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://*.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://snap.licdn.com https://static.ads-twitter.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.google.com/pagead/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://t.contentsquare.net https://contentsquare.com https://code3.adtlgc.com https://*.trustarc.com https://*.truste.com https://*.cxense.com https://shared.mediahuis.be https://t.contentsquare.net https://contentsquare.com https://*.contentsquare.com https://player.hihaho.com/ https://documentservices.adobe.com/ https://uk.personalcard.net https://d36ygvu01nuobw.cloudfront.net https://*.komgo.io; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://cdn.tt.omtrdc.net https://*.googleapis.com https://uk.personalcard.net https://d36ygvu01nuobw.cloudfront.net https://*.komgo.io; manifest-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cdn.tt.omtrdc.net https://*.googleapis.com; worker-src 'self' blob: 4
default-src 'self' *.greenhouse.io *.sharethis.com *.rhombusads.com *.google-analytics.com *.doubleclick.net *.fullstory.com *.mktoresp.com *.hscollectedforms.net *.hsforms.com veradigm-com-cache.s3.amazonaws.com *.cookiebot.com *.analytics.google.com *.ads.linkedin.com *.acsbapp.com *.google.com acsbapp.com ws.zoominfo.com *.hubspot.com *.driftt.com *.crazyegg.com blob: *.googleapis.com *.gstatic.com *.hsappstatic.net; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src *.greenhouse.io *.doubleclick.net *.marketo.com *.sitescout.com *.krxd.net *.youtube.com *.sharethis.com *.consensu.org *.cookiebot.com *.hsforms.com issuu.com *.google.com *.drift.com *.driftt.com *.adroll.com *.crazyegg.com *.google.com theorthoshow.com *.cohostpodcasting.com *.hubspot.com; img-src 'self' data: *.zoominfo.com *.google-analytics.com *.marketo.com *.linkedin.com *.lfeeder.com *.sitescout.com *.adsymptotic.com *.krxd.net *.youtube.com *.sharethis.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.doubleclick.net *.google.com *.fullstory.com *.hubspot.com *.analytics.google.com *.hsforms.com *.geniusmonkey.com *.cookiebot.com *.capterra.com *.adroll.com *.bidswitch.net *.openx.net *.adnxs.com *.analytics.yahoo.com *.rlcdn.com *.googlesyndication.com *.rubiconproject.com *.casalemedia.com *.pubmatic.com *.outbrain.com *.taboola.com *.3lift.com *.company-target.com *.facebook.com *.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.greenhouse.io *.zoominfo.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.marketo.com *.marketo.net *.licdn.com *.pixel.ad *.krxd.net *.lfeeder.com *.sharethis.com *.google.com *.googleadservices.com *.doubleclick.net *.youtube.com *.fullstory.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsforms.com *.hsforms.net *.hscollectedforms.net *.cookiebot.com *.geniusmonkey.com *.adroll.com *.ads.linkedin.com acsbapp.com *.acsbapp.com *.gstatic.com *.drift.com *.driftt.com *.crazyegg.com *.contextweb.com *.hubspot.com connect.facebook.net *.usemessages.com static.hsappstatic.net blob: 'unsafe-eval' *.googletagmanager.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.marketo.com *.google.com *.crazyegg.com; 4
default-src  'self'; img-src  'self'; script-src  'self' 'unsafe-inline'; object-src  'self'; style-src  'self' 'unsafe-inline'; 4
default-src 'self'; child-src https://notificacion.incibe-cert.es/; connect-src 'self' https://*.googleusercontent.com https://maps.googleapis.com https://*.flickr.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:; frame-src 'self' https://*.incibe.es https://*.osi.es https://antibotnet.osi.es/ https://www.youtube.com https://www.vimeo.com https://*.vimeo.com https://www.google.com https://platform.twitter.com https://www.facebook.com https://syndication.twitter.com https://www.youtube-nocookie.com https://notificacion.incibe-cert.es/ https://player.flipsnack.com/; img-src 'self' https://i.ytimg.com/ https://www.facebook.com https://cdn.syndication.twimg.com https://*.twimg.com https://platform.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://developers.google.com https://*.global.siteimproveanalytics.io https://live.staticflickr.com https://*.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.twitter.com https://twitter.com https://*.flickr.com https://www.google-analytics.com https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.twitter.com https://twitter.com https://*.flickr.com https://www.google-analytics.com https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://platform.twitter.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://*.twimg.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' https://*.incibe.es/ https://proxy.sni-des-publica.sni.dev.incibe.es/ 4
media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' *.onlinereservationsystems.com; 4
default-src 'self' blob: *;base-uri 'self';font-src 'self' data: https://apps.mypurecloud.com/ https://chat.kindlycdn.com/ https://cdn.braze.eu https://use.fontawesome.com;form-action 'self' *;frame-ancestors 'self' *;img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;script-src-attr 'none';style-src 'self' 'unsafe-inline' * 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 4
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: blob:; 4
frame-ancestors 'self' connectappypie.com googleapis.com reveal.clearbit.com; 4
frame-ancestors 'self' https://*.sdcounty.ca.gov:*; 4
frame-ancestors 'self' https://www.circana.com https://*.circana.com https://*.iriworldwide.com; 4
default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data:; worker-src * blob:; frame-ancestors 'self' https://a.cms.omniupdate.com; 4
upgrade-insecure-requests;         default-src 'self'             https://*.canadalife.com             https://*.canadavie.com;         connect-src 'self'             https://*.canadalife.com             https://*.canadavie.com             https://*.greatwestlife.com             https://www.google-analytics.com             https://pdx-col.eum-appdynamics.com             https://greatwestlife.sc.omtrdc.net             https://dpm.demdex.net             https://maps.googleapis.com             https://greatwestlife.tt.omtrdc.net             https://*.fls.doubleclick.net             https://stats.g.doubleclick.net             https://*.qualtrics.com             https://*.tt.omtrdc.net             https://analytics.google.com              https://ct.pinterest.com             https://*.force.com             https://*.salesforce-sites.com             https://*.salesforce.com             https://*.salesforceliveagent.com             https://*.gwl.bz             https://*.mouseflow.com             https://edge.adobedc.net             https://analytics.tiktok.com             https://*.onetrust.com             https://cdn.cookielaw.org             https://cookies-data.onetrust.io             https://pagead2.googlesyndication.com             https://www.tickertech.com             https://lifeco--fit.sandbox.my.site.com             https://lifeco--mop.sandbox.my.site.com             https://lifeco.my.site.com             https://lifeco--ecrmagent.sandbox.my.site.com             https://*.ads.linkedin.com;         script-src 'self' 'unsafe-eval';        script-src-attr 'unsafe-hashes'             'sha256-s03MppK+yldqebQIUHl/a3rnlThCtQkSXSmmZOF3+F4='             'sha256-8lDeP0UDwCO6/RhblgeH/ctdBzjVpJxrXizsnIk3cEQ=';         script-src-elem 'self'             'sha256-rxbB0dwoVgxFLovO+2QdlowWXjNRQqQ2N+l1eql3idk='             'sha256-FBNK2rdRWFlHdRsYGZZBmuYu5+CkAl+Wn1JoYWqrksM='             'sha256-F4BYc9lsI/Vrx9C9i80ixfUTjvillF19Ozmb78mybec='             'sha256-AQOwIQfwXmjGkJa3okk527EAh1ebFJRpTTZl+5jRXbY='             'sha256-g2Pta/3ikSvMxquiOYn0GW46rWdTYOpxkQZQy4WkDmg='             'sha256-KoHyQmm+D9hBDaBTR6+gxOIONQBIayKMbpsmhIC1btA='             'sha256-aPmuEA+YTJeUe5vchynnoiv3QTQuOLlWWoFTWMZ0g1g='             'sha256-qLzKpw2YpqphcZ2dUfDq+nZ5lHCEZFVVMQAG3QzDYFs='             'sha256-mpui/uSvBk50FoZaT31+E4TDh6X31gDoxHjIJDzRJZg='             'sha256-77v6+Y2oUkIbs8c4pNz/22z+7s+raZVjnYoWAy3n340='             'sha256-E7YCGQ5MRgDfOE83WCZrO5WMF47b8DMQrCCUsSG4BZA='             'sha256-7sAcIrWL0oWh2ze3yV6tqz1RbnGmqhIx1Qus9jRracQ='             'sha256-M+nrL1i0jyqg3asaQwtMrGR3HewAhiK/bpVvlDbxPVA='             'sha256-2w2VuPWkQ3e1VTwZBpAMJr/J8SGDI2TAq/lDdYX5rCM='             'sha256-QmTlplZrwxtcIjf0Qw5pH3wwugda+oguLrKTkvZcEZg='             'sha256-c/UuTsNI4PzkW3h2TEBTba6cHzrxCGLRLm7e7JFOMTA='             'sha256-iyqTc3hqwkLOBdzXfypaUKkfBjoe6ISFWFJymJlkhi0='             'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg='             'sha256-6vmJe+REQ2uvXdOcmOA0gV2Ghe2w9VIMFQMDJ6mfiIY='             'sha256-djABxqtTxWmFtje0qzMk5v6m47EuSHXoA7G6ISvWRcM='             'sha256-IkjtHJi30pQL4HJunVbbOb0eddxKbzQS73A/uLX1dxc='             'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg='             'sha256-sjwHEvEEd6LOECfafoaXLp4pSwGYpxKixkV7uzUd1mI='             'sha256-hUAVVCKUCsvj/NRR8gA7De+28k1VzMT2WZInYuEgow4='             'sha256-Hts4iOCYzEeuX6rdSp2aiZrU4RwBn9aQiN5om8ue+WU='             'sha256-myEuPW+nKtNfz374HWMHz0UGYwyue8KuWk8jIG/3GeQ='             'sha256-47hygcsCeuaz/wFDcfGceDzFRbsMCTKLzIipw5aiGI4='             'sha256-y4f9W+6dx+NJrSoXaIp4Z68xghYiTAOTKAc+aAakarg='             'sha256-Nj9ZkTPsRdNRP79R2LmmJ6tqxvZLVGv/R2HV0/4hAuM='             'sha256-VSXobtrxfF6D1p+BtC9xltlwQmAVWcyRIJuSFJqFdSQ='             'sha256-UslN52emMX/WzG5xOZW4SSmhTC38p8AM6nfHugezhSI='             https://*.canadalife.com             https://*.canadavie.com             https://*.gwl.bz             https://assets.adobedtm.com             https://cdn.appdynamics.com             https://www.google-analytics.com/analytics.js             https://connect.facebook.net/en_US/fbevents.js             https://connect.facebook.net/signals/             https://*.qualtrics.com             https://dpm.demdex.net             https://ad.doubleclick.net             https://*.fls.doubleclick.net             https://snap.licdn.com             https://static.ads-twitter.com             https://analytics.twitter.com             https://px.ads.linkedin.com             https://secure.adnxs.com             https://maps.googleapis.com/maps/             https://maps.googleapis.com/maps-api-v3/             https://play.vidyard.com             https://p.adsymptotic.com             https://www.googletagmanager.com/gtag/             https://mboxedge35.tt.omtrdc.net             https://s.pinimg.com/ct/             https://ct.pinterest.com             https://googleads.g.doubleclick.net             https://bat.bing.com/bat.js             https://bat.bing.com/p/action/11042675.js             https://bat.bing.com/p/insights/t/11042675             https://www.googleadservices.com             https://analytics.google.com             https://*.force.com             https://*.salesforce.com             https://*.salesforce-sites.com             https://*.salesforceliveagent.com             https://*.mouseflow.com             https://www.gstatic.com             https://www.google.com/recaptcha/enterprise.js             https://www.redditstatic.com/ads/pixel.js             https://analytics.tiktok.com             https://cdn.cookielaw.org             https://embed.myadvocado.com             https://canada-life.gitlab.io             https://lifeco--fit.sandbox.my.site.com             https://lifeco--mop.sandbox.my.site.com             https://lifeco.my.site.com             https://lifeco--ecrmagent.sandbox.my.site.com;         style-src 'self' blob: 'unsafe-inline'             https://*.canadalife.com             https://*.canadavie.com             https://*.gwl.bz             https://*.vidyard.com             https://*.qualtrics.com             https://*.force.com             https://*.salesforce-sites.com             https://fonts.googleapis.com             https://lifeco--fit.sandbox.my.site.com             https://lifeco--mop.sandbox.my.site.com             https://lifeco.my.site.com             https://lifeco--ecrmagent.sandbox.my.site.com;         img-src 'self' data:             https://*.canadalife.com             https://*.canadavie.com             https://*.gwl.bz             https://*.ggpht.com             https://*.googleapis.com/             https://greatwestlife.sc.omtrdc.net             https://greatwestlife.tt.omtrdc.net             https://www.facebook.com             https://*.qualtrics.com             https://cm.everesttech.net             https://*.fls.doubleclick.net             https://maps.googleapis.com             https://*.ads.linkedin.com             https://www.linkedin.com             https://ad.doubleclick.net             https://secure.adnxs.com             https://analytics.twitter.com             https://p.adsymptotic.com             https://adservice.google.com/ddm/             https://adservice.google.ca/ddm/             https://dpm.demdex.net             https://maps.gstatic.com             https://*.vidyard.com             https://*.qualtrics.com             https://www.google.ca/ads/             https://www.google.com/ads/             https://www.google-analytics.com             https://www.google.com/pagead/             https://www.google.ca/pagead/             https://www.googletagmanager.com             https://t.co             https://s.pinimg.com/ct/             https://ct.pinterest.com             https://bat.bing.com             https://*.force.com             https://*.salesforce-sites.com             https://ca-gmtdmp.mookie1.com             https://cdn.cookielaw.org             https://alb.reddit.com             https://www.redditstatic.com;         font-src 'self' data:             https://*.canadalife.com             https://*.canadavie.com             https://*.gwl.bz             https://fonts.googleapis.com             https://fonts.gstatic.com             https://*.qualtrics.com             https://*.vidyard.com;         frame-src 'self' blob:             https://player.vimeo.com             https://play.vidyard.com             https://*.gwl.bz             https://*.qualtrics.com             https://www.youtube.com             https://www.youtube-nocookie.com             https://www.pinterest.com             https://gwl.demdex.net             https://*.force.com             https://www.google.com             https://td.doubleclick.net             https://ct.pinterest.com             https://embed.myadvocado.com;         child-src             https://*.canadalife.com             https://*.canadavie.com             https://*.gwl.bz             https://*.qualtrics.com             https://greatwestlife.sc.omtrdc.net             https://greatwestlife.tt.omtrdc.net;         object-src 'none';         base-uri 'none'; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ;  script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:  https://resources-library.keyfactor.com              https://jukebox.pathfactory.com https://www.quantumquestgames.com https://js.hsforms.net https://code.jquery.com             https://cdnjs.cloudflare.com             https://use.typekit.net             https://cdnjs.cloudflare.com             https://cdn-app.pathfactory.com             https://cdn.jsdelivr.net             https://fast.wistia.com             https://fast.wistia.net             https://js.hs-analytics.net             https://js-na1.hs-scripts.com             https://js.hscollectedforms.net             https://js.hsadspixel.net             https://js.hs-banner.com             https://js.hsleadflows.net             https://www.googletagmanager.com             https://browser.sentry-cdn.com             https://bat.bing.com             https://www.clarity.ms             https://www.brighttalk.com             https://js.qualified.com             https://tracking.g2crowd.com             https://static.oktopost.com             https://js.adsrvr.org             https://okt.to             https://js.hubspot.com             https://static.hsappstatic.net             https://cdn.cookielaw.org             https://snap.licdn.com             https://a.quora.com             https://www.redditstatic.com             https://nitroscripts.com             https://dev.visualwebsiteoptimizer.com             https://googleads.g.doubleclick.net             https://connect.facebook.net             https://j.6sc.co             https://cdn-ilbndhj.nitrocdn.com             https://boards.greenhouse.io             https://job-boards.greenhouse.io             https://js.hsforms.net             https://cdn.dreamdata.cloud             https://cdn.drda.io             https://platform.twitter.com             https://scripts.clarity.ms             https://r3.visualwebsiteoptimizer.com             https://*.visualwebsiteoptimizer.com             https://r2.visualwebsiteoptimizer.com             https://r1.visualwebsiteoptimizer.com               https://www.google.com             https://www.google.ca             https://www.google.co.uk             https://www.google.de             https://www.google.fr             https://www.google.es             https://www.google.it             https://www.google.nl             https://www.google.com.au             https://www.google.com.br             https://www.google.co.jp             https://www.google.co.in             https://*.google.ca             https://cdn.pathfactory.com  ; style-src 'self' 'unsafe-inline' data: blob: https://fonts.googleapis.com             https://use.typekit.net             https://cdnjs.cloudflare.com             https://cdn.jsdelivr.net             https://use.typekit.net             https://cdn-app.pathfactory.com             https://p.typekit.net             https://js.hs-analytics.net             https://browser.sentry-cdn.com             https://fast.wistia.com             https://app.cdn.lookbookhq.com             https://cdn-app.pathfactory.com             https://cdn-ilbndhj.nitrocdn.com             https://boards.greenhouse.io             https://job-boards.greenhouse.io             https://fonts.gstatic.com             https://www.quantumquestgames.com             https://cdn.pathfactory.com; img-src 'self' data: blob:     https://customer-assets.qualified.com    https://www.google.ca      https://p.typekit.net             https://cdnjs.cloudflare.com             https://fast.wistia.com             https://secure.gravatar.com             https://forms.hsforms.com             https://q.quora.com             https://alb.reddit.com             https://px.ads.linkedin.com             https://forms-na1.hsforms.com             https://forms-na1.hsforms.com             https://cdn.cookielaw.org             https://forms-na1.hsforms.com             https://c.clarity.ms             https://*.bing.com             https://www.linkedin.com             https://embed-ssl.wistia.com             https://app.cdn.lookbookhq.com             https://fast.wistia.net             https://track.hubspot.com             https://dev.visualwebsiteoptimizer.com             https://plugin-updates.wpengine.com             https://b.6sc.co             https://www.facebook.com             https://www.keyfactor.com             https://px4.ads.linkedin.com             https://s.w.org             https://r4.visualwebsiteoptimizer.com             https://cdn.pathfactory.com             https://fonts.gstatic.com             https://r3.visualwebsiteoptimizer.com             https://r1.visualwebsiteoptimizer.com             https://*.visualwebsiteoptimizer.com             https://www.google-analytics.com             https://dev.visualwebsiteoptimizer.com             https://cdnjs.cloudflare.com             https://cdn.cookielaw.org             https://forms.hsforms.com             https://track.hubspot.com             https://www.quantumquestgames.com             https://raw.githubusercontent.com             https://www.googletagmanager.com             https://www.google.com             https://cdn.cookielaw.org             wss://*.qualified.com             https://fast.wistia.net             https://insight.adsrvr.org             ;  connect-src 'self' data:           https://pipedream.wistia.com   https://stats.g.doubleclick.net          https://hubspot-forms-static-embed.s3.amazonaws.com             https://forms.hsforms.com             https://distillery.wistia.com             https://fast.wistia.net             https://forms.hsforms.com             https://js.hs-banner.com             https://forms.hscollectedforms.net             https://cdn.cookielaw.org             https://px.ads.linkedin.com             https://pixel-config.reddit.com             https://www.redditstatic.com             https://conversions-config.reddit.com             https://geolocation.onetrust.com             https://forms.hubspot.com             https://*.clarity.ms             https://jukebox.pathfactory.com             https://privacyportal.onetrust.com             https://fast.wistia.com             https://embed-cloudfront.wistia.com             https://dev.visualwebsiteoptimizer.com             wss://ws.qualified.com             https://app.qualified.com             https://okt.to             https://tracking.g2crowd.com             https://tracking-api.g2.com             https://exceptions.hubspot.com             https://yoast.com             https://nitropack.io             https://www.google.com             https://to.getnitropack.com             https://pagead2.googlesyndication.com             https://spcollector.pathfactory.com             https://epsilon.6sense.com             https://bat.bing.com             https://connect.facebook.net             https://j.6sc.co             https://c.6sc.co             https://ipv6.6sc.co             https://secure.adnxs.com             https://c.6sc.co             https://cdn-ilbndhj.nitrocdn.com             https://boards.greenhouse.io             https://www.recaptcha.net             https://js.hsforms.net             https://google.com             https://cdn.dreamdata.cloud             https://r5.visualwebsiteoptimizer.com             https://insight.adsrvr.org             https://r6.visualwebsiteoptimizer.com             wss://ws5.qualified.com             https://www.facebook.com             https://r4.visualwebsiteoptimizer.com             https://fg8vvsvnieiv3ej16jby.litix.io             https://r2.visualwebsiteoptimizer.com             https://r3.visualwebsiteoptimizer.com             https://*.visualwebsiteoptimizer.com             https://www.google-analytics.com               https://www.google.com             https://www.google.ca             https://www.google.co.uk             https://www.google.de             https://www.google.fr             https://www.google.es             https://www.google.it             https://www.google.nl             https://www.google.com.au             https://www.google.com.br             https://www.google.co.jp             https://www.google.co.in             https://*.google.ca             https://www.quantumquestgames.com              https://cdn.pathfactory.com               https://resources-library.keyfactor.com              https://jukebox.pathfactory.com              https://cdn-app.pathfactory.com              https://static.hsappstatic.net              https://js.hs-banner.com              wss://*.qualified.com              https://fast.wistia.net              https://*.google.com              https://*.doubleclick.ne    ;  font-src 'self' data:             https://use.typekit.net             https://fonts.gstatic.com             https://use.typekit.net             https://cdnjs.cloudflare.com             https://fast.wistia.com             https://fast.wistia.net             https://cdn-app.pathfactory.com             https://cdn.pathfactory.com             https://www.quantumquestgames.com;  object-src 'self' ;  media-src 'self' blob:             https://app.qualified.com;  frame-src 'self'               https://fast.wistia.net             blob:             data:             https://www.keyfactor.com             https://www.brighttalk.com             https://insight.adsrvr.org             https://match.adsrvr.org             https://td.doubleclick.net             https://app.qualified.com             https://boards.greenhouse.io             https://job-boards.greenhouse.io             https://app.hubspot.com             https://keyfactor.com             http://keyfactorstage.wpenginepowered.com             https://app.qualified.com             https://www.facebook.com             https://forms.hsforms.com             https://dev.visualwebsiteoptimizer.com             https://www.keyfactor.com             https://open.spotify.com             https://online.fliphtml5.com             https://app.qualified.com             https://www.googletagmanager.com;  child-src 'self' blob: ;  upgrade-insecure-requests;  block-all-mixed-content;  frame-ancestors 'self' ; 4
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https://s3.ktb.gov.tr https://cdn.datatables.net https://www.googletagmanager.com https://apiservice.kultur.gov.tr https://istatistik.ktb.gov.tr https://my.matterport.com https://analitik.edevlet.gov.tr https://cdn.e-devlet.gov.tr https://www.google-analytics.com https://ajax.googleapis.com https://code.jquery.com https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://webtv.kultur.gov.tr https://webtvpanel.kultur.gov.tr http://webtvpanel.kultur.gov.tr https://livechat.connexease.com https://www.google.com https://cloud.360tr.com https://docs.google.com https://tescil1.telifhaklari.gov.tr https://www.youtube.com; font-src 'self' data: https:; object-src 'none'; 4
connect-src 'self' *.edenred.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com http://*.xiti.com https://api.websitecarbon.com; font-src 'self' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' *.edenred.com https://cdn.cookielaw.org data: https://api.mapbox.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com; media-src 'self' *.edenred.com; object-src 'self' *.edenred.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://connect.facebook.net cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://connect.facebook.net cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://tagmanager.google.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' *.edenred.com; report-uri https://www.edenred.com/fr/system/reporting/csp; report-to csp 4
default-src 'self'; connect-src *; font-src * data: blob:; media-src * data:; frame-src 'self' mailto: tel: *.acuvue.com *.acuvue.ru *.adsrvr.org *.brightcove.com *.brightcove.net *.doubleclick.net *.eprize.net *.google.com *.googletagmanager.com *.livechatinc.com *.mypurecloud.com *.opinionstage.com *.optimizely.com *.platformsh.site *.qualtrics.com *.valassis.eu *.walkme.com *.walls.io *.yandex.ru *.yandex.com *.youtube.com; img-src * data: blob:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adsrvr.org *.ads-twitter.com *.amazon-adsystem.com *.appsflyer.com *.clarity.ms *.cloudflareinsights.com *.contentsquare.com *.contentsquare.net *.contextweb.com *.cookielaw.org *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jquery.com *.licdn.com *.line-scdn.net *.livechatinc.com *.macromill.com *.mieru-ca.com *.mypurecloud.com *.newrelic.com *.onetrust.com *.optimizely.com *.outbrain.com *.makeupar.com *.perfectcorp.com *.pulseinsights.com pym.nprapps.org *.qualtrics.com *.seznam.cz *.smartnews-ads.com *.tiktok.com *.valassis.eu *.walkme.com *.yahoo.co.jp *.yandex.com *.yandex.ru *.yimg.jp *.youcamapi.cn *.youtube.com *.zemanta.com walls.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.gstatic.com *.mypurecloud.com *.onetrust.com *.optimizely.com *.walkme.com; child-src 'self' blob:; worker-src 'self' blob:; report-to endpoint-1; 4
default-src 'self' https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net https://zip.getziptastic.com https://www.googletagmanager.com *.lambda-url.us-east-1.on.aws; img-src * data:; script-src 'self' 'sha256-4qHwYstA/HMoqYktYjfAnyNPmBqLeAqunX99JaEvimc=' https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com https://*.cookiebot.com/ https://cookiebot.com/*; frame-src https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://copayassets-test.aws.paysign.com/ https://s3.amazonaws.com/ https://*.cookiebot.com/ https://*.paysign.com https://*.s3.amazonaws.com/ https://copay-portalapi.paysign.net/  https://copay-portalapi.paysign.net/*; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net; font-src 'self' https://fonts.gstatic.com; connect-src https://*.paysign.com https://*.3pea.net https://*.aws.paysign.com https://*.paysign.net https://*.s3.us-east-1.amazonaws.com/ https://zip.getziptastic.com https://www.googletagmanager.com https://maps.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.lambda-url.us-east-1.on.aws/ https://*.cookiebot.com/; manifest-src 'self' https://maps.googleapis.com/ https://www.google-analytics.com/; 4
default-src 'self'; script-src 'self' 'unsafe-inline' blob: https://js.hsforms.net https://js.hs-scripts.com https://js.hubspotfeedback.com https://js.hs-banner.com https://js.hs-analytics.net https://script.crazyegg.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://tracking.g2crowd.com https://js.hsadspixel.net https://snap.licdn.com https://www.redditstatic.com https://app.factors.ai https://plugin.sopro.io https://cdn.devicevalidation.io https://js.hubspot.com https://qr-code.deviceatlas.com https://cdn.dxpr.com https://my.g2.com https://cs-cdn.deviceatlas.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.dxpr.com https://use.fontawesome.com https://cdn.jsdelivr.net; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com; img-src 'self' data: https://www.google-analytics.com https://track.hubspot.com https://px.ads.linkedin.com https://alb.reddit.com https://px4.ads.linkedin.com https://perf-na1.hsforms.com https://forms-na1.hsforms.com https://cdn.dxpr.com https://www.googletagmanager.com https://images.g2crowd.com https://assets.deviceatlas.com https://www.google.ie https://google.pl https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net; connect-src 'self' https://www.google-analytics.com https://forms.hsforms.com https://forms-na1.hsforms.com https://api.hsforms.com https://js.hs-banner.com https://script.crazyegg.com https://api.factors.ai https://pixel-config.reddit.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://px.ads.linkedin.com https://region1.analytics.google.com https://www.google.com https://www.google.ie https://api1.devicevalidation.io https://api2.devicevalidation.io https://api3.devicevalidation.io https://cdn.devicevalidation.io https://static.hsappstatic.net https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://tracking-api.g2.com https://stats.g.doubleclick.net https://assets-tracking.crazyegg.com https://cdn.dxpr.com https://my.g2.com https://app.crazyegg.com; frame-src 'self' https://forms.hsforms.com https://forms-na1.hsforms.com https://www.googletagmanager.com https://app.hubspot.com https://qr-code.deviceatlas.com https://qr.deviceatlas.com https://player.vimeo.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' https://pay.sandbox.realexpayments.com https://pay.realexpayments.com https://linkedin.okta.com; upgrade-insecure-requests; 4
default-src https:; style-src 'self' 'unsafe-inline' https: data:; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data:; frame-src *; frame-ancestors 'none'; base-uri 'self'; form-action * 4
default-src * blob: 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self'; form-action *; report-to endpoint-1 4
connect-src *; default-src 'self'; font-src * data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4
frame-ancestors https://*.descartes.com https://*.folloze.com; report-uri /report-csp-violation 4
frame-ancestors 'self' https://www.carmudi.com.ph https://uat.carmudi.com.ph https://uat1.carmudi.com.ph 4
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' ocdn.eu onet.pl *.onet.pl *.gstatic.com *.google.com *.google.pl *; frame-ancestors 'self' https://www.onet.pl; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=konto.onet.pl::PROD 4
frame-ancestors https://*.realitykings.com 4
default-src 'self' 'unsafe-inline' tally.so *.tally.so mixvoip.com *.mixvoip.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' tally.so *.tally.so mixvoip.com *.mixvoip.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com; style-src 'self' 'unsafe-inline' tally.so *.tally.so mixvoip.com *.mixvoip.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com; img-src 'self' data: tally.so *.tally.so mixvoip.com *.mixvoip.com scribehow.com *.scribehow.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com https://i.ytimg.com https://img.youtube.com; font-src 'self' tally.so *.tally.so mixvoip.com *.mixvoip.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com; connect-src 'self' tally.so *.tally.so mixvoip.com *.mixvoip.com wss://support.mixvoip.com scribehow.com *.scribehow.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com; frame-src 'self' tally.so *.tally.so mixvoip.com *.mixvoip.com scribehow.com *.scribehow.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com www.loom.com https://www.youtube-nocookie.com https://www.youtube.com; media-src 'self' tally.so *.tally.so mixvoip.com *.mixvoip.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com 4
img-src * data:; 4
frame-ancestors 'self' https://nintex.pathfactory.com https://resources.nintex.com https://pathfactory.nintex.com https://info.nintex.com 4
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 4
frame-src 'self' https://player.vimeo.com/ https://fast.wistia.net https://www.youtube.com/ https://www.google.com/ https://forms.hsforms.com https://td.doubleclick.net https://www.googletagmanager.com/ https://scribehow.com/ https://momentivenonprofitstudy.gravitate-nucleus.com https://cbassociationresearch.gravitate-nucleus.com https://46621835.hs-sites.com/ https://k-12.wistia.com/ https://open.spotify.com/; 4
default-src https:  wss://*.hotjar.com wss://*.qualified.com; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self' *.experityhealth.com; frame-src data: https:; media-src blob: data: https:; object-src 'self' blob:; worker-src blob: 'self'; child-src blob:; upgrade-insecure-requests; 4
connect-src * ; default-src 'self' *.gs.com:* *.cft.gs:* data: blob: ; frame-ancestors  'self' *.gs.com:* *.cft.gs:* ; img-src 'self' *.gs.com:* *.cft.gs:* https://images.ctfassets.net 'unsafe-inline' https://consent.trustarc.com data: blob: ; font-src https://consent.trustarc.com 'self' *.gs.com:* *.cft.gs:* data: ; script-src 'self' *.gs.com:* *.cft.gs:* ; worker-src 'self' *.gs.com:* *.cft.gs:* blob: data: ; style-src 'self' 'unsafe-inline' *.gs.com:* *.cft.gs:* ; media-src  'self' *.gs.com:* *.cft.gs:* data: blob: https://media-gsam.akamaized.net/ ; frame-src 'self' *.gs.com:* *.cft.gs:* *.gsam.com:* https://consent-pref.trustarc.com/ https://na-ab44.marketo.com/  https://*.jiji.com https://tools.euroland.com https://tools.eurolandir.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  https://consent.trustarc.com https://na-ab44.marketo.com  https://unpkg.com  https://gateway.zscalerthree.net https://ds-aksb-a.akamaihd.net https://s.go-mpulse.net ; style-src-elem 'self' 'unsafe-inline' https://na-ab44.marketo.com https://unpkg.com https://login.idfs.gs.com https://cdn.gs.com 4
frame-src http://*.hcl-software.com  https://*.hcl-software.com https://*.hcltechsw.com https://outlook.office365.com/ https://*.google.com https://*.googletagmanager.com https://*.youtube.com  https://www.youtube-nocookie.com  https://hclswaichatbot.eu.bigfixaex.ai https://*.terminus.services https://*.webexperiences.com https://*.vercel.app  https://player.cloudinary.com https://*.arcade.software https://*.navattic.com https://*.gartner.com https://leap.hcl-software.com 4
frame-ancestors 'self' https://*.nethealth.com https://*.therapy.nethealth.com 4
default-src *; font-src 'self' data: blog.easycosmetic.de; connect-src * ; media-src 'self' blob: data:; manifest-src 'self'; base-uri 'self'; form-action *; frame-src *; frame-ancestors *; object-src 'none'; worker-src 'self' blob:; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: https: http: ;style-src 'unsafe-inline' 'self' * 4
default-src 'self' *.lytx.com data:; script-src 'self' *.lytx.com fonts.googleapis.com www.googletagmanager.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.doubleclick.net *.googlesyndication.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cdn.cookielaw.org *.onetrust.com *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.sentry-cdn.com *.cloudfront.net bat.bing.com snap.licdn.com *.6sc.co *.zi-scripts.com 'unsafe-inline'; style-src 'self' *.lytx.com fonts.googleapis.com *.gstatic.com *.onetrust.com cdn.cookielaw.org cdn.jsdelivr.net *.marketo.com *.marketo.net 'unsafe-inline'; img-src 'self' *.lytx.com www.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.doubleclick.net *.linkedin.com *.facebook.com *.youtube.com *.vimeo.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com *.onetrust.com *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.publuu.com publuu.com data: https:; connect-src 'self' www.google-analytics.com www.google.com *.googleapis.com *.googlesyndication.com stats.g.doubleclick.net analytics.google.com *.linkedin.com *.facebook.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cdn.cookielaw.org cdn.jsdelivr.net *.onetrust.com *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.mktoresp.com *.publuu.com publuu.com *.sentry.io *.sentry-cdn.com *.6sc.co *.6sense.com; frame-src 'self' *.lytx.com *.google.com www.googletagmanager.com *.youtube.com *.vimeo.com *.linkedin.com *.facebook.com *.wistia.com *.wistia.net *.publuu.com publuu.com *.tiled.co *.outgrow.us *.marketo.com *.marketo.net; media-src 'self' *.lytx.com *.wistia.com *.wistia.net data: blob:; font-src 'self' fonts.gstatic.com *.onetrust.com *.wistia.com *.wistia.net data:; worker-src 'self' blob:; frame-ancestors 'self' *.lytx.com lytx-cms-stage-2025.azurewebsites.net lytx-cms-prod-2025.azurewebsites.net; object-src 'none'; base-uri 'self'; 4
frame-ancestors 'self' https://adobemc.com https://centerparcs.experiencecloud.adobe.com https://experience.adobe.com; 4
frame-ancestors 'none'; form-action 'self' https://forms-eu1.hsforms.com; base-uri 'self' 4
frame-ancestors 'self' https://cms.payfit.com https://payfit-website.admin.datocms.com https://*.datocms.com 4
frame-ancestors *.tostadora.fr *.tostadora.co.uk *.tostadora.com *.tostadora.it *.latostadora.com tostadora.fr tostadora.co.uk tostadora.com tostadora.it latostadora.com www.latostadora.dock:* www.tostadora.fr.dock:* www.tostadora.it.dock:* www.tostadora.co.uk.dock:* www.tostadora.com.dock:* mx.latostadora.dock:*; 4
frame-ancestors https://*.builder.io https://builder.io 4
object-src 'self'; block-all-mixed-content; upgrade-insecure-requests; 4
object-src 'self'; frame-ancestors 'self'; 4
frame-ancestors 'self' https://*.clasquin.com https://clasquin.com 4
default-src * 'unsafe-inline' 4
frame-ancestors 'self' https://metrika.yandex.ru 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob:; worker-src blob: https:; 4
base-uri 'self'; default-src https://www.dnshome.de; font-src 'self' data: https:; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://www.paypalobjects.com; script-src 'self' 'unsafe-inline'; style-src 'self'; 4
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 4
upgrade-insecure-requests; script-src * 'unsafe-inline' 'unsafe-eval' blob:; object-src *; frame-ancestors 'self' www.vliz.be vliz.be form.vliz.be www.omes-monitoring.be omes-monitoring.be; 4
base-uri 'none'; font-src 'self' https: data:; frame-ancestors 'self'; object-src 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; 4
frame-ancestors 'self' *.marketing.ai *.myclickfunnels.com; 4
default-src 'self'; base-uri 'self';  img-src 'self' https: data: ssl.gstatic.com *.vimeocdn.com         *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.ggpht.com;  font-src 'self' https://fonts.gstatic.com f.hubspotusercontent-eu1.net 25126500.fs1.hubspotusercontent-eu1.net          *.delen.bank data:;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com tagmanager.google.com srv.stackadapt.com static.hsappstatic.net *.delen.bank;  script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:            tagmanager.google.com *.marker.io *.googletagmanager.com *.google-analytics.com            *.googleapis.com *.gstatic.com *.google.com;  connect-src 'self' https: data: blob:             *.google-analytics.com www.google-analytics.com *.hotjar.com *.hotjar.io             *.google.com https://*.googleapis.com https://*.gstatic.com;  frame-src 'self' *.google.com *.hotjar.com player.vimeo.com open.spotify.com *.cookiebot.com          *.googletagmanager.com cdn.raffle.ai  vimeo.com *.vimeo.com          *.dynamics.com www.google-analytics.com *.delen.be *.delen.bank *.delen.lu *.oyens.com *.typeform.com          *.doubleclick.net https://app httpsdelen://app https://forms.office.com https://oyensappsimulator.acpt.delen.be          https://delenappsimulator.acpt.delen.be https://login.acpt.delen.be https://online.acpt.delen.bank          https://loginoyens.acpt.delen.be https://delenappsimulator.acpt.delen.lu https://delenchappsimulator.acpt.delen.lu          https://login.acpt.delen.lu https://loginch.acpt.delen.lu platform.twitter.com https://forms-eu1.hsforms.com          vimeo.com blog.delen.bank https://app.skeeled.com/api/offers          https://js-eu1.hscollectedforms.net/collectedforms.js https://delen.bank/_hcms/api/apicall;  worker-src blob:;; upgrade-insecure-requests 4
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; style-src-elem 'self' 'unsafe-inline' https:; img-src 'self' data: https: blob:; font-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; worker-src 'self' blob:; 4
frame-src 'self' hubbell.my.salesforce.com hubbellcdn.com *.google.com *.addthis.com *.windows.net cdn.krxd.net *.paymentsradius.com *.googletagmanager.com *.doubleclick.net *.hsforms.com www.youtube.com *.brightcove.net resources.hubbellwiringsystems.com www.youtube-nocookie.com hiwebar.azureedge.net flickrembed.com www.powr.io w2.countingdownto.com bcove.video www.linkedin.com go.bluevolt.com widget.spreaker.com cm-hubbell01-prod.web.app hubbellwiringsystems.com www.slideshare.net progresslighting.wufoo.com my.matterport.com e.issuu.com www.kooltronic.com www.surveymonkey.com forms.office.com hubbell.dcatalog.com service.force.com app.hubspot.com 2897803.hs-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.monitor.azure.com *.cdn.applicationinsights.io cdn.channelsight.com cscoreproweustor.blob.core.windows.net hubbell-inc.secure.force.com b.static.lightning.force.com static.lightning.force.com hubbell.my.salesforce-sites.com *.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com ajax.googleapis.com maps.googleapis.com kit.fontawesome.com cdnjs.cloudflare.com js.hsleadflows.net 2897803.hs-sites.com 9281193.fls.doubleclick.net ajax.aspnetcdn.com analytics.google.com assets.map.brightcove.com bat.bing.com bcove.video blog.hubbell.com c.bing.com c.office.com careers.hubbell.com cdn.cookielaw.org connect.facebook.net ct.pinterest.com cta-service-cms2.hubspot.com d.la5-c1-ia5.salesforceliveagent.com docs.google.com dokumfe7mps0i.cloudfront.net e.issuu.com edge.api.brightcove.com edge.fullstory.com experiences.assets.brightcove.com forms-na1.hsforms.com forms-na1.hubspot.com forms.cloud.microsoft forms.hsforms.com forms.hubspot.com forms.office.com googleads.g.doubleclick.net hubbell.com hubbell.dcatalog.com hubbell.my.salesforce.com hubbellcdn.com id.hubbell.com img.youtube.com info.hubbell.com info.hubbellpowersystems.com investor.hubbell.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsforms.net js.hubspot.com map.brightcove.com media-exp1.licdn.com metrics.brightcove.com no-cache.hubspot.com pagead2.googlesyndication.com perf-na1.hsforms.com pixel.quantserve.com play.google.com players.brightcove.net progresslighting.wufoo.com public.slidesharecdn.com px.ads.linkedin.com s.pinimg.com salespersonlookup.hubbellapps.com service.force.com snap.licdn.com static.doubleclick.net static.hubspot.com stats.g.doubleclick.net store.hubbell.com tagmanager.google.com track.hubspot.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.hubbell.com www.linkedin.com www.redditstatic.com www.slideshare.net www.surveymonkey.com www.youtube-nocookie.com www.youtube.com youtube.com app.hubspot.com; object-src 'self' *.brightcove.net *.dcatalog.com *.flickrembed.com *.google.com *.hubbell.com *.hubbellcdn.com hubbellcdn.com *.hubbellwiringsystems.com *.issuu.com *.killarkar.blob.core.windows.net *.matterport.com *.office.com *.slideshare.net *.wufoo.com *.youtube.com bluevolt.com cm-hubbell01-prod.web.app docs.google.com forms.office.com hieeewebar.blob.core.windows.net hiwebar.azureedge.net 4
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 4
frame-ancestors 'self' *.aftership.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.am-static.com *.automizely.com *.aftership.com *.automizely-analytics.com https://cdn.jsdelivr.net/npm/keycloak-js@15.1.1/dist/keycloak.min.js js-agent.newrelic.com static.cloudflareinsights.com www.googletagmanager.com ws.zoominfo.com accounts.google.com www.google.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com *.googlesyndication.com *.adtrafficquality.google snap.licdn.com connect.facebook.net static.ads-twitter.com bat.bing.com www.clarity.ms scripts.clarity.ms tracking.g2crowd.com www.gstatic.com www.gstatic.cn widget.freshworks.com us-assets.i.posthog.com client.crisp.chat app.storyblok.com www.recaptcha.net code.jquery.com *.hotjar.com j.6sc.co js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net js.hsadspixel.net static.hsappstatic.net *.tiktok.com *.ttwstatic.com https://boards.greenhouse.io/embed/job_board/js organizer.bizzabo.com https://js.usemessages.com/conversations-embed.js https://unpkg.com/@splinetool/viewer/build/spline-viewer.js https://cdn.jsdelivr.net/npm/hls.js@latest mv.icu *.revenuehero.io www.zerobounce.net sdks.aftership-pixel.com cdn.crowdin.com cdn.snitcher.com; object-src 'none' 4
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: https://was-nam-us-prd-bhapi.azurewebsites.net wss://ws.qualified.com wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bhgateway.azurewebsites.net; font-src 'self' https:; frame-ancestors 'self' https; 4
base-uri 'self'; connect-src 'self' blob: data: https://*.applicationinsights.azure.com https://matomo.dekra.bawue.com https://*.clarity.ms https://c.bing.com https://*.g.doubleclick.net https://dekra-dev-search-api.e-spirit.cloud https://dekra-search-api.e-spirit.cloud https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google-analytics.com https://maps.googleapis.com https://*.googletagmanager.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://dc.services.visualstudio.com https://*.linkedin.com https://api.newsletter2go.com https://*.snapengage.com https://bat.bing.net https://bat.bing.com https://mapsresources-pa.googleapis.com https://aorta.clickagy.com https://hemsync.clickagy.com https://js.zi-scripts.com https://ws.zoominfo.com https://*.zkcdn.net https://*.doubleclick.net https://*.crwdcntrl.net https://*.adobedtm.com https://webforms-live-qa.dekra.com; default-src 'self'; manifest-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; form-action 'self'; frame-ancestors 'self' https://dekra.e-spirit.hosting https://dekradev.e-spirit.hosting https://dekraqa.e-spirit.hosting; frame-src 'self' https://*.doubleclick.net https://*.googletagmanager.com https://vars.hotjar.com https://player.vimeo.com https://www.youtube.com https://v.qq.com https://hemsync.clickagy.com https://dekracloud.sharepoint.com https://global.frcapi.com https://eu.frcapi.com; img-src 'self' data: https://*.baidu.com https://*.bing.com https://*.clarity.ms https://media.dekra.com https://media-test.dekra.com https://*.g.doubleclick.net https://dekra-media.e-spirit.cloud https://dekradev-media.e-spirit.cloud https://dekraqa-media.e-spirit.cloud https://dekraprod-media.e-spirit.cloud https://connect.facebook.net https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://maps.gstatic.com https://*.hotjar.com https://px.ads.linkedin.com https://*.snapengage.com https://i.ytimg.com https://twin-iq.kickfire.com https://bat.bing.net https://bat.bing.com; media-src https://dekra-media.e-spirit.cloud https://dekradev-media.e-spirit.cloud https://dekraqa-media.e-spirit.cloud https://dekraprod-media.e-spirit.cloud https://dkrcamarasprt.cl:502 https://dkrcamarasprt.cl:503 https://dkrcamarasprt.cl:504 https://dkrcamarasprt.cl:505 https://dkrcamarasprt.cl:506 https://dkrcamarasprt.cl:507 https://dkrcamarasprt.cl:508 https://dkrcamarasprt.cl:509; object-src 'none'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://hm.baidu.com https://matomo.dekra.bawue.com https://*.clarity.ms https://googleads.g.doubleclick.net https://dekra.e-spirit.hosting https://dekradev.e-spirit.hosting https://dekraqa.e-spirit.hosting https://connect.facebook.net https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.hs-scripts.com https://snap.licdn.com https://*.snapengage.com https://twin-iq.kickfire.com https://webforms-live.dekra.com/static/formcentric.js https://bat.bing.net https://bat.bing.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://*.zkcdn.net https://*.doubleclick.net https://*.crwdcntrl.net https://*.adobedtm.com https://cdn.jsdelivr.net/npm/@friendlycaptcha/sdk/site.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; worker-src blob:; upgrade-insecure-requests 4
base-uri 'self'; object-src 'none'; script-src 'self' 'nonce-b6cF2ippBjeQoZr6ewKv9g==' 'sha256-NgmcukjWLiaXHfSdiji/PkzsnZcmosbUUBh41X9KfDo=' 'nonce-ZEGelAxttEgvAsX++vmL2Q=='; style-src 'self' 'nonce-b6cF2ippBjeQoZr6ewKv9g==' 'sha256-lGnbjdq0KvUx7UAmUJO6Rl+EpfroIiDR8uMvdHzuo98=' 'nonce-0wO7scjUfZCc0OyBlZGJbQ=='; report-to csp 4
font-src * data:; 4
frame-ancestors https://www.notion.so 4
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 4
base-uri 'self'; frame-ancestors 'none'; report-uri /report-csp-violation 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io	 https://solve-widget.forethought.ai https://decagon.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://ucv.bynder.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://app.cal.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://cdn.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://wcs.naver.com https://wcs.naver.net https://cdn01.boxcdn.net https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://cdn.sprig.com https://assets.customer.io https://track.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://maps.googleapis.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4 https://unpkg.com/d3@7.9.0/dist/d3.min.js https://unpkg.com/three@0.150.0/build/three.min.js https://dev-custom-views-modules-usw2.s3.us-west-2.amazonaws.com/components.js https://pagead2.googlesyndication.com https://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://static.hotjar.com https://script.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com https://*.jam.dev;connect-src 'self' data: blob: https://img.notionusercontent.com https://notion.so/eap https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com	 https://makenotion.zendesk.com	 https://api.smooch.io	 wss://api.smooch.io	 https://api.forethought.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://library.notion.com https://d8ejoa1fys2rk.cloudfront.net https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://api.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://assets.customer.io https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://www.google.com https://hcaptcha.com https://*.hcaptcha.com https://tiles.versatiles.org https://maps.googleapis.com https://places.googleapis.com https://api.ipify.org https://pagead2.googlesyndication.com https://google.com https://x.clearbitjs.com https://app.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://*.mktoresp.com https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://grsm.io https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://api.mail.dev.notion.so/graphql https://api.mail.notion.so/graphql https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com wss://msgstore.www.notion.so wss://msgstore-001.www.notion.so wss://msgstore-002.www.notion.so https://msgstore.www.notion.so https://msgstore-001.www.notion.so https://msgstore-002.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://prod-files-secure-euc1.s3.eu-central-1.amazonaws.com https://prod-notion-temporary-files-euc1.s3.eu-central-1.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://local-workers-code-bundles.s3.us-west-2.amazonaws.com https://dev-space-euc1-0001-workers-code-bundles.s3.eu-central-1.amazonaws.com https://dev-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://dev-space-usw2-0002-workers-code-bundles.s3.us-west-2.amazonaws.com https://stg-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-euc1-0001-workers-code-bundles.s3.eu-central-1.amazonaws.com https://prod-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0002-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0003-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0004-workers-code-bundles.s3.us-west-2.amazonaws.com https://file.notion.so notion://file.notion.so https://www.notion.com https://app.notion.com https://calendar.notion.so;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://d8ejoa1fys2rk.cloudfront.net https://cdn01.boxcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: https: https://img.notionusercontent.com https://mail-resource-proxy.mail.notion.so https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io https://file.notion.so notion://file.notion.so;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://github.githubassets.com https://d8ejoa1fys2rk.cloudfront.net https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com;frame-src 'self' https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://notion.notion.site https://notion-templates.notion.site https://identity.notion.so https://*.jam.dev;frame-ancestors 'self' https://www.notion.so notion://www.notion.so https://mail.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com https://file.notion.so notion://file.notion.so 4
default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.nakanohito.jp *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org *.ddev.site *.friendlycaptcha.com cdn.jsdelivr.net px.ads.linkedin.com snap.licdn.com data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com *.hcaptcha.com; frame-ancestors 'self' https://*.wibu.com at.alicdn.com; worker-src blob:; 4
base-uri 'self'; object-src 'self'; frame-ancestors 'self' 4
default-src'self' 4
frame-ancestors self; 4
default-src 'self' repay.com csp-repay.pantheonsite.io dev-repay.pantheonsite.io live-repay.pantheonsite.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.zi-scripts.com *.hubspot.com *.gstatic.com googleads.g.doubleclick.net https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/enterprise.js https://www.googletagmanager.com/gtm.js *.clarity.ms https://js-agent.newrelic.com *.mandatlyonline.com *.fontawesome.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.js cdn-cookieyes.com *.cdn-cookieyes.com dev-repay.pantheonsite.io live-repay.pantheonsite.io repay.com *.hotjar.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hsforms.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; style-src 'self' 'unsafe-inline' *.fontawesome.com cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css cdnjs.cloudflare.com fonts.googleapis.com dev-repay.pantheonsite.io live-repay.pantheonsite.io; img-src 'self' data: c212.net *.googlesyndication.com *.mandatlyonline.net *.mandatlyonline.com tsgpayments.com rt.prnewswire.com www.googletagmanager.com i.vimeocdn.com *.google.com *.bing.com *.clarity.ms *.gravatar.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com *.repay.com *.businesswire.com dev-repay.pantheonsite.io live-repay.pantheonsite.io *.hotjar.com *.hubspot.com *.hubspot.net *.hsforms.com *.linkedin.com *.licdn.com; font-src 'self' data: *.fontawesome.com fonts.googleapis.com fonts.gstatic.com dev-repay.pantheonsite.io live-repay.pantheonsite.io *.hotjar.com repay.com; connect-src 'self' *.zoominfo.com *.zi-scripts.com *.hscollectedforms.net *.googlesyndication.com *.mandatlyonline.net *.mandatlyonline.com vimeo.com *.google.com *.contentsquare.net *.fontawesome.com bam.nr-data.net *.adsrvr.org *.cdn-cookieyes.com *.clarity.ms *.cookieyes.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.hubspot.com *.incontact.com *.licdn.com *.linkedin.com api.hubapi.com cdn-cookieyes.com dev-repay.pantheonsite.io live-repay.pantheonsite.io forms.hsforms.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com wss://*.hotjar.com wss://*.niceincontact.com; media-src 'self'; object-src 'none'; child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; frame-src 'self' *.google.com businessradiox.com *.googletagmanager.com *.incontact.com *.doubleclick.net vars.hotjar.com *.youtube.com *.vimeo.com *.hubspot.com *.repay.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; worker-src 'self' blob:; manifest-src 'self'; base-uri 'self'; form-action 'self' javascript: *.hsforms.com *.hubspot.com; frame-ancestors 'self' www.google.com *.repay.com 4
frame-ancestors 'self' https://www.facebook.com 4
object-src 'none'; base-uri 'none'; 4
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com 4
upgrade-insecure-requests;frame-ancestors 'self'; 4
default-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self' ; img-src 'self' data: https:;  font-src 'self' data: * https://fonts.gstatic.com; connect-src 'self' *; media-src * data: https:; base-uri 'self'; 4
connect-src 'self'   index-education.matomo.cloud cdn.matomo.cloud https://*.friendlycaptcha.com/ https://vimeo.com https://apm-web.index-education.com/ ndx.plus *.ndx.plus https://*.datatables.net https://data.geopf.fr https://*.clarity.ms;default-src 'self'  *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com;frame-ancestors 'self' ;frame-src 'self'   *.index-education.france https://static.scelliuspaiement.labanquepostale.fr *.openstreetmap.org http://*.index-education.net https://*.index-education.net *.hyperplanning.fr *.pronote-campus.net http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.index-education.com https://app.mailjet.com;media-src 'self'  https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'  *.index-education.france *.index-education.com;script-src 'self'  'unsafe-inline' 'unsafe-eval' index-education.matomo.cloud cdn.matomo.cloud ndx.plus *.ndx.plus https://static.scelliuspaiement.labanquepostale.fr *.licdn.com *.tiny.cloud *.adobe.com *.cloudflare.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com *.datatables.net https://*.index-education.com https://*.bootstrapcdn.com https://app.mailjet.com https://*.clarity.ms;style-src 'self'  'unsafe-inline' ndx.plus *.ndx.plus https://static.scelliuspaiement.labanquepostale.fr *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self'  *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com *.index-education.net data:;worker-src 'self' blob: https://*.index-education.com;img-src 'self'  https://*.index-education.com index-education.matomo.cloud cdn.matomo.cloud ndx.plus *.ndx.plus *.linkedin.com blob: data:; 4
upgrade-insecure-requests; base-uri 'none'; default-src 'self' https://*.crazyegg.com; connect-src 'self' https: ws: https://*.crazyegg.com; img-src 'self' https: data: blob: https://*.sovos.com https://cdn.bfldr.com https://*.crazyegg.com; media-src 'self' data: blob: https://*.sovos.com; object-src 'self' https://*.sovos.com https://cdn.bfldr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; worker-src 'self' blob:; frame-src 'self' https://*.sovos.com https://*.youtube.com https://*.marketo.com https://fast.wistia.com https://fast.wistia.net https://js.driftt.com https://www.google.com https://www.googletagmanager.com https://documentcloud.adobe.com https://*.flowpaper.com https://e.infogram.com https://td.doubleclick.net https://recruit.hirebridge.com https://maps.google.com https://app.getreprise.com https://cdn.bfldr.com https://*.crazyegg.com; frame-ancestors 'self' https://*.sovos.com; 4
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https: ; worker-src 'self' blob: ; media-src 'self' blob: https: ; frame-ancestors 'self' https: ; 4
img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; upgrade-insecure-requests; frame-ancestors 'self'; 4
frame-ancestors 'self' https://latitude.sh 4
upgrade-insecure-requests; base-uri 'self' 4
frame-ancestors 'self' https://www.alandsbanken.fi https://www.alandsbanken.ax https://www.alandsbanken.se https://www.alandsbanken.com 4
default-src https: 'unsafe-inline'; frame-ancestors 'self' 4
frame-ancestors 'self' https://manual-sanity-studio.vercel.app 4
frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.cookielaw.org https://www.bnpparibas.de https://brasil.bnpparibas; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fast.wistia.com https://beacon-v2 https://analyticsgroupcom.bnpparibas.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://www.gstatic.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://s.w.org https://wp-rocket.me https://c.tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org blob: https://www.google.com/pagead/landing https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://ad.doubleclick.net https://contrib.territories.bnpparibas https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas secure.gravatar.com www.gravatar.com i.ytimg.com data: www.googletagmanager.com; connect-src 'self' https://bnp-privacy.my.onetrust.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://yoast.com https://cdn.cookielaw.org https://o173685.ingest.sentry.io https://analyticsgroupcom.bnpparibas.com https://contrib.territories.bnpparibas https://www.google.com/pagead/landing https://pagead2.googlesyndication.com https://adservice.google.com https://sourcemap.devowl.io https://sourcemap.devowl.io/real-media-library/4.22.47/adb9a2f4ef22d5d85978840bd322bf76/index.js.map www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.com https://github.com/google/fonts https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.gstatic.com fonts.googleapis.com data:; media-src 'self' https://asset.mediahub.bnpparibas https://upload.wikimedia.org https://broadcast.mediahub.bnpparibas data: https://mediahub.group.echonet https://my.mediahub.bnpparibas https://my.mediahub.bnpparibas/AssetLink/1cwfu8n4ki414p6d240ff18r41ver00j.mp4 https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas; frame-src 'self' https://www.youtube.com https://wp-rocket.me https://open.spotify.com https://www.youtube-nocookie.com https://centric.bnpparibas.com https://13179764.fls.doubleclick.net https://td.doubleclick.net https://gateway.zscalertwo.net https://remove.video https://mozbar.moz.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 4
frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com telecharger.tomsguide.fr telecharger.tomshardware.fr; 4
default-src * 'self' data: 'unsafe-inline'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.vo.msecnd.net *.google.com *.virtualearth.net *.bing.com *.googleapis.com *.gstatic.com *.googletagmanager.com cdnjs.cloudflare.com code.jquery.com *.facebook.net *.instagram.com analytics.tiktok.com *.abtasty.com secure.quantserve.com rules.quantcount.com quantcast.mgr.consensu.org cmp.quantcast.com cmp.inmobi.com *.trustpilot.com *.googleadservices.com komito.net bat.bing.com *.clarity.ms googleads.g.doubleclick.net *.google-analytics.com static.ads-twitter.com analytics.twitter.com *.adalyser.com use.fontawesome.com snap.licdn.com px.ads.linkedin.com *.playbuzz.com *.seez.dev *.seez.tech *.seez.dk *.seez.co *.ex.co *.infinity-tracking.net *.infinity-tracking.com p.teads.tv go.affec.tv *.permutive.com *.adnxs.com *.monitor.azure.com *.applicationinsights.io *.vo.msecnd.net *.ingest.sentry.io *.pinimg.com *.pinterest.com *.youtube.com *.ytimg.com *.liveperson.net *.lpsnmedia.net widgets-eu.reputation.com ir.tools.investis.com *.eventbrite.co.uk emac-direct.service-plan.co.uk *.jaguarlandrover.com cdn.worldpay.com *.onetrust.com *.netdirector.auto *.netdirector.co.uk s3.amazonaws.com *.list-manage.com *.research-tree.com *.evanshalshaw.com *.stratstone.com *.carstore.com intranet.local *.pendragonplc.com *.pendragonvehiclemanagement.co.uk; frame-src * 'self' data: 'unsafe-inline' *.fls.doubleclick.net *.abtasty.com *.onetrust.com *.pinterest.com ir.tools.investis.com *.evanshalshaw.com *.stratstone.com *.carstore.com; object-src 'none'; font-src 'self' blob: data: *.abtasty.com *.seez.dk *.gstatic.com *.googleapis.com *.netdirector.auto; img-src * 'self' data: blob: pplc-p-001.sitecorecontenthub.cloud *.abtasty.com; child-src * 'self' pplc-p-001.sitecorecontenthub.cloud; connect-src * 'self' data: *.abtasty.com *.ingest.sentry.io *.pinterest.com *.mixpanel.com pplc-p-001.sitecorecontenthub.cloud; worker-src data: blob:; upgrade-insecure-requests; block-all-mixed-content; 4
default-src 'self'; img-src 'self' data: https://im16.inviewer.se https://mfstatic.com https://i3.ytimg.com https://cdn.cookielaw.org https://matomo.internetstiftelsen.se https://fonts.gstatic.com https://secure.gravatar.com https://*.libsyn.com https://*.internetstiftelsen.se https://internetstiftelsen.se https://s3-eu-north-1.amazonaws.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.rekai.se https://dj5ytzb70q57z.cloudfront.net https://internetstiftelsen.confetti.events https://mfstatic.com https://cdn.jsdelivr.net https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://graphtool.internetstiftelsen.se https://privacyportal-eu-cdn.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.lordicon.com https://*.readspeaker.com https://www.youtube.com https://connect.facebook.net; font-src 'self' data: https://d2wd18kp3k18ix.cloudfront.net https://*.onetrust.com https://fonts.gstatic.com https://*.internetstiftelsen.se; style-src 'self' 'unsafe-inline' https://*.onetrust.com https://mfstatic.com https://*.internetstiftelsen.se https://matomo.internetstiftelsen.se https://www.googletagmanager.com https://fonts.googleapis.com; manifest-src 'self' https://*.internetstiftelsen.se; connect-src 'self' https://*.rekai.se https://graphtool.internetstiftelsen.se https://api.services.confetti.events https://internetstiftelsen.confetti.events https://im16.inviewer.se https://*.mediaflow.com https://api.friendlycaptcha.com https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://www.facebook.com https://region1.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com https://cdn.lordicon.com https://*.bugsnag.com https://*.readspeaker.com https://yoast.com; frame-src 'self' blob: https://internetstiftelsen.confetti.events https://www.google.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://*.libsyn.com; frame-ancestors 'self'; media-src 'self' https://*.libsyn.com 4
img-src * 4
default-src 'self' blob: data: *.apple.com; connect-src 'self' *.apple.com *.apple.com.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.apple.com; img-src 'self' data: *.apple.com *.cdn-apple.com; child-src 'self' *.apple.com blob: data: *.apple.com blob: data: *.cdn-apple.com; style-src 'self' 'unsafe-inline' *.apple.com; font-src 'self' data: *.apple.com 4
default-src 'self';frame-src 'self' blob: https:;connect-src 'self' wss: blob: https:;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https:;img-src 'self' data: blob: blob: https:;media-src 'self' blob: https:;font-src 'self' data: blob: https:;worker-src 'self' blob: blob: https:;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 4
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
script-src 'self'; object-src 'self' 4
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 4
connect-src 'self' cookie.wieni.be www.google-analytics.com widget.usersnap.com 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com api.dnsbelgium.be webwhois.nic.vlaanderen webwhois.nic.brussels cdn.linkedin.oribi.io dnsbelgium.matomo.cloud pagead2.googlesyndication.com; default-src 'self' static.dnsbelgium.be; font-src 'self' data: use.fontawesome.com fonts.gstatic.com; frame-src 'self' www.google.com maps.google.com www.youtube.com player.vimeo.com notfound-static.fwebservices.be *.youtube-nocookie.com consentcdn.cookiebot.com calendar.google.com accounts.google.com *.medialaancdn.be www.facebook.com www.toll-net.be s.pointerpro.com https://flo.uri.sh/ survey.dnsbelgium.be datawrapper.dwcdn.net e.infogram.com youtu.be https://www.googletagmanager.com/; img-src wmimages.dnsbelgium.be 'self' data: www.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.usernap.com www.countryflags.io static.dnsbelgium.be www.facebook.com i.ytimg.com   *.ads.linkedin.com imgsct.cookiebot.com; media-src 'self' www.youtube.com youtu.be vimeo.com player.vimeo.com static.dnsbelgium.be; object-src 'self'; script-src 'self' cookie.wieni.be www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com 'sha256-n0qo0a+uNS3EBowOxlDJeqRRacNxVgew48Omj0IYROY=' api.usersnap.com resources.usersnap.com widget.usersnap.com cdn.usersnap.com 'sha256-3UZnJiUmLKDbXEjPsm9EHc0R7InC5uAtj5O1u68mBzM=' 'sha256-9JLcNkvDbyx27cZsDQUfhAXctCUn8uKZhZo7K5s+cZY=' 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net www.youtube.com s.ytimg.com static.dnsbelgium.be snap.licdn.com www.toll-net.be/h5p/wp-content/plugins/h5p/h5p-php-library/js/h5p-resizer.js https://cdn.matomo.cloud/dnsbelgium.matomo.cloud/matomo.js s.pointerpro.com survey.dnsbelgium.be pagead2.googlesyndication.com 'sha256-7b0CKEQkvadz7B/pYgEMs74upd57DoxBlXRIWY8pdRg=' 'sha256-XlGJBFdn9wZ3QRSQmE5hz2h94YBoRCV09VOA9PNwEc4=' 'sha256-7jDSgL9/dTEn7w83QbKH2DxAZSXWTe5+pNgp0l6xaGI=' 'sha256-cyhAnyf/da35tv9DMBPcWxiXKF8KRetd7+NRa8ylykg=' 'sha256-A3Dbl/cByN6GbFswAlXt66hMeUW5GNI1G4g6LzsRv0o=' 'sha256-0RBExtvEZO5CsGJ2YygQGmydb+opVDaeBuMtzkrktFw='; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com cookie.wieni.be tagmanager.google.com use.fontawesome.com; worker-src 'self' 4
default-src 'self' https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: http://*.marketo.net https://*.6sc.co https://*.bing.com https://*.bizible.com https://*.brandwatch.com https://*.capterra.com https://*.clarity.ms https://*.claydar.com https://*.cloudflare.com https://*.cloudfront.net https://*.cookielaw.org https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.highcharts.com https://*.hotjar.com https://*.hotjar.io https://*.instagram.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.neutral.ttwstatic.com https://*.optimizely.com https://*.pingdom.net https://*.podscribe.com https://*.qualified.com https://*.quora.com https://*.reddit.com https://*.segreencolumn.com https://*.storylane.io https://*.tiktok.com https://*.tiktokcdn-us.com https://*.tiktokcdn.com https://*.ttwstatic.com https://*.twitter.com https://*.wistia.com https://*.wistia.net https://*.youtube.com https://*.zi-scripts.com https://*.zoominfo.com https://cdn.jsdelivr.net/npm/@twemoji/api@15.1.0/dist/twemoji.min.js https://cdn.jsdelivr.net/npm/chart.js@4.4.1/dist/chart.umd.min.js https://cdn.jsdelivr.net/npm/chartjs-chart-wordcloud@4.3.0/build/index.umd.min.js https://cdn.jsdelivr.net/npm/chartjs-chart-wordcloud@4.3.0/dist/chartjs-chart-wordcloud.umd.min.js https://code.highcharts.com/10.3.3/highcharts.js.map https://js.zi-scripts.com https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co https://snap.licdn.com https://static.ads-twitter.com https://unpkg.com/@dotlottie/player-component@2.7.5/dist/dotlottie-player.js https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js wss://*.qualified.com; style-src 'self' 'unsafe-inline' https://*.ttwstatic.com https://fonts.googleapis.com https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co; font-src 'self' data: https://fonts.gstatic.com https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co; img-src 'self' data: http://1.gravatar.com https: https://*.ibytedtos.com https://*.ibyteimg.com https://*.pingdom.net https://*.tiktokcdn-us.com https://*.tiktokcdn.com https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co ttps://p16-tiktokcdn-com.akamaized.net; media-src *.qualified.com https://*.ibytedtos.com https://*.tiktokcdn-us.com https://*.tiktokcdn.com; connect-src 'self' *.clarity.ms *.google.co.in *.google.de *.google.ro *.googleadservices.com api.brandwatch.com http://*.mktoresp.com https://*.6sc.co https://*.6sense.com https://*.adnxs.com https://*.analytics.google.com https://*.bing.com https://*.bing.net https://*.bizible.com https://*.brandwatch.com https://*.capterra.com https://*.claydar.com https://*.cloudflare.com https://*.cookielaw.org https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.highcharts.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.marketo.net https://*.mktoresp.com https://*.mktoutil.com https://*.onetrust.com https://*.optimizely.com https://*.pingdom.net https://*.podscribe.com https://*.qualified.com https://*.quora.com https://*.segreencolumn.com https://*.sentry.io https://*.tiktok.com https://*.tiktokcdn-us.com https://*.tiktokcdn.com https://*.tiktokv.com https://*.tiktokw.us https://*.wistia.com https://*.wistia.net https://*.zi-scripts.com https://*.zoominfo.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/@twemoji/api@15.1.0/dist/twemoji.min.js https://cdn.jsdelivr.net/npm/chart.js@4.4.1/dist/chart.umd.min.js https://cdn.jsdelivr.net/npm/chartjs-chart-wordcloud@4.3.0/build/index.umd.min.js https://code.highcharts.com https://google.com https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co https://server-side-tagging-o6xcwbv53a-uc.a.run.app wss://*.hotjar.com wss://*.qualified.com; frame-src 'self' *.linkedin.com https://*.cdn.optimizely.com https://*.driftt.com https://*.reddit.com https://*.storylane.io https://*.tiktok.com https://*.tiktokcdn-us.com https://*.tiktokcdn.com https://*.tiktokv.com https://*.wistia.com https://*.wistia.net https://app.qualified.com https://connect.facebook.net https://facebook.com https://instagram.com https://platform.twitter.com https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.tiktok.com https://www.youtube.com https://youtube.com; frame-ancestors 'self' *.brandwatch.com https://insights.hotjar.com; form-action 'self' https://*.facebook.com https://www.brandwatch.com; base-uri 'self'; object-src 'none'; worker-src 'self' blob:; report-uri /csp-report/; 4
frame-ancestors 'self' *.heartinternet.com:* *.heartinternet.co.uk:* *.heartinternet.uk:* *.heart-internet.com:* *.heart-internet.co.uk:* *.123-reg.co.uk:* *.vps-10.com:* *.ds-10.com:* *.managethisdomain.com:*; 4
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.google.com https://*.google.de https://www.facebook.com https://connect.facebook.net https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://*.bing.com https://*.clarity.ms https://analytics.webgains.io https://api.webgains.io https://*.stape.at https://widget.trustpilot.com https://*.cookiebot.com https://static.zdassets.com https://payments.hd-plus.de https://*.online-metrix.net https://paypal.com https://*.paypal.com https://a.storyblok.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io; script-src-elem 'self' 'unsafe-inline' https://app.storyblok.com https://unpkg.com https://www.googletagmanager.com https://www.google-analytics.com https://googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.google.com https://*.google.de https://www.facebook.com https://connect.facebook.net https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://*.bing.com https://*.clarity.ms https://analytics.webgains.io https://api.webgains.io https://*.stape.at https://widget.trustpilot.com https://*.cookiebot.com https://static.zdassets.com https://payments.hd-plus.de https://*.online-metrix.net https://paypal.com https://*.paypal.com https://a.storyblok.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.google.com https://*.google.de https://www.facebook.com https://connect.facebook.net https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://*.bing.com https://*.clarity.ms https://analytics.webgains.io https://api.webgains.io https://*.stape.at https://widget.trustpilot.com https://*.cookiebot.com https://static.zdassets.com https://payments.hd-plus.de https://*.online-metrix.net https://paypal.com https://*.paypal.com https://a.storyblok.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io; img-src 'self' data: https://fonts.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.google.com https://*.google.de https://www.facebook.com https://connect.facebook.net https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://*.bing.com https://*.clarity.ms https://analytics.webgains.io https://api.webgains.io https://*.stape.at https://widget.trustpilot.com https://*.cookiebot.com https://static.zdassets.com https://payments.hd-plus.de https://*.online-metrix.net https://paypal.com https://*.paypal.com https://a.storyblok.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io; connect-src 'self' https://ekr.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.google.com https://*.google.de https://www.facebook.com https://connect.facebook.net https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://*.bing.com https://*.clarity.ms https://analytics.webgains.io https://api.webgains.io https://*.stape.at https://widget.trustpilot.com https://*.cookiebot.com https://static.zdassets.com https://payments.hd-plus.de https://*.online-metrix.net https://paypal.com https://*.paypal.com https://a.storyblok.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io; font-src 'self' https://fonts.gstatic.com; media-src 'self' https://a.storyblok.com; frame-src https://www.facebook.com https://payments.hd-plus.de https://h.online-metrix.net https://widget.trustpilot.com https://consentcdn.cookiebot.com https://paypal.com https://*.paypal.com https://www.sandbox.paypal.com https://www.googletagmanager.com; frame-ancestors https://storyblok.com https://*.storyblok.com; upgrade-insecure-requests 4
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.google.com https://*.geetest.com https://*.geevisit.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://connect.facebook.net https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.vin https://*.checkout.com https://tcsdk.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.bitget.style https://*.59ow.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://*.onfido.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://api-web.wwmxd.info https://api-web.wwmxd.site  https://*.forter.com https://js.volt.io https://static.ads-twitter.com;connect-src 'self' 'report-sample' data: blob: ws: wss: https://www.turingfraud.net https://*.hdmune.cn https://*.nlviwq.cn https://oauth.telegram.org https://*.qq.com https://*.tencent-cloud.com https://*.intltencentcos.com https://*.tencentcos.cn https://*.tencentcloud.com https://*.my-cpaas.com https://*.tlivewebrtc2.com https://*.tlivecloud.com https://*.rtclivekit.com https://*.xuundv.cn https://*.tencentcloudapi.com https://*.myqcloud.com https://www.googletagmanager.com https://*.rtc-web.com https://*.qcloud.com https://*.my-imcloud.com https://*.tlivewebrtc.com https://*.tliveplay.com https://*.tlivesource.com https://*.rtc-web.io https://*.cloud-rtc.com https://*.vod-qcloud.com https://*.minigitlab.top https://wa.appsflyer.com https://google.com https://*.google.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com wss://*.bitgetpro.site https://*.google-analytics.com https://analytics.tiktok.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.vin https://*.checkout.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.noxiaohao.com https://*.bitget.style https://*.59ow.com wss://*.bitget.vin wss://*.bitget.style wss://*.59ow.com https://megacheck.vip https://*.megacheck.vip wss://*.megacheck.vip wss://megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com https://*.skypay.space wss://*.saintpay.com wss://*.skypay.space wss://*.noxiaohao.com https://*.omkbic.com:8443 https://*.uykdjs.com wss://*.uykdjs.com https://dn-staticdown.qbox.me https://*.duoyihubei.top https://duoyihubei.top wss://*.duoyihubei.top wss://duoyihubei.top wss://*.ada.support wss://*.checkout.com https://*.onfido.com https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443 https://api-web.wwmxd.info https://api-web.wwmxd.site https://sensors-ab.gdrichem.com:8443 https://img.gurenla.com https://img.bitgetimg.com https://browser-http-intake.logs.datadoghq.com https://pre.ssqhome.top https://ssqhome.top https://*.forter.com https://*.bgstatic.com;frame-src 'self' 'report-sample' blob: data: https://ramp.osl-pay.com https://callback.osl-pay.com https://*.bgstatic.com https://*.bitgetimg.com https://*.gurenla.com https://*.google.com https://*.bitgetpro.site https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://widget-mediator.zopim.com https://*.google-analytics.com https://megacheck.vip https://*.megacheck.vip https://*.bitget.style https://*.59ow.com https://*.saintpay.com https://*.skypay.space https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://bitget.banxa.com https://*.onfido.com https://www.bitgetwidget.com https://onramp.money https://*.simplexcc.com https://*.revolut.com https://*.bitgetimg.com https://*.multiexc.com https://pre.ssqhome.top https://ssqhome.top https://checkout.volt.io https://openapi-uatdcd.com https://openapi-thedecard.com https://khipu.com https://checkout.pagsmile.com https://gateway.kashio.com.pe https://apiin.monnetpayments.com https://pmt-01.etpayment.com https://registro.pse.com.co https://secure-checkout.payvalida.com https://api.openpay.co https://s.tradingview.com;report-uri /v1/buried/log/cspSecurity; 4
default-src * 'unsafe-eval' 'unsafe-inline' data: about: 4
frame-ancestors 'self' *.myworkdayjobs.com *.hbm.com; upgrade-insecure-requests; script-src hbkworld.com *.hbkworld.com *.livechatinc.com *.youtube.com js-agent.newrelic.com *.adobedtm.com assets.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.google.com *.google-analytics.com *.crazyegg.com *.licdn.com static.cloudflareinsights.com *.cookieinformation.com *.ipify.org *.zoominfo.com *.matomo.cloud *.piwik.pro *.wistia.com *.rlcdn.com *.doubleclick.net *.adsymptotic.com *.facebook.net *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hsleadflows.net js.hubspot.com *.doubleclick.net *.google.com *.linkedin.com *.cloudfront.net *.clickagy.com dqm.crownpeak.com *.myworkdayjobs.com *.force.com *.gstatic.com *.clarity.ms *.cloudflare.com *.a1.typesense.net js.zi-scripts.com *.js.zi-scripts.com *.zi-scripts.com *.bing.com dpm.demdex.net *.hubspot.com *.hsforms.net *.stripe.com js.adsrvr.org *.adsrvr.org d-code.liadm.com s.ksrndkehqnwntyxlhgto.com unpkg.com *.unpkg.com 'unsafe-inline' 'unsafe-eval' blob:; 4
default-src 'self'; base-uri 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.bing.com sc-static.net analytics.tiktok.com siteimproveanalytics.com *.msecnd.net *.snapchat.com *.cloudfront.net www.arla.ph www.arla.be www.arlafoods.ca www.arlafoods.de www.arla.com.cy *.foodinfluencersunited.nl *.foodinfluencersunited.com destinilocators.com code.jquery.com *.typekit.net *.aptrinsic.com *.jsdelivr.net *.doubleclick.net *.infogram.com *.adtrafficquality.google *.googletagservices.com cdn.lamp.avct.cloud arla-faq-climate.consulink.com *.licdn.com *.facebook.net *.facebook.com pinterest.com *.pinterest.com *.googleapis.com *.leadfamly.com azsaprmarketingecosystem.z6.web.core.windows.net azsaprmarketingecosystem.blob.core.windows.net cdn.cookielaw.org js.monitor.azure.com *.linkedin.com *.pinimg.com *.saleswingsapp.com snap.licdn.com *.clarity.ms *.youtube.com *.recaptcha.net *.applicationinsights.azure.com *.arla.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.googlesyndication.com *.redditstatic.com; style-src 'self' 'unsafe-inline' www.arla.com www.arla.ph www.arla.be www.arlafoods.ca www.arlafoods.de www.arla.com.cy *.googleapis.com *.typekit.net *.aptrinsic.com *.jsdelivr.net azsaprmarketingecosystem.blob.core.windows.net azsaprmarketingecosystem.z6.web.core.windows.net fonts.googleapis.com *.youtube-nocookie.com cdn.cookielaw.org *.gstatic.com; img-src data: 'self' blob: *.adtrafficquality.google *.snapchat.com *.siteimproveanalytics.io img.youtube.com *.ytimg.com collector.ontame.io www.arla.ph www.arla.be www.arlafoods.ca www.arlafoods.de www.arla.com.cy www.arla.com.au *.streaming.mediakind.com *.foodinfluencersunited.nl *.foodinfluencersunited.com *.turn.com *.tubemogul.com *.everesttech.net *.typekit.net mnd-assets.mynewsdesk.com *.cookielaw.org azsapradn.blob.core.windows.net mnd-assets-bunny.mynewsdesk.com mrct.org.uk *.distrivers.nl *.huuskes.nl *.werkenbijboon.nl *.googleusercontent.com *.facebook.com *.facebook.net *.arla.com maps.gstatic.com maps.googleapis.com azarlaassets.blob.core.windows.net arlamedia.blob.core.windows.net azsaprmarketingecosystem.blob.core.windows.net *.bing.com *.reddit.com *.clarity.ms cdn.cookielaw.org *.linkedin.com *.google-analytics.com analytics.google.com *.googletagmanager.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.gstatic.com *.pinterest.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src data: 'self' www.arla.com www.arla.ph www.arla.be www.arlafoods.ca www.arlafoods.de www.arla.com.cy *.googleapis.com *.typekit.net *.aptrinsic.com *.cloudfront.net azsaprmarketingecosystem.z6.web.core.windows.net fonts.gstatic.com; connect-src 'self' data: analytics.tiktok.com *.snapchat.com dc.services.visualstudio.com *.doubleclick.net www.arla.ph www.youtube.com www.arla.be www.arlafoods.ca www.arla.com.cy *.streaming.mediakind.com *.foodinfluencersunited.nl *.foodinfluencersunited.com *.typekit.net *.aptrinsic.com azsaprmarketingecosystem.z6.web.core.windows.net *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.applicationinsights.azure.com az416426.vo.msecnd.net *.googlesyndication.com *.adtrafficquality.google *.monitor.azure.com *.googleadservices.com *.linkedin.com *.facebook.com *.facebook.net *.cookielaw.org *.onetrust.com *.clarity.ms *.saleswingsapp.com *.pinterest.com *.arla.com *.arla.net *.redditstatic.com *.reddit.com ep-arla-vs-mediaservice-pr.westeurope.streaming.mediakind.com *.leadfamly.com *.recaptcha.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com js.monitor.azure.com; frame-src 'self' *.adtrafficquality.google *.googlesyndication.com app.brandheroes.com *.googleadservices.com *.googletagservices.com www.googletagmanager.com *.doubleclick.net *.snapchat.com *.foodinfluencersunited.nl *.foodinfluencersunited.com destinilocators.com arla-service.consulink.com arla-faq-climate.consulink.com *.recaptcha.net *.google.com *.googletagmanager.com *.pinterest.com *.arla.com *.facebook.com *.facebook.net *.youtube.com *.youtube-nocookie.com; media-src 'self' blob: arlamedia.blob.core.windows.net azsapradn.blob.core.windows.net *.mediakind.com; form-action 'self' www.arla.com www.arla.ph www.arla.be www.arlafoods.ca www.arlafoods.de www.arla.com.cy *.facebook.net *.recaptcha.net *.facebook.com; 4
frame-ancestors 'self' https://*.scoalaintuitext.ro https://*.intuitext.com https://*.intuitext.ro https://assessment-player.intuitext.com 4
upgrade-insecure-requests; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com *.chilipiper.com; 4
frame-ancestors 'self' https://aderantonline.force.com; 4
child-src 'self' https://insight.adsrvr.org https://match.adsrvr.org https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com https://apps.rokt.com https://sgtm.lookfantastic.com https://*.ringcentral.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://e.issuu.com https://*.recaptcha.net https://*.snapchat.com https://*.translate.naver.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://www.shoplooks.com https://s1.thcdn.com https://d2d7do8qaecbru.cloudfront.net https://tpc.googlesyndication.com https://api.bam-x.com https://www.awin1.com blob: https://gum.criteo.com https://www.pinterest.com https://www.pinterest.co.uk https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://maybelline-uk.beauty-campaigns.com https://qlic.it https://*.abtasty.com https://ct.pinterest.com https://ams.creativecdn.com https://tr.snapchat.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.provenance.org https://*.bazaarvoice.com https://www.youtube.com/ https://uk.cdn-net.com/; connect-src 'self' https://insight.adsrvr.org https://t.lt02.net https://*.dynamicyield.eu https://api.stripe.com https://api-dev.pogodonate.com https://api.pogodonate.com https://app-dev.pogodonate.com https://app.pogodonate.com https://*.listrakbi.com https://*.listrak.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://obseu.seroundprince.com wss://*.ringcentral.com https://*.dynamicyield.com/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.baidu.com https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://mc.yandex.ru https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://ct.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.parcellab.com https://www.google.co.uk https://analytics.tiktok.com https://smct.co https://*.smct.co https://api.bam-x.com https://*.contentsquare.net https://tr.snapchat.com https://ampcid.google.com.tw https://ampcid.google.com.hk https://ampcid.google.cn https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.criteo.com https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.criteo.net https://*.obsess-vr.com https://di.rlcdn.com https://api.rlcdn.com https://t.rlcdn.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.abtasty.com https://*.modiface.com https://us-east4-modiface-production.cloudfunctions.net https://sgtm.lookfantastic.com https://ml-services-grpc-gateway-4mhosmzo.nw.gateway.dev https://ams.creativecdn.com https://tr6.snapchat.com https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://api.provenance.org https://www.provenance.org https://api.segment.io https://appsignal-endpoint.net https://*.ringcentral.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; default-src 'self' https://*.lpsnmedia.net https://*.bazaarvoice.com; font-src 'self' https://app-dev.pogodonate.com https://app.pogodonate.com data: https://cdn.listrakbi.com https://*.dynamicyield.com/ https://*.thcdn.com https://fonts.gstatic.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://static.thgcdn.cn data: https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net https://cdn.obsess-vr.com https://*.bazaarvoice.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://shadematching.modiface.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com; form-action 'self' https://www.facebook.com https://*.lookfantastic.com https://www.glossybox.co.uk https://www.glossybox.se https://www.glossybox.com https://connect.facebook.net https://*.snapchat.com https://www.lookfantastic.com.sg https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk https://www.lookfantastic.cn https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.dynamicyield.eu https://pogodonate.s3.eu-west-2.amazonaws.com https://app-dev.pogodonate.com https://app.pogodonate.com https://*.dynamicyield.com/ https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://res.cloudinary.com https://www.provenance.org https://*.ringcentral.com https://*.bazaarvoice.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob: https://static.thgcdn.cn https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://cdn.obsess-vr.com https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai https://*.lookfantastic.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; object-src 'self' https://*.thcdn.com https://www.youtube.com https://*.bazaarvoice.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.adsrvr.org https://*.dynamicyield.eu https://*.js.stripe.com https://js.stripe.com data: https://*.listrakbi.com https://*.listrak.com https://apps.rokt.com https://euob.seroundprince.com https://obseu.seroundprince.com https://*.dynamicyield.com/ https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.translate.naver.net https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.bing.com https://*.doubleclick.net https://s.pinimg.com https://static.ads-twitter.com https://*.google.co.uk https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.thgcdn.cn https://*.liveperson.com https://tpc.googlesyndication.com https://static.narrativ.com https://*.obsess-vr.com https://static.goqubit.com https://*.qubit.com https://*.contentsquare.net https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://app.contentsquare.com https://cdn.pubnub.com https://assets.dekopay.com https://*.modiface.com blob: https://app-dev.pogodonate.com https://app.pogodonate.com https://*.abtasty.com https://tr.snapchat.com https://sgtm.lookfantastic.com https://tags.creativecdn.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://unpkg.com/@provenance/ https://consent.cookiebot.com https://www.provenance.org https://*.ringcentral.com https://*.bazaarvoice.com; style-src 'self' 'unsafe-inline' https://*.dynamicyield.eu https://*.js.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com https://cdn.listrakbi.com https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://*.shoplooks.com https://*.translate.naver.net https://*.googleapis.com https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net https://cdn.obsess-vr.com https://modules.obsess-vr.com https://*.abtasty.com https://*.gstatic.com https://cms-cdn.modiface.com https://fonts.googleapis.com https://fonts.smct.io https://*.ringcentral.com https://*.bazaarvoice.com; upgrade-insecure-requests; report-to csp-endpoint 4
default-src 'self' *.sprinklr.com; script-src 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net; script-src-elem 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net; style-src 'self' *.sprinklr.com 'sha256-xM5aT+st2wk4RUcvDSyRgoWcTmBzODNcHHg+JKm7FtI=' 4
frame-ancestors 'self' https://portal.uskinned.net 4
default-src *.myidx.cloud 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com ajax.googleapis.com assets.investisdigital.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com *.convertexperiments.com; script-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' js.hs-scripts.com cdnjs.cloudflare.com js.hs-banner.com js.hs-analytics.net js.hsadspixel.net js.hubspot.com https://*.clarity.ms https://scripts.clarity.ms/0.8.27/clarity.js https://www.clarity.ms/tag/svc9v0m76w widget.prod.equally.ai https://widget.prod.equally.ai/equally-widget.min.js *.hsforms.net unpkg.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com sc.lfeeder.com googleads.g.doubleclick.net www.googletagmanager.com *.posthog.com app.posthog.com snap.licdn.com connect.facebook.net ajax.googleapis.com www.youtube.com cdn.jsdelivr.net code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com *.invdcloud-is.co.uk *.vimeocdn.com f.vimeocdn.com *.convertexperiments.com; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' widget.prod.equally.ai unpkg.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com *.invdcloud-is.co.uk; object-src 'none'; connect-src *.myidx.cloud 'self' *.clarity.ms unpkg.com https://region1.analytics.google.com cdn.jsdelivr.net api.hubapi.com cta-service-cms2.hubspot.com www.facebook.com static.hsappstatic.net cdnjs.cloudflare.com https://pagead2.googlesyndication.com widget.prod.equally.ai https://lb.prod.equally.ai/ https://www.facebook.com/tr/ https://analytics.google.com google.com *.hsforms.com *.posthog.com *.amazonaws.com https://www.google.com *.linkedin.com idxjobs-api.connectid.cloud https://signin.ultipro.com *.openweathermap.org stats.reciteme.com api.reciteme.com https://api.weatherapi.com/v1/current.json stats.g.doubleclick.net edge.api.brightcove.com google-analytics.com www.google-analytics.com *.google-analytics.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com metrics.convertexperiments.com signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com; base-uri 'self'; form-action 'self' *.hsforms.com; font-src *.myidx.cloud 'self' 'unsafe-inline' *.hsforms.com api.reciteme.com fonts.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com * data: application; frame-src *.myidx.cloud 'self' *.hsforms.com *.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.doubleclick.net adfs.justretirement.com www.googletagmanager.com viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com *.vimeo.com; img-src *.myidx.cloud 'self' 'unsafe-inline' * data: www.w3.org *.convertexperiments.com; media-src *.myidx.cloud 'self' *.investis.com; 4
object-src 'none'; block-all-mixed-content; upgrade-insecure-requests; 4
default-src 'self';                     base-uri 'self';                     connect-src 'self' *.clarity.ms https://platform-api.sharethis.com/sync.js.map https://*.azure.com https://tracking-api.g2.com https://consent.cookiebot.com https://q.clarity.ms/collect https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com https://api.herefish.com https://c.6sc.co https://consentcdn.cookiebot.com https://distillery.wistia.com *.applicationinsights.azure.com https://embed-cloudfront.wistia.com https://fast.wistia.com https://ipv6.6sc.co https://js.zi-scripts.com https://l.sharethis.com https://pipedream.wistia.com https://px.ads.linkedin.com https://r.clarity.ms https://stats.g.doubleclick.net https://tracking.g2crowd.com https://ws.zoominfo.com https://www.google-analytics.com https://www.google.com *.crwdcntrl.net https://fg8vvsvnieiv3ej16jby.litix.io https://forms.hsforms.com;                     font-src 'self' *.epiqglobal.com *.bluemod.us https://cdnjs.cloudflare.com https://fonts.gstatic.com data: https://fast.wistia.com;                     frame-src 'self' *.epiqglobal.com *.bluemod.us *.bluemod.me https://app.herefish.com https://www.googletagmanager.com https://form.typeform.com https://www.youtube.com https://fast.wistia.net https://player.vimeo.com https://www.g2.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://t.sharethis.com https://www.google.com https://go.epiqglobal.com/ https://www.buzzsprout.com;                     frame-ancestors 'self' *.epiqglobal.com *.bluemod.us *.bluemod.me;                     img-src 'self' data: *.bing.com *.clarity.ms *.bluemod.us *.bludmod.me *.epiqglobal.com *.linkedin.com https://googleads.g.doubleclick.net https://f.hubspotusercontent20.net https://insights.hgpresearch.com https://privacy-policy.truste.com https://pic3.zhimg.com https://pages.hyperiongp.com https://besixth.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.net https://storage.pardot.com https://via.placeholder.com *.sharethis.com https://b.6sc.co https://fast.wistia.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://forms-na1.hsforms.com/embed/v3/counters.gif https://*.vimeocdn.com;                     manifest-src 'self';                     media-src 'self' blob:;                     object-src 'none';                     report-uri https://6658ad1fa52bdea0f50df6d5.endpoint.csper.io/;                     script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: https://scripts.clarity.ms https://api.herefish.com https://www.epiqglobal.com https://www.clarity.ms https://googleads.g.doubleclick.net https://snap.licdn.com https://embed.typeform.com https://fast.wistia.net https://player.vimeo.com https://www.googletagmanager.com https://platform-api.sharethis.com/panorama.js https://api.herefish.com/scripts/hf.js https://buttons-config.sharethis.com/js/60c0851926c3eb001107c372.js https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fast.wistia.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/766208465/ https://j.6sc.co/6si.min.js https://js.monitor.azure.com/scripts/b/ai.2.min.js https://js.zi-scripts.com/zi-tag.js https://pi.pardot.com/analytics https://platform-api.sharethis.com/js/sharethis.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://t.sharethis.com/1/k/t.dhj https://tracking.g2crowd.com/attribution_tracking/conversions/1006581.js https://ws-assets.zoominfo.com/formcomplete.js https://www.clarity.ms/tag/dv7zchxaog https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com/gtm.js https://js.sentry-cdn.com https://js.hsforms.net/forms/v2.js https://pi.pardot.com/pd.js https://go.epiqglobal.com https://www.buzzsprout.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://browser.sentry-cdn.com https://tracking-api.g2.com https://www.googleadservices.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com;                     style-src 'report-sample' 'self' 'unsafe-inline' https://app.herefish.com https://embed.typeform.com https://cdnjs.cloudflare.com https://fonts.googleapis.com;                     worker-src blob:; 4
frame-src  'self' youtube.com www.youtube.com www.dailymotion.com assirmforum21-backend.liveforum.space assirmforum21.liveforum.space; worker-src 'self' blob: assirmforum21-backend.liveforum.space assirmforum21.liveforum.space; child-src 'self' assirmforum21-backend.liveforum.space assirmforum21.liveforum.space 4
upgrade-insecure-requests; report-uri 4
frame-ancestors 'self' https://moderncampus.lookbookhq.com https://moderncampus.pathfactory.com https://resources.moderncampus.com https://*.paperflite.com https://*.cleverstory.io; 4
frame-ancestors 'self' https://thetitanawards.com 4
default-src 'none'; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.googletagmanager.com www.googleadservices.com snap.licdn.com/li.lms-analytics/insight.min.js js.hs-scripts.com/4398552.js googleads.g.doubleclick.net/pagead/; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob: android-webview-video-poster: px.ads.linkedin.com www.googletagmanager.com; media-src 'self' https: monkapps.com; frame-src 'self' https: www.youtube.com; frame-ancestors 'self'; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: cdn.cookielaw.org www.googleadservices.com www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ www.google-analytics.com/g/collect; manifest-src 'self'; script-src-elem 'self' https: 'unsafe-inline' www.googletagmanager.com www.googleadservices.com; report-uri https://sentry.nadapada.net/api/125/security/?sentry_key=b569db56805c4e5f98879e39f0fc3053 4
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com https://*.ampproject.org 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://wts.anexia-it.com https://www.googletagmanager.com https://bat.bing.com https://snap.licdn.com https://www.facebook.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://www.youtube.com https://www.youtube-nocookie.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.livechatinc.com https://api.livechatinc.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://*.clarity.ms https://www.googletagmanager.com https://wts.anexia-it.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://bat.bing.com https://snap.licdn.com https://connect.facebook.net https://ws.sharethis.com https://d1l6p2sc9645hc.cloudfront.net https://dwhbridge.anexia-it.com https://www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://anexia.com https://www.linkedin.com https://px4.ads.linkedin.com https://region1.analytics.google.com https://px.ads.linkedin.com https://bat.bing.com https://a.clarity.ms https://c.clarity.ms https://www.google-analytics.com https://www.google.com https://www.google.at https://c.bing.com https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://td.doubleclick.net https://facebook.com https://www.facebook.com https://*.facebook.com https://*.doubleclick.net https://*.bing.com https://*.licdn.com https://bat.bing.net https://www.googleadservices.com https://zertifikat.creditreform.at https://static.anexia-it.com; font-src 'self' data:; connect-src 'self' https://www.facebook.com https://wts.anexia-it.com https://www.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.clarity.ms https://eu-api.friendlycaptcha.eu https://request.anexia.com https://anexia.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://api.friendlycaptcha.com https://www.google.com https://td.doubleclick.net https://*.doubleclick.net https://*.facebook.com https://facebook.com https://*.bing.com https://*.licdn.com https://px.ads.linkedin.com https://bat.bing.net https://www.google.at https://google.com https://www.youtube.com https://www.youtube-nocookie.com; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://*.doubleclick.net https://www.facebook.com https://*.facebook.com https://facebook.com https://*.bing.com https://*.licdn.com https://*.sharethis.com https://www.googleadservices.com https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self'; worker-src 'self' blob:; base-uri 'self'; report-to csp-endpoint 4
frame-ancestors 'self'; upgrade-insecure-requests; frame-src 'self' *.adsrvr.org *.marketo.com *.marketodesigner.com *.mktoweb.com *.experience.adobe.com *.adobe.net acrobatservices.adobe.com player.vimeo.com app.supademo.com app.heygen.com documentcloud.adobe.com insight.adsrvr.org *.demdex.net consent.cookiebot.com consentcdn.cookiebot.com *.youtube.com *.infrontfinance.com *.doubleclick.net *.googletagmanager.com; connect-src 'self' wss://*.infrontservices.com *.adsrvr.org https://www.facebook.com *.google-analytics.com *.leadinfo.com *.leadinfo.net https://li-replay.s3-accelerate.amazonaws.com https://*.ldnfrpl.com *.infrontservices.com *.marketo.com *.marketodesigner.com *.mktoweb.com *.experience.adobe.com *.adobe.net *.adobe.io wss://*.adobe.io *.doubleclick.net *.google.com analytics.ahrefs.com *.googlesyndication.com cdn.linkedin.oribi.io 633-ybp-923.mktoresp.com 633-ybp-923.mktoutil.com analytics.funnelfuel.io *.linkedin.com static1.r66net.com *.demdex.net cm.everesttech.net assets.adobedtm.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.salesloft.com *.clarity.ms *.tt.omtrdc.net bat.bing.net; img-src 'self' *.leadinfo.net *.leadinfo.net *.videostep.com *.infrontservices.com assets.adoberesources.net lh3.googleusercontent.com *.doubleclick.net *.linkedin.com *.b26net.com *.googletagmanager.com *.clarity.ms *.facebook.com *.bing.com *.bing.net *.google.com  s.videostep.com dev.day.com secure.adnxs.com *.invibes.com *.demdex.net cm.everesttech.net assets.adobedtm.com *.cookiebot.com *.2o7.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; font-src *.infrontfinance.com *.leadinfo.net *.infront.co *.typekit.net data:; style-src *.infrontfinance.com *.leadinfo.net *.googleapis.com *.infront.co 'unsafe-inline' *.typekit.net; script-src *.infrontfinance.com *.leadinfo.net https://*.ldnfrpl.com *.infrontservices.com *.googleadservices.com *.infront.co scout-cdn.salesloft.com connect.facebook.net analytics.ahrefs.com *.marketo.com *.marketodesigner.com *.mktoweb.com *.experience.adobe.com *.adobe.net munchkin.marketo.net static.r66net.com static.r66net.net *.doubleclick.net k.r66net.com u.videostep.com *.licdn.com analytics.funnelfuel.io bat.bing.com js.adsrvr.org *.adobeaemcloud.com assets.adoberesources.net acrobatservices.adobe.com documentcloud.adobe.com *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.google-analytics.com dqm.crownpeak.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net *.salesloft.com *.clarity.ms 'self' 'unsafe-eval' 'unsafe-inline'; 4
frame-ancestors 'self' https://cloud.1c.fitness; 4
default-src 'self' data: *.dv.socure.io *.adobedc.net google.com *.googletagmanager.com *.trustarc.com *.mpsnare.iesnare.com https://mpsnare.iesnare.com https://*.extole.io https://*.xtlo.net; object-src 'self' *.googletagmanager.com *.trustarc.com; child-src 'self' ujet.co google.com *.adobedc.net *.ujet.co *.truste.com *.trustarc.com *.googletagmanager.com blob:; script-src 'self' https://secure.walmartmoneycard.com 'unsafe-inline' 'unsafe-eval' google.com https://first.iovation.com/* https://www.clarity.ms/* https://*.gdctrking.com https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms *.licdn.com *.adobedc.net *.dv.socure.io *.truste.com *.consent.trustarc.com *.googletagmanager.com *.trustarc.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.stackadapt.com *.tags.srv.stackadapt.com *.redditstatic.com *.forter.com tags.stackadapt.com https://mpsnare.iesnare.com https://share.walmartmoneycard.com *.go2bank.com *.go2financial.com *.go2bankonline.com *.fuelcdn.com *.exacttarget.com *.adobe.com *.mpsnare.iesnare.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com websdk.appsflyer.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.extole.io https://*.xtlo.net https://*.decibelinsight.net https://*.decibel.com blob: https://api.cloudsponge.com analytics.tiktok.com https://cdnjs.cloudflare.com https://acdn.adnxs.com/dmp/up/pixie.js https://ib.adnxs.com/pixie; connect-src 'self' https://secure.walmartmoneycard.com *.linkedin.com google.com https://*.gdctrking.com https://pie-secure-gdrewardsdev.nextestate.com/ https://qa-secure-gdrewardsdev.nextestate.com *.adobedc.net *.googletagmanager.com *.dv.socure.io *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.go2bank.com *.google-analytics.com *.walmartmoneycard.com/events *.appsflyer.com *.go2bank.com *.go2bankonline.com *.go2financial.com wss://mpsnare.iesnare.com/star *.appsflyer.com go2bank.sjv.io  kampyle.com *.mpsnare.iesnare.com *.kampyle.com mobileapi.locatorsearch.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.cloudsponge.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://*.extole.io https://*.xtlo.net analytics.tiktok.com https://maps.googleapis.com https://analytics.pangle-ads.com https://pagead2.googlesyndication.com kvicxs.walmartmoneycard.com https://www.clarity.ms/* https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms; img-src 'self'  data: https://secure.walmartmoneycard.com google.com https://arttrk.com https://trkn.us https://rdcdn.com https://*.gdctrking.com *.linkedin.com p.alocdn.com *.dv.socure.io *.adobedc.net aa.trkn.us i.ytimg.com *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.reddit.com *.rdcdn.com *.mdhv.io *.go2bank.com *.go2bankonline.com *.go2financial.com *.ojrq.net *.tvsquared.com google-analytics.com *.google-analytics.com i.vimeocdn.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://www.clarity.ms/* https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms data: blob: https://*.extole.io https://*.xtlo.net https://www.clarity.ms/* https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms data: https://api.cloudsponge.com https://*.walmartmoneycard.com analytics.tiktok.com ; style-src 'self' 'unsafe-inline' *.adobedc.net *.dv.socure.io google.com *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.go2bankonline.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com use.typekit.net *.typekit.net https://*.extole.io https://*.xtlo.net https://fonts.googleapis.com https://api.cloudsponge.com; font-src 'self' data: *.dv.socure.io *.adobedc.net kampyle.com google.com *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.appsflyer.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.livefyre.com https://*.extole.io https://*.xtlo.net https://fonts.gstatic.com https://api.cloudsponge.com; frame-src 'self' *.pardot.com *.dv.socure.io *.adobedc.net google.com *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.go2bank.com ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com bytedance: sslocal:; frame-ancestors 'self' *.dv.socure.io google.com *.adobedc.net https://*.greendot.com https://*.go2bank.com https://*.go2financial.com https://*.walmartmoneycard.com https://*.chirpwhitelabel.com;; 4
frame-ancestors 'self' https://www.cvonline.lt https://www.cvmarket.lv https://www.cvkeskus.ee https://www.cvmarket.lt https://www.cv.lt https://www.visidarbi.lv; 4
frame-ancestors https://app.pendo.io https://consentcdn.cookiebot.com https://consent.cookiebot.com; default-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.jsdelivr.net;  font-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io https://*.cookiebot.com https://consentcdn.cookiebot.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com https://*.cookiebot.com blob:; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io  https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; frame-src 'self' https://app.pendo.io https://www.google.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com; worker-src 'self' blob: 4
frame-ancestors https: 4
frame-ancestors 'self' https://explore.medius.com https://www.medius.com https://www.expensya.com 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
frame-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://js.stripe.com https://app.aiden.cx https://api.dpdconnect.nl https://www.youtube.com https://www.obelink.be https://vars.hotjar.com https://www.facebook.com https://surfly.com https://www.google.com https://docs.google.com https://api.growthbook.io https://tcp.googlesyndication.com; 4
default-src 'self' 'unsafe-inline' https://*.klarnaevt.com https://*.klarnaservices.com https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://download-video.akamaized.net https://vod-progressive.akamaized.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://www.talkable.com https://pm.w55c.net https://*.marketingcloudapis.com https://*.smartgiftit.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://player.vimeo.com https://download-video-ak.vimeocdn.com https://*.vimeocdn.com https://*.cloudfront.net https://*.adyen.com https://*.cquotient.com https://cdn.builder.io https://*.yottaa.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://dev.movado.com https://id5-sync.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn.cookielaw.org https://cdn-swell-assets.yotpo.com; connect-src 'self' https://*.klarnaevt.com https://*.klarnaservices.com https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://pixels.spotify.com https://evnt.byspotify.com https://*.lt02.net https://*.tangiblee.com https://analytics.pangle-ads.com https://evt-eu.klarnaservices.com wss://*.inside-graph.com https://mvmt.7eer.net https://test.adyen.com/hpp/skipDetails wss://input.noibu.com https://www.facebook.com https://pubsub.googleapis.com https://*.noibu.com https://*.adyen.com https://www.talkable.com https://js.klarna.com https://api.cooladata.com https://*.inside-graph.com https://media.istockphoto.com https://*.appspot.com https://*.google.com.pk https://movado-item.smartgift-uat.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.fedex.com https://*.pulseidconnect.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://google.com https://cdn.acsbapp.com https://*.riskified.com https://*.onetrust.com https://api.honeybadger.io https://*.joinclyde.com https://*.equalweb.com https://*.criteo.com https://*.eum-appdynamics.com https://*.luckyorange.com wss://visitors.live wss://*.visitors.live https://*.amazonaws.com https://trail.grin.co https://static-na.payments-amazon.com https://maps.googleapis.com https://*.amazon.com https://*.doubleclick.net https://*.pinterest.com https://*.yotpo.com https://*.taboola.com https://*.quantcount.com https://s.yimg.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.snapchat.com https://*.bing.com https://*.cloudfront.net https://*.google-analytics.com https://d1lu3pmaz2ilpx.cloudfront.net https://www.cloudflare.com https://cdn.cookielaw.org https://*.luckyorange.net https://*.cquotient.com https://*.builder.io https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.affirm.com https://*.yottaa.net https://*.listrakbi.com https://bl.listrakbi.com https://*.google.com https://google.com/pay https://evt-na.klarnaservices.com; img-src 'self' 'unsafe-inline' data: blob: https://*.klarnaevt.com https://*.klarnaservices.com https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.facebook.com https://cfvod.kaltura.com https://beta.pulseidconnect.com https://dsp.adfarm1.adition.com https://movado.pulseidconnect.com https://c1.adform.net https://image8.pubmatic.com https://connect.facebook.net https://pixel.tapad.com https://sync.srv.stackadapt.com https://cdn-assets.affirm.com https://rtb.openx.net https://saas2.pulseidconnect.com https://id5-sync.com https://www.google.nl https://matching.ivitrack.com https://*.thebrighttag.com https://*.yieldlab.net https://cm.adform.net https://www.google.co.uk https://www.google.co.in https://prregcroab.icu https://tpcs.payu.in https://pixel-sync.sitescout.com https://prreqcroab.icu https://www.ojrq.net https://www.fossil.com https://sync-tm.everesttech.net https://ad.turn.com https://ws.rqtrk.eu https://live.rezync.com https://x.dlx.addthis.com https://adgen.socdm.com https://media.istockphoto.com https://sync.ipredictive.com https://api.brandbassador.com https://www.google.com.pk https://pm.w55c.net https://jelly.mdhv.io https://adx.dable.io https://www.talkable.com https://cdn.aralego.net https://bh.contextweb.com https://cs.adingo.jp https://idsync.rlcdn.com https://sync.aralego.com https://beacon.krxd.net https://*.ibytedtos.com https://*.amazonaws.com https://*.beamimpact.com https://*.smartgiftit.com https://match.prod.bidr.io https://public-prod-dspcookiematching.dmxleo.com https://www.googleadservices.com https://*.cooladata.com https://i6.liadm.com https://aa.agkn.com https://p.rfihub.com https://b1sync.zemanta.com https://sync.crwdcntrl.net https://d.turn.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://hb.yahoo.net https://tags.bluekai.com https://1f2e7.v.fwmrm.net https://match.adsrvr.org https://dpm.demdex.net https://secure.adnxs.com https://ib.adnxs.com https://s.ad.smaato.net https://match.sharethrough.com https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://jadserve.postrelease.com https://exchange.mediavine.com https://i.liadm.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://*.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://*.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://*.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://contextual.media.net https://partner.mediawallahscript.com https://x.bidswitch.net https://*.googleapis.com https://track.linksynergy.com https://*.cloudfront.net https://*.pinterest.com https://*.twitter.com https://t.co https://*.riskified.com https://*.gstatic.com https://*.payments-amazon.com https://m.media-amazon.com https://pixel.quantserve.com https://www.google-analytics.com https://*.tiktok.com https://www.facebook.com https://*.quantcount.com https://www.google.com https://*.bing.com https://listen.audiohook.com https://cdn.cookielaw.org https://mediacdn.espssl.com https://logs-01.loggly.com https://www.googletagmanager.com https://*.cquotient.com https://*.yotpo.com https://cdn.builder.io https://*.shopify.com https://*.doubleclick.net https://*.listrakbi.com https://bl.listrakbi.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://pay.google.com https://id5-sync.com https://*.pointmediatracker.com https://*.inside-graph.com https://*.bidr.io https://*.imrworldwide.com; style-src 'self' 'unsafe-inline' https://*.klarnaevt.com https://*.klarnaservices.com https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.beamimpact.com https://*.tiktok.com https://*.inside-graph.com https://*.listrakbi.com https://prreqcroab.icu https://*.googleapis.com https://*.cloudfront.net https://*.smartgiftit.com https://*.riskified.com https://*.typeform.com https://www.talkable.com https://code.jquery.com https://mediacdn.espssl.com https://*.bootstrapcdn.com https://*.klarnacdn.net https://*.yotpo.com https://cdnjs.cloudflare.com https://*.typekit.net https://www.google.com https://*.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cquotient.com https://us-sandbox-live.inside-graph.com; base-uri 'self'; form-action 'self' https://*.klarnaevt.com https://*.klarnaservices.com https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://e.issuu.com/ https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.lt02.net https://www.facebook.com https://*.adyen.com https://*.amazon.com https://*.paypal.com/; font-src 'self' data: https://cdn.builder.io https://x.klarnacdn.net https://*.espssl.com https://*.shopify.com https://*.yotpo.com https://cdn2.smartgiftit.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://cdnjs.cloudflare.com; frame-src 'self' https://*.klarnaservices.com https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://e.issuu.com/ https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://www.talkable.com https://tsdtocl.com https://*.self-veri.com https://*.eshopworld.com https://*.api.commercecloud.salesforce.com https://*.inside-graph.com https://*.typeform.com https://*.affirm.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://aa.agkn.com https://live.rezync.com https://sync.crwdcntrl.net https://*.yahoo.net https://tags.bluekai.com https://*.criteo.net https://*.joinclyde.com https://*.criteo.com https://*.appdynamics.com https://www.facebook.com https://www.surveymonkey.com https://*.pinterest.com https://platform.twitter.com https://*.snapchat.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.google.com https://*.doubleclick.net https://*.linksynergy.com https://*.listrak.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.klarnaevt.com https://*.klarnaservices.com https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://pixels.spotify.com https://pixel.byspotify.com https://*.lt02.net https://*.tangiblee.com https://js.klarna.com https://*.equalweb.com https://www.googleadservices.com https://*.igodigital.com https://secure.quantserve.com https://s.pinimg.com https://api.sb.joinclyde.com https://api.joinclyde.com https://dynamic.criteo.com https://*.cloudfront.net https://widget.us.criteo.com https://www.google.nl/pagead https://www.google.nl https://sslwidget.criteo.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://cdn.noibu.com https://*.tiktok.com https://cdn.appdynamics.com https://beacon.riskified.com https://ajax.googleapis.com https://cdn.cookielaw.org/scripttemplates https://www.google-analytics.com https://init.blackcrow.ai https://*.synchronycredit.com https://www.talkable.com https://pay.google.com https://*.appdynamics.com https://www.recaptcha.net https://*.affirm.com https://*.paypalobjects.com https://*.paypal.cn https://*.paypal.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://*.inside-graph.com https://embed.typeform.com https://*.yotpo.com https://d.impactradius-event.com https://*.listrakbi.com https://www.gstatic.com https://*.cquotient.com https://*.usablenet.com https://static-na.payments-amazon.com https://*.googleapis.com https://*.klarnaevt.com https://*.klarnaservices.com https://*.cloudflare.com https://www.google.com https://*.yottaa.com https://www.googleoptimize.com https://*.cookielaw.org https://*.movado.com https://*.googletagmanager.com https://*.oliviaburton.com https://*.concord.com https://*.concord.ch https://*.movadocompanystore.com https://*.collect.igodigital.com https://*.adyen.com https://*.mvmt.com https://*.klarna.com https://*.tangiblee.com; script-src-elem 'self' 'unsafe-inline' https://*.klarnaevt.com https://*.klarnaservices.com https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://*.klarnaevt.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://cdnapisec.kaltura.com https://*.equalweb.com https://*.ibytedtos.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://conoret.com https://www.talkable.com https://static.ads-twitter.com https://*.googletagmanager.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://account.demandware.com https://acsbapp.com https://*.riskified.com https://*.klarnaevt.com https://*.klarnaservices.com https://*.cooladata.com https://oliviaburton.usablenet.com https://*.inside-graph.com https://*.typeform.com https://*.criteo.com https://*.igodigital.com https://init.blackcrow.ai https://cdn.noibu.com https://*.usedrop.io https://widget.surveymonkey.com https://www.googleadservices.com https://*.adyen.com https://www.google-analytics.com https://*.quantcount.com https://*.snapchat.com https://*.taboola.com https://api.ipify.org https://*.twitter.com https://bat.bing.com https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://s.yimg.com https://cdn.pdst.fm https://googleads.g.doubleclick.net https://secure.quantserve.com https://code.jquery.com https://api.sb.joinclyde.com https://api.joinclyde.com https://*.appdynamics.com https://movado.usablenet.com https://*.builder.io https://d.impactradius-event.com https://*.cloudfront.net https://*.rakuten.com https://*.affirm.com https://*.yotpo.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://www.gstatic.com https://cdn.cookielaw.org https://www.googleoptimize.com https://cdn.yottaa.com https://*.google.com https://*.googleapis.com https://static-na.payments-amazon.com https://mvmtwatches.usablenet.com https://*.cquotient.com https://*.listrakbi.com https://bl.listrakbi.com https://*.listrak.com https://*.typekit.net https://*.linksynergy.com https://*.klarna.com https://*.tangiblee.com; style-src-elem 'self' 'unsafe-inline' https://*.klarnaevt.com https://*.klarnaservices.com https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.inside-graph.com https://*.equalweb.com https://x.klarnacdn.net https://*.beamimpact.com https://*.riskified.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://embed.typeform.com https://www.talkable.com https://*.cloudfront.net https://us-sandbox-live.inside-graph.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://mediacdn.espssl.com https://code.jquery.com https://fonts.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://*.linksynergy.com https://*.cloudflare.com https://*.listrakbi.com https://bl.listrakbi.com https://*.smartgiftit.com https://*.tangiblee.com; report-uri https://test.adyen.com/hpp/skipDetails https://cdn.cookielaw.org/scripttemplates https://*.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn-swell-assets.yotpo.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-modals allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' https://test.adyen.com/hpp/skipDetails https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cookielaw.org https://*.googleapis.com https://*.yotpo.com; worker-src blob: 'self' https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch; 4
frame-ancestors 'self' https://*.teemill.com teemill.com 4
script-src https: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' https://*.com 4
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 4
default-src 'self' https://www.all-connect.net; img-src 'self' data: https://s.w.org https://ps.w.org; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; worker-src 'self' https://www.all-connect.net; frame-ancestors 'self' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' ad.doubleclick.net performance.autofintech.link my.advertisingmarketplace.ai www.googleadservices.com googleads.g.doubleclick.net tags.srv.stackadapt.com bat.bing.com bat.bing.net dpm.demdex.net www.google-analytics.com googleads.g.doubleclick.net adservice.google.* pagead2.googlesyndication.com api.ipify.org px.ads.linkedin.com *.outbrain.com *.akamaihd.net *.akstat.io *.analytics.google.com *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com cdn.linkedin.oribi.io s.yimg.com *.report.gbss.io cdn.gbqofs.com api.fundpress.io api-uk.kurtosys.app assets.adobedtm.com cdn.cookielaw.org cm.everesttech.net geolocation.onetrust.com mandg.scene7.com privacyportal-de.onetrust.com search-api.swiftype.com smetrics.mandg.com stats.g.doubleclick.net prudentialdistributi.tt.omtrdc.net policylookup.mandg.com pdx-col.eum-appdynamics.com api.pru.co.uk www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat analytics.google.com adservice.google.com prudential.distribution.team.prudential.co.uk cas.zma.gs c.zmags.com fml-x.com *.fundslibrary.net dc.services.visualstudio.com *.googlesyndication.com; font-src 'self' data: fonts.gstatic.com api.fundpress.io fonts.gstatic.com use.typekit.net at.alicdn.com images.getfastr.com; form-action 'self' wwwx.pruadviser.co.uk; frame-ancestors 'self' mypru.pru.co.uk www.mymandg.co.uk *.fundslibrary.co.uk www.platformservices.co.uk www.mandg.com; frame-src 'self' googleads.g.doubleclick.net ad.doubleclick.net www.mandg.com interactive.mandg.com *.demdex.net *.pruadviser.co.uk www.brighttalk.com digitalsecure.mandg.com forms.mymandg.co.uk securedigital.wealth.mandg.com securedigital.pru.mandg.com securedigital.prudential.co.uk secure.digital.mandg.com www.google.com irpages2.equitystory.com insight.adsrvr.org infogram.com e.infogram.com match.adsrvr.org mandg.fidainformatica.it mandg.videomarketingplatform.co mandg-podcast.videomarketingplatform.co prudential.videomarketingplatform.co recaptcha.google.com assets.ceros.com media.ceros.com view.ceros.com www.youtube-nocookie.com igccharges.mandg.com *.doubleclick.net adclick.g.doubleclick.net sustainabilityprofiletool.mandg.com api.pru.co.uk digital-api.dg.pru.co.uk open.spotify.com wwwx.pruadviser.co.uk flo.uri.sh contentcontrol.api.zmags.com cas.zma.gs *.t.eloqua.com *.googletagmanager.com; img-src 'self' data: googleads.g.doubleclick.net www.google.com www.google.co.uk www.googleadservices.com tags.srv.stackadapt.com bat.bing.com bat.bing.net googleads.g.doubleclick.net www.google-analytics.com googleads.g.doubleclick.net prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co fonts.googleapis.com *.akstat.io *.demdex.net *.google-analytics.com *.googletagmanager.com ad.doubleclick.net api.fundpress.io api-uk.kurtosys.app adservice.google.com assets.adobedtm.com cdn.cookielaw.org cm.everesttech.net www.google.com www.google.co.uk i.ytimg.com mandg.scene7.com smetrics.mandg.com ttcontacts.com 797110.global.siteimproveanalytics.io insight.adsrvr.org *.wealth.mandg.com lantern9.mandg.com lanternmg.mandg.com sp.analytics.yahoo.com www.facebook.com px.ads.linkedin.com www.google.co.in www.linkedin.com privacy-digital.mandg.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat wwwx.pruadviser.co.uk public.flourish.studio img.creator-prod.zmags.com cas.zma.gs images.getfastr.com getfastr.com zmags.com c.zmags.com mypru.pru.co.uk analytics.twitter.com fonts.gstatic.com mandg.videomarketingplatform.co report.23video.com delivery.twentythree.com www.fundslibrary.co.uk fcscdn.broadridge.com; media-src data: blob: mandg.scene7.com mandg.videomarketingplatform.co mandg-podcast.videomarketingplatform.co prudential.videomarketingplatform.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' performance.autofintech.link tags.srv.stackadapt.com bat.bing.com bat.bing.net tags.tiqcdn.com www.googletagservices.com securepubads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com *.siteintercept.qualtrics.com *.outbrain.com *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com *.report.gbss.io assets.adobedtm.com api.fundpress.io api-uk.kurtosys.app cdn.cookielaw.org cdn.gbqofs.com www.brighttalk.com cm.everesttech.net e.infogram.com geolocation.onetrust.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com js.adsrvr.org mandg.scene7.com report.23video.com siteimproveanalytics.com connect.facebook.net img.en25.com snap.licdn.com fml-x.com assets.ceros.com media.ceros.com view.ceros.com www.mandg.com; script-src-elem 'self' 'unsafe-inline' performance.autofintech.link tags.srv.stackadapt.com bat.bing.com bat.bing.net pagead2.googlesyndication.com prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com *.report.gbss.io assets.adobedtm.com api.fundpress.io api-uk.kurtosys.app cdn.cookielaw.org cdn.gbqofs.com www.brighttalk.com cm.everesttech.net e.infogram.com geolocation.onetrust.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com js.adsrvr.org mandg.scene7.com report.23video.com siteimproveanalytics.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com img.en25.com connect.facebook.net snap.licdn.com s.yimg.com assets.ceros.com media.ceros.com view.ceros.com privacy-digital.mandg.com infogram.com prudential.distribution.team.prudential.co.uk public.flourish.studio cas.zma.gs getfastr.com zmags.com tr.outbrain.com wave.outbrain.com amplify.outbrain.com static.ads-twitter.com mandg.videomarketingplatform.co fml-x.com www.mandg.com fcscdn.broadridge.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.googleapis.com mandg.scene7.com; style-src-elem 'self' 'unsafe-inline' tags.srv.stackadapt.com prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co fonts.googleapis.com mandg.scene7.com use.typekit.net p.typekit.net prudential.distribution.team.prudential.co.uk cas.zma.gs mandg.videomarketingplatform.co fcscdn.broadridge.com; worker-src 'self' blob:; base-uri 'self'; upgrade-insecure-requests; report-uri /csp/log 4
upgrade-insecure-requests; base-uri 'self'; 4
frame-ancestors 'self' http://dezshira.in/ http://www.dezshira.com/ https://www.china-briefing.com https://www.india-briefing.com https://www.vietnam-briefing.com https://www.aseanbriefing.com https://www.middleeastbriefing.com/ 4
upgrade-insecure-requests; frame-ancestors *.centurylink.com *.corp.intranet; 4
default-src 'self' *.gstatic.com 'unsafe-inline'; img-src 'self' www.gstatic.com *.hcaptcha.com; script-src *.googletagmanager.com *.gstatic.com *.hcaptcha.com *.googleapis.com *.recaptcha.net 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *.hcaptcha.com *.recaptcha.net 'self'; connect-src 'self' *.google.com *.gstatic.com *.hcaptcha.com *.googleapis.com *.recaptcha.net; 4
require-trusted-types-for 'script';report-uri /_/MeetingsUi/cspreport 4
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 4
default-src * 'self' 'unsafe-inline'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://acsbapp.com/ https://*.googleapis.com/ https://bat.bing.com/ https://*.quantummetric.com/ https://*.osano.com/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com https://*.google.co.uk https://js.stripe.com/ https://cdn.lgrckt-in.com/ blob: 'unsafe-inline' 'unsafe-eval' 'self'; frame-ancestors 'self'; form-action *; font-src https://fonts.gstatic.com/ https://*.acsbapp.com 'self' data:; img-src www.googletagmanager.com https://*.acsbapp.com https://www.facebook.com https://*.bing.com https://*.google.com https://*.google.co.uk https://*.google.co.in https://*.google.rs https://*.doubleclick.net https://bat.bing.com https://*.google-analytics.com https://*.google.co.in https://*.cibt.com/ https://*.cibtvisas.com https://cibtvisas.com 'self' data: blob:; connect-src 'self' data: https://*.google.com https://*.google.co.in https://*.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googlesyndication.com  https://*.bing.com https://*.acsbapp.com https://acsbapp.com https://*.cibt.com https://*.api.osano.com/ https://google.com https://google.co.uk https://google.co.in https://google.rs https://*.cibtvisas.com https://*.*.osano.com https://*.logrocket.io https://*.logrocket.com https://*.newlandchase.com https://cibt.my.salesforce-sites.com *.amazonaws.com; 4
frame-ancestors 'self'; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub16f8f4157f115b184e143716929b3d8c&dd-evp-origin=content-security-policy&ddsource=csp-report; 4
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src * data:; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https: blob:; frame-ancestors 'self'; upgrade-insecure-requests 4
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' blob: 4
default-src 'self' data: blob: ; worker-src 'self' data: blob: ; font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com consent.trustarc.com https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com *.nr-data.net *.datadome.co *.captcha-delivery.com *.googletagmanager.com *.jquery.com *.cloudflare.com s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com *.sardine.ai https://*.hotjar.com *.blackhawknetwork.com *.bhn.cards assets.adobedtm.com; script-src-attr 'unsafe-inline' *.blackhawknetwork.com; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com *.nr-data.net stats.g.doubleclick.net *.datadome.co *.blackhawknetwork.com *.sardine.ai https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com adobedc.demdex.net metrics.mycardwallet.com *.bhn.cards; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com data: s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com www.googletagmanager.com https://*.hotjar.com; frame-src *; object-src 'none'; media-src 'self' *.iesnare.com data:; frame-ancestors 'self' cardholder.jokercard.ca;base-uri 'self'; form-action 'self'; upgrade-insecure-requests 4
frame-ancestors 'self' pages.sitecorecloud.io; 4
default-src *.cloudflare.com *.youtube.com *.powerfulreveal.com *.semoelectric.coop *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 4
frame-ancestors 'none'; base-uri 'none'; 4
frame-ancestors 'self' *.logo.pt *.force.com *.tranquilidade.cst *.tranquilidade.pt *.generalitranquilidade.pt *.t-vida.pt *.tranquilidade.co.ao *.tranquilidadeseguros.co.mz *.facebook.net *.facebook.com *.advancecare.pt *.vitorinos.pt 4
frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn https://icp.renesas.com http://icp.renesas.com https://icp.renesas.cn http://icp.renesas.cn 4
upgrade-insecure-requests ; 4
frame-ancestors 'self' https://*.storyblok.com; 4
default-src 'self'; base-uri 'self'; frame-src 'self' https://*.server.pro https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.venmo.com https://challenges.cloudflare.com https://youtube.com https://*.youtube.com; child-src 'self' https://*.server.pro https://*.paypal.com https://*.paypalobjects.com https://*.venmo.com; object-src 'none'; frame-ancestors 'none'; form-action 'self' https://*.server.pro; img-src 'self' https: data: blob:; font-src 'self' data: https:; worker-src 'self' blob:; media-src 'self' data:; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.js.stripe.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.venmo.com https://challenges.cloudflare.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.js.stripe.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.venmo.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.venmo.com; connect-src 'self' data: https://*.server.pro wss://*.server.pro https://api.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.venmo.com https://*.googleapis.com https://api.curseforge.com https://api.modrinth.com https://api.modpacks.ch; upgrade-insecure-requests; 4
upgrade-insecure-requests;connect-src *;frame-ancestors 'self' 4
img-src * blob: data:; default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 4
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.gstatic.com/ https://fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.azul.com.do https://authentication.cardinalcommerce.com/ https://songbird.cardinalcommerce.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.onesignal.com https://aliss.os.tc/  https://aliss-test.os.tc/ https://*.cardinalcommerce.com/ https://*.clarity.ms *.userway.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.gstatic.com magefan.com cm.magefan.com *.disqus.com https://www.magezon.com *.onesignal.com https://img.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://*.cardinalcommerce.com/ https://cdn.jsdelivr.net https://purecatamphetamine.github.io https://*.clarity.ms *.adobesc.com *.userway.org data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.disqus.com *.js-agent.newrelic.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.cardinalcommerce.com/ https://www.google-analytics.com/ https://cdn.jsdelivr.net accounts.google.com connect.facebook.net *.bolt.com *.commerce-quick-checkout.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com s7.addthis.com *.userway.org https://assets-cdn.woowup.com https://js.pusher.com www.clarity.ms https://www.clarity.ms https://*.clarity.ms *.adobe.net *.adobedc.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com *.fontawesome.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.clarity.ms *.userway.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://cdn.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://*.cardinalcommerce.com/ https://*.amazonaws.com/ *.facebook.com www.clarity.ms https://*.clarity.ms *.adobe.net *.adobedc.net *.userway.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.onesignal.com https://cdn.onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ https://*.clarity.ms *.userway.org http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.integration2-hohc4oi-c2g6g5sgc4xo6.us-5.magentosite.cloud https://*.cardinalcommerce.com/ https://*.clarity.ms 'self' 'unsafe-inline'; 4
frame-ancestors 'self' https://training.lynxbroker.de 4
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.sharethis.com *.botmd.io *.google-analytics.com  https://snap.licdn.com https://googleads.g.doubleclick.net https://connect.facebook.net cdn.ampproject.org; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.simsys.sg *.sharethis.com *.cdninstagram.com *.botmd.io *.s3.amazonaws.com *.google-analytics.com *.google.com *.google.com.sg https://px.ads.linkedin.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.sharethis.com player.vimeo.com *.facebook.com *.youtube.com *.botmd.io *.google.com https://form.gov.sg td.doubleclick.net youtu.be www.googletagmanager.com my.matterport.com *.spotify.com https://gccchat.nuhs.edu.sg https://vimeo.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.sharethis.com bcp.crwdcntrl.net *.ent.ap-southeast-1.aws.found.io *.google-analytics.com https://stats.g.doubleclick.net *.amazonaws.com https://data.stbuttons.click/data c.ltmsphrcl.net https://gccchat.nuhs.edu.sg/connector/api/chat/connect *.google.com https://px.ads.linkedin.com; media-src 'self' data: blob: *.cdninstagram.com *.botmd.io *.s3.amazonaws.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: data:; object-src 'none' 4
upgrade-insecure-requests 4
default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com https://*.rudderlabs.com/ blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline' https://*.rudderstack.com/; font-src * data: https:; frame-src *; 4
default-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' * https://heapanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: * https://cdn.us.heap-api.com https://heapanalytics.com; img-src 'self' blob: data: * https://heapanalytics.com; connect-src 'self' blob: data: * https://c.us.heap-api.com https://heapanalytics.com; font-src 'self' blob: data: * https://heapanalytics.com; frame-ancestors 'self' https://xodo-web.sanity.studio; 4
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hubspot.com https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hs-banner.com https://static.cloudflareinsights.com https://acsbapp.com https://js.stripe.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: blob: https://stream.co https://*.stripe.com https://*.hsforms.com https://www.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.googletagmanager.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hubspot.com https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hs-banner.com https://static.cloudflareinsights.com https://api.stripe.com https://api.hsforms.com https://api.trustpilot.com https://acsbapp.com https://cdn.acsbapp.com https://fonts.googleapis.com https://*.hcaptcha.com https://m.stripe.com https://unpkg.com; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://m.stripe.network https://b.stripecdn.com https://*.hcaptcha.com https://pay.google.com https://m.stripe.com; worker-src 'self' blob:; form-action 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'self'; manifest-src 'self'; upgrade-insecure-requests 4
frame-ancestors 'none'; report-uri https://prod-bk-csp-service.rbictg.com/csp; report-to csp-endpoint 4
frame-ancestors 'self' https://www.ringier-advertising.ch https://cms.ringiermedienschweiz.ch  https://blumen.palantirfoundry.de https://*.ringpublishing.com ; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; frame-ancestors 'self'; 4
font-src https: data:; img-src https: data:; 4
frame-ancestors 'self'; report-to csp-reports; 4
default-src data: 'self' https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 4
default-src 'self';      style-src 'self' *.typekit.net https://unpkg.com *.salesforce.com *.adobeaemcloud.com *.force.com *.salesforceliveagent.com *.trustcommander.net *.tagcommander.com *.salesforce-sites.com *.squarelovin.com *.adyen.com *.gstatic.mopinion.com *.danone-dtc.net *.chargebee.com *.static.criteo.net *.criteo.com *.mopinion.com *.gstatic.com *.live2support.com *.lpsnmedia.net *.commander1.com *.bootstrapcdn.com https://dpm.demdex.net https://assets.adobedtm.com *.zencdn.net *.sharethis.com *.googleapis.com *.pinimg.com *.commandersact.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline';      script-src 'self' *.adform.net *.linkedin.com https://unpkg.com https://js-agent.newrelic.com *.adobeaemcloud.com *.salesforce.com *.force.com *.salesforceliveagent.com *.trustcommander.net *.salesforce-sites.com *.youtube.com *.gbqofs.com *.googleapis.com *.adobe.com *.gigya.com *.hotjar.com *.squarelovin.com *.paypal.com *.nxtck.com *.adyen.com *.gstatic.mopinion.com *.chargebee.com *.criteo.net *.criteo.com *.live2support.com *.jsdelivr.net *.mopinion.com *.googletagmanager.com https://dpm.demdex.net https://assets.adobedtm.com *.tagcommander.com *.twitter.com *.pinterest.com *.instagram.com https://services.postcodeanywhere.co.uk *.commandersact.com *.facebook.net *.lpsnmedia.net *.pinimg.com *.danone-dtc.net *.outbrain.com *.google.com *.googleadservices.com *.google-analytics.com *.sharethis.com *.addthis.com *.doubleclick.net *.theadex.com *.commander1.com *.liveperson.net *.gstatic.com *.digital4danone.com *.ads-twitter.com https://widget.trustpilot.com https://cdn.channelsight.com *.monitor.azure.com *.cdn.applicationinsights.io https://az416426.vo.msecnd.net *.guaranteed-reviews.com blob: 'unsafe-inline' 'unsafe-eval';      img-src 'self' data: https://unpkg.com *.salesforce.com *.adobeaemcloud.com *.force.com *.salesforceliveagent.com *.trustcommander.net *.salesforce-sites.com *.digital4danone.com *.serving-sys.com *.hotjar.com *.assetsadobe.com *.squarelovin.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com *.adyen.com *.gstatic.mopinion.com *.gstatic.com *.live2support.com https://dpm.demdex.net https://assets.adobedtm.com https://services.postcodeanywhere.co.uk http://danonegroup-stage.neolane.net *.commandersact.com *.googleadservices.com *.cx.atdmt.com *.danone-dtc.net *.outbrain.com *.danone.com *.atdmt.com *.pinterest.com *.commander1.com *.tagcommander.com *.lpsnmedia.net *.adition.com *.doubleclick.net *.google.co.in *.theadex.com *.google-analytics.com *.google.com *.sharethis.com *.googleapis.com *.w3.org *.mookie1.com *.pinimg.com *.facebook.com *.googletagmanager.com *.linkedin.com *.adsrvr.org *.analytics.google.com *.g.doubleclick.net https://ade.googlesyndication.com https://www.societe-des-avis-garantis.fr *.goldenbees.fr;      frame-src 'self' *.adform.net *.googletagmanager.com https://unpkg.com *.salesforce.com *.adobeaemcloud.com *.force.com *.salesforceliveagent.com *.trustcommander.net *.gigya.com *.hotjar.com *.squarelovin.com https://player.simplecast.com *.googleapis.com *.simplecast.com *.paypal.com *.adyen.com *.gstatic.com *.adobe.com *.gstatic.mopinion.com *.danone-dtc.net *.chargebee.com *.static.criteo.net *.criteo.com *.tohklom.com *.tagcommander.com *.amazon-adsystem.com *.liveperson.net *.vimeo.com *.live2support.com *.google.com *.lpsnmedia.net *.commander1.com *.commandersact.com *.google-analytics.com *.googleadservices.com *.proprofs.com https://dpm.demdex.net https://assets.adobedtm.com *.facebook.com *.doubleclick.net *.theadex.com *.sharethis.com *.addthis.com *.youtube.com *.adsrvr.org *.spotify.com *.cloudfront.net *.instagram.com *.soundcloud.com *.twitter.com *.pinterest.com https://widget.trustpilot.com https://acs.revolut.com https://sg-3ds-vdm.wlp-acs.com *.flockler.com *.tagcommander.net;      connect-src 'self' blob: *.linkedin.com *.algolia.net *.algolianet.com *.algolia.io https://api.guaranteed-reviews.com https://viewlicense.adobe.io https://unpkg.com https://bam.eu01.nr-data.net *.adobeaemcloud.com *.salesforce.com *.force.com *.salesforceliveagent.com *.trustcommander.net *.tagcommander.com *.salesforce-sites.com *.google.com *.digital4danone.com *.gbqofs.io *.googleapis.com *.gigya.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.squarelovin.com *.paypal.com *.sentry.io *.adyen.com *.gstatic.com *.gstatic.mopinion.com *.live2support.com *.addthis.com *.mopinion.com https://dpm.demdex.net https://assets.adobedtm.com *.google-analytics.com *.googleadservices.com *.commandersact.com *.danone-dtc.net *.ct.pinterest.com *.privacy.trustcommander.net https://services.postcodeanywhere.co.uk *.commercetools.com *.facebook.com *.omtrdc.net *.pinterest.com *.commander1.com *.sharethis.com *.doubleclick.net *.analytics.google.com https://dc.services.visualstudio.com https://js.monitor.azure.com *.googletagmanager.com *.g.doubleclick.net *.guaranteed-reviews.com;      font-src 'self' data: *.googletagmanager.com https://unpkg.com *.google.com *.salesforce.com *.force.com *.adobeaemcloud.com *.salesforceliveagent.com *.trustcommander.net *.tagcommander.com *.hotjar.com *.squarelovin.com *.adyen.com *.gstatic.mopinion.com *.gstatic.com *.googleapis.com *.live2support.com *.googleadservices.com *.commandersact.com *.google-analytics.com *.danone-dtc.net https://vjs.zencdn.net *.guaranteed-reviews.com;      media-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com https://unpkg.com *.salesforce.com *.adobeaemcloud.com *.force.com *.salesforceliveagent.com *.trustcommander.net *.tagcommander.com *.googleadservices.com *.squarelovin.com *.googleapis.com *.lpsnmedia.net 4
frame-ancestors https://platform.sbnation.com https://*.sbnation.com 'self' 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';frame-src * mailto: data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.acaa-cmps.com *.dbedirectory.com *.uhsvendors.com *.mdbecert.com *.mwdbe.com *.traviscountyhub.com *.civilrightsystem.com *.gob2g.com *.mwdsbe.com *.mwsbe.com *.sbeda.com *.thesupplierclearinghouse.com *.smwbe.com *.diversitycomplance.com *.civilrightsconnect.com *.b2gnow.com *.newnycontracts.com *.diversitysystem.com *.dbesystem.com *.civilrightsconnect.dot.gov *.sbdbe.com *.sctrca.org *.civilrightsconnect.dot.gov *.webnclink.org *.vendorreg.com *.txdotcms.com *.diversitysoftware.com *.sbecompliance.com; 4
frame-ancestors 'self' dampsoft.de *.dampsoft.de wordpress.p683160.webspaceconfig.de 4
frame-ancestors 'none'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests 4
upgrade-insecure-requests; form-action 'self' https://api.staticforms.xyz/submit; frame-ancestors 'self'; object-src 'none'; base-uri 'none' 4
frame-ancestors 'self' my.enboarder.com nine.enboarder.io; 4
connect-src 'self' *.fontawesome.com *.yimg.com *.google-analytics.com *.doubleclick.net rest-api.e-shot.net bat.bing.com terryberry.force.com *.omappapi.com z.omappapi.com a.omappapi.com api.omappapi.com *.nr-data.net *.terryberry.com secure.agile-company-365.com idx.liadm.com *.clickagy.com *.zoominfo.com *.hu-manity.co onesignal.com *.onesignal.com cdn.linkedin.oribi.io *.duosecurity.com terryberry.com *.gstatic.com  *.google.com *.hcaptcha.com terryberry.my.salesforce.com terryberry.my.site.com *.clickcease.com pagead2.googlesyndication.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.ads.linkedin.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.tag.unifyintent.com *.selectsoftwarereviews.com *.zi-scripts.com *.unifyintent.com unifyintent.com *.google.com google.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net; default-src  'self' 'unsafe-inline' data:; font-src  'self' 'unsafe-inline' data: *.fontawesome.com fonts.gstatic.com *.hu-manity.co *.duosecurity.com  terryberry.com *.terryberry.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net; frame-src 'self' bid.g.doubleclick.net service.force.com www.facebook.com go.pardot.com *.youtube.com storage.pardot.com terryberry.com *.terryberry.com player.vimeo.com *.hu-manity.co  onesignal.com *.onesignal.com *.duosecurity.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com td.doubleclick.net *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.googletagmanager.com *.zi-scripts.com *.tag.unifyintent.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net; img-src 'self' 'unsafe-inline' terryberry.com *.terryberry.com *.gravatar.com *.linkedin.com *.bing.com *.analytics.yahoo.com *.google.com *.google.co.uk *.google.de *.facebook.com *.google-analytics.com live-terryberry.pantheonsite.io p.adsymptotic.com go.pardot.com *.doubleclick.net i.ytimg.com *.omappapi.com *.googletagmanager.com *.clickagy.com *.rlcdn.com *.demdex.net *.crwdcntrl.net *.agkn.com *.bluekai.com pixel-sync.sitescout.com *.hu-manity.co  onesignal.com *.onesignal.com *.duosecurity.com terryberry.my.site.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com *.clickcease.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com trustpulse.s3.amazonaws.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.tag.unifyintent.com *.googleadservices.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net; media-src 'self' 'unsafe-inline' *.terryberry.com *.duosecurity.com terryberry.com data: *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.zi-scripts.com *.tag.unifyintent.com *.unifyintent.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net; script-src 'self' 'unsafe-inline'  'unsafe-eval' blob: *.pantheonsite.io *.360recognition.com *.giveawow.com *.youtube.com *.google.com *.google-analytics.com *.googleapis.com use.fontawesome.com kit.fontawesome.com www.googletagmanager.com service.force.com terryberry.my.salesforce.com bat.bing.com *.googleadservices.com snap.licdn.com tracking.g2crowd.com s.yimg.com connect.facebook.net pi.pardot.com *.salesforceliveagent.com *.doubleclick.net signup.es-mail.co.uk ajax.googleapis.com static.lightning.force.com terryberry.force.com *.omappapi.com *.googleoptimize.com *.adservice.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.terryberry.com secure.agile-company-365.com player.vimeo.com *.zoominfo.com *.clickagy.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com *.clickcease.com *.trstplse.com *.trustpulse.com *.chilipiper.com cdnjs.cloudflare.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com  unpkg.com/vue@3/dist/vue.global.js unpkg.com/vue@3/ *.tag.unifyintent.co *.tag.unifyintent.com *.selectsoftwarereviews.com *.zi-scripts.com *.terryberry.com *.unifyintent.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net *.hsforms.net; style-src 'self' 'unsafe-inline' *.pantheonsite.io *.fontawesome.com service.force.com terryberry.force.com fonts.googleapis.com *.omappapi.com *.terryberry.com secure.agile-company-365.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.unifyintent.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net *.hsforms.net; worker-src 'self' 'unsafe-inline' *.terryberry.com terryberry.com blob: data:; 4
default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; frame-ancestors 'self' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: cdn.intersport.serv.si www.intersport.si www.intersport.hr www.intersport.ba www.intersport.me intersport.si preview.ssgtm.intersport.si ssgtm.intersport.si appleid.cdn-apple.com/appleauth/ applepay.cdn-apple.com apple-pay-gateway.apple.com *.cookiebot.com cdnjs.cloudflare.com ajax.googleapis.com fcm.googleapis.com fonts.googleapis.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.googleoptimize.com maps.googleapis.com maps.gstatic.com fonts.gstatic.com www.gstatic.com *.google.com google.com www.google.si www.google.de googleads.g.doubleclick.net stats.g.doubleclick.net omara.cdn-cnj.si img.cdn-cnj.si cpx.smind.si cpx.smind.hr chimpstatic.com connect.facebook.net stats.g.doubleclick.net www.facebook.com *.creativecdn.com creativecdn.com *.paypal.com www.paypal.com www.paypalobjects.com platform.linkedin.com *.twitter.com *.pinterest.com www.youtube.com *.mercator.si maxcdn.bootstrapcdn.com secure.gravatar.com dts.cld.bz www.pimcore.org yoast.com *.braintreegateway.com *.braintree-api.com *.segmentify.com cdn.sgmntfy.com api.instacloud.io *.fna.fbcdn.net *.vimeo.com i.vimeocdn.com my.matterport.com my.mpskin.com graph.instagram.com *.cdninstagram.com cdn.crobox.io api.crobox.com pagead2.googlesyndication.com region1.google-analytics.com td.doubleclick.net cm.g.doubleclick.net firebaseinstallations.googleapis.com rt.udmserve.net fibbl.com *.fibbl.com fibblar.com *.fibblar.com cloudflare.com *.cloudflare.com erfd.intersport.ba load.erfd.intersport.ba rewt.intersport.hr load.rewt.intersport.hr tzur.intersport.me load.tzur.intersport.me utzr.intersport.si load.utzr.intersport.si; frame-ancestors 'self' blob: https://vr.intersport.si https://vr.intersport.hr https://vr.intersport.ba https://vr.intersport.me; 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.visualwebsiteoptimizer.com app.vwo.com https://cdnjs.cloudflare.com https://browser.sentry-cdn.com *.azureedge.net https://client.prod.repmap.microsoft.com https://www.google.com https://www.google.nl https://www.google.be https://www.google.de https://www.google.fr https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.cookiebot.com https://www.youtube.com https://sc-static.net https://connect.facebook.net https://*.snapchat.com https://snap.licdn.com https://www.googleadservices.com analytics.tiktok.com https://static.hotjar.com https://script.hotjar.com https://*.googlesyndication.com https://*.dynamics.com https://*.azureedge.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.visualwebsiteoptimizer.com app.vwo.com https://loyal-lyrebird.cloudvent.net https://*.typekit.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com; img-src 'self' data: https://*.visualwebsiteoptimizer.com app.vwo.com https://picsum.photos https://*.picsum.photos https://*.cloudfront.net https://*.azureedge.net https://assets-eur.mkt.dynamics.com *.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleusercontent.com/docsdf https://*.snapchat.com https://snap.licdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://*.linkedin.com https://*.svc.dynamics.com https://*.cookiebot.com https://loyal-lyrebird.cloudvent.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com; media-src 'self'; frame-src 'self' https://app.vwo.com https://www.youtube.com https://www.youtube-nocookie.com https://tourmkr.com *.svc.dynamics.com https://projects.ivorystudio.net https://open.spotify.com https://*.cookiebot.com https://docs.google.com https://*.snapchat.com https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com  https://exch.dehaagsehogeschool.nl https://exch.thuas.com; font-src 'self' data: https://script.hotjar.com https://loyal-lyrebird.cloudvent.net https://*.typekit.net https://fonts.gstatic.com  https://exch.dehaagsehogeschool.nl https://exch.thuas.com; connect-src 'self' https://sentry.netvlies.nl *.svc.dynamics.com https://*.visualwebsiteoptimizer.com app.vwo.com https://*.analytics.google.com https://*.cookiebot.com https://region1.google-analytics.com www.google-analytics.com analytics.tiktok.com stats.g.doubleclick.net https://*.snapchat.com https://snap.licdn.com https://cdn.linkedin.oribi.io https://vc.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://*.linkedin.com https://surveystats.hotjar.io https://ask.hotjar.io https://in.hotjar.com https://*.googlesyndication.com https://*.google.com https://analytics.google.com https://googleads.g.doubleclick.net https://*.dynamics.com https://*.azureedge.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com https://www.googleadservices.com https://sentry.netvlies.nl/api/106/store/ https://sentry.netvlies.nl/api/106/envelope/; report-uri /report-csp-violation 4
style-src 'self' 'unsafe-inline'; 4
frame-ancestors 'self' https://*.prismic.io; 4
default-src 'self' https://www-cdn01.avisonyoung.com https://api-eu1.hubspot.com https://analytics.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://www-proxy01.avisonyoung.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://optimize.google.com https://www.avisonyoungproperty.co.uk https://cdn.jsdelivr.net https://*.sharplaunch.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hs-banner.com http://script.hotjar.com https://script.hotjar.com https://*.sharplaunch.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://cdn.analytics.foleon.com https://previewer.foleon.com https://optimize.google.com https://e.infogram.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://avantanalytics.avisonyoung.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com https://ext.chtbl.com https://www.googleoptimize.com https://js-eu1.hsleadflows.net https://www.google.com https://www.gstatic.com https://js-eu1.usemessages.com https://js-eu1.hsadspixel.net https://analytics.avisonyoung.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js-eu1.hubspot.com https://cdn.jsdelivr.net https://www.avisonyoungproperty.co.uk https://sdk.sharplaunch.com https://cdnjs.cloudflare.com https://maps.google.com https://realtyads.com https://www.onelink-edge.com https://link.edgepilot.com https://analytics.sharplaunch.com https://*.sharplaunch.com https://secure.smart-enterprise-52.com https://js.zi-scripts.com https://tags.clickagy.com https://ajax.cloudflare.com https://tracking.walkthruit.com; img-src https: data: blob:; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://experience.arcgis.com https://infogram.com https://optimize.google.com https://e.infogram.com https://vars.hotjar.com https://avantanalytics.avisonyoung.com https://*.hsforms.com https://omny.fm https://forms-eu1.hubspot.com https://app-eu1.hubspot.com https://analytics.avisonyoung.com https://player.cohostpodcasting.com https://bid.g.doubleclick.net https://open.spotify.com https://td.doubleclick.net https://app.powerbi.com https://realtyads.com https://api.mapbox.com https://videos.eventsquared.live https://www.googletagmanager.com https://aycamerchantblock.sharplaunch.com https://my.matterport.com https://kuula.co hemsync.clickagy.com; connect-src 'self' https://www-cdn01.avisonyoung.com https://www.google-analytics.com https://maps.googleapis.com/ https://widget.usersnap.com https://api.analytics.foleon.com https://cdn.analytics.foleon.com https://api.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hs-banner.com https://static.hsappstatic.net https://web.chtbl.com https://stats.g.doubleclick.net https://forms-eu1.hubspot.com https://cdn.jsdelivr.net https://vimeo.com https://api-eu1.hubspot.com https://api-eu1.hubapi.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://content.hotjar.io https://metrics.hotjar.io https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://cta-eu1.hubspot.com https://cdn.growthbook.io https://sdk.sharplaunch.com https://analytics.sharplaunch.com https://*.sharplaunch.com https://5igwwa7oi7.execute-api.us-east-1.amazonaws.com https://pagead2.googlesyndication.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com ws.zoominfo.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 4
default-src https: data: wss://*.hotjar.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 4
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: wss: https: blob: 4
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https: dot.niiid.io jobs.b-ite.com cs-assets.b-ite.com; frame-ancestors 'self'; 4
connect-src * 4
default-src * 'unsafe-inline' 'unsafe-eval' data: wss: *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data: *; img-src * 'unsafe-inline' 'unsafe-eval' data: *; frame-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src * 'unsafe-inline' 'unsafe-eval' data: * 4
default-src 'self';               frame-src 'self' aax-eu.amazon-adsystem.com ct.pinterest.com  https://www.googletagmanager.com www.google.com www.youtube.com live.brame-gamification.com *.paypal.com www.facebook.com weatherwidget.io tpc.googlesyndication.com td.doubleclick.net;              media-src 'self';               img-src 'self' data: https://p1.outbrain.com https://a.mgid.com https://tr.blismedia.com maps.gstatic.com sp.analytics.yahoo.com maps.googleapis.com *.paypal.com uip.semasio.net www.google.com www.facebook.com www.google.gr bold.adman.gr cdn.cookielaw.org www.googletagmanager.com www.google.nl ads.travelaudience.com sherlock.adman.gr ad.doubleclick.net googleads.g.doubleclick.net adservice.google.com tr.outbrain.com cm.g.doubleclick.net ad.yieldlab.net pixel.rubiconproject.com image2.pubmatic.com ice.360yield.com ih.adscale.de ib.adnxs.com ads.betweendigital.com p1.zemanta.com a.mgid.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://sitepixel.blis.com https://a.mgid.com *.zemanta.com c.amazon-adsystem.com ct.pinterest.com *.pinimg.com *.tiktok.com https://*.adform.net *.paypal.com *.paypalobjects.com *.braintreegateway.com sp.analytics.yahoo.com connect.facebook.net s.yimg.com maps.googleapis.com www.googletagmanager.com www.google.com www.youtube.com www.gstatic.com cdn.cookielaw.org weatherwidget.io ads.travelaudience.com www.googleadservices.com theferries.com tpc.googlesyndication.com tr.outbrain.com amplify.outbrain.com wave.outbrain.com js-tag.zemanta.com a.mgid.com https://www.redditstatic.com;        connect-src 'self' https://www.facebook.com https://analytics-ipv6.tiktokw.us https://tr.blismedia.com aax-eu.amazon-adsystem.com ara.paa-reporting-advertising.amazon ct.pinterest.com *.tiktok.com *.zemanta.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.googleadservices.com https://amplify.outbrain.com maps.googleapis.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.braintree-api.com cdn.cookielaw.org *.analytics.google.com stats.g.doubleclick.net s.yimg.com privacyportal-eu.onetrust.com geolocation.onetrust.com adservice.google.com www.google.com www.google.gr tr.outbrain.com p1.outbrain.com https://mpc-prod-16-s6uit34pua-uk.a.run.app/events https://demo-1.conversionsapigateway.com/events https://alb.reddit.com;              style-src 'self' 'unsafe-inline' fonts.googleapis.com;              font-src 'self' fonts.gstatic.com;       object-src 'none' 4
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 4
form-action 'self'; frame-ancestors 'none'; 4
object-src 'self' data: 4
upgrade-insecure-requests; frame-ancestors https://app.contentful.com 4
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://dec.azureedge.net/ https://munchkin.marketo.net https://js.hs-scripts.com https://js.hs-analytics.net https://contents-calculator.swintonassets.uk/ https://accident-map.swintonassets.uk/ https://api.tiles.mapbox.com https://burglary-map.swintonassets.uk https://crime-map.swintonassets.uk https://complaintsform.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://quiz.tryinteract.com/ https://api.contents-calculator.swintonassets.uk https://infographic.swintonassets.uk https://flo.uri.sh/ https://www.youtube.com/ https://chat.atlantagroup.co.uk/ https://prod.respondselfserve.com https://www.google-analytics.com/ https://www.google.co.uk https://schema.org https://ict.infinity-tracking.net https://track.omguk.com https://googleleads.g.doubleclick.net https://9210165.fls.doubleclick.net https://secure.adnxs.com/px https://secure.quantserve.com/ https://rules.quantcount.com/ https://ppc.swintonassets.uk https://connect.facebook.net/ https://acsbap.com/apps/ https://acsbapp.com/apps/ https://secure.servicetick.com/ https://widget.trustpilot.com https://register.feefo.com/ https://bat.bing.com/ https://script.infinity-tracking.com https://googleads.g.doubleclick.net https://edge.quantserve.com https://cdn-launching.servicetick.com https://ad.doubleclick.net https://rules.quantcount.com https://pixel.quantserve.com https://pagead2.googlesyndication.com https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://code.jquery.com https://almanac.jaywing.com https://mazda.almanac.jaywing.com https://*.civiccomputing.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://www.clarity.ms https://static.hotjar.com https://script.hotjar.com https://compare.defaqto.com/ https://www.youtube-nocookie.com https://swintonchat.widget.custhelp.com https://dqm.crownpeak.com https://swintonchat.custhelp.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.rnengage.com https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.autonetinsurance.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://js.smct.co https://smct.io https://js.smct.io *.bmw-motorrad-insurance.com https://*.bmw-motorrad-insurance.ie/ https://stapecdn.com https://cdnjs.cloudflare.com https://webchat.helpshift.com https://*.webchat.helpshift.com *.healthy-pets.co.uk https://lptag.liveperson.net https://cdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net https://*.youtube.com https://static.zdassets.com https://api.eu-1.smooch.io *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.tiktok.com/embed.js https://www.opinionstage.com https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_v1.0.12.js https://iframely.net/files/tiktok-embed.js https://maps.googleapis.com https://maps.gstatic.com https://cdn.prod.uk.five9.net/ https://assets.adobedtm.com https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com https://ccaip-test-brok-swdofud.ew2.ccaiplatform.com https://ccaip-broking-tcvrly5.ew2.ccaiplatform.com https://equote2staging.appliedequoteuat.com/integration/scripts/iframeResizer.min.js https://equote2staging.appliedequoteuat.com/integration/scripts/equote-iframe.min.js https://equote2.appliedequote.com/integration/scripts/iframeResizer.min.js https://equote2.appliedequote.com/integration/scripts/equote-iframe.min.js 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://use.fontawesome.com https://fast.fonts.net https://cdn-launching.servicetick.com https://ppc-v3.swintonassets.uk https://optimize.google.com https://fonts.googleapis.com https://swintonchat.widget.custhelp.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.autonetinsurance.co.uk *.bmw-motorrad-insurance.com *.wisedriving.com *.igo4.com https://cdnjs.cloudflare.com *.healthy-pets.co.uk https://lptag.liveperson.net https://cdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.opinionstage.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.prod.uk.five9.net/ https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com https://equote2staging.appliedequoteuat.com/integration/css/equote-iframe.min.css https://equote2.appliedequote.com/integration/css/equote-iframe.min.css 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.dec.sitefinity.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleads.g.doubleblick.net https://*.googleadservices.com https://*.googletagservices.com https://*.googlesyndication.com https://*.app-measurement.com *.eloqua.com https://track.hubspot.com https://bat.bing.com https://secure.adnxs.com https://ad.doubleclick.net https://pxl.qccerttest.com https://pixel.quantserve.com https://cm.g.doubleclick.net https://ib.adnxs.com https://us-u.openx.net https://stags.bluekai.com https://dpm.demdex.net https://idsync.rlcdn.com https://ups.analytics.yahoo.com https://dsum-sec.casalemedia.com https://ce.lijit.com https://x.bidswitch.net https://beacon.krxd.net https://rtb-csync.smartadserver.com https://sync.search.spotxchange.com https://aa.agkn.com https://e1.emxdgt.com https://sync.crwdcntrl.net https://eb2.3lift.com https://sync.1rx.io https://cs.lkqd.net https://sync.taboola.com https://quantcast.partners.tremorhub.com https://sync.teads.tv https://sync.outbrain.com https://router.infolinks.com https://cms.quantserve.com https://ad.yieldlab.net https://web1.acsbapp.com https://adservice.google.com *.entirecoverinsurance.co.uk https://script.hotjar.com https://www.hotjar.com https://www.google-analytics.com https://optimize.google.com https://track.omguk.com https://www.rnengage.com https://www.carolenash.com https://public.flourish.studio *.just-motorcycleinsurance.com *.autonetinsurance.co.uk *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://googletagmanager.com https://google.com https://google.co.uk https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://static.hotjar.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://cdn.smct.co https://smct.io https://cdn.smct.io https://px.smct.co https://px.smct.io https://ep.smct.co https://ep.smct.io https://snippet.maze.co/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk https://atlantagroup.zendesk.com www.google.com *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.opinionstage.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.lpsnmedia.net https://cdn.prod.uk.five9.net/ https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://bisil.sc.omtrdc.net/ https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com https://equote2staging.appliedequoteuat.com https://equote2.appliedequote.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com https://acsbapp.com https://script.hotjar.com https://fast.fonts.net https://fonts.gstatic.com https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://fonts.smct.co https://fonts.smct.io https://snippet.maze.co/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk https://www.opinionstage.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.prod.uk.five9.net/ https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com; frame-src https://widget.trustpilot.com https://prod.respondselfserve.com https://*.doubleclick.com https://*.doubleclick.net https://*.googlesyndication.com https://www.youtube.com https://www.facebook.com https://compare.defaqto.com/ https://webchat.helpshift.com https://*.webchat.helpshift.com https://player.vimeo.com https://optimize.google.com https://datawrapper.dwcdn.net https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://static.hotjar.com https://script.hotjar.com https://www.youtube-nocookie.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://smct.io https://ls.smct.co https://ls.smct.io https://d2d7do8qaecbru.cloudfront.net https://www.veed.io/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk https://cdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lo.shiftstatus.liveperson.net https://*.youtube.com https://t.maze.co/ https://www.opinionstage.com https://www.google.com https://cdn.prod.uk.five9.net/ https://bisil.demdex.net https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com https://ccaip-test-brok-swdofud.ew2.ccaiplatform.com https://ccaip-broking-tcvrly5.ew2.ccaiplatform.com https://websdk.ujet.co/ https://www.googletagmanager.com https://equote2staging.appliedequoteuat.com https://equote2.appliedequote.com 'self'; connect-src accounts.google.com https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' chat.atlantagroup.co.uk https://cdn.acsbapp.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://ict.infinity-tracking.net https://googleads4.g.doubleclick.net *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.insurance.harley-davidson.uk *.carolenash.com *.carolenash.ie *.atlantagroup.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.swinton.co.uk *.insurance4carhire.com *.comparemybikeinsurance.com *.kdbmedicals.co.uk *.lloydlatchford.co.uk *.igo4.com https://nas.lon.infinity-tracking.net https://*.civiccomputing.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleadservices.com https://*.googletagservices.com https://*.app-measurement.com https://*.googlesyndication.com https://a.clarity.ms https://vc.hotjar.io https://pixel.quantcount.com https://api.crownpeak.net *.entirecoverinsurance.co.uk https://surveystats.hotjar.io https://content.hotjar.io wss://wsp27.hotjar.com wss://ws.hotjar.com https://analytics.paymentshield.co.uk *.autonetinsurance.co.uk *.paymentshield.co.uk *.wearemarmalade.co.uk *.bewiser.co.uk *.wisedriving.com https://doubleclick.net https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://script.hotjar.com https://hotjar.io https://api.contents-calculator.swintonassets.uk https://smct.co https://js.smct.co https://smct.io https://js.smct.io https://ipb.smct.co https://ipb.smct.io https://cfg.smct.co https://cfg.smct.io https://ep.smct.co https://ep.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://acsbapp.com https://acsbap.com https://api.maze.co/ https://prompts.maze.co/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk wss://lo.msg.liveperson.net https://cdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://ekr.zdassets.com https://mml1.zendesk.com https://bat.bing.com wss://api.eu-1.smooch.io www.google.com *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.opinionstage.com https://accdn.liveperson.net http://cfg.smct.io https://cdn.prod.uk.five9.net/ https://bisil.sc.omtrdc.net/ https://dpm.demdex.net/ https://bisil.tt.omtrdc.net https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com wss://tsock.us1.twilio.com/v3/wsconnect 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://player.vimeo.com https://cdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://cdn.prod.uk.five9.net/; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: https://www.google.com https://cdn.prod.uk.five9.net/ 'self' 4
default-src * 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://statuspage.me https://*.statuspage.me; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statuspage.me https://*.statuspage.me https://sapat.chat https://plausible.io; script-src-elem * 'unsafe-inline' 'self' https://statuspage.me https://*.statuspage.me https://sapat.chat https://plausible.io; img-src * 'self' data: https://statuspage.me https://*.statuspage.me https://i.imgur.com; font-src *; connect-src * 4
media-src blob: 'self' 4
default-src * data: blob:  about: ws: wss: 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' https://*.inchcapedigital.com; 4
default-src 'self'; connect-src *;font-src * data:;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; frame-src * 4
default-src 'self'; script-src 'self' 'unsafe-inline' https://unpkg.com https://ajax.googleapis.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://cdn.tailwindcss.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; 4
object-src 'none'; frame-ancestors 'none' 4
default-src 'self'; connect-src *; img-src 'self' data: 4
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google.com https://www.gstatic.com; frame-src https://www.google.com; connect-src 'self' https://www.google.com; 4
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report 4
frame-ancestors 'self' facebook.com 4
frame-ancestors https://*.b12.io:* https://b12.io 4
frame-ancestors https://suite34.emarsys.net; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubfef39b54e4afa416599740644771d1c2&dd-evp-origin=content-security-policy&ddsource=csp-report 4
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src data: * 'unsafe-inline' blob:; img-src * data: blob: 'unsafe-inline'; frame-src * blob:; style-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; worker-src * blob:; 4
frame-ancestors 'self' https://admin.hifiklubben.dk https://businesscentral.dynamics.com https://lshardware.audionord.dk https://bctest.audionord.dk https://bc.audionord.dk 4
default-src 'self'; script-src 'self' 'sha256-x02jWIRuH8DM4N4XT/IlTB74yIzLXxLbQpqiIGQl09Y=' https://www.googletagmanager.com https://player.vimeo.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com; connect-src 'self' https://*.google-analytics.com https://www.googletagmanager.com 4
default-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br *.wheely.biz wheely.revolutpeople.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br *.wheely.biz wheely.revolutpeople.com *.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com cdn.checkout.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br *.wheely.biz wheely.revolutpeople.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br *.wheely.biz wheely.revolutpeople.com https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; img-src 'self' http://localhost:1337 https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br *.wheely.biz wheely.revolutpeople.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://www.facebook.com https://connect.facebook.net; media-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br *.wheely.biz wheely.revolutpeople.com https://js.intercomcdn.com; frame-src 'self' *.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net *.google.com https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com; connect-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br *.wheely.biz wheely.revolutpeople.com https://o18635.ingest.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://*.googleapis.com https://*.gstatic.com data: blob: https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://stats.g.doubleclick.net https://www.facebook.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://www.facebook.com https://payment-3ds.com; report-uri https://o18635.ingest.sentry.io/api/1453113/security/?sentry_key=17e7a309684a4cc5a82504db707f1e7a; frame-ancestors *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br *.wheely.biz wheely.revolutpeople.com *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi 4
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval';    frame-ancestors 'self' https://one-time-offer.com https://cashbackprog.completesavings.co.uk;upgrade-insecure-requests; 4
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self' 4
default-src 'self'; script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'  www.google-analytics.com; 4
default-src 'self';        script-src 'self' 'unsafe-eval' https://*.cookiebot.eu https://consentcdn.cookiebot.com https://consent.cookiebot.com;        script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.bidtheatre.com https://*.proact.co.uk https://*.proact.nl https://*.proact.de https://*.proact.se https://widget.datablocks.se https://*.hotjar.com https://player.vimeo.com https://yoast.com https://*.facebook.net/ https://www.google.com https://*.gstatic.com https://*.licdn.com/ https://*.yourwoo.com https://*.albacross.com https://*.cision.com https://*.pardot.com https://cdnjs.cloudflare.com/ajax/ https://*.cookiebot.com https://*.cookiebot.eu  https://*.conoa.se https://*.proact.eu https://www.googletagmanager.com https://www.google-analytics.com;        style-src 'self' 'unsafe-inline' https://widget.datablocks.se https://fonts.googleapis.com;        object-src 'none';        base-uri 'self';        connect-src 'self' https://hub.mfn.se/ https://widget.datablocks.se wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://vimeo.com https://www.facebook.com https://cdn.linkedin.oribi.io https://*.albacross.com https://*.yoast.com https://*.cision.com https://consentcdn.cookiebot.com https://*.cookiebot.eu https://*.google.com https://*.google-analytics.com https://stats.g.doubleclick.net;        font-src 'self' https://fonts.gstatic.com;        frame-src 'self' blob: https://proactcalculator.hut3staging.com https://www.google.com https://www.facebook.com https://*.cookiebot.eu https://consentcdn.cookiebot.com https://go.proact.eu https://player.vimeo.com;        frame-ancestors 'self';        img-src 'self' data: https://*.doubleclick.net https://*.adsrvr.org https://*.casalemedia.com https://*.adswizz.com https://*.adnxs.com https://*.adform.net https://*.pubmatic.com https://*.smartadserver.com https://*.bidtheatre.com https://*.rubiconproject.com https://*.stickyadstv.com https://*.smartclip.net https://storage.mfn.se https://widget.datablocks.se https://*.cookiebot.eu https://*.cookiebot.com https://*.facebook.com https://*.linkedin.com https://*.yourwoo.com https://*.albacross.com https://*.proact.eu https://*.cision.com https://i.vimeocdn.com https://s.w.org https://www.google-analytics.com www.google.com google.com www.google.de google.de www.google.se google.se www.google.co.uk google.co.uk www.google.nl google.nl  https://www.googletagmanager.com;        manifest-src 'self';        media-src 'self';        worker-src 'self' blob:; 4
default-src 'unsafe-inline' 'self' https://*.clarity.ms https://c.bing.com; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'self' sha256-0/NMaGJWVjIukwBMkinLP6tmeD9zx5luPBD3YAk+Y7Q= *.usabilla.com http: https:; style-src 'unsafe-inline' 'self' *.usabilla.com https:; font-src 'self' *.usabilla.com https: data:; frame-src 'self' *.usabilla.com https:;frame-ancestors 'self' *.travelex.net; img-src 'self' *.usabilla.com http: https: data:; connect-src 'self' *.usabilla.com wss://tufsuyburufn.transport.connect.eu-west-2.amazonaws.com https: http:; style-src-elem 'unsafe-inline' 'self' *.usabilla.com https:; media-src 'unsafe-inline' 'self' https:; 4
default-src 'self' https:; connect-src https:; font-src 'self'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' data:; media-src 'self'; object-src 'self'; script-src https://www.pocketoption.app/jquery.min.js 'nonce-pocketoption1' 'nonce-pocketoption2' 'nonce-pocketoption3' 'nonce-pocketoption4' 'nonce-pocketoption5'; style-src 'self' 'unsafe-inline'; base-uri 'self'; child-src 'self'; form-action 'self' 4
frame-ancestors 'self' https://*.traumgutscheine.com 4
frame-ancestors 'self' https://*.k12online.vn https://onlyoffice-docs.coquan.net edu-onlyoffice.coquan.vn 4
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: http://c.statcounter.com https://www.google.com http://www.google.com http://csi.gstatic.com; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 4
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 4
frame-ancestors https://damascus.prod.evqt.net https://damascus.staging.evqt.net 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 4
default-src https: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src https: data:; font-src https: data:; media-src https:; object-src https:; frame-src * data:; child-src *; frame-ancestors 'self' https://*.yandex.ru; 4
frame-ancestors https://fi.tav.aero 4
frame-ancestors 'self' *.recia.fr *.netocentre.fr netocentre.fr *.touraine-eschool.fr *.chercan.fr colleges41.fr *.colleges41.fr e-college.indre.fr *.e-college.indre.fr  mon-e-college.loiret.fr *.mon-e-college.loiret.fr *.colleges-eureliens.fr *.nextcloud.recia.aquaray.com 4
frame-ancestors 'self' *.narvar.com narvar.com *.integrations-narvar.com; base-uri 'self'; 4
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; frame-src 'self'; form-action 'self' 4
upgrade-insecure-requests; default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 4
default-src * blob: data: 'unsafe-eval' 'unsafe-inline' 4
font-src 'self'; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.value-domain.com www.xrea.com www2.xrea.com www.coreserver.jp www2.coreserver.jp www.value-server.com www2.value-server.com www.google-analytics.com *.googlesyndication.com *.doubleclick.net www.google.com;img-src *; 4
frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 4
base-uri 'self'; frame-ancestors 'self' https://sage.pathfactory.com https://explore.sage.com; 4
default-src 'self'; img-src 'self' https://dovendi.b-cdn.net data:; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://dovendi.b-cdn.net https://www.feedbackcompany.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https://dovendi.b-cdn.net https://www.feedbackcompany.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://dovendi.b-cdn.net https://fonts.googleapis.com; frame-src 'self' https://www.feedbackcompany.com https://www2.dovendi.com; connect-src 'self' https://www.feedbackcompany.com; 4
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://localhost js.klarna.com b2c.benuta.at b2c.benuta.ch b2c.benuta.co.uk b2c.benuta.cz b2c.benuta.de b2c.benuta.dk b2c.benuta.es b2c.benuta.eu b2c.benuta.fi b2c.benuta.fr b2c.benuta.it b2c.benuta.nl b2c.benuta.no b2c.benuta.pl b2c.benuta.pt b2c.benuta.se b2c.benuta.com connect.getflowbox.com www.googletagmanager.com tagmanager.google.com www.youtube.com www.google.com www.gstatic.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com maps.googleapis.com https://maps.googleapis.com x.klarnacdn.net pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com load.sumo.com vercel.live bat.bing.com connect.facebook.net sumo.com cdn.vercel-insights.com *.sovendus.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://collector-37445.tvsquared.com *.tvsquared.com https://pixel.biano.it https://it.bianopixel.com dynamic.criteo.com sslwidget.criteo.com static.ads-twitter.com widget.reviews.io *.newrelic.com *.cnstrc.com cnstrc.com *.powerrobotflower.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com *.vimeo.com vimeo.com static.hotjar.com trck.linkster.co *.chat.getzowie.com ct.pinterest.com applepay.cdn-apple.com google.com/pay; worker-src 'self' blob: app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu; connect-src 'self' data: blob: sockjs-us3.pusher.com eu.playground.klarnaevt.com eu.klarnaevt.com https://wchat.freshchat.com *.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com www.google-analytics.com stats.g.doubleclick.net graphql.contentful.com *.ksearchnet.com ksearchnet.com www.google.com *.googleapis.com *.gstatic.com sumo.com ct.pinterest.com googleads.g.doubleclick.net bat.bing.com vitals.vercel-insights.com vercel.live *.pusher.com *.adyen.com wss://ws-us3.pusher.com *.klarnacdn.net *.klarna.com *.appspot.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://p.biano.it https://it.bianopixel.com ads.x.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com tiktok.com public.app.priceshape.io measurement-api.criteo.com api.reviews.io *.nr-data.net *.googlesyndication.com *.cnstrc.com cnstrc.com *.powerrobotflower.com *.hyr.so *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.vimeo.com vimeo.com *.hotjar.io wss://*.hotjar.com trck.linkster.co *.chat.getzowie.com *.parcellab.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat google.com/pay; style-src 'self' 'unsafe-inline' data: tagmanager.google.com x.klarnacdn.net wchat.freshchat.com www.benuta.eu www.googletagmanager.com assets.reviews.io widget.reviews.io d1azc1qln24ryf.cloudfront.net d19ayerf5ehaab.cloudfront.net cdn.icomoon.io *.cnstrc.com cnstrc.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com; font-src 'self' data: assets.vercel.com x.klarnacdn.net assets.reviews.io d19ayerf5ehaab.cloudfront.net cdn.icomoon.io; img-src 'self' blob: data: ssl.gstatic.com www.gstatic.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com x.klarnacdn.net *.adyen.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.cloudfront.net googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com ct.pinterest.com bat.bing.com media.sumo.com assets.vercel.com b2b.benuta.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com *.getflowbox.com https://collector-37445.tvsquared.com *.tvsquared.com checkoutshopper-live.adyen.com x.klarnacdn.net images.ctfassets.net downloads.ctfassets.net downloads.ctfassets.net www.paypalobjects.com www.checkoutshopper-live.adyen.com *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com *.b2b.benuta.com checkoutshopper-live.adyen.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com t.co *.cnstrc.com cnstrc.com *.reviews.co.uk *.reviews.io *.powerrobotflower.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com script.hotjar.com cdn.flbx.io benuta-sandbox.bynder.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.mgr.consensu.org p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com snap.licdn.com sync.taboola.com s.analytics.yahoo.com; media-src 'self' videos.ctfassets.net *.vimeo.com vimeo.com cdn.flbx.io; manifest-src 'self' 4
frame-src https: 4
frame-ancestors 'self' https://tippspiel.redbullsalzburg.at; 4
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' * tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com dash-staging.bounceexchange.com https://cdn.gbqofs.com/ https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com;  style-src * 'self' 'unsafe-inline' assets.bounceexchange.com;  img-src * 'self' blob: data: assets.bounceexchange.com events.bouncex.net;  font-src * 'self' data: assets.bounceexchange.com;   child-src assets.bounceexchange.com;   worker-src * 'self' blob: assets.bounceexchange.com;   frame-src * 'self' assets.bounceexchange.com dash-staging.bounceexchange.com;  form-action * 'self' api.bounceexchange.com dev.bounceexchange.com;  connect-src * 'self' events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net; 4
script-src 'self' 'unsafe-eval' 'unsafe-inline' * 4
default-src 'self';script-src  'self' connect.facebook.net www.gstatic.com cdn.cookielaw.org www.google.com www.googletagmanager.com maps.googleapis.com https://cdn.jsdelivr.net https://apis.google.com 'unsafe-inline' 'unsafe-eval';style-src 'self' www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline';img-src 'self' data: https:;font-src 'self' https://fonts.gstatic.com;connect-src 'self' region1.analytics.google.com geolocation.onetrust.com www.google.com cdn.cookielaw.org www.googletagmanager.com region1.google-analytics.com www.gstatic.com maps.googleapis.com https://backend.blogosferathermomix.es data:;media-src   'self';frame-src www.youtube.com maps.google.com www.google.com;object-src  'none';worker-src 'self' blob:;form-action 'self';base-uri    'self';frame-ancestors 'none';upgrade-insecure-requests; 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: https://cdn.ampproject.org https://*.google-analytics.com https://www.googletagmanager.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' filesystem: https://fonts.googleapis.com; img-src 'self' https: data: blob: filesystem: secure.gravatar.com cdn.ampproject.org ampproject.net *.wordpress.org s.w.org *.githubusercontent.com; connect-src 'self' https: data: blob: filesystem: https://cdn.ampproject.org https://ampcid.google.com https://ampcid.google.com.mt https://ampcid.google.com.tr https://*.google-analytics.com https://*.hotjar.com https://*.facebook.com https://*.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com https://challenges.cloudflare.com; font-src 'self' https: data: blob: filesystem: https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https: data: blob: filesystem: https://www.googletagmanager.com https://*.google.com https://vars.hotjar.com https://www.facebook.com https://challenges.cloudflare.com 4
frame-ancestors 'self' *.intuit.com 3
frame-ancestors 'self' https://axon-cms.sanity.studio http://localhost:3000 https://*.sanity.studio https://*.sanity.io 3
default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com https://www.paypal.com https://www.paypalobjects.com https://widget.thegivingblock.com https://*.shift4.com ; img-src 'self' data: blob: https://www.google-analytics.com https://*.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ https://www.paypal.com https://outreach.abetterinternet.org https://app.netlify.com https://widget.thegivingblock.com/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com https://www.paypal.com https://www.google-analytics.com ; 3
default-src 'self'; object-src 'self'; connect-src 'self' *.mikrotik.com *.mt.lv ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: i.mt.lv *.mikrotik.com mikrotik.com gstatic.com *.gstatic.com chatwith.tools ; style-src 'self' 'unsafe-inline' i.mt.lv *.mikrotik.com mikrotik.com www.mikrotik.com ; img-src 'self' data: *.mikrotik.com mikrotik.com www.mikrotik.com *.mt.lv i.ytimg.com *.tile.openstreetmap.org tile.openstreetmap.org *.basemaps.cartocdn.com forum.mikrotik.com *.routerboard.com ; frame-src 'self' *.mikrotik.com *.mt.lv youtu.be youtube.com www.youtube.com www.google.com chatwith.tools tiktube.com www.tiktube.com; font-src 'self' data: mikrotik.com www.mikrotik.com i.mt.lv ; frame-ancestors 'self' *.mt.lv ; 3
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com https://steamcommunity-a.akamaihd.net; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ https://checkout.steampowered.com/ https://*.steamstatic.com https://*.steamcontent.com https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.cqloud.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net https://api.steampowered.com https://steamvideo-a.akamaihd.net https://video.st.dl.eccdnx.com https://vd.queniujq.cn https://video.cdn.steamchina.eccdnx.com https://video.cdn.queniuqe.com https://video.cdn.steamchina.queniuam.com https://*.storage.googleapis.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://checkout.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://steamcommunity.com/; frame-ancestors 'none'; 3
default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://yandex.ru https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com https://*.vkvideo.ru 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com https://*.vkvideo.ru 'self' 'unsafe-inline';report-uri /csp 3
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://www.youtube.com https://survey.g.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com;report-uri /us/_/BgcMiscSites/cspreport/allowlist;worker-src blob: 'self' 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 3
frame-ancestors 'self' https://*.t-online.de; 3
default-src 'self' https://*.extole.io; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.botframework.com https://*.capterra.com https://*.clarity.ms https://*.clickagy.com https://*.demandbase.com https://*.demdex.net https://*.eset.com https://*.events.ubembed.com https://*.extole.io https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.ingest.*.sentry.io https://*.optimonk.com https://*.quora.com https://*.tawk.to https://*.tt.omtrdc.net https://*.zoominfo.com https://acsbapp.com https://ads.reddit.com https://adservice.google.com https://analytics.google.com https://analytics.tiktok.com https://analytics.twitter.com https://aorta.clickagy.com https://api.cloudsponge.com https://api.company-target.com https://bat.bing.com https://bat.bing.net https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://collect.cloudsponge.com https://conversions-config.reddit.com https://cookies-data.onetrust.io https://ct.pinterest.com https://ekr.zdassets.com https://ep.smct.co https://eset.tt.omtrdc.net https://esetclientes.zendesk.com https://fapi.eset.cz https://front.optimonk.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://grsm.io https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://js.zi-scripts.com https://link.technologyadvice.com https://maps.googleapis.com https://mapsresources-pa.googleapis.com https://partnerlinks.io https://pixel-config.reddit.com https://privacyportal.onetrust.com https://process.acsbapp.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://scout.salesloft.com https://script.crazyegg.com https://segments.company-target.com https://sentry.io https://smct.co https://stats.g.doubleclick.net https://t.co https://tracker.clickguard.com https://tracking-api.g2.com https://web1.acsbapp.com https://www.facebook.com https://www.google-analytics.com https://www.google.by https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.es https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.mczbf.com https://www.redditstatic.com wss://*.botframework.com wss://*.eset.com wss://*.hotjar.com wss://*.tawk.to wss://*.zendesk.com wss://*.zopim.com; font-src 'self' data: https://*.eset.com https://*.extole.io https://*.gstatic.com https://*.optimonk.com https://*.web-assets.eset.com https://acsbapp.com https://api.cloudsponge.com https://cdn.acsbapp.com https://cf.xtlo.net https://embed.tawk.to https://fonts.smct.co https://fonts.smct.io https://origin.xtlo.net https://script.hotjar.com; form-action 'self' https://*.eset-la.com https://*.eset.com https://*.form.eset.com https://*.tienda.eset-la.com https://s1069307879.t.eloqua.com https://webto.salesforce.com https://www.facebook.com; frame-ancestors 'self' https://*.eset.com; frame-src 'self' https://*.eset.com https://*.fls.doubleclick.net https://*.sgtm.eset.com https://4144895.extforms.netsuite.com https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://cj.dotomi.com https://embed.tawk.to https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://s.company-target.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://tr.snapchat.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.brighttalk.com https://www.buzzsprout.com https://www.emjcd.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.paperturn-view.com https://www.riddle.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' blob: data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.capterra.com https://*.eset.com https://*.extole.io https://*.gstatic.com https://*.hotjar.com https://*.krxd.net https://*.optimonk.com https://*.rlcdn.com https://*.salesloft.com https://*.tawk.to https://*.yahoo.co.jp https://*.zdusercontent.com https://*.zendesk.com https://aa.agkn.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://adservice.google.de https://alb.reddit.com https://analytics.google.com https://analytics.twitter.com https://aorta.clickagy.com https://api.cloudsponge.com https://bat.bing.com https://bat.bing.net https://c.bing.com https://c.clarity.ms https://cdn.acsbapp.com https://cdn.cookielaw.org https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cf.xtlo.net https://cj.dotomi.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://dsum-sec.casalemedia.com https://events.smct.co https://fapi.eset.cz https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://insight.adsrvr.org https://maps.googleapis.com https://match.adsrvr.org https://origin.xtlo.net https://p.veritone-ce.com https://pagead2.googlesyndication.com https://pixel-sync.sitescout.com https://pixel.rubiconproject.com https://proeesweufesto01.blob.core.windows.net https://proeeswusfesto01.blob.core.windows.net https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://px.steelhousemedia.com https://q.quora.com https://region1.analytics.google.com https://region1.google-analytics.com https://s1069307879.t.eloqua.com https://s786665.t.eloqua.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://t.co https://tags.bluekai.com https://tags.w55c.net https://tawk.link https://tribl.io https://trk.crozdesk.com https://us-u.openx.net https://usermatch.krxd.net https://web-assets.esetstatic.com https://web1.acsbapp.com https://www.emjcd.com https://www.facebook.com https://www.google-analytics.com https://www.google.at https://www.google.ca https://www.google.ch https://www.google.co.in https://www.google.co.jp https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.mx https://www.google.com.sg https://www.google.cz https://www.google.de https://www.google.es https://www.google.fr https://www.google.it https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com https://www.mczbf.com; manifest-src 'self' https://*.eset.com https://*.web-assets.eset.com; media-src 'self' https://*.eset.com https://*.web-assets.eset.com https://embed.tawk.to https://eset.zendesk.com https://esetclientes.zendesk.com https://static.zdassets.com https://web1.acsbapp.com; object-src 'self' https://*.eset.com https://*.web-assets.eset.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.capterra.com https://*.cookielaw.org https://*.eset.com https://*.extole.io https://*.js.ubembed.com https://*.mountain.com https://*.optimonk.com https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://*.ubembed.com https://*.web-assets.eset.com https://*.xtlo.net https://*.zendesk.com https://a.quora.com https://acsbap.com https://acsbapp.com https://analytics.tiktok.com https://api.cloudsponge.com https://assets.esetstatic.com https://bat.bing.com https://cdn.botframework.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://d3pkntwtp2ukl5.cloudfront.net https://embed.playbuzz.com https://embed.tawk.to https://embed.typeform.com https://fapi.eset.cz https://gleam.io https://googleads.g.doubleclick.net https://img.en25.com https://img06.en25.com https://invitejs.trustpilot.com https://js.gleam.io https://js.partnerstack.com https://js.smct.co https://js.smct.io https://js.zi-scripts.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://scout-cdn.salesloft.com https://script.hotjar.com https://scripts.clarity.ms https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://static.zdassets.com https://tag.demandbase.com https://tags.clickagy.com https://tpc.googlesyndication.com https://tracking-api.g2.com https://tribl.io https://trk.crozdesk.com https://visitor.technologyadvice.com https://widget.trustpilot.com https://ws.zoominfo.com https://www.brighttalk.com https://www.buzzsprout.com https://www.clarity.ms https://www.emjcd.com https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.cg https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.zw https://www.google.com https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.mczbf.com https://www.paperturn-view.com https://www.redditstatic.com https://www.riddle.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.eset.com https://*.extole.io https://*.hotjar.com https://*.optimonk.com https://*.tawk.to https://*.web-assets.eset.com https://api.cloudsponge.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io; worker-src 'self' https://*.eset.com; report-uri https://www-eset-com.api.cspconsole.com; report-to csp-endpoint; 3
base-uri 'self'; default-src 'self' *.atlassian.com *.intercomcdn.com *.orangelogic.com *.6sc.co *.6sense.com sourcetreeapp.com *.sourcetreeapp.com; script-src 'self' *.gstatic.com *.cookielaw.org *.public.atl-paas.net *.prod.atl-paas.net *.googletagmanager.com *.marketo.net *.atlassian.com utt.impactcdn.com *.google.com *.doubleclick.com *.googleadservices.com *.livechatinc.com *.bing.com *.quora.com *.yimg.jp *.clicktale.net *.linkedin.com *.twitter.com *.licdn.com *.demandbase.com *.doubleclick.net *.facebook.net *.redditstatic.com *.clearbitscripts.com *.clarity.ms *.vimeo.com *.google-analytics.com facebook.com *.facebook.com impactcdn.com *.impactcdn.com clearbitjs.com *.clearbitjs.com yahoo.co.jp *.yahoo.co.jp *.recaptcha.net *.ads-twitter.com *.intercom.io *.intercomcdn.com *.jsdelivr.net *.6sc.co *.6sense.com *.techtarget.com *.capterra.com sourcetreeapp.com *.sourcetreeapp.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.public.atl-paas.net *.prod.atl-paas.net fonts.googleapis.com *.googletagmanager.com sourcetreeapp.com *.sourcetreeapp.com 'unsafe-inline'; img-src 'self' blob: data: atlassian.com *.atlassian.com *.cookielaw.org *.gravatar.com *.wp.com fd-assets.prod.atl-paas.net pixel.pointmediatracker.com *.prod.public.atl-paas.net cnv.event.prod.bidr.io *.doubleclick.net *.clicktale.net *.bing.com rlcdn.com reddit.com quora.com *.rlcdn.com *.reddit.com *.quora.com *.ctfassets.net  *.linkedin.com *.google.com *.google.com.au *.company-target.com *.facebook.com *.google-analytics.com *.twitter.com t.co *.intercomcdn.com *.intercomassets.com *.frontend.public.atl-paas.net *.orangelogic.com *.googletagmanager.com img.logo.dev *.atlassian.net sourcetreeapp.com *.sourcetreeapp.com; font-src 'self' *.ctfassets.net *.intercomcdn.com *.gstatic.com *.frontend.public.atl-paas.net; frame-ancestors 'none'; form-action 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/wac-web; report-to csp-default-endpoint; connect-src 'self' ws: atlassian.com *.atlassian.com *.cookielaw.org *.onetrust.com *.public.atl-paas.net *.prod.atl-paas.net *.mktoresp.com *.ingest.sentry.io *.workato.com atlassian.sjv.io statsigapi.net *.statsigapi.net *.contentful.com atlassian.net *.clicktale.net *.contentsquare.net *.bing.com google-analytics.com company-target.com linkedin.com *.google-analytics.com *.company-target.com *.linkedin.com *.doubleclick.net *.reddit.com *.redditstatic.com *.google.com *.demandbase.com *.clarity.ms *.clearbit.com *.intercom.io *.algolianet.com *.algolia.net *.algolia.io *.recaptcha.net https://unpkg.com/@rive-app/ *.facebook.com *.orangelogic.com *.adnxs.com *.6sc.co *.6sense.com apis.auxia.io *.atlassian.net sourcetreeapp.com *.sourcetreeapp.com; worker-src 'self' blob:; frame-src 'self' *.youtube.com *.google.com *.doubleclick.net *.recaptcha.net *.atl-paas.net *.company-target.com *.googletagmanager.com *.atlassian.net; media-src 'self' *.ctfassets.net *.atlassian.com *.orangelogic.com 3
block-all-mixed-content;         default-src https://loc.gov/ https://*.loc.gov/ ;         media-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             blob:;         worker-src https://loc.gov/ https://*.loc.gov/              blob:;         font-src https://loc.gov/ https://*.loc.gov/              https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             data:;         img-src https://loc.gov/ https://*.loc.gov/              https://congress.gov/ https://*.congress.gov/             https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://*.ssa.gov/             https://dpm.demdex.net/             https://cm.everesttech.net/             https://*.amazonaws.com             data:             blob:;         connect-src https://loc.gov/ https://*.loc.gov/              https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://chat-us.libanswers.com/             https://thelibraryofcongress.tt.omtrdc.net/             https://dpm.demdex.net/ 	        https://d3c605m4lmznjl.cloudfront.net/             https://*.s3.us-east-1.amazonaws.com/;         style-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             https://assets.adobedtm.com/             https://*.ssa.gov/             'unsafe-inline'             blob:;         script-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             https://assets.adobedtm.com/             https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://ajax.googleapis.com/ajax/libs/jquery/             https://*.ssa.gov/             https://s.ytimg.com/             'unsafe-inline'             'unsafe-eval';         frame-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://www.nlstalkingbooks.org/             https://unitedstateslibraryofcongress.demdex.net             https://www.youtube-nocookie.com/;         frame-ancestors https://loc.gov/ https://*.loc.gov/              https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://loc.libwizard.com/;         report-uri https://errorlogging.loc.gov/api/51/security/?sentry_key=2176ae0b9acd4cd59297edc0e064cc95&sentry_environment=production ; 3
frame-ancestors 'self' *.nike.com *.nikecloud.com *.nikedev.com 3
default-src *.clarity.ms ml314.com *.romeo.liveclicker.com romeo.liveclicker.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' 'self'; script-src web-chat.nativechat.com https://unpkg.com https://cdnjs.cloudflare.com *.hawksearch.net https://cdn.insight.sitefinity.com https://dec.azureedge.net https://js.monitor.azure.com 'unsafe-inline' 'unsafe-eval' munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org code.jquery.com kendo.cdn.telerik.com maps.google.com z.moatads.com v1.addthisedge.com *.googletagmanager.com *.quantcast.com *.quantserve.com *.quantcount.com cltgtstor001.blob.core.windows.net *.slgnt.us cdn.polyfill.io googleads.g.doubleclick.net static.ads-twitter.com snap.licdn.com *.adroll.com t.co analytics.twitter.com *.google.com *.linkedin.com *.33across.com *.hotjar.com cdn.jsdelivr.net ml314.com *.clarity.ms *.romeo.liveclicker.com romeo.liveclicker.com *.sitescout.com cdn01.basis.net *.pixel.ad *.surveymonkey.com cmp.inmobi.com *.onetrust.com assistant.woorank.com cdn.ribbonapp.com www.youtube.com *.sagepub.com app-sfrenderer-ci-westus-001.azurewebsites.net app-sfrenderer-dev-westus-001.azurewebsites.net app-sfrenderer-qa-westus-001.azurewebsites.net app-sfrenderer-uat-westus-001.azurewebsites.net app-sfrenderer-stg-westus-001.azurewebsites.net translate.google.com translate.googleapis.com translate-pa.googleapis.com www.google-analytics.com *.posthog.com public.virtualbadge.io static.virtualbadge.io https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self'; style-src web-chat.nativechat.com 'unsafe-inline' https://unpkg.com *.hawksearch.net https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.jsdelivr.net cdnjs.cloudflare.com *.googletagmanager.com *.romeo.liveclicker.com romeo.liveclicker.com *.sagepub.com app-sfrenderer-ci-westus-001.azurewebsites.net app-sfrenderer-dev-westus-001.azurewebsites.net app-sfrenderer-qa-westus-001.azurewebsites.net app-sfrenderer-uat-westus-001.azurewebsites.net app-sfrenderer-stg-westus-001.azurewebsites.net www.gstatic.com fonts.googleapis.com 'self'; connect-src *.hawksearch.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://dc.services.visualstudio.com *.mktoresp.com *.googletagmanager.com maps.googleapis.com *.quantcast.com *.quantserve.com *.quantcount.com *.hawksearch.com www.google.com googleads.g.doubleclick.net *.slgnt.us stats.g.doubleclick.net *.google.com *.linkedin.com *.adroll.com cdn.linkedin.oribi.io *.hotjar.com wss://*.hotjar.com *.hotjar.io ml314.com *.clarity.ms cmp.inmobi.com api.cmp.inmobi.com google.com *.googlesyndication.com *.onetrust.com www.woorank.com *.sagepub.com app-sfrenderer-ci-westus-001.azurewebsites.net app-sfrenderer-dev-westus-001.azurewebsites.net app-sfrenderer-qa-westus-001.azurewebsites.net app-sfrenderer-uat-westus-001.azurewebsites.net app-sfrenderer-stg-westus-001.azurewebsites.net nominatim.openstreetmap.org translate-pa.googleapis.com translate.googleapis.com www.google-analytics.com *.applicationinsights.azure.com js.monitor.azure.com assistant.woorank.com *.posthog.com public.virtualbadge.io unpkg.com 'self'; frame-src web-chat.nativechat.com players.brightcove.net *.slgnt.us www.youtube.com www.buzzsprout.com *.sitescout.com *.surveymonkey.com *.sagepub.com www.googletagmanager.com public.virtualbadge.io 'self'; img-src web-chat.nativechat.com data: https://cf-images.us-east-1.prod.boltdns.net https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com maps.google.com *.quantserve.com *.quantcount.com t.co *.twitter.com *.google.com *.linkedin.com *.adroll.com x.bidswitch.net cm.g.doubleclick.net dsum-sec.casalemedia.com idsync.rlcdn.com pixel.rubiconproject.com us-u.openx.net sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com sync.taboola.com eb2.3lift.com ib.adnxs.com *.google-analytics.com *.googletagmanager.com corwinpress.azureedge.net *.clarity.ms ml314.com ps.eyeota.net sync.crwdcntrl.net match.adsrvr.org dpm.demdex.net *.sitescout.com www.google.com.ni googleads.g.doubleclick.net cmn-cdn-uat-001.sagepub.com cmn-cdn-001.sagepub.com https://sagepubcoreweb.blob.core.windows.net *.sagepub.com *.openstreetmap.org *.onetrust.com www.gstatic.com translate.googleapis.com fonts.gstatic.com c.bing.com https://cdn.insight.sitefinity.com 'self'; font-src fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com cdnjs.cloudflare.com 'self' data:; media-src  'self'; child-src web-chat.nativechat.com 'self' 3
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cursor.com *.cursor.com cursor.sh *.cursor.sh *.unifyintent.com *.cloudfront.net pro.ip-api.com *.liadm.com *.usbrowserspeed.com alocdn.com va.vercel-scripts.com vercel.live jobs.ashbyhq.com os.ryo.lu connect.facebook.net js.zi-scripts.com ws-assets.zoominfo.com *.chilipiper.com www.googletagmanager.com *.googletagmanager.com *.roadwayai.com ; connect-src 'self' cursor.com *.cursor.com cursor.sh *.cursor.sh unifyintent.com *.unifyintent.com *.cloudfront.net pro.ip-api.com *.liadm.com *.usbrowserspeed.com alocdn.com 9xgnrndqve.execute-api.us-west-2.amazonaws.com api.ashbyhq.com jobs.ashbyhq.com api.conceptualhq.com ip.conceptualhq.com *.facebook.com facebook.com featureassets.org prodregistryv2.org youtube.com *.youtube.com js.zi-scripts.com ws.zoominfo.com *.zoominfo.com *.chilipiper.com www.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.roadwayai.com *.mux.com stream.mux.com inferred.litix.io ; worker-src 'self' blob: data: cursor.com *.cursor.com cursor.sh *.cursor.sh ; style-src 'self' 'unsafe-inline' cursor.com *.cursor.com cursor.sh *.cursor.sh ; img-src 'self' blob: data: cursor.com *.cursor.com cursor.sh *.cursor.sh *.public.blob.vercel-storage.com *.facebook.com facebook.com *.chilipiper.com www.googletagmanager.com *.google-analytics.com *.mux.com image.mux.com ; media-src 'self' blob: data: cursor.com *.cursor.com cursor.sh *.cursor.sh *.public.blob.vercel-storage.com *.mux.com stream.mux.com ; font-src 'self' cursor.com *.cursor.com cursor.sh *.cursor.sh ; object-src 'none' ; base-uri 'self' ; form-action 'self' cursor.com *.cursor.com cursor.sh *.cursor.sh vercel.live *.chilipiper.com ; frame-src 'self' cursor.com *.cursor.com cursor.sh *.cursor.sh vercel.live jobs.ashbyhq.com youtube.com *.youtube.com youtu.be *.chilipiper.com www.googletagmanager.com ; frame-ancestors 'self' cursor.com *.cursor.com cursor.sh *.cursor.sh ; upgrade-insecure-requests; 3
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self'; frame-ancestors https://*.lenovo.com lenovoeaastest.service-now.com lenovoeaasdev.service-now.com lenovoeaasstage.service-now.com lenovoeaas.service-now.com 3
base-uri 'self'; connect-src https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://bat.bing.com https://mc.yandex.ru *.mouseflow.com https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/ analytics.twitter.com 'self' https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.facebook.com https://graph.facebook.com https://analytics.synology.com https://px.adhigh.net/ https://*.clarity.ms https://api-fra.livechatinc.com https://api.mapbox.com https://events.mapbox.com https://fw-cdn.com https://src.fwusercontent.com https://synologyc2.myfreshworks.com https://lottie.host/ https://webec.synodev.com https://webec-cn.synodev.com https://webec.synology.com https://webec.synology.cn https://*.synodev.com https://*.synology.com https://api.store-test.synology.com https://api.store.synology.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.googletagmanager.com https://pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com https://*.googleadservices.com https://*.google.com.tw https://www-ai.synology.com; default-src 'self'; font-src *.mouseflow.com 'self' data: https://synostatic.synology.com https://cdn.livechatinc.com https://themes.googleusercontent.com https://fonts.gstatic.com; frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com 'self' https://*.facebook.com; frame-src *.mouseflow.com https://vars.hotjar.com/ 'self' https://*.synology.com https://*.facebook.com https://staticxx.facebook.com https://px.adhigh.net/ https://player.youku.com/ https://synology.jobbase.io https://secure.livechatinc.com https://secure-fra.livechatinc.com https://api-fra.livechatinc.com https://*.personio.com https://synology.onlyfy.jobs https://youtube.com https://www.youtube.com https://cse.google.com https://www.googletagmanager.com https://*.doubleclick.net https://optimize.google.com https://synoform.synology.com; img-src https://*.bing.com https://mc.yandex.ru https://alb.reddit.com *.mouseflow.com https://wcs.naver.com analytics.twitter.com https://t.co/ 'self' data: blob: https://*.synology.com https://global.download.synology.com https://cndl.synology.cn https://gallery.synology.com https://gallery.test.synology.inc https://global.synologydownload.com https://*.linkedin.com https://p.adsymptotic.com/d/px https://www.facebook.com https://*.clarity.ms https://c.bing.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://api-fra.livechatinc.com https://cdn.livechat-files.com https://api.mapbox.com https://i.ytimg.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.google.com https://*.google.de https://*.google.com.tw https://*.gstatic.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com; media-src 'self' https://gallery.synology.com https://download.synology.com https://fileres.synology.com/ https://cdn.livechatinc.com https://api-fra.livechatinc.com; object-src 'none'; script-src https://demo.synology.com https://demo.synology.de https://bat.bing.com https://mc.yandex.ru https://www.redditstatic.com *.mouseflow.com https://static.hotjar.com https://script.hotjar.com/ https://wcs.naver.net/wcslog.js https://analytics.twitter.com https://static.ads-twitter.com https://t.co/i/adsct 'self' blob: 'unsafe-eval' https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://sjs.bizographics.com/insight.min.js https://connect.facebook.net https://px.adhigh.net/ https://cdnjs.cloudflare.com https://synology.jobbase.io https://*.clarity.ms https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://api.mapbox.com https://www.youtube.com fw-cdn.com https://*.freshsales.io https://synologyc2.myfreshworks.com https://unpkg.com 'nonce-b7a56873cd771f2c446d369b649430b65a756ba278ff97ec81bb6f55b2e73569' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://cse.google.com https://clients1.google.com https://tagmanager.google.com https://www.gstatic.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.gstatic.cn https://www.recaptcha.net https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://synostatic.synodev.com https://synostatic.synology.com https://cdnjs.cloudflare.com https://cdn.livechat-files.com https://api.mapbox.com https://assets.freshsales.io https://www.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com 3
connect-src 'self' *.maps.yandex.net api-maps.yandex.ru api.selectel.ru hog.selectel.ru https://chatwoot.selectel.ru wss://chatwoot.selectel.ru https://statuspal.io/api/v2/status_pages/selectel/summary https://*.mindbox.ru https://selectel.ru https://cdn.selectel.ru https://top-fwz1.mail.ru https://web.popmechanic.ru https://metrics.selectel.ru leads.selectel.ru mc.yandex.ru suggest-maps.yandex.ru wss://api.selectel.ru wss://ws.selectel.ru www.youtube.com https://yulixr.ru/ https://hooks.zapier.com/hooks/catch/11509819/ https://hooks.zapier.com/hooks/catch/12416931/ https://script.google.com/a/macros/selectel.com/s/AKfycbzM4er3RoKbPw3cQALGtakLQ7xfTtUk8PETDoXQyYh6kiCLnhu1oO4iCy2CuhT38cGrCA/exec https://files.selectel.ru https://telegram.org/pxl https://core.service.elfsight.com; default-src 'none'; font-src 'self' data: https://cdn.selectel.ru https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net; frame-ancestors 'self' my.selectel.ru promo.selectel.ru go.teachbase.ru learn.selectel.org webvisor.com metrika.yandex.ru; frame-src 'self' api-maps.yandex.ru calc.selectel.ru https://chatwoot.selectel.ru googleads.g.doubleclick.net https://forms.amocrm.ru/ https://player.vimeo.com/ https://vk.com/ www.google.com www.google.ru www.youtube.com https://rutube.ru/ https://kinescope.io/; img-src https: data: blob:; manifest-src 'self'; media-src 'self' https://chatwoot.selectel.ru https://cdn.selectel.ru https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net https://files.selectel.ru; object-src 'self' blob:; report-uri https://relay.selectel.ru/api/87/security/?sentry_key=33110db9255441e5b312279003c189b1 https://relay.selectel.ru/api/20/csp-report/?sentry_key=7af12a7683624269a0cab11188e3d86e; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.maps.yandex.net api-maps.yandex.ru cdn.ampproject.org hog.selectel.ru https://chatwoot.selectel.ru https://cdn.selectel.ru https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net https://cse.google.com/adsense/search/async-ads.js https://cse.google.com/cse.js https://cse.google.com/cse/element/v1 https://s.ytimg.com https://static.popmechanic.ru https://top-fwz1.mail.ru https://vk.com https://www.google.com https://metrics.selectel.ru mc.yandex.ru https://*.mindbox.ru https://widgets.mango-office.ru https://dct.mango-office.ru selectel.ru suggest-maps.yandex.ru www.google.com www.googleadservices.com www.gstatic.com www.youtube.com yastatic.net https://telegram.org/js/pixel.js https://elfsightcdn.com https://universe-static.elfsightcdn.com; style-src 'self' 'unsafe-inline' https://cdn.selectel.ru/ https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net https://chatwoot.selectel.ru https://fonts.googleapis.com https://static.popmechanic.ru https://www.google.com/cse/static/element/ https://www.google.com/cse/static/style/look/v4/espresso.css https://*.mindbox.ru; upgrade-insecure-requests; 3
default-src 'self' https://accounts.google.com/gsi/ ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://accounts.google.com/gsi/client https://adora-cdn.com/adora-start.js ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://accounts.google.com/gsi/style ; object-src 'none' ; base-uri 'self' ; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://static.figma.com https://forms.figma.com https://boards-api.greenhouse.io/v1/boards/figma/jobs https://vimeo.com https://accounts.google.com/gsi/ https://figma.com/api/figment-proxy/monitor https://staging.figma.com/api/figment-proxy/monitor https://figma.com/api/figment-proxy/identify https://staging.figma.com/api/figment-proxy/identify https://figma.com/api/figment-proxy/page https://staging.figma.com/api/figment-proxy/page https://cdn.sanity.io https://events.statsigapi.net/v1/rgstr https://statsigapi.net/v1/sdk_exception https://prodregistryv2.org/v1/rgstr https://featuregates.org/v1/initialize https://featureassets.org/v1/initialize https://o22594.ingest.sentry.io *.adora-cdn.com https://figma-marketing-tools.vercel.app/api/white-background ; frame-src 'self' *.figma.site https://www.figma.com https://marketing.figma.com https://marketing.staging.figma.com https://platform.twitter.com https://player.vimeo.com https://www.youtube.com https://accounts.google.com/gsi/ https://figma.com/api/figment-proxy/monitor https://staging.figma.com/api/figment-proxy/monitor https://figma.com/api/figment-proxy/identify https://staging.figma.com/api/figment-proxy/identify https://figma.com/api/figment-proxy/page https://staging.figma.com/api/figment-proxy/page ; img-src 'self' data: blob: https://cdn.sanity.io https://i.vimeocdn.com https://*.figma.com https://i.ytimg.com https://www.gravatar.com https://i0.wp.com/s3-alpha.figma.com/ https://i1.wp.com/s3-alpha.figma.com/ https://i2.wp.com/s3-alpha.figma.com/ https://i3.wp.com/s3-alpha.figma.com/ ; media-src 'self' https://cdn.sanity.io https://static.figma.com ; worker-src 'self' ; upgrade-insecure-requests 3
frame-ancestors 'self' https://*.otto.de https://*.ottogroup.com https://og2gether.sharepoint.com https://otto.mpp360.cloud https://internal.otto.market; 3
frame-ancestors 'self' https://*.trontv.com https://rainberrytv.com; 3
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net *.change.org change-production.s3.amazonaws.com change-public-stuff.s3.amazonaws.com *.google.ca *.googleadservices.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.recaptcha.net *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net fbrpc://* fb-messenger://* ajax.cdnjs.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.braintree-api.com *.stripe.com *.dlocal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com px-cdn.net *.px-cdn.net *.px-client.net *.px-cloud.net pxchk.net *.pxchk.net surveys-web.delighted.com p2a.co js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.messagebird.com secure.everyaction.com d3rse9xjbp8270.cloudfront.net *.ngpvan.com js2.verygoodvault.com sr-client-cfg.amplitude.com api-sr.amplitude.com api2.amplitude.com https://*.amplitude.com *.cloudflarestream.com code.jquery.com player.vimeo.com bat.bing.com soundcloud.com *.soundcloud.com www.instagram.com www.flickr.com *.staticflickr.com *.voteamerica.com *.jotform.com actionnetwork.org *.airbrake.io *.sentry.io browser-update.org *.tiktok.com *.bannerbear.com ads.nextdoor.com flask.nextdoor.com *.maze.co us-central1-niftic-agency.cloudfunctions.net/change-starter-image us-central1-niftic-agency.cloudfunctions.net/openai/generate-draft us-central1-niftic-agency.cloudfunctions.net/openai/generate-image cdn.iframe.ly tiles.openfreemap.org a.tile.openstreetmap.org change.my.salesforce.com help.change.org; font-src 'self' data: *.change.org d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net fonts.gstatic.com d3rse9xjbp8270.cloudfront.net; img-src * blob: data:; form-action 'self' https://www.paypal.com; frame-ancestors 'self' 3
upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: wss: android-webview-video-poster: blob:; 3
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* https://*.ecestaticos.com www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org player.h-cdn.com 3
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://www.argos.co.uk/logging-api/2/security 3
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 3
style-src * blob: 'unsafe-inline'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob:; frame-ancestors 'self' http://*.carwale.com https://*.carwale.com https://*.bikewale.com https://*.cartrade.com https://*.lead2retail.in https://*.autobiz.in https://lms.bgauss.com https://*.cleverwebserver.com; report-uri /api/exceptions/; 3
default-src 'self' akm-img-a-in.tosshub.com ads.pubmatic.com mab.chartbeat.com pagead2.googlesyndication.com recengine.aajtak.in https://embed.aajtak.in https://trc.taboola.com analytics.google.com feeds.aajtak.in adblock-tester.com securepubads.g.doubleclick.net c.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' https://stackpath.bootstrapcdn.com akm-img-a-in.tosshub.com fonts.gstatic.com 'unsafe-inline' data:; script-src * blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' * https://www.aajtak.in fonts.googleapis.com akm-img-a-in.tosshub.com instore-tosshub-com.s3.ap-south-1.amazonaws.com https://vidstat.taboola.com 'unsafe-inline'; frame-src *; media-src * blob: data:; connect-src * 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; 3
default-src 'none';  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.awin1.com *.bskyb.com *.clicktale.net *.contentsquare.com *.contentsquare.net *.demdex.net *.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.google.ie *.googlesyndication.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.kampyle.com *.liveperson.net *.lpsnmedia.net *.lucidcx.com *.medallia.eu *.optimizely.com *.paa-reporting-advertising.amazon *.qualtrics.com *.redditstatic.com *.sky.com *.skyassets.com *.snapchat.com *.stripe.com *.taggstar.com *.tvsquared.com *.yext-pixel.com *.yimg.com *.zenaps.com aax-eu.amazon-adsystem.com acdn.adnxs.com analytics.tiktok.com analytics.twitter.com android-webview-video-poster: answers2-embed.sky.com.pagescdn.com api.branch.io api2.branch.io app.link assets.adobedtm.com assets.sitescdn.net bat.bing.com britishskybroadcasti.tt.omtrdc.net c.amazon-adsystem.com c5.adalyser.com cdn-assets-prod.s3.amazonaws.com cdn.branch.io cdn.co-buying.com cdn.privacy-mgmt.com cdn.spatialbuzz.com cdn.tt.omtrdc.net cdnjs.cloudflare.com connect.facebook.net content.zeotap.com edge.adobedc.net https://cdn.prod.uidapi.com https://js.adsrvr.org ib.adnxs.com js.smct.co js.smct.io lantern.roeyecdn.com maps.googleapis.com platform.twitter.com players.brightcove.net rules.quantcount.com s.pinimg.com s0.2mdn.net sc-static.net secure.adnxs.com secure.quantserve.com servedby.flashtalking.com sky.likewizesupport.com skycustomer.likewizesupport.com smct.co smct.io static.ads-twitter.com tagmanager.google.com the.sciencebehindecommerce.com unpkg.com vjs.zencdn.net www.dwin1.com www.facebook.com www.googleadservices.com www.gstatic.com yahoo.com;  style-src 'self' 'unsafe-inline' *.clicktale.net *.contentsquare.net *.doubleclick.net *.googlesyndication.com *.kampyle.com *.liveperson.net *.lpsnmedia.net *.medallia.eu *.sky.com *.skyassets.com assets.adobedtm.com assets.sitescdn.net fonts.googleapis.com players.brightcove.net s0.2mdn.net sky.likewizesupport.com sky.lucidcx.com skycustomer.likewizesupport.com tagmanager.google.com www.facebook.com www.googletagmanager.com www.gstatic.com;  font-src 'self' data: *.google.co.uk *.google.com *.google.ie *.intercomcdn.com *.kampyle.com *.medallia.eu *.sky.com *.skyassets.com *.snapchat.com fonts.gstatic.com fonts.smct.co fonts.smct.io players.brightcove.net sky.likewizesupport.com sky.lucidcx.com skycustomer.likewizesupport.com use.typekit.net www.pinterest.com;  img-src 'self' android-webview-video-poster: data: *.akamaihd.net *.atdmt.com *.awin1.com *.boltdns.net *.brightcove.com *.brightcovecdn.com *.clicktale.net *.cloudfront.net *.contentsquare.net *.contentstack.io *.demdex.net *.doubleclick.net *.g.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.google.ie *.googlesyndication.com *.googletagmanager.com *.gumgum.com *.intercom.io *.intercomassets.com *.intercomassets.eu *.intercomcdn.com *.intercomcdn.eu *.kampyle.com *.liveperson.net *.lpsnmedia.net *.lucidcx.com *.medallia.eu *.mktgcdn.com *.online-metrix.net *.optimizely.com *.qualtrics.com *.reddit.com *.sky *.sky.com *.skyassets.com *.snapchat.com *.tvsquared.com *.yahoo.com *.yext-pixel.com *.zenaps.com 8th.io aax-eu.amazon-adsystem.com acdn.adnxs.com ad.doubleclick.net ade.googlesyndication.com adservice.google.com analytics.tiktok.com analytics.twitter.com api.branch.io api2.branch.io app.link assets.adobedtm.com bat.bing.com c.amazon-adsystem.com c5.adalyser.com cdn.branch.io cdn.privacy-mgmt.com cdn.smct.co cdn.smct.io cdn.spatialbuzz.com cms.quantserve.com connect.facebook.net ct.pinterest.com dmp.v.fwmrm.net ep.smct.co ep.smct.io events.smct.co ib.adnxs.com lantern.roeye.com live.staticflickr.com maps.googleapis.com maps.gstatic.com match.adsrvr.org mwzeom.zeotap.com pixel.quantserve.com players.brightcove.net pm.w55c.net px.smct.co px.smct.io s.pinimg.com s0.2mdn.net sc-static.net secure.adnxs.com servedby.flashtalking.com sky.likewizesupport.com skycustomer.likewizesupport.com smct.co smct.io ssl.gstatic.com t.co tags.w55c.net tracking.audio.thisisdax.com www.facebook.com www.googleadservices.com www.gstatic.com www.pinterest.com;  connect-src 'self' android-webview-video-poster: blob: *.akamaihd.net *.akstat.io *.analytics.google.com *.assistant.watson.appdomain.cloud *.boltdns.net *.brightcovecdn.com *.bskyb.com *.clicktale.net *.contentsquare.net *.contentstack.io *.demdex.net *.doubleclick.net *.g.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.google.ie *.googlesyndication.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com *.kampyle.com *.liveperson.net *.lpsnmedia.net *.lucidcx.com *.medallia.eu *.optimizely.com *.paa-reporting-advertising.amazon *.qualtrics.com *.reddit.com *.redditstatic.com *.sky.com *.skyassets.com *.snapchat.com *.taggstar.com *.tvsquared.com *.wepowerconnections.com *.yext-pixel.com *.yext.com *.yextapis.com *.yimg.com aax-eu.amazon-adsystem.com acdn.adnxs.com ad.doubleclick.net analytics.tiktok.com api.amplitude.com api.amplitude.com api.branch.io api.iperceptions.com api.taggstar.com api2.branch.io app.link assets.adobedtm.com awk.epgsky.com bat.bing.com britishskybroadcasti.tt.omtrdc.net c.amazon-adsystem.com cdn-assets-prod.s3.amazonaws.com cdn.branch.io cdn.privacy-mgmt.com cdn.spatialbuzz.com cdn.taggstar.com cfg.smct.co cfg.smct.io cognito-identity.eu-west-1.amazonaws.com connect.facebook.net ct.pinterest.com dmp.v.fwmrm.net edge.adobedc.net edge.api.brightcove.com ep.smct.co ep.smct.io faro-collector-prod-eu-west-0.grafana.net firehose.eu-west-1.amazonaws.com https://*.google.com https://*.prod.uidapi.com https://prod.uidapi.com ib.adnxs.com insight.adsrvr.org ipb.smct.co ipb.smct.io ipl.smct.co ipl.smct.io js.smct.co js.smct.io maps.googleapis.com match.adsrvr.org mwzeom.zeotap.com paa-reporting-advertising.amazon pagead2.googlesyndication.com players.brightcove.net pm.w55c.net poc.idscan.cloud prod.idscan.cloud qa.taggstar.com s.pinimg.com s0.2mdn.net sc-static.net secure.adnxs.com sky.likewizesupport.com skycustomer.likewizesupport.com smct.co smct.io spl.zeotap.com the.sciencebehindecommerce.com vip.timezonedb.com wss://*.liveperson.net wss://*.sky.com www.facebook.com www.googleadservices.com www.gstatic.com www.pinterest.co.uk www.pinterest.com www.zenaps.com;  frame-src 'self' blob: *.awin1.com *.bskyb.com *.clicktale.net *.contentsquare.net *.demdex.net *.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.google.ie *.googlesyndication.com *.kampyle.com *.liveperson.net *.lpsnmedia.net *.medallia.eu *.online-metrix.net *.optimizely.com *.paa-reporting-advertising.amazon *.qualtrics.com *.sky.com *.skyassets.com *.snapchat.com *.stripe.com *.zenaps.com 12660277.fls.doubleclick.net 1580034.fls.doubleclick.net 3662759.fls.doubleclick.net 6993240.fls.doubleclick.net aax-eu.amazon-adsystem.com acdn.adnxs.com analytics.twitter.com answers2-embed.sky.com.pagescdn.com api.branch.io api2.branch.io app.link assets.adobedtm.com c.amazon-adsystem.com cdn.branch.io cdn.privacy-mgmt.com cdn.spatialbuzz.com connect.facebook.net ct.pinterest.com d2d7do8qaecbru.cloudfront.net dmp.v.fwmrm.net ib.adnxs.com insight.adsrvr.org lantern.roeye.com live.tvgenius.net ls.smct.co ls.smct.io match.adsrvr.org paa-reporting-advertising.amazon players.brightcove.net pm.w55c.net s.pinimg.com s0.2mdn.net sc-static.net secure.adnxs.com servedby.flashtalking.com sky.likewizesupport.com sky.lucidcx.com skycustomer.likewizesupport.com smct.co smct.io td.doubleclick.net universal.iperceptions.com w.etadirect.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.pinterest.co.uk www.pinterest.com;  frame-ancestors 'self';  worker-src blob: 'self' *.liveperson.net *.sky.com *.skyassets.com assets.adobedtm.com;  child-src 'self' blob: *.intercom-sheets.com;  media-src 'self' blob: data: *.akamaihd.net *.boltdns.net *.brightcovecdn.com *.cf.brightcove.com *.clicktale.net *.contentsquare.net *.contentstack.io *.demdex.net *.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.google.ie *.googlesyndication.com *.intercomcdn.com *.liveperson.net *.lpsnmedia.net *.media.brightcove.com *.sky.com *.skyassets.com assets.adobedtm.com bat.bing.com www.facebook.com;  object-src 'self' *.sky.com;  form-action *.intercom.help *.intercom.io;  report-uri /csp-reports 3
frame-ancestors 'self' https://amd.pathfactory.com *.reachcm.com reachcm.com 3
frame-ancestors 'self' *.lycos.com 3
frame-ancestors https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org 3
frame-ancestors 'self' *.trust-provider.com secure.sectigo.com *.sectigo.net app.zoominfo.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://*.adaptv.advertising.com https://trk.vidible.tv https://beap.gemini.yahoo.com https://ganon.yahoo.com https://geo.yahoo.com https://api.cloudinary.com https://*.amazon-adsystem.com https://geo.yahoo.com https://pbs.yahoo.com https://*.pubmatic.com https://*.adsrvr.org https://*.criteo.com https://*.casalemedia.com https://*.taboola.com https://*.rubiconproject.com https://*.openx.net https://*.yieldmo.com https://*.media.net https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com https://ganon.yahoo.com/ https://geo.yahoo.com/ https://*.doubleclick.net https://*.googlesyndication.com https://*.everesttech.com https://prebid.a-mo.net https://*.adnxs.com https://*.emxdgt.com https://yahoo-match.dotomi.com https://*.gumgum.com https://*.kargo.com https://*.kueezrtb.com https://*.mediago.io https://*.creativecdn.com https://*.yellowblue.io https://*.sonobi.com https://taboola.com https://*.1rx.io https://*.cootlogix.com https://*.rfihub.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://cm.g.doubleclick.net https://googleadservices.com https://securepubads.g.doubleclick.net https://x.bidswitch.net/sync https://*.postrelease.com https://*.kargo.com https://*.everesttech.net https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net http://*.taboola.com; connect-src 'self' https://*.liadm.com https://console.googletagservices.com https://*.engadget.com http://*.taboola.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://cdn-ssl.vidible.tv/prod https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://s.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://ads.adaptv.advertising.com https://video.adaptv.advertising.com https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://*.pictela.net https://api.cloudinary.com https://*.media.net https://events.newsroom.bi https://flowcards.mrf.io https://compassdata.mrf.io https://sdk.mrf.io https://s.yimg.com/oa/ https://api.privacy-center.org/v1/events https://api.privacy-center.org/v1/metrics https://api.privacy-center.org/v1/sync https://api.privacy-center.org/v1/locations https://ec.yimg.com/didomi https://guce.engadget.com/ https://guce.oath.com/ https://consent.yahoo.com/ https://*.clean.gg https://*.yieldmo.com https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://snippet.affilimate.io/ https://snippet.affilimatejs.com https://pub.affilimateapis.com https://pub-eu.affilimateapis.com https://api.assertcom.de https://icu.newsroom.bi/ingest.php https://tlx.3lift.com https://ads.yieldmo.com https://*.google-analytics.com https://api.alyavista.com https://*.seedtag.com https://guce.oath.com/ https://guce.engadget.com/ https://api.privacy-center.org/v1/locations https://api.privacy-center.org/v1/sync https://api.privacy-center.org/v1/metrics https://api.privacy-center.org/v1/events https://ep1.adtrafficquality.google/ https://*.kueezrtb.com https://*.pbs.yahoo.com https://pbs-yahoo-us.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-apac.ay.delivery https://ads.pubmatic.com https://googleads.g.doubleclick.net https://*.amazon-adsystem.com https://*.sonobi.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com; object-src https://*.engadget.com https://s.yimg.com https://api.cloudinary.com; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation allow-storage-access-by-user-activation; upgrade-insecure-requests; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; frame-src 'self' https://ad.doubleclick.net https://console.googletagservices.com https://*.googlesyndication.com https://*.everesttech.com https://prebid.a-mo.net https://*.adnxs.com https://*.emxdgt.com https://yahoo-match.dotomi.com https://*.criteo.com https://*.gumgum.com https://*.casalemedia.com https://*.kargo.com https://*.kueezrtb.com https://*.mediago.io https://*.media.net https://*.openx.net https://*.pubmatic.com https://*.creativecdn.com https://*.rubiconproject.com https://*.sharethrough.com https://*.yellowblue.io https://*.sonobi.com https://*.lijit.com https://taboola.com https://*.3lift.com https://*.adsrvr.org https://*.1rx.io https://*.cootlogix.com https://*.yieldmo.com https://*.rfihub.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://cm.g.doubleclick.net https://googleadservices.com https://securepubads.g.doubleclick.net https://ep2.adtrafficquality.google https://*.taboola.com https://www.google.com https://*.seedtag.com https://hb.trustedstack.com https://opus.analytics.yahoo.com/ https://*.indexww.com https://*.postrelease.com https://*.kargo.com https://*.amazon-adsystem.com https://*.everesttech.net https://chartbeat.com https://*.chartbeat.com https://www.googletagmanager.com; media-src 'self' https://*.taboola.com; 3
form-action https:; frame-ancestors https://app.contentful.com https://verkada.teamaligned.com 3
frame-ancestors 'self' *.bazaarvoice.com 3
frame-ancestors *.gallupatwork.com *.gallupatwork.au *.gallupatwork.sg *.gallupatwork.uk *.gallup.com 3
default-src 'self' http: https: data: blob:;script-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src 'self' https: data: 'unsafe-inline';img-src 'self' https: data: blob:;media-src 'self' https: http: blob: data:;connect-src http: https: ws: wss: 3
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go2.grafana.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://x.clearbitjs.com https://app.clearbit.com https://munchkin.marketo.net https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com/ https://px.ads.linkedin.com https://www.linkedin.com https://fresnel.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://api.twitter.com https://twitter.com https://static.hotjar.com https://in.hotjar.com https://script.hotjar.com https://www.googletagmanager.com/gtag/ *.googleadservices.com https://googleads.g.doubleclick.net/pagead/ https://static.doubleclick.net https://www.youtube.com https://www.eventbrite.com http://rsdk.grafana.com https://rsdk2.grafana-dev.com http://rsdk2.grafana.com https://heypal.chat https://www.heypal.chat https://pal-api-production.up.railway.app https://faro-collector-prod-us-central-0.grafana.net https://*.fullstory.com https://rsi.grafana.com https://cdn.mouseflow.com https://widget.intercom.io https://js.intercomcdn.com https://*.qualtrics.com https://js.zi-scripts.com https://tags.clickagy.com https://widget.kapa.ai https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://grafana.chilipiper.com https://static.zuddl.com https://js.stripe.com https://node-api-test-sand.vercel.app https://cdn.cookielaw.org https://track.customer.io https://cdn.rudderlabs.com https://script.crazyegg.com 3
frame-ancestors 'none'; font-src 'self' 3
default-src 'self'; font-src 'self' data: *.raif.v305.tmphost.ru cdn.megabonus.com fonts.gstatic.com kaplife.ru *.kaplife.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com www.gstatic.com yastatic.net; style-src 'self' 'unsafe-inline' *.raif.v305.tmphost.ru cdn.jsdelivr.net kaplife.ru *.kaplife.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com www.gstatic.com yastatic.net *.yastatic.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.insapp.ru *.kaspersky-labs.com widget.oval.life polyfill.io code.jquery.com edge.fullstory.com connect.facebook.net *.googleoptimize.com *.tmweb.ru unpkg.com platform.twitter.com *.rutarget.ru *.hybrid.ai snap.licdn.com *.kirarock.space *.mail.ru *.raif.v305.tmphost.ru *.vk.com *.yandexcloud.net analytics.tiktok.com cdn.jsdelivr.net google-analytics.com *.google-analytics.com google.com *.google.com kaplife.ru *.kaplife.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.agentapp.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com ru.id.facct.ru ru.id.group-ib.com statad.ru vk.com www.googletagmanager.com www.gstatic.com yandex.ru *.yandex.ru *.yandex.com *.yandex.by *.yandex.md *.yandex.kz *.yandex.net yastatic.net yastatic.net *.yastatic.net; frame-src *.doubleclick.net *.insapp.ru *.raif.v305.tmphost.ru *.vk.com *.yandexcloud.net captcha-api.yandex.ru google.com *.google.com kaplife.ru *.kaplife.ru mc.yandex.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen.agentapp.ru raiffeisen.ru *.raiffeisen.ru ru.id.facct.ru ru.id.group-ib.com sync.1dmp.io vk.com zettains.ru securepaymentway.ru *.sbrf.ru securepaymentgateway.ru securecardpayment.ru *.sberbank.ru mafin.ru raif.ponimau.com www.youtube.com; connect-src 'self' *.doubleclick.net *.insapp.ru *.kirarock.space *.mail.ru *.trackjs.com *.upravel.com *.vk.com analytics.tiktok.com dadata.ru *.dadata.ru google-analytics.com *.google-analytics.com kaplife.ru *.kaplife.ru lottiefiles.com *.lottiefiles.com mc.yandex.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com ru.id.facct.ru vk.com wss://*.raiffeisen.ru raiffeisen.cpeople.ru sentry.b2bpolis.ru sbbe.group-ib.ru *.fp.kaspersky-labs.com *.amplitude.com ymetrica1.com wss://mc.yandex.ru www.googletagmanager.com yandex.ru *.yandex.ru *.yandex.com *.yandex.by *.yandex.md *.yandex.kz *.yandex.net; img-src 'self' blob: data: *.mail.ru *.trackjs.com *.upravel.com *.vk.com google-analytics.com *.google-analytics.com kaplife.ru *.kaplife.ru lottiefiles.com *.lottiefiles.com raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com statad.ru sync.1dmp.io vk.com www.google.com www.google.ru *.google.com.tr www.gstatic.com www.welldonecode.com proxy-block.raiffeisen.ru:8002 hit.acstat.com yandex.ru *.yandex.ru *.yandex.com *.yandex.by *.yandex.md *.yandex.kz *.yandex.net yastatic.net *.yastatic.net; media-src blob: data: audiocdn.lingualeo.com api.lingvolive.com raiffeisen.ru *.raiffeisen.ru; form-action 'self'; frame-ancestors 'self' raiffeisen.ru *.raiffeisen.ru; 3
default-src 'self' *.starbucks.com *.starbucks.ca; child-src 'self' *.starbucks.com *.starbucks.ca *.doubleclick.net *.optimizely.com *.trustarc.com; connect-src 'self' *.starbucks.com *.starbucks.ca https://fonts.gstatic.com *.akamaihd.net *.akstat.io *.doubleclick.net *.go-mpulse.net *.google-analytics.com *.googlevideo.com *.mparticle.com *.nr-data.net *.optimizely.com *.pinterest.com *.trustarc.com *.xg4ken.com; font-src 'self' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com https://fonts.gstatic.com *.trustarc.com; img-src 'self' data: *.starbucks.com *.starbucks.ca https://*.gstatic.com *.adsrvr.org *.agkn.com *.akamaihd.net *.appcast.io *.bing.com *.doubleclick.net *.facebook.com *.ggpht.com *.google.com *.google-analytics.com *.googletagmanager.com *.mparticle.com *.nr-data.net *.pinterest.com *.snapchat.com *.trustarc.com *.truste.com *.videoamp.com *.xg4ken.com *.ytimg.com; manifest-src 'self' *.starbucks.com *.starbucks.ca; media-src 'self' blob: *.starbucks.com *.starbucks.ca *.youtube.com; frame-src 'self' *.optimizely.com *.trustarc.com *.youtube.com; frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.starbucks.com *.starbucks.ca cdnjs.com *.appcast.io *.bing.com *.doubleclick.net *.facebook.net *.go-mpulse.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.mparticle.com *.newrelic.com *.nr-data.net *.optimizely.com *.pinimg.com *.sc-static.net *.snapchat.com *.trustarc.com *.xg4ken.com; style-src 'self' 'unsafe-inline' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com; 3
frame-ancestors 'self' https://app.optimizely.com 3
frame-ancestors https://*.ti.com https://*.ti.com.cn https://*.tij.co.jp; 3
frame-ancestors 'self' resources.duo.com learn-cloudsecurity.cisco.com; 3
frame-ancestors *.oray.com scrm-wx.weiling.cn 3
default-src 'self' http: https: 3
frame-ancestors 'self' http://sproutsocial.lookbookhq.com https://sproutsocial.lookbookhq.com http://sproutsocial.pathfactory.com https://sproutsocial.pathfactory.com https://*.sproutsocial.test https://*.sproutsocial.com https://sproutsocial.com; 3
frame-ancestors 'self' pmt.honeywell.com sps.honeywell.com ppe.sps.honeywell.com; 3
frame-ancestors 'self' https://app.contentful.com/spaces/* https://zoominfo.pathfactory.com/* https://pipeline.zoominfo.com/* http://pipeline.zoominfo.com/* 3
frame-ancestors http://*.seagate.com https://*.seagate.com http://*.seagate.cn https://*.seagate.cn http://seagate.saleshood.com https://seagate.saleshood.com; 3
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval';  frame-ancestors 'self' *.weborama.com *.adways.com *.adpaths.com; 3
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: data: blob: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline' android-webview-video-poster: ; report-uri https://csp.ansa.it/report/ 3
frame-ancestors 'self' https://*.kicker.de https://*.kicker-tippspiel.de https://*.kicker-vereinsheim.de 3
default-src 'self';connect-src *;style-src 'self' 'unsafe-inline';font-src 'self' data:;script-src 'self' 'unsafe-eval' *.nmrodam.com *.imrworldwide.com *.sensic.net *.gstatic.com;img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com;media-src * mediastream: blob:;frame-src 'self' *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net mailto: tg: threema: fb-messenger:;frame-ancestors *;worker-src 'self' blob: 3
default-src 'self' https://*.denic.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud https://*.moin.ai; img-src 'self' data: https://*.denic.de https://*.moin.ai; base-uri 'self'; frame-src 'self'; style-src 'self' 'unsafe-inline' https://*.moin.ai; font-src 'self' https://*.moin.ai; connect-src 'self' https://denic.matomo.cloud https://*.moin.ai wss://bot.moin.ai 3
default-src 'unsafe-inline' 'unsafe-eval' vitals.vercel-insights.com https: data: wss://*.qualified.com *.arkoselabs.com; block-all-mixed-content; upgrade-insecure-requests 3
default-src 'self';base-uri 'self';child-src blob:;connect-src 'self' wss: https: https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://func.bitwarden.com https://status.bitwarden.com https://us-central1-adaptive-growth.cloudfunctions.net https://pdf-convert.bitwarden.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://bitwarden.freshsales.io https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://bat.bing.com https://cdn.linkedin.oribi.io https://i.clarity.ms https://scout.salesloft.com https://script.crazyegg.com https://global.ketchcdn.com/ https://cdn.ketchjs.com/ https://*.demandbase.com https://*.company-target.com;img-src 'self' data: https: https://*.algolia.net https://images.ctfassets.net https://res.cloudinary.com https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://*.hsforms.com https://track.hubspot.com https://analytics.twitter.com https://t.co https://alb.reddit.com https://aorta.clickagy.com https://bat.bing.com https://i.vimeocdn.com https://id.rlcdn.com https://idsync.rlcdn.com https://insight.adsrvr.org https://px.ads.linkedin.com https://p.adsymptotic.com https://stags.bluekai.com https://ct.capterra.com https://*.demandbase.com https://*.company-target.com;font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://*.typekit.net;form-action https://forms.hsforms.com https://www.facebook.com;frame-ancestors https://app.contentful.com;frame-src https://app.hubspot.com https://start.bitwarden.com https://*.doubleclick.net https://boards.greenhouse.io https://*.company-target.com https://docs.google.com https://forms.hsforms.com https://player.vimeo.com https://preview.widgets.ninetailed.io/ https://us02web.zoom.us https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com https://*.hs-sites.com https://global.ketchcdn.com https://cdn.ketchjs.com/ https://app.contentful.com https://job-boards.greenhouse.io https://hemsync.clickagy.com https://insight.adsrvr.org;manifest-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cdn.jsdelivr.net/ https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hubspot.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://j.6sc.co https://tag.demandbase.com https://a.quora.com https://assets.freshsales.io https://bat.bing.com https://boards.greenhouse.io https://cdn.jsdelivr.net/npm/search-insights@2.0.4 https://cdn.pdst.fm https://global.ketchcdn.com https://cdn.ketchjs.com/ https://connect.facebook.net https://mountain.com https://*.mountain.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://libraries.hund.io https://ml314.com https://*.ml314.com https://player.vimeo.com https://plausible.io https://script.crazyegg.com https://scout-cdn.salesloft.com https://snap.licdn.com https://static.ads-twitter.com https://static.xingcdn.com/xingtrk/index.js https://tag.clearbitscripts.com https://cdn.hubilo.com https://tags.clickagy.com https://js.usemessages.com https://ws.zoominfo.com https://www.clarity.ms https://scripts.clarity.ms https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.redditstatic.com https://x.clearbitjs.com https://app.contentful.com https://tags.clickagy.com/ https://js.zi-scripts.com https://js.adsrvr.org/ https://*.demandbase.com https://*.company-target.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://libraries.hund.io https://global.ketchcdn.com https://cdn.ketchjs.com/ https://*.typekit.net;worker-src 'self' blob: https://global.ketchcdn.com https://cdn.ketchjs.com/ 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; report-uri /report-csp-violation; upgrade-insecure-requests 3
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' documentservices.adobe.com *.dickssportinggoods.com *.cardinalcommerce.com api.cash.app cash.app *.akamaihd.net *.scene7.com app.link *.bazaarvoice.com *.radar.com *.googleapis.com *.certona.net *.certona.com res-x.com *.res-x.com maxcdn.bootstrapcdn.com c.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com *.branch.io qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com utt.impactcdn.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net *.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com *.nextdoor.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com static.ads-twitter.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com *.criteo.com cdn.hlserve.com b.hlserve.com www.google.com *.g.doubleclick.net *.doubleclick.net *.googlesyndication.com adservice.google.com c.riskified.com ws.sessioncam.com www.googleadservices.com cdn.brandingbrand.com dsg2m.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net www.paypal.com *.paypalobjects.com *.braintreegateway.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.afterpay.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com checkoutshopper-live-us.adyen.com acs.entersektehs.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.zoovu.com *.curalate.com assets-barracuda-runner.azureedge.net *.liveperson.net *.lpsnmedia.net *.adoberesources.net *.adobedc.net *.attn.tv analytics.tiktok.com *.quantummetric.com *.bambuser.com *.mycustomizer.com *.flippenterprise.net *.collectivevoice.com ln-rules.rewardstyle.com accounts.google.com *.rokt.com *.tvpixel.com *.monetate.net *.reddit.com *.redditstatic.com *.granify.com *.tnapplications.com *.minionplatform.com blob: apps.byondxr.com acrobatservices.adobe.com ep2.adtrafficquality.google fundingchoicesmessages.google.com mczbf.com sjwoe.com cj.dotomi.com emjcd.com idsync.rlcdn.com *.mczbf.com *.cj.com *.adobemc.com *.techlab-cdn.com *.obsess-vr.com *.obsessvr.com s3.amazonaws.com/idme/; worker-src blob:; frame-ancestors *.dickssportinggoods.com *.adobe.com *.experiencecloud.adobe.com *.adobemc.com; child-src *.cj.com *.monetate.net acrobatservices.adobe.com documentservices.adobe.com *.attn.tv dcsg.jotform.com *.dickssportinggoods.com *.quantummetric.com *.adyen.com *.afterpay.com *.paypal.com *.paypalobjects.com *.cardinalcommerce.com api.cash.app cash.app *.liveperson.net *.lpsnmedia.net dickssportinggoods.demdex.net *.criteo.com *.criteo.net *.minionplatform.com maps.google.com accounts.google.com hosted.where2getit.com mobile.where2getit.com fit.dksxchange.com www.thinglink.com dicks-cti.gvcommerce.com www.youtube.com *.truefitcorp.com *.affirm.com *.doubleclick.net *.g.doubleclick.net *.pinterest.com *.googleapis.com tr.snapchat.com resources.digital-cloud.medallia.com *.hlserve.com *.facebook.com static.ads-twitter.com *.tagdelivery.com *.fls.doubleclick.net prod.accdab.net www.cdn-net.com *.googlesyndication.com *.safeframe.googlesyndication.com www.google.com *.anyroad.com checkoutshopper-live.adyen.com checkoutshopper-live-us.adyen.com acs.entersektehs.com *.mycustomizer.com *.collectivevoice.com ln-rules.rewardstyle.com display.ugc.bazaarvoice.com api.bazaarvoice.com *.bazaarvoice.com *.curalate.com *.bambuser.com *.radar.com *.recaptcha.net *.rokt.com sketchfab.com blob: www.googletagmanager.com ep2.adtrafficquality.google *.adobemc.com *.techlab-cdn.com *.granify.com *.eprize.net; 3
frame-ancestors 'self' https://*.shaw.ca 3
default-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' data:; img-src * data: blob:; font-src * data:; connect-src * data: blob: ws: wss:; media-src * data: blob:; frame-src *; child-src *; worker-src * blob: data:; base-uri 'self'; form-action *; frame-ancestors 'self'; upgrade-insecure-requests 3
frame-ancestors https://www.snowflake.com 3
default-src 'self'; style-src 'self' https://static.threema.ch 'unsafe-inline'; font-src 'self' https://static.threema.ch data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://hcaptcha-ws.threema.ch; script-src-elem 'self' https://hcaptcha-ws.threema.ch 'unsafe-inline' data:; frame-src 'self' https://hcaptcha-assets.threema.ch; img-src 'self' data: https://static.threema.ch blob: ; media-src 'self' data: blob:; connect-src 'self' wss://threema.com https://hcaptcha-assets.threema.ch https://static.threema.ch https://bugs.threema.ch ; object-src 'none'; worker-src 'self' blob:; child-src blob: https://hcaptcha-assets.threema.ch; frame-ancestors 'self'; form-action 'self' https://threema.com https://work.threema.ch ; base-uri https://threema.com; report-uri https://bugs.threema.ch/api/30/security/?sentry_key=33a83d833904ad024494585d9479b3c4; report-to default 3
report-uri https://impactother.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: *; base-uri 'self'; 3
default-src 'unsafe-inline' 'self' https: wss: data:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; worker-src 'self' blob:; frame-ancestors 'self' https://*.unitycms.io; 3
frame-ancestors 'self' https://www.facebook.com; frame-src 'self' https://*.zyxel.com.tw https://www.youtube.com https://*.youtube.com https://www.youtube-nocookie.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google.com https://*.googlevideo.com https://static.addtoany.com https://*.snapengage.com https://*.freshchat.com https://embed.fillout.com https://www.googletagmanager.com https://webforms.zyxel.cloud https://partner.zyxel.it; script-src 'self' 'report-sample' 'unsafe-inline' https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-analytics.net https://*.hsforms.net https://js-eu1.hscollectedforms.net  https://*.googletagmanager.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://cdn.jsdelivr.net https://connect.facebook.net https://munchkin.marketo.net https://script.crazyegg.com https://static.zdassets.com https://js.hs-scripts.com https://js.hsforms.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://cdn.cookie-script.com https://s.adroll.com https://c.seznam.cz https://mc.yandex.ru https://www.snapengage.com https://*.googleapis.com https://d.adroll.com https://snap.licdn.com https://storage.googleapis.com https://u.heatmap.it https://script.hotjar.com https://static.hotjar.com https://*.doubleclick.net https://*.google.com https://*.cloudfront.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleoptimize.com https://*.nebula.zyxel.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zyxel.com https://*.myzyxel.com https://www.gstatic.com https://www.google.com/recaptcha/ https://static.addtoany.com https://*.hubspot.com https://js.hscollectedforms.net https://report.cookie-script.com https://ind-widget.freshworks.com https://zyxel-support-help.freshchat.com https://server.fillout.com https://media.campaigner.com https://mpsnare.iesnare.com https://www.youtube.com https://*.youtube.com https://*.ytimg.com; style-src 'self' 'report-sample' 'unsafe-inline' https://*.nebula.zyxel.com https://*.google.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.s3.amazonaws.com https://www.gstatic.com https://zyxel-support-help.freshchat.com https://ind-widget.freshworks.com https://media.campaigner.com https://mpsnare.iesnare.com; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://storage.googleapis.com; img-src 'self' data: https://*.zyxel.com https://*.zyxelgroup.com https://c.seznam.cz https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.cloudfront.net https://*.googleusercontent.com https://*.google.com https://*.google.fr https://*.google.com.tw https://*.gstatic.com https://*.doubleclick.net https://*.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://*.googlevideo.com https://*.facebook.com https://*.linkedin.com https://px.ads.linkedin.com https://storage.googleapis.com https://*.googletagmanager.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://track-eu1.hubspot.com/__ptq.gif; connect-src 'self' https://*.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://c.seznam.cz https://*.zyxel.com https://*.zyxelgroup.com https://*.googleapis.com https://*.google.com https://*.google.com.tw https://*.hotjar.com https://*.hsforms.net https://*.hubspot.com https://*.hscollectedforms.net  https://*.snapengage.com https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://*.linkedin.com https://*.campaigner.com https://*.freshchat.com https://*.fillout.com https://*.google-analytics.com https://script.crazyegg.com https://*.cookie-script.com https://*.jsdelivr.net; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 3
frame-ancestors 'self'; // Add other policies on a new line here // And another one here 3
default-src 'self' blob: www.facebook.com facebook.com content.dionglobal.in icicibank.paymetry.com www.twitter.com twitter.com soundhelix.com *.go-mpulse.net www.iciciprulife.com cdn.jsdelivr.net code.jquery.com iciciauto.com icici.skryptech.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com googletagmanager.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com https://hbchat.senseforth.com senseforth.com cdn.ampproject.org cdnjs.cloudflare.com connect.facebook.net facebook.net marketingplatform.google.com google.com www.google.com www.google-analytics.com google-analytics.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com fonts.googleapis.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com cugd2qa.crm8.dynamics.com cugd1uat.crm8.dynamics.com cugd2uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com analytics.google.com snap.licdn.com leads.icicibank.com leads.icici.bank.in www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com ribstgnew.icicibank.com www.icicibank.com icici.nanorep.co nanorep.co nanorep.com;object-src 'none';child-src 'self' data: blob: india-stage.icicibank.adobecqms.net india-preprod.icici.bank.in icicibank-preprod.adobecqms.net country1.icicibank.adobecqms.net www.icicibank.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' icicibank-preprod.adobecqms.net india-preprod.icici.bank.in icici.bank.in players.brightcove.net vjs.zencdn.net rum.hlx.page smart-search.senseforth.com firebasestorage.googleapis.com fcm.googleapis.com test-securetoken.sandbox.googleapis.com staging-www.sandbox.googleapis.com securetoken.googleapis.com apis.google.com www.googleapis.com securetoken.googleapis.com www.gstatic.com ibot.icicibank.com assets.adobedtm.com *.demdex.net cm.everesttech.net assets.adobedtm.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com ibotuat.icicibank.com platform.twitter.com platform.linkedin.com static.addtoany.com www.linkedin.com *.go-mpulse.net d1ls4i8l5ki52s.cloudfront.net cugd1uat.crm8.dynamics.com *.fls.doubleclick.net cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com go-mpulse.net www.iciciprulife.com addtoany.com tagmanager.google.com www.tagmanager.google.com linkedin.com content.dionglobal.in analytics.google.com www.googleadservices.com fonts.googleapis.com icicibank.paymetry.com beta-icicibank.paymetry.com cugd1qa.crm8.dynamics.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com googleadservices.com googleads.g.doubleclick.net twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com adobe.com doubleclick.net marketingplatform.google.com www.google.com google.com www.google-analytics.com ssl.google-analytics.com ssl.google-analytics.com visitor-services.nanorep.com nanorep.com icici.nanorep.co leads.icicibank.com leads.icici.bank.in cdnjs.cloudflare.com cloudfunctions.net senseforth.com amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com assets.adobedtm.com google-analytics.com adobecqms.net googletagmanager.com www.indiatimes.com economictimes.indiatimes.com ribstgnew.icicibank.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net www.youtube.com demdex.net omtrdc.net data:;connect-src 'self'  *.boltdns.net https://fcm.googleapis.com https://firebaseinstallations.googleapis.com  players.brightcove.net edge.api.brightcove.com *.akamaihd.net *.brightcovecdn.com manifest.prod.boltdns.net smetric.money2india.icicibank.co.uk smetrics.icici.bank.in https://region1.analytics.google.com https://region1.google-analytics.com smart-search.senseforth.com www.gstatic.com https://www.gstatic.com/firebasejs/10.13.2/firebase-app.js.map firebaseinstallations.googleapis.com fcmregistrations.googleapis.com  https://icicibank-mkt-stage1.campaign.adobe.com/acxwp/webregisterAndroid.jssp googleads.g.doubleclick.net https://icicibank-mkt-prod4.campaign.adobe.com/ici/webregisterAndroid.jssp https://icicibank-mkt-prod4-lb.campaign.adobe.com/ici/webregisterAndroid.jssp icicibank-mid-prod4-all-t.adobe-campaign.com smetrics.icicibank.com edge.adobedc.net https://fcm.googleapis.com/fcm/connect/subscribe https://fcm.googleapis.com/fcm/connect/unsubscribe https://icicibank-mkt-stage1.campaign.adobe.com/ici/webregisterAndroid.jssp https://icicibank-mid-stage1-all-t.adobe-campaign.com www.google.co.in *.akstat.io *.demdex.net cm.everesttech.net assets.adobedtm.com *.adobedc.net  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com wss://ccaiuatws.icicibank.com ccaiuatws.icicibank.com apibankingonesandbox.icicibank.com ibotuat.icicibank.com *.go-mpulse.net go-mpulse.net snap.licdn.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com fonts.googleapis.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com analytics.google.com www.analytics.google.com www.iciciprulife.com addtoany.com icicibank.paymetry.com beta-icicibank.paymetry.com marketingplatform.google.com www.google.com google.com www.google-analytics.com google-analytics.com adobecqms.net cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com linkedin.com twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com g.doubleclick.net doubleclick.net cdnjs.cloudflare.com googleadservices.com visitor-services.nanorep.com nanorep.com connect.facebook.net cloudfunctions.net senseforth.com icici.nanorep.co amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com leads.icicibank.com leads.icici.bank.in *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com googletagmanager.com www.facebook.com facebook.com bing.com asia-south1-quantum-flood-755.cloudfunctions.net ribstgnew.icicibank.com stats.g.doubleclick.net assets.adobedtm.com www.youtube.com demdex.net omtrdc.net money2india.icicibank.co.in wss://smart-search.senseforth.com/STT/transcribe;img-src 'self' icicibank.ae players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com https://www.assets.icicibank.com edge.api.brightcove.com metrics.brightcove.com https://smart-search.senseforth.com https://www.google.co.uk ad.doubleclick.net ibot.icicibank.com *.demdex.net cm.everesttech.net  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com assets.adobedtm.com storage.googleapis.com ibotuat.icicibank.com www.google-analytics.com syndication.twitter.com fonts.googleapis.com ssl.gstatic.com g.doubleclick.net cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com analytics.google.com www.analytics.google.com google-analytics.com *.go-mpulse.net go-mpulse.net icicibank.paymetry.com beta-icicibank.paymetry.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com beta-icicibank.paymetry.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com cdnjs.cloudflare.com rukminim1.flixcart.com m.media-amazon.com icicicashback.com maps.gstatic.com www.gstatic.com gstatic.com www.icicibank.com icicibank.com www.iciciprulife.com linkedin.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com www.google.co.in icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com leads.icici.bank.in senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com amazonaws.com google.co.in *.visualwebsiteoptimizer.com marketingplatform.google.com www.google.com ribstgnew.icicibank.com google.com googleads.g.doubleclick.net adobecqms.net www.indiatimes.com economictimes.indiatimes.com googleadservices.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net assets.adobedtm.com www.youtube.com everesttech.net demdex.net omtrdc.net data:;style-src 'self' 'unsafe-inline' players.brightcove.net player.interactivity.brightcove.com https://smart-search.senseforth.com fonts.googleapis.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com *.go-mpulse.net analytics.google.com cugd2uat.crm8.dynamics.com  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com icicibank.paymetry.com beta-icicibank.paymetry.com go-mpulse.net addtoany.com cdn.jsdelivr.net code.jquery.com cugd2qa.crm8.dynamics.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com linkedin.com googletagmanager.com www.googletagmanager.com cdnjs.cloudflare.com www.icicibank.com icicibank.com www.iciciprulife.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com v icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com marketingplatform.google.com www.google.com google.com adobecqms.net www.indiatimes.com economictimes.indiatimes.com icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com leads.icici.bank.in senseforth.com amazonaws.com tagmanager.google.com www.tagmanager.google.com *.visualwebsiteoptimizer.com googleadservices.com bootstrapcdn.com ribstgnew.icicibank.com;font-src 'self' data: maps.gstatic.com gstatic.com fonts.gstatic.com players.brightcove.net 'unsafe-inline';frame-src 'self' td.doubleclick.net *.demdex.net players.brightcove.net ibotuat.icicibank.com www.iciciprulife.com web.facebook.com platform.twitter.com www.linkedin.com infinity.icicibank.com infinity.icicibank.co.in iciciprulife.com au.personalcard.net *.fls.doubleclick.net nli.icicibank.com nli.icici.bank.in cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com analytics.google.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com fonts.googleapis.com ribstgnew.icicibank.com icicibank.paymetry.com cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com icicibank.paymetry.com beta-icicibank.paymetry.com ajax.googleapis.com maps.googleapis.com googleapis.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com bid.g.doubleclick.net cdnjs.cloudflare.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicicashback.com maps.gstatic.com gstatic.com icicibank.com linkedin.com twitter.com cdn.ampproject.org www.indiatimes.com economictimes.indiatimes.com ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com senseforth.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com visitor-services.nanorep.com nanorep.com marketingplatform.google.com www.google.com google.com adobecqms.net www.youtube.com www.icicibank.com leads.icicibank.com leads.icici.bank.in icicibank.adobecqms.net smart-search.senseforth.com;frame-ancestors 'self' instakioskcug.icicibankltd.com instakiosk.icicibankltd.com instakioskuat.icicibankltd.com www.india-uat.icici.bank.in india-stage.icicibank.adobecqms.net www.india-preprod.icici.bank.in www.icici.bank.in retailnetbanking.icici.bank.in retailnetbankinguat.icici.bank.in; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; worker-src 'self' blob:; 3
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self' http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://sdk.privacy-center.org https://api.privacy-center.org; 3
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thebalancemoney.com; upgrade-insecure-requests; 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.clearpay.com *.googleapis.com public.fbot.me static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com *.cookielaw.org *.bizible.com hbiq.net cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net *.linkedin.com *.facebook.com munchkin.marketo.net www.googleadservices.com cdn.dashhudson.com djnf6e5yyirys.cloudfront.net cdn.builder.io t.contentsquare.net www.google-analytics.com googleads.g.doubleclick.net app.link v5tufwer.micpn.com pi.pardot.com tag.clearbitscripts.com/v1/pk_ba428737ee82fd942f13030da0c2629b/tags.js tag.rmp.rakuten.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/tracking.min.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/destinations.min.js analytics.tiktok.com afterpay-business-site.vercel.app afterpay-consumer-content-hub.vercel.app cdn.amplitude.com *.adsrvr.org *.pinimg.com *.snapchat.com j.6sc.co tag.demandbase.com www.workwithsquare.com player.vimeo.com widget.trustpilot.com embed.typeform.com websdk.appsflyer.com; img-src * data:; object-src 'none'; base-uri 'none'; 3
default-src 'self' *.6sc.co *.acquia.com *.youtube.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.vimeo.com *.vwo.com *.visualwebsiteoptimizer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.anthology.com img.en25.com *.github.com *.recaptcha.net *.g2crowd.com *.clarity.ms *.doubleclick.net *.6sc.co *.siteimprove.net *.fontawesome.com *.vimeo.com *.vimeocdn.com *.licdn.com *.linkedin.com *.newrelic.com *.nr-data.net *.typekit.net *.getsitecontrol.com *.acquia.com *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com s3.amazonaws.com siteimproveanalytics.com prod.ally.ac bugcrowd.com assets.bugcrowdusercontent.com cdnjs.cloudflare.com cdn.jsdelivr.net *.cookielaw.org *.onetrust.com *.googleadservices.com *.facebook.net *.ads-twitter.com *.twitter.com *.cloudflareinsights.com *.cloudflare.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com *.redditstatic.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hsforms.net *.hubspot.com *.hsappstatic.net *.hubspotusercontent-na1.net; style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com *.gstatic.com prod.ally.ac cdnjs.cloudflare.com; img-src 'self' * data: blob: *.siteimproveanalytics.io; media-src * data:; frame-ancestors 'self' *.blackboard.com *.ally.ac *.anthology.com *.ddev.site; child-src 'self' * blob:; font-src 'self' *.fontawesome.com *.gstatic.com *.googleusercontent.com *.typekit.net data: *.cloudflare.com; connect-src 'self' *.anthology.com *.adnxs.com *.vimeocdn.com *.6sense.com *.siteimprove.com *.siteimprove.net *.g2crowd.com *.clarity.ms *.doubleclick.net *.6sc.co *.fontawesome.com t.co *.facebook.com *.bizographics.com *.licdn.com *.linkedin.com *.newrelic.com *.nr-data.net *.typekit.net *.getsitecontrol.com *.acquia.com *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com prod.ally.ac *.cookielaw.org *.onetrust.com *.twitter.com *.visualwebsiteoptimizer.com *.vwo.com *.g2.com *.ddev.site *.eloqua.com *.redditstatic.com *.reddit.com *.hubapi.com *.hscollectedforms.net *.googleadservices.com *.hsforms.com ipinfo.io *.hsappstatic.net *.hubspot.com *.ellucian.com *.vercel.app *.pantheonsite.io; 3
frame-ancestors bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.virginplus.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca *.quantummetric.com; script-src https://*.go-mpulse.net https://*.luckymobile.ca https://*.ujet.co https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://cdnjs.cloudflare.com https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.youtube.com https://bat.bing.com https://tr.snapchat.com https://s.ytimg.com https://*.micpn.com https://*.clarity.ms https://*.telebec.com https://*.northerntel.ca https://*.analytics-egain.com https://*.branch.io https://app.link https://*.gbqofs.com https://*.visualwebsiteoptimizer.com https://cdn.cookielaw.org https://*.cookielaw.org https://*.quantummetric.com https://*.vaulting.io 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: ; object-src https://refer.bell.ca; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 3
frame-ancestors 'self' https://webvisor.com 3
frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; 3
frame-ancestors 'self'; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' go.zetaglobal.com https://code.jquery.com https://www.googletagmanager.com https://www.lightboxcdn.com https://ams.wpml.org https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ 'unsafe-inline'; script-src 'self' blob: *.netmng.com https://d34r8q7sht0t9k.cloudfront.net/tag.js *.liadm.com https://ams.wpml.org https://app.spara.co/ https://browser.sentry-cdn.com/9.6.1/bundle.min.js https://code.jquery.com https://cdn.cookielaw.org https://disqus.com https://j.6sc.co https://boards.greenhouse.io https://p.adsymptotic.com https://www.googleadservices.com https://px4.ads.linkedin.com https://c1.rfihub.net https://connect.facebook.net https://lightboxapi.azurewebsites.net https://d.adroll.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://snap.licdn.com https://com-zglobal.netmng.com https://munchkin.marketo.net https://s.adroll.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com cloudflare.com *.cloudflare.com rezync.com *.rezync.com hsforms.net *.hsforms.net lightboxcdn.com *.lightboxcdn.com gstatic.com *.gstatic.com vimeo.com *.vimeo.com wistia.com *.wistia.com hs-scripts.com *.hs-scripts.com google.com *.google.com capterra.com *.capterra.com hscollectedforms.net *.hscollectedforms.net hsadspixel.net *.hsadspixel.net hubspot.com *.hubspot.com hsforms.com *.hsforms.com hs-analytics.net *.hs-analytics.net usemessages.com *.usemessages.com hs-banner.com *.hs-banner.com licdn.com *.licdn.com google-analytics.com *.google-analytics.com boomtrain.com *.boomtrain.com https://www.youtube.com https://www.googleoptimize.com https://s7.addthis.com/ https://unpkg.com/ https://cdn.jsdelivr.net https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://js.driftt.com https://cdn.calibermind.com/ go.zetaglobal.com 3
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com; upgrade-insecure-requests 3
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.parents.com; upgrade-insecure-requests; 3
frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 3
connect-src 'self' data: wss://* sendpulse.com *.sendpulse.com sendpulse.ua *.sendpulse.ua sendpulse.fr *.sendpulse.fr sendpulse.kz *.sendpulse.kz *.google.com *.doubleclick.net *.facebook.com *.facebook.net *.fbcdn.net *.fbsbx.com *.twitter.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.bootstrapcdn.com *.supportsrc.com *.instagram.com *.cdninstagram.com *.cookiebot.com *.clarity.ms *.spcdn.org *.partnersrc.com cdn.jsdelivr.net unpkg.com *.disqus.com *.disquscdn.com *.bing.com *.bing.net *.newrelic.com *.nr-data.net afarkas.github.io *.rawgit.com tiktok.com *.tiktok.com *.capterra.com *.crisp.chat; script-src 'self' 'unsafe-inline' 'unsafe-eval' sendpulse.com *.sendpulse.com sendpulse.ua *.sendpulse.ua sendpulse.fr *.sendpulse.fr sendpulse.kz *.sendpulse.kz *.google.com *.doubleclick.net *.facebook.com *.facebook.net *.fbcdn.net *.fbsbx.com *.cloudflare.com *.twitter.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.bootstrapcdn.com *.supportsrc.com *.instagram.com *.cdninstagram.com *.cookiebot.com *.clarity.ms *.spcdn.org *.partnersrc.com cdn.jsdelivr.net unpkg.com *.disqus.com *.disquscdn.com *.jquery.com getk2.org *.tinymce.com *.bing.com *.bing.net *.newrelic.com *.nr-data.net afarkas.github.io *.rawgit.com tiktok.com *.tiktok.com *.capterra.com *.crisp.chat; frame-ancestors 'self' sendpulse.com *.sendpulse.com sendpulse.ua *.sendpulse.ua sendpulse.fr *.sendpulse.fr sendpulse.kz *.sendpulse.kz sendpulse.ua *.sendpulse.ua *.crisp.chat; worker-src 'self' blob:; 3
upgrade-insecure-requests; default-src 'self'; base-uri 'self'; child-src 'self'; connect-src *.flowhunt.io tr.capterra.com px.ads.linkedin.com pagead2.googlesyndication.com *.debugbear.com *.liveagent.com *.ladesk.com *.qualityunit.com *.urlslab.com data.debugbear.com stats.g.doubleclick.net googleads.g.doubleclick.net adservice.google.com analytics.google.com region1.analytics.google.com region1.google-analytics.com cdn.dreamdata.cloud www.google.com www.google.ae www.google.at www.google.com.au www.google.bg www.google.com.br www.google.ca www.google.ch www.google.cn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.co.jp www.google.lt www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.se www.google.si www.google.sk www.google.tg www.google.com.tr www.google.com.ua www.google.co.uk conversions-config.reddit.com my.yoast.com maps.googleapis.com readaloud.googleapis.com ad.doubleclick.net q.quora.com www.g2.com data: 'self'; font-src *.liveagent.com *.qualityunit.com fonts.gstatic.com fonts.googleapis.com use.fontawesome.com data: 'self'; frame-src support.qualityunit.com *.googlesyndication.com www.googletagmanager.com 2-vbus-support.ladesk.com *.ladesk.com *.liveagent.com *.qualityunit.com www.google.com td.doubleclick.net www.youtube.com youtu.be player.vimeo.com tally.so blob: 'self'; img-src px.ads.linkedin.com pagead2.googlesyndication.com *.ladesk.com *.liveagent.com *.qualityunit.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net api.urlslab.com ct.capterra.com www.google.com www.google.ae www.google.at www.google.com.au www.google.bg www.google.com.br www.google.ca www.google.ch www.google.cn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.co.jp www.google.lt www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.se www.google.si www.google.sk www.google.tg www.google.com.tr www.google.com.ua www.google.co.uk q.quora.com tracking.g2crowd.com alb.reddit.com www.googleadservices.com *.gravatar.com maps.googleapis.com i.ytimg.com *.elementor.com www.g2.com *.flowhunt.io blob: data: 'self'; manifest-src 'self'; media-src *.liveagent.com ssl.gstatic.com data: 'self'; object-src 'none'; script-src support.ladesk.com 2-vbus-support.ladesk.com *.capterra.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.liveagent.com *.qualityunit.com www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com cdn.dreamdata.cloud www.redditstatic.com a.quora.com *.flowhunt.io 'unsafe-eval' 'unsafe-inline' 'self'; script-src-elem snap.licdn.com *.capterra.com trk.crozdesk.com pagead2.googlesyndication.com *.ladesk.com googleads.g.doubleclick.net *.debugbear.com *.liveagent.com *.qualityunit.com *.urlslab.com *.flowhunt.io cdn.debugbear.com www.google.com www.googletagmanager.com ajax.googleapis.com apis.google.com ssl.google-analytics.com www.google-analytics.com analytics.qualityunit.com cdn.dreamdata.cloud a.quora.com www.gstatic.com www.redditstatic.com ct.capterra.com maps.googleapis.com yoast.com cdnjs.cloudflare.com www.youtube.com tally.so data: 'unsafe-inline' 'self'; script-src-attr 'unsafe-inline' 'self'; style-src www.gstatic.com fonts.googleapis.com data: 'unsafe-inline' 'self'; style-src-elem *.liveagent.com *.qualityunit.com fonts.googleapis.com www.gstatic.com p.typekit.net use.fontawesome.com ka-p.fontawesome.com data: 'unsafe-inline' 'self'; style-src-attr *.liveagent.com *.qualityunit.com 'unsafe-inline' 'self'; worker-src data: blob: 'self'; form-action *.liveagent.com *.ladesk.com *.qualityunit.com  qualityunit.us3.list-manage.com 'self'; 3
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' * 'unsafe-eval' blob: *; worker-src 'self' blob:; 3
default-src 'self' blob: wss: data: https:; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 3
default-src 'none'; base-uri 'none'; frame-src checkout.stripe.com *.google.com; frame-ancestors 'none'; style-src *.scryfall.com scryfall.com; script-src *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflareinsights.com checkout.stripe.com 'unsafe-eval'; img-src *.scryfall.io *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.stripe.com data:; font-src *.scryfall.com scryfall.com; manifest-src *.scryfall.com scryfall.com; connect-src api.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com cloudflareinsights.com checkout.stripe.com; block-all-mixed-content; 3
frame-ancestors 'self' https://*.keene.edu https://*.plymouth.edu https://*.usnh.edu https://*.unh.edu; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; object-src 'none'; img-src data: *; worker-src 'self' blob:; 3
default-src 'self' static.pw.live; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' *.gstatic.com *.googletagmanager.com  blob: *.moengage.com *.doubleclick.net *.cloudflare.com *.google-analytics.com *.youtube.com *.facebook.net *.googleapis.com *.juspay.in *.appsflyer.com  *.razorpay.com *.facebook.com static.pw.live *.cloudfront.net *.google.com *.google.co.in *.jsdelivr.net *.mfilterit.net *.googleadservices.com *.clarity.ms unpkg.com otpless.com sc-static.net *.pw.live pw.live *.snapchat.com *.zoom.us zoom.us *.stripe.com; connect-src 'self' *.pwskills.com unpkg.com *.iconify.design *.clarity.ms *.gstatic.com *.penpencil.co *.google.com *.google.co.in *.googleapis.com *.doubleclick.net *.sentry.io  wss://*.penpencil.co wss://*.penpencil.net *.googletagmanager.com *.moengage.com wss://*.pwdev.link *.google-analytics.com *.razorpay.com *.juspay.in *.appsflyer.com  static.pw.live blob: *.amazonaws.com *.conviva.com *.bitgravity.com *.cloudfront.net *.agora.io wss://*.agora.io:* *.sd-rtn.com wss://*.sd-rtn.com:* *.facebook.com *.youtube.com *.ytimg.com *.pw.live *.payu.in *.cloudflare.com *.jsdelivr.net *.physicswallah.live *.pallycon.com *.olamaps.io  *.otpless.app api.penpencil.xyz us1.api-bdc.net api-bdc.io *.onelink.me *.gyaane.co.in *.snapchat.com *.leadsquared.com wss://*.microsoft.com *.zoom.us zoom.us wss://*.zoom.us; frame-ancestors 'self'  *.physicswallah.live *.pw.live *.pwgulf.com *.xylem.live *.curiousjr.com *.pwops.in *.penpencil.co pwolympiad.com *.gyaane.co.in file:; frame-src 'self' *.pw.live *.doubleclick.net *.youtube.com *.juspay.in *.xylem.live *.razorpay.com  *.facebook.com *.youtube-nocookie.com *.cloudflare.com tel: * *.physicswallah.live *.zoom.us zoom.us *.stripe.com upi: phonepe: gpay: tez: paytmmp: bhim: amazonpay: famapp: credpay: imobile: sbiyono: sbipay: payzapp: axispay: airtelmoney: kotak: unionbank: idfcfirst: mobikwik: bajajfinserv: navi: groww: mipay: jiomoney: jupiter: federalbank: freecharge: whatsapp: indusind: fi: yesg: ptyes: centralbankupi: ucobankupi: bobupi: boiupi: pnbupi: finobank: postpe: aubank: slice: tataneu: kiwi: truecaller: okcredit:; img-src 'self' data: *.google.co.in *.google.com static.pw.live *.googletagmanager.com *.ytimg.com blob: *.amazonaws.com data: *.cloudfront.net *.facebook.com *.moengage.com *.youtube.com *.googleusercontent.com *.physicswallah.live *.google.com *.pw.live *.gravatar.com *.snapchat.com *.curiousjr.com  *.zoom.us zoom.us *.googleapis.com *.freshdesk.com; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' static.pw.live *.cloudfront.net *.cloudflare.com *.google.com *.pw.live pw.live *.googleapis.com  *.zoom.us; font-src static.pw.live *.gstatic.com *.cloudflare.com *.jsdelivr.net data:; worker-src 'self' blob:; media-src 'self' static.pw.live blob: *.pw.live *.penpencil.co *.cloudfront.net blob: *.curiousjr.com *.penpencil.xyz *.zoom.us zoom.us *.freshdesk.com; report-uri  https://api.penpencil.co/v1/student-acquisition/public/csp-reports; 3
default-src https://www.allwyn.cz/hx95CFKZP/lGf/aJA/wCUFSlI6MW08/faaNmDXbttmpcc9h3h/X1wmHWwPBQ/azsEZDRP/FGEB  https: ws: data: blob: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' https://static.expo.dev; connect-src 'self' https://api.expo.dev https://static.expo.dev https://job-artifacts.eascdn.net https://job-logs.eascdn.net https://staging-assets.eascdn.net https://assets.eascdn.net https://eas.expo.app https://cdp.expo.dev https://cdn.rudderlabs.com http://127.0.0.1:* https://qr.expo.dev https://status.expo.dev https://8tdse0ohgq-dsn.algolia.net https://qex7pb7d46-dsn.algolia.net https://sessions.bugsnag.com https://*.g.doubleclick.net https://api.github.com https://google.com https://*.google.com https://*.analytics.google.com https://*.google-analytics.com https://www.googleadservices.com https://*.googleapis.com https://pagead2.googlesyndication.com https://*.googletagmanager.com https://react-tweet.vercel.app https://reactnative.directory https://api.rudderstack.com https://9r24npb8.api.sanity.io https://9r24npb8.apicdn.sanity.io https://sentry.io https://o30871.ingest.sentry.io https://api.stripe.com https://api.logrocket.com https://*.typeform.com https://*.hubapi.com https://*.hubspot.com https://*.hsappstatic.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsforms.com https://px.ads.linkedin.com https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://*.crazyegg.com https://*.kapa.ai https://*.vexo.co; manifest-src 'self'; font-src 'self' data: https://static.expo.dev https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src https://*.datadoghq.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.recaptcha.net https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://*.youtube.com https://embed.bsky.app https://*.logrocket.com https://*.typeform.com https://*.hubspot.com https://*.hs-sites.com https://*.hubspot.net https://*.hsforms.net https://*.hsforms.com https://*.vexo.co; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' https://static.expo.dev https://d2wy8f7a9ursnm.cloudfront.net https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.google.com https://www.googleadservices.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://*.googletagmanager.com https://www.gstatic.cn https://www.gstatic.com https://cdn.rudderlabs.com https://js.stripe.com https://*.js.stripe.com https://www.youtube.com https://embed.bsky.app https://*.typeform.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com https://*.hsleadflows.net https://snap.licdn.com https://www.redditstatic.com https://pixel-config.reddit.com https://*.crazyegg.com https://*.kapa.ai; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self'; report-to expo 3
base-uri 'self'; frame-ancestors 'self' https://betterstack.com https://uptime.betterstack.com https://telemetry.betterstack.com https://direct.betterstack.com https://errors.betterstack.com https://warehouse.betterstack.com https://agents.betterstack.com; connect-src 'self' betterstack.com uptime.betterstack.com telemetry.betterstack.com direct.betterstack.com errors.betterstack.com warehouse.betterstack.com agents.betterstack.com wss://betterstack.com wss://uptime.betterstack.com wss://telemetry.betterstack.com wss://direct.betterstack.com wss://errors.betterstack.com wss://warehouse.betterstack.com wss://agents.betterstack.com betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com betterstack-organization-logos.s3.us-west-002.backblazeb2.com betterstack-team-logos.s3.us-west-002.backblazeb2.com betterstack-user-avatars.s3.us-west-002.backblazeb2.com *.okta.com *.sentry.io https://api.stripe.com https://chat-assets.frontapp.com https://chat.frontapp.com https://us-west-1-chat-server.frontapp.com https://us-west-2-chat-server.frontapp.com https://eu-west-1-chat-server.frontapp.com wss://front-us-realtime.ably.io wss://front-eu-realtime.ably.io https://chat-webhook.frontapp.com *.bugsnag.com https://*.browser-intake-datadoghq.com https://internet-up.ably-realtime.com www.google.com www.google.ca www.google.co.uk www.google.de www.google.fr www.google.es www.google.it www.google.nl www.google.jp www.google.au www.google.ru www.google.br www.google.in www.google.cn www.google.sg www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.eg www.google.com.hk www.google.com.id www.google.com.il www.google.com.in www.google.com.jp www.google.com.kr www.google.com.mx www.google.com.my www.google.com.nz www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.za *.google-analytics.com www.google-analytics.com *.doubleclick.net www.google.com/pagead/ www.google.com/ccm/collect adservice.google.com www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com/tr https://www.facebook.com/tr/ ads.linkedin.com *.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com https://plausible.io bat.bing.com bat.bing.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://t.betterstack.com https://upload.imagedelivery.net *.betterstackdata.com; font-src 'self' betterstackcdn.com https://fonts.gstatic.com https://use.typekit.net https://chat-assets.frontapp.com; frame-src 'self' https://betterstack.com https://uptime.betterstack.com https://telemetry.betterstack.com https://direct.betterstack.com https://errors.betterstack.com https://warehouse.betterstack.com https://agents.betterstack.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://www.facebook.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com newsletter.betterstack.com betterstack.substack.com www.loom.com www.youtube.com; form-action *; style-src 'report-sample' 'self' 'unsafe-inline' betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com https://fonts.googleapis.com blob:; script-src 'report-sample' 'self' 'unsafe-eval' betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.js.stripe.com https://js.stripe.com https://chat-assets.frontapp.com *.google-analytics.com www.google-analytics.com *.doubleclick.net www.google.com/pagead/ www.google.com/ccm/collect adservice.google.com www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com/tr https://www.facebook.com/tr/ ads.linkedin.com *.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com https://plausible.io bat.bing.com bat.bing.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://t.betterstack.com 'nonce-79b42de4cbcdeeeeb32a2c41388fcdb6'; worker-src 'report-sample' 'self' blob: betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com; img-src 'self' blob: data: betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com www.gravatar.com ui-avatars.com https://*.wp.com/ui-avatars.com/api/ betterstack-organization-logos.s3.us-west-002.backblazeb2.com betterstack-team-logos.s3.us-west-002.backblazeb2.com betterstack-user-avatars.s3.us-west-002.backblazeb2.com https://imagedelivery.net https://imagedelivery.betterstackcdn.com https://betterstack.com/cdn-cgi/image/ https://betterstackcdn.com/cdn-cgi/image/ https://chat.frontapp.com https://chat-assets.frontapp.com https://chat-assets.frontusercontent.com https://nibbler.frontapp.com www.google.com www.google.ca www.google.co.uk www.google.de www.google.fr www.google.es www.google.it www.google.nl www.google.jp www.google.au www.google.ru www.google.br www.google.in www.google.cn www.google.sg www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.eg www.google.com.hk www.google.com.id www.google.com.il www.google.com.in www.google.com.jp www.google.com.kr www.google.com.mx www.google.com.my www.google.com.nz www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.za *.google-analytics.com *.doubleclick.net www.google.com google.com https://alb.reddit.com linkedin.com *.linkedin.com bat.bing.com bat.bing.net https://www.facebook.com www.googletagmanager.com https://t.co/i/ https://t.co/1/ https://analytics.twitter.com img.youtube.com i.ytimg.com; default-src 'self' 3
frame-ancestors 'self' https://*.tiscali.it 3
frame-ancestors 'self' *.gov.on.ca *.ontario.ca *.ontariogovernment.ca; 3
default-src 'self' *.grubhub.com grubhub.com *.dine.online *.datadog.hq cdn.contentful.com *.forter.com maps.googleapis.com six.cdn-net.com www.cdn-net.com pinpad.paysecure.acculynk.net; frame-src 'self' *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com  braintreegateway.com apay-us.amazon.com analytics.tiktok.com analytics.twitter.com analytics.churnzero.com apps.rokt.com apps.rokt-api.com apps-demo.rokt.com everestjs.net *.doubleclick.net accounts.google.com checkout.paypal.com googletagmanager.com www.googletagmanager.com insight.adsrvr.org match.adsrvr.org na.account.amazon.com prod.accdab.net six.cdn-net.com www.cdn-net.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com *.amazon-adsystem.com *.facebook.com *.kroger.com *.ispot.tv *.w55c.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.payments-amazon.com *.tags.tiqcdn.com redditstatic.com js.adsrvr.org *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com  braintreegateway.com apay-us.amazon.com *.forter.com *.rokt.com *.rokt-api.com *.cookielaw.org *.everestjs.net six.cdn-net.com www.cdn-net.com https://cdn.prod.uidapi.com https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com  braintreegateway.com apay-us.amazon.com analytics.churnzero.net analytics.tiktok.com analytics.twitter.com tags.tiqcdn.com www.google-analytics.com google-analytics.com *.forter.com *.cookielaw.org *.payments-amazon.com platform.twitter.com static.ads-twitter.com www.googletagmanager.com *.cdn-net.com apps.rokt.com apps.rokt-api.com apps-demo.rokt.com maps.googleapis.com cdn.branch.io www.googleadservices.com *.mountain.com app.link googleads.g.doubleclick.net connect.facebook.net assets.loginwithamazon.com accounts.google.com apis.google.com analytics.tiktok.com c.amazon-adsystem.com google-analytics.com google.com googleads.g.doubleclick.net googleadservices.com googletagmanager.com gstatic.com prod.accdab.net redditstatic.com s.pinimg.com everestjs.net d.impactradius-event.com tag.havasedge.com pixel.mathtag.com www.gstatic.com bat.bing.com px.airpr.com www.redditstatic.com js.adsrvr.org ext.chtbl.com www.google.com collector-21091.us.tvsquared.com innovid.com www.everestjs.net six.cdn-net.com www.cdn-net.com https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com analytics.tiktok.com bat.bing.com connect.facebook.net js.adsrvr.org sc-static.net www.redditstatic.com c.amazon-adsystem.com googleads.g.doubleclick.net platform.twitter.com; img-src 'self' *.cloudinary.com *.grubhub.com grubhub.com *.cloudfront.net *.instacart.com *.pinterest.com *.cookielaw.org cm.everesttech.net t.co www.google-analytics.com google-analytics.com analytics.twitter.com *.doubleclick.net maps.gstatic.com *.googleapis.com www.google.com data: www.facebook.com trkn.us event.havasedge.com grubhubimages-dev.s3.amazonaws.com tags.w55c.net data.adxcel-ec2.com b.videoamp.com ext.chtbl.com bat.bing.com px.airpr.com redditstatic.com js.adsrvr.org adservice.google.com alb.reddit.com b.videoamp.com www.googletagmanager.com insight.adsrvr.org s3.amazonaws.com collector-21091.us.tvsquared.com innovid.com analytics.tiktok.com pt.ispot.tv; style-src-elem 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.googleapis.com accounts.google.com pixel.mathtag.com; style-src 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.googleapis.com six.cdn-net.com www.cdn-net.com; font-src 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.gstatic.com static.rakuten.com; connect-src 'self' *.grubhub.com grubhub.com browser-intake-datadoghq.com *.px-cloud.net preview.connectful.com *.braze.com *.google-analytics.com www.google.com google.com google-analytics.com *.rokt.com *.rokt-api.com *.cookielaw.org *.forter.com wss://cdn0.forter.com analytics.tiktok.com geolocation.onetrust.com preview.contentful.com stats.g.doubleclick.net privacyportal.onetrust.com *.googleapis.com sentry.io api2.branch.io *.facebook.com facebook.com bat.bing.com api.braintree.com *.braintreegateway.com *.braintree-api.com  braintreegateway.com apay-us.amazon.com www.gstatic.com maps.gstatic.com data: cdn.contentful.com collect.tealiumiq.com b.px-cdn.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 prod.accdab.net trkn.us seamless.dcm9zy.net s3.amazonaws.com conversions-config.reddit.com pixel-config.reddit.com www.redditstatic.com web.chtbl.com grubhub.vdcy.net insight.adsrvr.org collector-21091.us.tvsquared.com innovid.com six.cdn-net.com www.cdn-net.com https://*.prod.uidapi.com https://prod.uidapi.com https://api.stripe.com https://maps.googleapis.com https://pinpad.paysecure.acculynk.net *.devcycle.com siteperformancetest.net *.doubleclick.net *.cloudfront.net ad.doubleclick.net; 3
frame-ancestors 'self' https://lp.bloomreach.com; 3
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' blob: 'unsafe-inline' https:; report-uri /reports/csp/uri; report-to csp-reports; 3
frame-ancestors *.procore.com https://app.contentful.com *.bugcrowd.com bugcrowd.com 3
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://inno.tech https://privacy-cs.mail.ru https://emd.hybrid.ai https://dss.hybrid.ai https://st.hybrid.ai https://st.top100.ru https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://stream.datago.ru https://*.inet.vtb https://mc.yandex.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://yastatic.net; style-src 'self' 'unsafe-inline' https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; img-src * data:; font-src 'self' data: https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; media-src 'self' blob: https://inno.tech https://t1.ru https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru https://t1-cloud.ru; frame-src 'self' 'unsafe-inline' blob: https://*.kometa.vc https://disclabs.ru https://dev-pub-nota-tech.innodev.local https://nota.tech https://dev-pub-t1solutions.innodev.local https://dev-draft-t1solutions.innodev.local https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://stream.datago.ru https://*.roseltorg.ru:* https://api-maps.yandex.ru:* https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net https://mc.yandex.ru; connect-src 'self' blob: https://*.kometa.vc wss://mc.yandex.ru https://api.hh.ru https://api.sendsay.ru https://inno.tech https://api.calc.t1.cloud https://privacy-cs.mail.ru https://yandex.ru https://pagead2.googlesyndication.com https://kraken.rambler.ru https://t1.ru https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://stream.datago.ru https://*.corp.dev.vtb:* https://*.inet.vtb https://mc.yandex.ru https://suggestions.dadata.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://geocode-maps.yandex.ru/ https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://siteapi.vtb.ru https://marketplace.vtb.ru https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://vb.vtb.ru https://yastatic.net https://api.hh.ru/; frame-ancestors 'self' https://disclabs.ru https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://*.vtb.ru:* https://mc.yandex.ru https://metrika.yandex.ru; 3
default-src 'self' 'unsafe-inline'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self' data:; script-src 'self' 'unsafe-inline'; 3
default-src https: wss: blob: 'self' 'unsafe-inline' *.demandbase.com *.foxitesign.foxit.com salesforce.foxitesign.foxit.com *.evergage.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' data: www.google.com *.google.com www.google-analytics.com *.google-analytics.com optimize.google.com www.googletagmanager.com *.googletagmanager.com *.stripe.com *.clarity.ms tribl.io px.ads.linkedin.com www.linkedin.com cc.swiftype.com *.bing.com images.g2crowd.com *.g2.com *.outbrain.com *.adroll.com alb.reddit.com 11145320.fls.doubleclick.net *.doubleclick.net www.facebook.com sealserver.trustwave.com i.imgur.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com *.online-metrix.net q.quora.com d.adroll.com accounts.zendesk.com hero.kingpinkton.com ct.capterra.com tracking.g2crowd.com aorta.clickagy.com googleads.g.doubleclick.net srv.stackadapt.com pixel-sync.sitescout.com id.rlcdn.com js.chilipiper.com *.gravatar.com secure.gravatar.com *.hotjar.com *.paypal.com www.google.com.hk www.google.com.tw segments.company-target.com tags.srv.stackadapt.com cdn-cookieyes.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com useruploads.vwo.io www.paypalobjects.com fonts.gstatic.com www.google.com.sg www.googleadservices.com pixel-config.reddit.com conversions-config.reddit.com *.6sc.co *.foxit.com *.g.doubleclick.net google.com *.foxitsoftware.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com static.cloudflareinsights.com kit.fontawesome.com www.google.com *.google.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com www.google-analytics.com *.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com googleads.g.doubleclick.net static.addtoany.com platform.twitter.com pi.pardot.com static.hotjar.com *.hotjar.com script.hotjar.com bat.bing.com s.swiftypecdn.com go.foxitinfo.com widget.trustpilot.com amplify.outbrain.com tr.outbrain.com q.quora.com 11145320.fls.doubleclick.net c.sf-syn.com scout-cdn.salesloft.com static.zdassets.com api.smooch.io widget-mediator.zopim.com tracking.g2crowd.com tags.srv.stackadapt.com *.zoominfo.com *.chilipiper.com www.redditstatic.com d.adroll.mgr.consensu.org d.adroll.com s.adroll.com snap.licdn.com connect.facebook.net static.ads-twitter.com sealserver.trustwave.com *.clarity.ms tribl.io *.stripe.com m.stripe.network *.paypal.com *.checkout.visa.com *.mastercard.com *.foxitesign.foxit.com *.discovercard.com *.discover.com h.online-metrix.net www.aexp-static.com www.paypalobjects.com *.youtube.com villain.kingpinkton.com hero.kingpinkton.com unpkg.com *.cloudfront.net tags.clickagy.com js.na.chilipiper.com public.profitwell.com st.foxitsoftware.cn *.demandbase.com apis.google.com www.google.com.hk js.driftt.com t.usermaven.com *.doubleclick.net google.com.tw paapi8916.d41.co cdn-0.d41.co a.quora.com *.rlcdn.com *.d41.co *.recaptcha.net *.gstatic.com cdn.evgnet.com *.company-target.com foxit.us-6.evergage.com *.evergage.com cdn-cookieyes.com *.visualwebsiteoptimizer.com app.vwo.com *.gstatic.cn *.foxit.com *.amazon-adsystem.com www.foxit.com ipinfo.io eu1-qa.foxitesign.foxit.com pagead2.googlesyndication.com *.6sc.co 6sc.co *.terminusapp.com player.vwo.me *.cookieyes.com *.foxitsoftware.com cloudflareinsights.com *.microsoft.com; style-src 'self' 'unsafe-inline' https: www.google-analytics.com www.googletagmanager.com *.googletagmanager.com optimize.google.com *.google.com s.swiftypecdn.com fonts.googleapis.com *.cloudflare.com tags.srv.stackadapt.com *.hotjar.com *.demandbase.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com www.foxit.com app.vwo.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com ka-f.fontawesome.com script.hotjar.com *.hotjar.com *.evergage.com at.alicdn.com; object-src 'self' *.foxitsoftware.com; worker-src 'unsafe-inline' 'self' blob:; connect-src *.visualwebsiteoptimizer.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.hotjar.com *.hotjar.io *.zoominfo.com wss://ws.hotjar.com *.company-target.com www.google.com.sg *.foxitcloud.com bat.bing.com player.vwo.me *.reddit.com www.redditstatic.com *.linkedin.com *.6sc.co *.evergage.com *.foxitsoftware.com *.paypal.com *.google.com *.connectedpdf.com *.stripe.com www.g2.com *.foxit.com www.facebook.com *.clarity.ms *.cookieyes.com cdn-cookieyes.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net www.googleadservices.com pagead2.googlesyndication.com google.com *.googleapis.com; frame-src app.vwo.com *.visualwebsiteoptimizer.com *.foxitsoftware.com td.doubleclick.net js.driftt.com s.company-target.com js.stripe.com www.sandbox.paypal.com www.recaptcha.net *.youtube.com www.foxit.com www.paypal.com na1.foxitesign.foxit.com www.google.com www.googletagmanager.com eu1-qa.foxitesign.foxit.com *.amazon-adsystem.com player.vwo.me *.stripe.com www.facebook.com *.paypal.com *.foxitcloud.com *.foxit.com *.g2.com; frame-ancestors *.foxit.com; 3
img-src 'self' www.technolife.com trustseal.enamad.ir data: www.google-analytics.com *.google.com *.google.co.uk *.goftino.com https://*.livechatinc.com https://*.livechat-static.com *.webengage.com *.webengage.co *.doubleclick.net https://*.gstatic.com https://adexo.ir https://panel.adexo.ir https://adexofiles.ir https://api.rudderstack.com https://api.rudderstack.com/* *.rudderstack.com https://cdn.mediaffic.ir rtr.tchno.life storage.backtory.com https://app.gapify.ai;form-action 'self' https://pay.tara360.ir *.shaparak.ir pay.apsan.co *.sep.ir *.keepa.ir;default-src 'self' blob: 'unsafe-inline' *.google.com https://static.getclicky.com https://in.getclicky.com wss://*.goftino.com https://*.livechatinc.com https://*.livechat-static.com *.doubleclick.net https://www.goftino.com/ https://www.clarity.ms https://c.clarity.ms cdn.yektanet.com *.yektanet.com https://cdn.yektanet.com w3.org https://www.technolife.com phcm.ir *.technolife.com *.tchno.life *.cloudflare.com https://static.cloudflareinsights.com/ https://ajax.cloudflare.com fonts.googleapis.com *.googletagmanager.com google-analytics.com https://www.google-analytics.com/ *.google-analytics.com *.analytics.google.com plus.sabavision.com google.com/recaptcha https://www.google.com/recaptcha https://www.google.com/recaptcha/ recaptcha.net https://*.goftino.com https://fcm.googleapis.com https://www.googletagmanager.com https://fcm.googleapis.com/fcm/connect/subscribe https://www.google.com/ads/* https://trustseal.enamad.ir/ https://core.affili.ir/api/v2/clients/conversion https://www.google.com/ads/ga-audiences https://www.aparat.com/ wss://*.goftino.com https://*.clarity.ms https://deemanetwork.com https://if-cdn.com https://player.arvancloud.com *.webengage.com *.webengage.co https://app.raychat.io data: wss://se3.raychat.io https://analytics.takhfifan.com/ https://trk.chavosh.org https://fcm.googleapis.com https://fcm.googleapis.com/fcm/connect/subscribe https://client.crisp.chat https://cdn.parsimap.ir/ https://tracker.chavosh.org/ app.raychat.io cdn.raychat.io https://s.goftino.com https://client.crisp.chat https://api.parsimap.ir/ https://api2.parsimap.ir/ https://*.goftino.com https://*.clarity.ms https://technofestivals.arvanvod.com https://unpkg.com/ https://ma-cdn.pegah.tech https://sentry.pegah.tech https://mediacdn.mediaad.org https://s1.mediaad.org https://cdn.mediaffic.ir https://api.mediaad.org *.mouseflow.com *.goftino.com https://*.gstatic.com https://adexo.ir https://panel.adexo.ir https://adexofiles.ir https://api.rudderstack.com https://api.rudderstack.com/sourceConfig https://api.rudderstack.com/* *.rudderstack.com *.tchno.life https://cdp.tchno.life/ https://rtr.tchno.life https://app.gapify.ai https://rt.adexo.ir;script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://in.getclicky.com https://static.getclicky.com/js https://*.livechatinc.com https://*.livechat-static.com wss://ws2.goftino.com https://www.clarity.ms *.doubleclick.net https://*.goftino.com cdn.yektanet.com *.yektanet.com https://cdn.yektanet.com w3.org https://www.technolife.com phcm.ir shop.technolife.com *.cloudflare.com https://static.cloudflareinsights.com/ https://ajax.cloudflare.com fonts.googleapis.com *.googletagmanager.com google-analytics.com https://www.google-analytics.com/ google.com/recaptcha https://www.googletagmanager.com https://www.google.com/recaptcha https://www.google.com/recaptcha/ https://*.gstatic.com recaptcha.net *.webengage.com *.webengage.co https://app.raychat.io plus.sabavision.com https://unpkg.com/  https://se3.raychat.io https://deemanetwork.com https://trustseal.enamad.ir/ *.google-analytics.com *.analytics.google.com wss://ws6.goftino.com https://cdn.jsdelivr.net https://yektanet.com https://fcm.googleapis.com https://fcm.googleapis.com/fcm/connect/subscribe app.raychat.io cdn.raychat.io https://*.clarity.ms https://www.aparat.com/ wss://cdn.goftino.com/ https://cdn.parsimap.ir/ https://*.parsimap.ir https://trk.chavosh.org wss://*.goftino.com https://*.goftino.com https://client.crisp.chat https://analytics.takhfifan.com/ https://tracker.chavosh.org/ https://api.parsimap.ir/ https://api2.parsimap.ir/ https://if-cdn.com https://player.arvancloud.com https://*.goftino.com https://*.clarity.ms https://plus.sabavision.com/ https://ma-cdn.pegah.tech https://sentry.pegah.tech https://mediacdn.mediaad.org https://s1.mediaad.org https://cdn.mediaffic.ir https://api.mediaad.org *.mouseflow.com *.goftino.com https://adexo.ir https://panel.adexo.ir https://adexofiles.ir https://api.rudderstack.com *.rudderstack.com https://cdn.rudderlabs.com https://cdn.rudderlabs.com/* https://rtr.tchno.life https://cdp.tchno.life/ https://app.gapify.ai *.tchno.life https://rt.adexo.ir;style-src 'self' 'unsafe-inline' *.google.com https://www.technolife.com https://in.getclicky.com https://static.getclicky.com/js https://*.livechatinc.com https://*.livechat-static.com wss://ws2.goftino.com https://ajax.cloudflare.com https://static.cloudflareinsights.com/ w3.org phcm.ir https://*.goftino.com https://cdn.goftino.com/ fonts.googleapis.com https://www.googletagmanager.com *.googletagmanager.com *.cloudflare.com google-analytics.com https://www.google-analytics.com/ google.com/recaptcha https://www.google.com/recaptcha recaptcha.net https://app.raychat.io https://cdn.jsdelivr.net https://cdn.parsimap.ir/ https://*.parsimap.ir plus.sabavision.com https://cdn.fontcdn.ir wss://*.goftino.com wss://ws.goftino.com https://*.goftino.com https://if-cdn.com https://player.arvancloud.com https://trustseal.enamad.ir/ https://deemanetwork.com https://analytics.takhfifan.com/ https://api.parsimap.ir/ https://api2.parsimap.ir/ https://trk.chavosh.org https://tracker.chavosh.org/ https://ma-cdn.pegah.tech https://sentry.pegah.tech https://mediacdn.mediaad.org https://s1.mediaad.org https://cdn.mediaffic.ir https://api.mediaad.org https://if-cdn.com https://player.arvancloud.com https://s2.goftino.com https://*.clarity.ms *.google-analytics.com *.analytics.google.com wss://ws6.goftino.com https://unpkg.com/ *.mouseflow.com *.goftino.com *.webengage.com *.webengage.co *.doubleclick.net https://*.gstatic.com https://adexo.ir https://panel.adexo.ir https://adexofiles.ir https://api.rudderstack.com https://cdn.yektanet.com *.rudderstack.com https://cdp.tchno.life/ https://app.gapify.ai https://rt.adexo.ir;font-src 'self' 'unsafe-inline' *.google.com https://in.getclicky.com https://www.googletagmanager.com https://www.technolife.com *.cloudflare.com https://static.getclicky.com/js https://*.livechatinc.com https://*.livechat-static.com wss://ws2.goftino.com https://static.cloudflareinsights.com/ https://ajax.cloudflare.com https://www.goftino.com/ data: shop.technolife.com w3.org phcm.ir fonts.googleapis.com *.googletagmanager.com google-analytics.com https://www.google-analytics.com/ google.com/recaptcha recaptcha.net https://cdn.goftino.com/ https://ma-cdn.pegah.tech https://sentry.pegah.tech https://mediacdn.mediaad.org https://s1.mediaad.org https://cdn.mediaffic.ir https://api.mediaad.org https://app.raychat.io https://cdn.fontcdn.ir https://fdn.fontcdn.ir wss://cdn.goftino.com/ wss://ws.goftino.com https://*.goftino.com https://deemanetwork.com https://client.crisp.chat https://analytics.takhfifan.com/ https://cdn.parsimap.ir/ https://*.parsimap.ir https://trustseal.enamad.ir/ https://api.parsimap.ir/ https://api2.parsimap.ir/ https://if-cdn.com https://player.arvancloud.com https://trk.chavosh.org https://tracker.chavosh.org/ https://s2.goftino.com https://*.clarity.ms *.google-analytics.com *.analytics.google.com wss://*.goftino.com plus.sabavision.com https://unpkg.com/ *.mouseflow.com *.goftino.com *.webengage.com *.webengage.co *.doubleclick.net https://*.gstatic.com https://adexo.ir https://panel.adexo.ir https://adexofiles.ir https://api.rudderstack.com *.rudderstack.com *.tchno.life https://cdp.tchno.life/ https://cdn.yektanet.com https://rt.adexo.ir;object-src 'none';upgrade-insecure-requests;frame-ancestors https://trustseal.enamad.ir/;connect-src 'self' https://api.rudderstack.com https://api.rudderstack.com/sourceConfig https://api.rudderstack.com/* *.rudderstack.com *.tchno.life https://cdp.tchno.life/ https://cdn.rudderlabs.com https://cdn.rudderlabs.com/* blob: *.google.com https://static.getclicky.com https://in.getclicky.com wss://*.goftino.com https://*.livechatinc.com https://*.livechat-static.com *.doubleclick.net https://www.goftino.com/ https://www.clarity.ms https://c.clarity.ms https://ma-cdn.pegah.tech https://sentry.pegah.tech https://mediacdn.mediaad.org https://s1.mediaad.org https://cdn.mediaffic.ir https://api.mediaad.org *.webengage.com *.webengage.co https://*.goftino.com https://*.clarity.ms https://*.parsimap.ir https://*.yektanet.com https://cdn.yektanet.com *.google-analytics.com https://rtr.tchno.life https://app.gapify.ai https://rt.adexo.ir;base-uri 'self';script-src-attr 'none' 3
frame-ancestors 'self' https://bioland.we.network/ https://my.dlv.de/ 3
frame-ancestors *.motor1.com 3
default-src 'self' 'unsafe-inline' data: keyweb.de *.keyweb.de keyweb.3cx.eu:5001; script-src 'self' 'unsafe-inline' 'unsafe-eval' keyweb.de *.keyweb.de downloads-global.3cx.com *.youtube.com *.google.com *.gstatic.com;  img-src 'self' 'unsafe-inline' data:; frame-src 'self' keyweb.3cx.eu:5001 *.youtube.com chat.keyweb.de; 3
frame-ancestors 'self' https://*.erp.tu-dresden.de:* https://piwik.mz.tu-dresden.de https://matomo.tu-dresden.de 3
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data:; frame-ancestors 'self' https://www.govloanoptions.com https://staging.govloanoptions.com https://govratealerts.com https://staging--govratealerts.netlify.app https://bestrateguide.com https://*.govloanoptions.com https://*.govratealerts.com https://*.bestrateguide.com https://staging.bestrateguide.com; 3
frame-ancestors *.cas.cn 3
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: * blob: *; frame-src 'self' blob: *; frame-ancestors 'self' https://*.peta.org https://*.peta2.com https://*.petalatino.com https://*.animalrahat.com; media-src 'self' blob: *;worker-src 'self' blob: *; 3
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client; style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob: https://accounts.google.com/gsi/; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none' 3
default-src 'self'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.auswaertiges-amt.de *.babiel.com maps.googleapis.com; style-src  'self' 'unsafe-inline' fonts.googleapis.com https://de.presidencymt.eu/assets/widget/widget.css; connect-src 'self' *.auswaertiges-amt.de *.babiel.com maps.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-src *.diplo.de *.auswaertiges-amt.de *.babiel.com platform.twitter.com platform.x.com www.facebook.com www.instagram.com syndication.twitter.com www.linkedin.com www.youtube-nocookie.com https://vk.com/ https://www.google.com/; script-src-elem 'self' 'unsafe-inline' localhost:3000 *.auswaertiges-amt.de *.babiel.com platform.twitter.com platform.x.com connect.facebook.net www.instagram.com maps.googleapis.com https://de.presidencymt.eu/assets/widget/widget.js https://vk.com/js/api/openapi.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ 3
frame-ancestors 'self' https://cyon.ch https://www.cyon.ch https://blog.cyon.ch; 3
upgrade-insecure-requests; default-src 'self' *.rockwellautomation.com *.rockwellautomation.com.cn rockwellautomation.scene7.com; img-src 'self' https: *.rockwellautomation.com *.rockwellautomation.com.cn rockwellautomation.scene7.com *.cookielaw.org data: www.google.com www.googletagmanager.com www.google-analytics.com www.google.co.uk www.google.de www.google.fr www.google.it www.google.es www.google.nl www.google.be www.google.ch www.google.at www.google.ca www.google.com.au www.google.co.nz www.google.co.in www.google.com.br www.google.com.mx www.google.com.ar www.google.com.tr www.google.pl www.google.cz www.google.gr www.google.co.kr www.google.co.jp www.google.com.hk www.google.com.sg www.google.co.th www.google.com.vn www.google.co.za cm.everesttech.net dpm.demdex.net s1284661142.t.eloqua.com www.facebook.com *.virtualearth.net r.bing.com www.bing.com secure.adnxs.com app.gatedcontent.com px.ads.linkedin.com www.linkedin.com siteintercept.qualtrics.com blob:; font-src 'self' *.rockwellautomation.com *.rockwellautomation.com.cn fonts.gstatic.com script.hotjar.com use.fontawesome.com dokumfe7mps0i.cloudfront.net library.jobpixel.com data:; style-src 'self' 'unsafe-inline' *.rockwellautomation.com *.rockwellautomation.com.cn fonts.googleapis.com app.gatedcontent.com r.bing.com www.bing.com atlas.microsoft.com use.fontawesome.com cdn.datatables.net www.jobpixel.com public-assets.jobpixel.com; script-src 'self' 'unsafe-inline' *.rockwellautomation.com *.rockwellautomation.com.cn rockwellautomation.tt.omtrdc.net *.cookielaw.org assets.adobedtm.com js.driftt.com app.gatedcontent.com blob: www.googletagmanager.com www.google-analytics.com static.hotjar.com script.hotjar.com snippet.maze.co img.en25.com snap.licdn.com rockwellautomation.atlassian.net cdn.auth0.com dokumfe7mps0i.cloudfront.net d25zu39ynyitwy.cloudfront.net public-assets.jobpixel.com www.jobpixel.com acsbapp.com js-cdn.dynatrace.com www.statcounter.com cdn.datatables.net atlas.microsoft.com www.bing.com r.bing.com *.virtualearth.net play.vidyard.com platform-api.sharethis.com buttons-config.sharethis.com s.go-mpulse.net connect.facebook.net googleads.g.doubleclick.net cdn-0.d41.co ecf.d41.co api1139.d41.co id.rlcdn.com siteintercept.qualtrics.com cdn.jsdelivr.net cdnjs.cloudflare.com *.siteintercept.qualtrics.com unpkg.com cdn.getsmartcontent.com ajax.googleapis.com code.jquery.com 'unsafe-eval'; connect-src 'self' *.rockwellautomation.com *.rockwellautomation.com.cn *.cookielaw.org *.onetrust.com app.gatedcontent.com insights.gatedcontent.com as-external-advisor-centralus-prod-adfs-proxy.azurewebsites.net rockwellautomation.tt.omtrdc.net dayintegrationintern.tt.omtrdc.net google.com www.google.com dpm.demdex.net metrics.hotjar.io content.hotjar.io wss://ws.hotjar.com prompts.maze.co connect.facebook.net api1139.d41.co ff.d41.co rockwellautomation.scene7.com vc.hotjar.io surveystats.hotjar.io in.hotjar.com siteintercept.qualtrics.com cdn.auth0.com olivia.paradox.ai wss://ws.paradox.ai dokumfe7mps0i.cloudfront.net api.jobpixel.com public-assets.jobpixel.com acsbapp.com cdn.acsbapp.com analytics.google.com www.google-analytics.com bf35974red.bf.dynatrace.com c.statcounter.com rockwellautomation.atlassian.net assets.adobedtm.com atlas.microsoft.com www.bing.com *.virtualearth.net s7mbrstream.scene7.com play.vidyard.com l.sharethis.com rockwell2023tf.q4web.com data: c.go-mpulse.net 173bf108.akstat.io 173bf111.akstat.io 173bf10a.akstat.io 684d0d4a.akstat.io 173bf106.akstat.io 173bf110.akstat.io cdn-0.d41.co st.fullcircleinsights.com px.ads.linkedin.com stats.g.doubleclick.net unpkg.com; frame-src 'self' *.rockwellautomation.com *.rockwellautomation.com.cn as-external-advisor-centralus-prod-adfs-proxy.azurewebsites.net js.driftt.com rockwell.demdex.net rockwellautomation-embedded.partcommunity.com jolly-dune-0aa908510.1.azurestaticapps.net jolly-dune-0aa908510.1.azurestaticapps.net www.googletagmanager.com rockwellxm.az1.qualtrics.com play.vidyard.com open.spotify.com spotify.app.link rockwell2023tf.q4web.com victorious-grass-07ffe0d10.2.azurestaticapps.net td.doubleclick.net app.powerbi.com; frame-ancestors 'self' rockwellautomation.com rockwellautomation.com.cn *.rockwellautomation.com *.rockwellautomation.com.cn *.rockwellautomation.adobecqms.net ra.pisrc.net rabot.pisrc.net localhost localhost:* rockwellautomation.github.io; form-action 'self' *.rockwellautomation.com *.rockwellautomation.com.cn s1284661142.t.eloqua.com rockwellautomation.custhelp.com rockwellxm.az1.qualtrics.com uep-punchout-testing-tool.azurewebsites.net forms.hsforms.com; media-src 'self' *.rockwellautomation.com *.rockwellautomation.com.cn rockwellautomation.scene7.com js.driftt.com library.jobpixel.com s7mbrstream.scene7.com preview1.assetsadobe.com blob:; 3
default-src 'self' consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storylane.io js.qualified.com bat.bing-int.com www.googleadservices.com analytics.ahrefs.com obs.forroundprince.com ob.forroundprince.com *.stackadapt.com app.vwo.com munchkin.marketo.net  *.mktoweb.com challenges.cloudflare.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com  bluebeam2--shareddev.sandbox.my.site.com *.vidyard.com *.bluebeam.com *.wpengine.com *.pardot.com www.google-analytics.com fonts.gstatic.com *.cookiebot.com www.googletagmanager.com *.visualwebsiteoptimizer.com connect.facebook.net googleads.g.doubleclick.net *.hotjar.net *.hotjar.com snap.licdn.com bat.bing.com s.yimg.com snap.licdn.com *.google.com bat.bing.com sp.analytics.yahoo.com px.ads.linkedin.com stats.g.doubleclick.net www.facebook.com p.adsymptotic.com cdn.linkedin.oribi.io www.youtube.com; connect-src 'self' *.visualwebsiteoptimizer.com play.vidyard.com wss://ws6.qualified.com app.vwo.com app.qualified.com google.com tsvc.bluebeam.com tsvc.bluebeam.com.au tsvc.bluebeam.se tsvc.bluebeam.co.uk tsvc.bluebeam-dev.com refer.bluebeam.com *.sheerid.net *.sheerid.com analytics.ahrefs.com obs.forroundprince.com tsvc.bluebeam.de *.stackadapt.com *.mktoresp.com *.execute-api.us-east-1.amazonaws.com *.execute-api.eu-west-2.amazonaws.com *.execute-api.ap-southeast-2.amazonaws.com *.execute-api.eu-central-1.amazonaws.com *.execute-api.eu-north-1.amazonaws.com region1.analytics.google.com *.analytics.google.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com content.hotjar.io wss://ws.hotjar.com px.ads.linkedin.com pagead2.googlesyndication.com www.google-analytics.com stats.g.doubleclick.net vc.hotjar.io s.yimg.com *.hotjar.com *.cookiebot.com analytics.google.com *.visualwebsiteoptimizer.com yoast.com www.google.com cdn.linkedin.oribi.io googleads.g.doubleclick.net gw.linkedin.oribi.io ad.doubleclick.net www.facebook.com bat.bing.com www.googleapis.com; img-src 'self' data: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io attr.ml-api.io secure.adnxs.com s.ml-attr.com www.googleadservices.com obs.forroundprince.com ade.googlesyndication.com arttrk.com imgsct.cookiebot.com www.google.co.uk www.google.nl www.google.no www.google.fr www.google.es www.google.dk www.google.se www.google.co.jp www.google.co.kr www.google.it www.google.fi www.google.be www.google.com.au *.vidyard.com *.visualwebsiteoptimizer.com sp.analytics.yahoo.com *.bing.com www.facebook.com px.ads.linkedin.com www.google.com p.adsymptotic.com secure.gravatar.com www.linkedin.com www.google-analytics.com gw.linkedin.oribi.io www.googletagmanager.com ad.doubleclick.net ps.w.org; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com p.typekit.net use.typekit.net *.stackadapt.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.bluebeam.com *.wpengine.com fonts.googleapis.com; base-uri 'self'; form-action 'self' *.bluebeam.com www.facebook.com *.my.salesforce.com *.salesforce.com; object-src data: 'unsafe-eval'; font-src 'self' use.typekit.net p.typekit.net *.bluebeam.com *.wpengine.com fonts.googleapis.com fonts.gstatic.com data: 'unsafe-eval'; media-src 'self' app.qualified.com *.bluebeam.com *.wpengine.com *.cookiebot.com; frame-src 'self' www.google.com *.storylane.io *.visualwebsiteoptimizer.com app.vwo.com blob: app.qualified.com www.googletagmanager.com challenges.cloudflare.com *.vidyard.com *.bluebeam.com *.cookiebot.com *.hotjar.com www.facebook.com www.youtube.com td.doubleclick.net 9747788.fls.doubleclick.net roicalbucket.s3-website-us-east-1.amazonaws.com roical.bluebeam-dev.com roical.bluebeam.com go.pardot.com; worker-src 'self' blob: ; 3
frame-ancestors 'self' *.drillisch-online.de *.1und1.de *.1und1.com profiseller.de *.profiseller.de *.1and1.com dsl.gmx.de dsl.web.de 1und1-premiumpartner.de *.1und1-premiumpartner.de 1und1-partner.de *.1und1-partner.de 1und1-mm.de *.1und1-mm.de 1und1-freenet.de *.1und1-freenet.de yourfone-partner.de *.yourfone-partner.de *.mouseflow.com *.1und1.cloud; 3
frame-ancestors https://*.publons.com:* http://*.publons.com:* https://publons.com:* https://cortellis.com:* https://*.cortellis.com:* http://*.cortellis.com:* https://cortellis.cn:* https://*.cortellis.cn:* http://*.cortellis.cn:* https://*.clarivate.com:* http://*.clarivate.com:* https://*.dev-wos.com:* http://*.dev-wos.com:* https://*.endnote.com:* http://*.endnote.com:* https://*.myendnoteweb.com:* http://*.myendnoteweb.com:* https://myendnoteweb.com:* https://*.dev-cortellis.com:* http://*.dev-cortellis.com:* https://*.ezproxy.auckland.ac.nz:* http://*.ezproxy.auckland.ac.nz:* http://*.dev.oneplatform.build:* https://*.dev.oneplatform.build:* https://*.cptest.idm.oclc.org:* https://*.idm.oclc.org:* https://*.libproxy.albany.edu:* https://*.twu.edu:* http://*.dev-cortellis.cn:* https://*.dev-cortellis.cn:* http://webofscience.com:* https://webofscience.com:* http://*.webofscience.com:* https://*.webofscience.com:* https://*.proxy.lnu.se:* https://*.ub.oru.se:* https://*.griffith.edu.au:* https://*.uexternado.edu.co:* http://*.s3-website-us-west-2.amazonaws.com:* https://*.s3-website-us-west-2.amazonaws.com:* https://*.msu.edu:* https://*.library.nova.edu:* https://*.dev-scholarone.com:* https://*.clarivate.cn:* https://*.dev-incites.com:* https://*.targetsafety.info:* https://*.gethealthbase.com:* https://*.clarivate.net:* http://*.library.vanderbilt.edu:* https://*.library.vanderbilt.edu:* https://*.dev-innovation.com:* https://*.derwentinnovation.com:* http://*.globalq.com:* https://*.globalq.com:* http://*.globalqinc.com:* https://*.globalqinc.com:* https://*.proxyucr.elogim.com:*; sandbox allow-top-navigation allow-same-origin allow-scripts allow-popups allow-forms allow-modals 3
object-src 'none'; frame-ancestors 'self' https://www.qlik.com https://webapps.qlik.com https://www.facebook.com 3
default-src 'self' https://*.paycor.com;    connect-src 'self' https://*.paycor.com https://cdnjs.cloudflare.com https://tracking-api.g2.com https://cdn.jsdelivr.net https://api.codetabs.com https://js.zi-scripts.com  https://res.cloudinary.com https://tracking.crazyegg.com https://play.vidyard.com https://cdn.cookielaw.org https://*.lottie.host https://*.lottiefiles.com https://unpkg.com https://c.amazon-adsystem.com https://analytics.ahrefs.com https://pixels.spotify.com https://px.ads.linkedin.com https://privacyportal.onetrust.com https://bat.bing.com https://tag-logger.demandbase.com https://pnapi.invoca.net https://obs.cheqzone.com https://api.company-target.com https://003-jww-697.mktoresp.com https://ad.doubleclick.net https://pixel.quantserve.com https://pixel.quantcount.com https://script.crazyegg.com https://app.navattic.com https://geolocation.onetrust.com https://analytics.google.com https://www.google.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.mutinycdn.com https://*.qualified.com wss://*.qualified.com;    img-src 'self' data: https://*.paycor.com https://*.mutinycdn.com https://cdn.vidyard.com  https://www.googletagmanager.com https://prreqcroab.icu https://id.rlcdn.com https://play.vidyard.com https://cdn.bizible.com https://ad.doubleclick.net https://pixel.quantserve.com https://www.google.com https://www.facebook.com https://*.qualified.com https://res.cloudinary.com/spiralyze/ https://obs.cheqzone.com https://pycrstg.wpengine.com https://cdn.cookielaw.org;    script-src 'self' https://*.paycor.com https://unpkg.com https://*.mutinycdn.com https://js.zi-scripts.com https://cdn.jsdelivr.net https://cdn.amcharts.com https://*.lottiefiles.com https://*.lottie.host https://play.vidyard.com https://client-registry.mutinycdn.com https://secure.wufoo.com https://www.gstatic.com https://ionfiles.scribblecdn.net https://www.google.com https://cdnjs.cloudflare.com https://code.jquery.com https://bat.bing.com https://snap.licdn.com https://c.amazon-adsystem.com https://cdn.pdst.fm https://analytics.ahrefs.com https://*.qualified.com https://okt.to https://cdn.bizible.com https://munchkin.marketo.net https://obs.cheqzone.com https://pnapi.invoca.net https://ob.cheqzone.com https://static.oktopost.com https://solutions.invocacdn.com https://tag.demandbase.com https://rules.quantcount.com https://ajax.googleapis.com https://embedsocial.com https://tracking.g2crowd.com https://js.navattic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org/ https://secure.quantserve.com https://script.crazyegg.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';   style-src 'self' https://*.paycor.com https://*.qualified.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://embedsocial.com https://res.cloudinary.com 'unsafe-inline';    frame-src 'self' https://*.paycor.com blob: https://*.qualified.com https://app.powerbi.com https://s.amazon-adsystem.com https://player.vimeo.com https://play.vidyard.com https://unpkg.com https://paycor.wufoo.com/ https://*.google.com https://embedsocial.com https://*.fls.doubleclick.net https://s.company-target.com https://www.googletagmanager.com/;   frame-ancestors 'self' https://*.paycor.com https://app.mutinyhq.com;  media-src 'self' https://*.paycor.com https://*.qualified.com;    font-src 'self' https://*.paycor.com https://fonts.gstatic.com data: https://res.cloudinary.com;  object-src 'none'; 3
frame-ancestors 'self' https://lex.admin.lbr.cloud 3
upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com https://courses.mist.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' penguin.co.uk *.penguin.co.uk cdnjs.cloudflare.com cdn-ukwest.onetrust.com *.trendmicro.com *.byspotify.com *.shorthand.com penguinrandomhouseuk.shorthandstories.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net *.tiktok.com www.dwin2.com *.riddle.com *.hotjar.com *.hotjar.io *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupl.tt.omtrdc.net *.youtube.com *.soundcloud.com *.tiktok.com *.tiktokcdn-us.com *.ttwstatic.com *.srv.stackadapt.com https://www.everestjs.net; object-src 'self'; worker-src blob 'self'; frame-ancestors 'self'; 3
report-uri https://sentry.eneba.com/api/6/security/?sentry_key=102de17feb49405fadcbb032c33331d1&sentry_release=1.3483.0; report-to csp-endpoint; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.nsureapi.com https://device.maxmind.com https://fpnpmcdn.net https://connect.facebook.net https://*.clarity.ms https://eneba.atlassian.net https://static.eneba.games https://assets.eneba.games https://challenges.cloudflare.com https://mx.eneba.com https://*.criteo.net https://*.criteo.com https://mainf.global-cache.online https://widget.trustpilot.com https://apps.rokt.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://www.paypal.com https://c.paypal.com https://*.cardinalcommerce.com https://*.js.stripe.com https://js.stripe.com https://checkoutshopper-live-us.adyen.com https://checkoutshopper-live.adyen.com https://cdn.safecharge.com https://pay.google.com https://static.dlocal.com https://ebanx-js.ebanx.com https://beacon.riskified.com https://i.k-analytix.com https://cdn.checkout.com https://applepay.cdn-apple.com https://js.tazapay.com https://*.csftr.com https://newsletter.ene.ba https://an.gr-wcon.com https://us-an.gr-cdn.com https://ga2.getresponse.com https://m.gr-cdn-e.eu https://*.forter.com https://d1qmrxg9gbf226.cloudfront.net https://d229oaghhl3bjt.cloudfront.net https://d1141abz4ln14s.cloudfront.net https://d1w9sasay4s756.cloudfront.net https://d3bejklh892qn.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://d2w2nqfk3z9hdt.cloudfront.net https://*.signifyd.com; 3
frame-ancestors 'self' www.hrc.org hrc.org www.thehrcfoundation.org thehrcfoundation.org hrcvirtualevent.org www.hrcvirtualevent.org timetothrive.org www.timetothrive.org reports.hrc.org chefsforequality.org www.chefsforequality.org thelei.org www.thelei.org welcomingschools.org www.welcomingschools.org mybodymyhealth.org www.mybodymyhealth.org transvisibility.day www.transvisibility.day removewalters.com www.removewalters.com comingout.day nonbinary.day pride.day pronouns.day atlanta.hrc.org austin.hrc.org chicago.hrc.org cincinnati.hrc.org cleveland.hrc.org colorado.hrc.org columbus.hrc.org dc.hrc.org dfw.hrc.org greaterny.hrc.org houston.hrc.org jackson.hrc.org kansascity.hrc.org la.hrc.org lasvegas.hrc.org minnesota.hrc.org nashville.hrc.org newengland.hrc.org nola.hrc.org northcarolina.hrc.org oclbps.hrc.org orlando.hrc.org philadelphia.hrc.org phoenix.hrc.org portland.hrc.org sanantonio.hrc.org sandiego.hrc.org seattle.hrc.org sfbayarea.hrc.org southflorida.hrc.org stlouis.hrc.org utah.hrc.org wcny.hrc.org hrcnationaldinner.org www.hrcnationaldinner.org hrcnationaldinner.com www.hrcnationaldinner.com 3
object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-to csp-violation; report-uri https://cspreports.realpage.com/api/reports/save/violation; 3
frame-ancestors 'self' yamada-denkiweb.com *.yamada-denkiweb.com yamada-denki.jp *.yamada-denki.jp ymall.jp *.ymall.jp nojima.co.jp *.nojima.co.jp edion.com *.edion.com edion.co.jp *.edion.co.jp biccamera.com *.biccamera.com biccamera.co.jp *.biccamera.co.jp kojima.net *.kojima.net sofmap.com *.sofmap.com sofmap.co.jp *.sofmap.co.jp joshinweb.jp *.joshinweb.jp joshin.co.jp *.joshin.co.jp ksdenki.com *.ksdenki.com ksdenki.co.jp *.ksdenki.co.jp yodobashi.com *.yodobashi.com yodobashi.co.jp *.yodobashi.co.jp xprice.co.jp *.xprice.co.jp cocorostore.jp.sharp st-cocorostore.jp.sharp st.jp.sharp; 3
frame-ancestors 'self' https://webvisor.com https://awards.ratingruneta.ru 3
frame-ancestors 'self' https://www.bing.com https://www.google.com https://*.search.yahoo.com https://www.naver.com https://www.baidu.com 3
frame-ancestors https://www.renault-group.com.cn 3
default-src *.pendo.saashr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googleapis.com *.twitter.com *.instagram.com *.facebook.net *.twimg.com *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; img-src * data: blob: *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; media-src *; frame-ancestors file: cdvfile: 'self'; frame-src * gap://ready data: app.eu.pendo.io; font-src 'self' fonts.gstatic.com; connect-src 'self' data: *.google.com *.googleapis.com *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com 3
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com; frame-ancestors 'self'; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com  https://googleads.g.doubleclick.net; upgrade-insecure-requests; worker-src blob:; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.geotab.com *.google.com *.google.ca *.googleapis.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.incontact.com *.salesforce.com  *.buzzsprout.com *.visualwebsiteoptimizer.com *.vidyard.com *.twitter.com *.ads-twitter.com https://www.youtube.com https://script.crazyegg.com https://googleads.g.doubleclick.net https://514004470.collect.igodigital.com/collect.js https://connect.facebook.net https://snap.licdn.com https://cmp.osano.com https://bugcrowd.com https://*.bugcrowdusercontent.com *.linkedin.com blob: https://s.saleswingsapp.com/ https://cdn.c212.net/ https://c212.net https://pixel.mathtag.com/ *.zoominfo.com *.clickagy.com *.6sc.co https://client-registry.mutinycdn.com/ https://js.zi-scripts.com https://bat.bing.com https://www.clarity.ms https://js.adsrvr.org *.niceincontact.com *.marketo.net; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net *.zoominfo.com data: *.niceincontact.com; style-src 'self' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net *.niceincontact.com *.stackadapt.com; img-src * data: blob:; connect-src *; object-src *; frame-src 'self' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.youtube.com *.facebook.com *.salesforce.com https://home-c19.incontact.com *.doubleclick.net https://www.buzzsprout.com https://attendee.gotowebinar.com https://register.gotowebinar.com *.vidyard.com https://www.youtube.com https://cmp.osano.com https://www.recaptcha.net https://bugcrowd.com *.linkedin.com https://calendly.com/ https://www.youtube-nocookie.com https://pixel.mathtag.com/ https://insight.adsrvr.org/ *.niceincontact.com *.arcade.software; media-src 'self' *.googleapis.com webtest2.geotab.com webtest3.geotab.com *.niceincontact.com; frame-ancestors 'self' *.geotab.com https://geotab.my.salesforce.com; 3
frame-ancestors https://*.upwave.com 3
connect-src 'self' ws: wss: https://*.optimizely.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com https://cms.comptia.org https://www.comptia.org https://www.google.com.br https://geolocation.onetrust.com https://privacyportal.onetrust.com https://chatapps-us.netomi.com https://*.chatplus.jp https://ak.sail-horizon.com https://d1igp3oop3iho5.cloudfront.net https://js.zi-scripts.com https://api.sail-personalize.com https://px.ads.linkedin.com https://*.wootric.com https://wootric-eligibility.herokuapp.com https://analytics.tiktok.com https://ws.zoominfo.com https://cdn.segment.com https://api.segment.io https://*.hotjar.io https://*.cmp.optimizely.com https://*.google.com https://*.googlesyndication.com https://sso.comptia.org https://*.contentsquare.net https://*.contentsquare.com https://stats.g.doubleclick.net https://analytics-ipv6.tiktokw.us https://api.sail-track.com https://*.zaius.com https://www.facebook.com https://*.sailthru.cloud https://*.googleadservices.com https://googleads.g.doubleclick.net https://ak.sail-horizon.com; default-src 'self'; font-src 'self' data: https://chatapps-us.netomi.com https://*.chatplus.jp https://use.typekit.net https://fonts.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net wss://ws.zoominfo.com; frame-ancestors 'self' https://cms.comptia.org https://*.optimizely.com; frame-src https://comptiaprojects.atlassian.net https://*.comptia.org https://cms.comptia.org https://*.optimizely.com https://forms.comptia.org https://www.youtube.com https://player.vimeo.com https://production-comptiawebsite.azurewebsites.net https://www.verse.com https://www.googletagmanager.com https://www.google.com https://*.chatplus.jp; img-src data: https://www.comptia.org https://images.cmp.optimizely.com https://cdn.cookielaw.org https://*.contentsquare.net https://www.facebook.com https://a.usea01.idio.episerver.net https://px.ads.linkedin.com https://api.zaius.com https://px4.ads.linkedin.com https://www.googletagmanager.com https://aistudio-cdata.s3.amazonaws.com https://www.googletagmanager.com https://cms.comptia.org https://*.google.com.br https://optanon.blob.core.windows.net https://*.netomi.com https://*.chatplus.jp https://*.optimizely.com https://images4.cmp.optimizely.com https://*.cmp.optimizely.com https://www.google.ca https://www.linkedin.com https://img.convertflow.co https://uploads.convertflow.co https://media.sailthru.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.google.com https://*.google.com.mx https://*.simpli.fi; media-src 'self' https://i.ytimg.com https://*.chatplus.jp; script-src 'self' https://*.comptia.org https://*.optimizely.com https://*.googleapis.com https://cdn.cookielaw.org https://chatapps-us.netomi.com https://*.chatplus.jp https://www.google-analytics.com https://www.googletagmanager.com https://cms.comptia.org https://www.comptia.org https://code.jquery.com https://unpkg.com https://va.vercel-scripts.com https://player.vimeo.com https://www.youtube.com https://*.contentsquare.net https://app.contentsquare.com https://connect.facebook.net https://snap.licdn.com https://ak.sail-horizon.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://cdn.wootric.com https://s.usea01.idio.episerver.net https://chatapps-us.netomi.com https://*.chatplus.jp https://d1igp3oop3iho5.cloudfront.net https://js.zi-scripts.com https://chatapps-us.netomi.com https://api.sail-personalize.com https://js.zi-scripts.com https://*.zaius.com https://cdn.segment.com https://*.hotjar.com https://*.convertflow.co https://*.convertflow.com https://api.sail-track.com https://www.google.com https://www.gstatic.com https://*.sailthru.cloud https://ak.sail-horizon.com 'unsafe-eval' 'unsafe-inline' blob: https://*.googleadservices.com https://googleads.g.doubleclick.net https://tag.simpli.fi https://i.simpli.fi; style-src 'self' 'unsafe-inline' https://www.comptia.org https://cms.comptia.org https://chatapps-us.netomi.com https://*.chatplus.jp https://*.googleapis.com https://use.typekit.net https://p.typekit.net; base-uri 'none'; worker-src 'self' blob:; 3
frame-ancestors 'self' *.groupe-sncf.com *.cdn.vsct.fr *.aws.vsct.fr *.smartvigie.fr; upgrade-insecure-requests 3
default-src 'self' 'unsafe-inline' *; img-src data: * ; 3
frame-ancestors 'self';default-src 'self' blob: 'unsafe-inline' *.mutinycdn.com data.hockeystack.com *.mutinyhq.io  tracking.g2crowd.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com   wss://ws.qualified.com perf-na1.hsforms.com app.qualified.com td.doubleclick.net pagead2.googlesyndication.com ws.qualified.com d3cy9zhslanhfa.cloudfront.net ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com youtube.com cdn.linkedin.oribi.io rs.fullstory.com forms-na1.hsforms.com cdn.contentful.com phenompeople.na.chilipiper.com js.chilipiper.com api.na.chilipiper.com api.chilipiper.com tracking.chilipiper.com ipv6.6sc.co cdn.cookielaw.org images.ctfassets.net assets.ctfassets.net videos.ctfassets.net app.clearbit.com api.hubapi.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com *.clearbitscripts.com *.litix.io alb.reddit.com *.clarity.ms secure.adnxs.com *.g2.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com *.google.com *.google.co.in stats.g.doubleclick.net p.adsymptotic.com privacy-policy.truste.com *.linkedin.com api.sharedcount.com n2.mouseflow.com c.6sc.co epsilon.6sense.com www.facebook.com *.hubspot.com fonts.gstatic.com *.phenom.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com cdn.cookielaw.org optanon.blob.core.windows.net c.bing.com geolocation.onetrust.com youtu.be abm2.listenloop.com notify.bugsnag.com pt37ad6f6a.execute-api.us-east-1.amazonaws.com data slideshare.net:;script-src 'self' 'unsafe-inline' 'unsafe-eval' home.integrate.com *.mutinycdn.com data.hockeystack.com *.mutinyhq.io  tracking.g2crowd.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com  code.jquery.com ajax.googleapis.com images.ctfassets.net www.googleadservices.com videos.ctfassets.net *.phenom.com c.bing.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net *.clarity.ms j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com fast.wistia.net www.g2.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com www.redditstatic.com js.usemessages.com alb.reddit.com cdn.cookielaw.org static.ads-twitter.com *.clearbitscripts.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com js.chilipiper.com js.usemessages.com js.hsadspixel.net js.na.chilipiper.com snap.licdn.com www.google.com images.ctfassets.net videos.ctfassets.net js.driftt.com googleads.g.doubleclick.net stats.g.doubleclick.neti edge.fullstory.com secure.adnxs.com cb3034c4ce68477bb69489e3e49e4588.js.ubembed.com assets.ubembed.com js.zi-scripts.com ws-assets.zoominfo.com js.qualified.com js.hubspot.com v2.listenloop.com launcher.1mind.com static.oktopost.com js.storylane.io cdn.storylane.io ddwl4m2hdecbv.cloudfront.net; connect-src 'self' data: https: http: wss://ws.qualified.com; frame-src 'self' data: https: http:; img-src 'self' data: https: http:; 3
default-src  	'self'   	https://splc-git.github.io;  connect-src  	'self'   	https://api.marker.io  	https://ssr.marker.io  	https://viewlicense.adobe.io   	https://*.cloudinary.com  	https://*.documentcloud.adobe.com  	https://*.analytics.google.com  	https://*.g.doubleclick.net  	https://*.google-analytics.com  	https://*.googletagmanager.com  	https://*.google.ad  	https://*.google.ae  	https://*.google.al  	https://*.google.am  	https://*.google.as  	https://*.google.at  	https://*.google.az  	https://*.google.ba  	https://*.google.be  	https://*.google.bf  	https://*.google.bg  	https://*.google.bi  	https://*.google.bj  	https://*.google.bs  	https://*.google.bt  	https://*.google.by  	https://*.google.ca  	https://*.google.cat 	https://*.google.cd  	https://*.google.cf  	https://*.google.cg  	https://*.google.ch  	https://*.google.ci  	https://*.google.cl  	https://*.google.cm  	https://*.google.cn  	https://*.google.co.ao  	https://*.google.co.bw  	https://*.google.co.ck  	https://*.google.co.cr  	https://*.google.co.id  	https://*.google.co.il  	https://*.google.co.in  	https://*.google.co.jp  	https://*.google.co.ke  	https://*.google.co.kr  	https://*.google.co.ls  	https://*.google.co.ma  	https://*.google.co.mz  	https://*.google.co.nz  	https://*.google.co.th  	https://*.google.co.tz  	https://*.google.co.ug  	https://*.google.co.uk  	https://*.google.co.uz  	https://*.google.co.ve  	https://*.google.co.vi  	https://*.google.co.za  	https://*.google.co.zm  	https://*.google.co.zw  	https://*.google.com  	https://*.google.com.af  	https://*.google.com.ag  	https://*.google.com.ar  	https://*.google.com.au  	https://*.google.com.bd  	https://*.google.com.bh  	https://*.google.com.bn  	https://*.google.com.bo  	https://*.google.com.br  	https://*.google.com.bz  	https://*.google.com.co  	https://*.google.com.cu  	https://*.google.com.cy  	https://*.google.com.do  	https://*.google.com.ec  	https://*.google.com.eg  	https://*.google.com.et  	https://*.google.com.fj  	https://*.google.com.gh  	https://*.google.com.gi  	https://*.google.com.gt  	https://*.google.com.hk  	https://*.google.com.jm  	https://*.google.com.kh  	https://*.google.com.kw  	https://*.google.com.lb  	https://*.google.com.ly  	https://*.google.com.mm  	https://*.google.com.mt  	https://*.google.com.mx  	https://*.google.com.my  	https://*.google.com.na  	https://*.google.com.ng  	https://*.google.com.ni  	https://*.google.com.np  	https://*.google.com.om  	https://*.google.com.pa  	https://*.google.com.pe  	https://*.google.com.pg  	https://*.google.com.ph  	https://*.google.com.pk  	https://*.google.com.pr  	https://*.google.com.py  	https://*.google.com.qa  	https://*.google.com.sa  	https://*.google.com.sb  	https://*.google.com.sg  	https://*.google.com.sl  	https://*.google.com.sv  	https://*.google.com.tj  	https://*.google.com.tr  	https://*.google.com.tw  	https://*.google.com.ua  	https://*.google.com.uy  	https://*.google.com.vc  	https://*.google.com.vn  	https://*.google.cv  	https://*.google.cz  	https://*.google.de  	https://*.google.dj  	https://*.google.dk  	https://*.google.dm  	https://*.google.dz  	https://*.google.ee  	https://*.google.es  	https://*.google.fi  	https://*.google.fm  	https://*.google.fr  	https://*.google.ga  	https://*.google.ge  	https://*.google.gg  	https://*.google.gl  	https://*.google.gm  	https://*.google.gr  	https://*.google.gy  	https://*.google.hn  	https://*.google.hr  	https://*.google.ht  	https://*.google.hu  	https://*.google.ie  	https://*.google.im  	https://*.google.iq  	https://*.google.is  	https://*.google.it  	https://*.google.je  	https://*.google.jo  	https://*.google.kg  	https://*.google.ki  	https://*.google.kz  	https://*.google.la  	https://*.google.li  	https://*.google.lk  	https://*.google.lt  	https://*.google.lu  	https://*.google.lv  	https://*.google.md  	https://*.google.me  	https://*.google.mg  	https://*.google.mk  	https://*.google.ml  	https://*.google.mn  	https://*.google.mu  	https://*.google.mv  	https://*.google.mw  	https://*.google.ne  	https://*.google.nl  	https://*.google.no  	https://*.google.nr  	https://*.google.nu  	https://*.google.pl  	https://*.google.pn  	https://*.google.ps  	https://*.google.pt  	https://*.google.ro  	https://*.google.rs  	https://*.google.ru  	https://*.google.rw  	https://*.google.sc  	https://*.google.se  	https://*.google.sh  	https://*.google.si  	https://*.google.sk  	https://*.google.sm  	https://*.google.sn  	https://*.google.so  	https://*.google.sr  	https://*.google.st  	https://*.google.td  	https://*.google.tg  	https://*.google.tl  	https://*.google.tm  	https://*.google.tn  	https://*.google.to  	https://*.google.tt  	https://*.google.vu  	https://*.google.ws  	https://s3.eu-west-1.amazonaws.com  	https://splcenter.attn.tv  	https://splcenter-us.attn.tv  	https://events.attentivemobile.com  	https://fastaction.ngpvan.com  	https://insight.adsrvr.org  	https://test-drive-7-s6uit34pua-uc.a.run.app  	https://secure.everyaction.com;  script-src   	'self'  	'unsafe-inline'  	'unsafe-eval'  	https://*.adobe.com  	https://*.dafdirect.org  	https://*.g.doubleclick.net  	https://*.google-analytics.com  	https://*.google.com  	https://*.googleapis.com  	https://*.googletagmanager.com  	https://*.greenhouse.io  	https://*.gstatic.com  	https://edge.marker.io  	https://player.vimeo.com  	https://www.youtube.com  	https://youtube.com  	https://js.adsrvr.org  	https://connect.facebook.net  	https://cdn.attn.tv  	https://extend.vimeocdn.com   	https://*.cloudinary.com  	https://js.verygoodvault.com  	https://static.everyaction.com  	https://*.vbotickets.com  	https://pym.nprapps.org  	https://d3rse9xjbp8270.cloudfront.net;  img-src  	'self'  	https://res.cloudinary.com  	https://secure.everyaction.com  	https://www.dafdirect.org  	https://secure.gravatar.com  	https://splc-git.github.io   	https://www.facebook.com  	https://static.everyaction.com  	data:  		https://*.cloudinary.com  		https://splcenter.org  		https://www.splcactionfund.org  		https://*.google-analytics.com  		https://*.googleapis.com  		https://*.googletagmanager.com  		https://*.gstatic.com  		https://*.google.ad  		https://*.google.ae  		https://*.google.al  		https://*.google.am  		https://*.google.as  		https://*.google.at  		https://*.google.az  		https://*.google.ba  		https://*.google.be  		https://*.google.bf  		https://*.google.bg  		https://*.google.bi  		https://*.google.bj  		https://*.google.bs  		https://*.google.bt  		https://*.google.by  		https://*.google.ca  		https://*.google.cat 		https://*.google.cd  		https://*.google.cf  		https://*.google.cg  		https://*.google.ch  		https://*.google.ci  		https://*.google.cl  		https://*.google.cm  		https://*.google.cn  		https://*.google.co.ao  		https://*.google.co.bw  		https://*.google.co.ck  		https://*.google.co.cr  		https://*.google.co.id  		https://*.google.co.il  		https://*.google.co.in  		https://*.google.co.jp  		https://*.google.co.ke  		https://*.google.co.kr  		https://*.google.co.ls  		https://*.google.co.ma  		https://*.google.co.mz  		https://*.google.co.nz  		https://*.google.co.th  		https://*.google.co.tz  		https://*.google.co.ug  		https://*.google.co.uk  		https://*.google.co.uz  		https://*.google.co.ve  		https://*.google.co.vi  		https://*.google.co.za  		https://*.google.co.zm  		https://*.google.co.zw  		https://*.google.com  		https://*.google.com.af  		https://*.google.com.ag  		https://*.google.com.ar  		https://*.google.com.au  		https://*.google.com.bd  		https://*.google.com.bh  		https://*.google.com.bn  		https://*.google.com.bo  		https://*.google.com.br  		https://*.google.com.bz  		https://*.google.com.co  		https://*.google.com.cu  		https://*.google.com.cy  		https://*.google.com.do  		https://*.google.com.ec  		https://*.google.com.eg  		https://*.google.com.et  		https://*.google.com.fj  		https://*.google.com.gh  		https://*.google.com.gi  		https://*.google.com.gt  		https://*.google.com.hk  		https://*.google.com.jm  		https://*.google.com.kh  		https://*.google.com.kw  		https://*.google.com.lb  		https://*.google.com.ly  		https://*.google.com.mm  		https://*.google.com.mt  		https://*.google.com.mx  		https://*.google.com.my  		https://*.google.com.na  		https://*.google.com.ng  		https://*.google.com.ni  		https://*.google.com.np  		https://*.google.com.om  		https://*.google.com.pa  		https://*.google.com.pe  		https://*.google.com.pg  		https://*.google.com.ph  		https://*.google.com.pk  		https://*.google.com.pr  		https://*.google.com.py  		https://*.google.com.qa  		https://*.google.com.sa  		https://*.google.com.sb  		https://*.google.com.sg  		https://*.google.com.sl  		https://*.google.com.sv  		https://*.google.com.tj  		https://*.google.com.tr  		https://*.google.com.tw  		https://*.google.com.ua  		https://*.google.com.uy  		https://*.google.com.vc  		https://*.google.com.vn  		https://*.google.cv  		https://*.google.cz  		https://*.google.de  		https://*.google.dj  		https://*.google.dk  		https://*.google.dm  		https://*.google.dz  		https://*.google.ee  		https://*.google.es  		https://*.google.fi  		https://*.google.fm  		https://*.google.fr  		https://*.google.ga  		https://*.google.ge  		https://*.google.gg  		https://*.google.gl  		https://*.google.gm  		https://*.google.gr  		https://*.google.gy  		https://*.google.hn  		https://*.google.hr  		https://*.google.ht  		https://*.google.hu  		https://*.google.ie  		https://*.google.im  		https://*.google.iq  		https://*.google.is  		https://*.google.it  		https://*.google.je  		https://*.google.jo  		https://*.google.kg  		https://*.google.ki  		https://*.google.kz  		https://*.google.la  		https://*.google.li  		https://*.google.lk  		https://*.google.lt  		https://*.google.lu  		https://*.google.lv  		https://*.google.md  		https://*.google.me  		https://*.google.mg  		https://*.google.mk  		https://*.google.ml  		https://*.google.mn  		https://*.google.mu  		https://*.google.mv  		https://*.google.mw  		https://*.google.ne  		https://*.google.nl  		https://*.google.no  		https://*.google.nr  		https://*.google.nu  		https://*.google.pl  		https://*.google.pn  		https://*.google.ps  		https://*.google.pt  		https://*.google.ro  		https://*.google.rs  		https://*.google.ru  		https://*.google.rw  		https://*.google.sc  		https://*.google.se  		https://*.google.sh  		https://*.google.si  		https://*.google.sk  		https://*.google.sm  		https://*.google.sn  		https://*.google.so  		https://*.google.sr  		https://*.google.st  		https://*.google.td  		https://*.google.tg  		https://*.google.tl  		https://*.google.tm  		https://*.google.tn  		https://*.google.to  		https://*.google.tt  		https://*.google.vu  		https://*.google.ws  		https://www.facebook.com;  style-src  	'self'  	'unsafe-inline'  	https://flo.uri.sh  	https://fonts.googleapis.com  	https://platform.twitter.com  	https://tagmanager.google.com  	https://ton.twimg.com/tfw/css  	https://www.dafdirect.org  	https://www.gstatic.com  	https://static.everyaction.com  	https://*.vbotickets.com  	https://d3rse9xjbp8270.cloudfront.net;  font-src  	'self'  	data:  	https://*.googleapis.com  	https://*.gstatic.com  	https://*.splcenter.org  	https://d3rse9xjbp8270.cloudfront.net  	https://www.splcactionfund.org;  frame-src  	'self'  	https://*.greenhouse.io  	https://cdn.knightlab.com  	https://connect.facebook.net  	https://datawrapper.dwcdn.net  	https://documentcloud.adobe.com  	https://documentservices.adobe.com  	https://flo.uri.sh  	https://googletagmanager  	https://platform.twitter.com  	https://play.prx.org  	https://player.captivate.fm  	https://player.vimeo.com  	https://s-static.ak.facebook.com  	https://action.splcenter.org  	https://secure.splcenter.org  	https://splc-git.github.io  	https://splcenter.cartodb.com  	https://ssl.google-analytics.com  	https://vimeo.com  	https://www.facebook.com  	https://www.google.com  	https://www.youtube.com  	https://youtu.be  	https://*.adsrvr.org  	https://*.g.doubleclick.net  	https://app.marker.io  	https://*.vote.org  	https://*.vbotickets.com  	https://doublethedonation.com  	https://www.dafdirect.org  	https://www.arcgis.com  	https://*.libsyn.com  	blob: https://www.splcenter.org  https://www.splcactionfund.org;  media-src  	'self'  	https://*.cloudinary.com  	https://splc-git.github.io;  worker-src 'self' blob: https://www.splcenter.org https://www.splcactionfund.org; 3
frame-ancestors 'self' ssense.com *.ssense.com 3
default-src 'self' pttp: https://www.netacad.com data: blob: https://www.netacad.com https://prod.socialgoodplatform.com 'unsafe-inline' 'unsafe-eval' https://code.s4d.io code.s4d.io; img-src 'self' https://caprod.my.salesforce.com https://solutions.brightcove.com https://netacad.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data: https://www.netacad.com data: blob: https://prod.socialgoodplatform.com https://www.netacad.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.facebook.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://cisco-tags-stg.cisco.com https://bcbolt446c5271-a.akamaihd.net https://www.cisco.com code.s4d.io cdn.cookielaw.org https://code.s4d.io https://cdn.cookielaw.org *.webexcontent.com *.eum-appdynamics.com *.appdynamics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforce.com https://*.force.com https://*.my.site.com https://*.salesforce-scrt.com https://*.googleapis.com https://*.gstatic.com *.salesforceliveagent.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.netacad.com 'unsafe-inline' 'unsafe-eval' blob: https://prod.socialgoodplatform.com https://www.netacad.com https://munchkin.marketo.net https://manifest.prod.boltdns.net https://maps.googleapis.com https://tags.tiqcdn.com https://www.googletagmanager.com https://cdn.appdynamics.com https://www.google-analytics.com https://connect.facebook.net https://cdn.appdynamics.com https://www.cisco.com https://players.brightcove.net https://map.brightcove.com https://vjs.zencdn.net https://assets.map.brightcove.com https://cdn.cookielaw.org https://edge.api.brightcove.com https://api.netacad.com https://geolocation.onetrust.com https://dj5ag5n6bpdxo.cloudfront.net https://code.s4d.io cdn.ckeditor.com; style-src 'self' 'unsafe-inline' https://*.salesforce.com https://*.force.com https://*.my.site.com https://*.salesforce-scrt.com  https://fonts.googleapis.com https://www.netacad.com 'unsafe-inline' https://cdnjs.cloudflare.com https://prod.socialgoodplatform.com https://players.brightcove.net https://cdnjs.cloudflare.com https://code.s4d.io; frame-src 'self' pttp: *.google.com https://fast.wistia.net https://*.salesforce.com https://*.force.com https://*.my.site.com https://*.salesforce-scrt.com https://www.netacad.com https://portal.netdevgroup.com https://contenthub.netacad.com https://ole03.yourlearning.ibm.com https://www6.nohold.net https://ssac-backend.netacad.com https://adapt-backend.netacad.com mailto: data: blob: https://3569326.fls.doubleclick.net https://assessment.netacad.com https://www.googletagmanager.com https://auth.netacad.com https://www.facebook.com; connect-src 'self' https://*.salesforce.com https://*.force.com https://*.my.site.com https://*.salesforce-scrt.com https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://fastly-signed-us-east-1-prod.brightcovecdn.com https://interactivity.viewer.api.brightcove.com https://*.googleapis.com *.google.com https://*.gstatic.com *.salesforceliveagent.com data: blob: https://www.netacad.com https://analytics.google.com https://geolocation.onetrust.com https://auth.netacad.com https://059-vfz-834.mktoresp.com https://www.facebook.com https://privacyportal.cisco.com https://pdx-col.eum-appdynamics.com https://edge.api.brightcove.com  https://api.netacad.com https://www.google-analytics.com https://cdn.cookielaw.org https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net 'unsafe-inline' *.wbx2.com *.ciscospark.com *.webex.com *.cisco.com code.s4d.io cdn.cookielaw.org wss://*.wbx2.com https://code.s4d.io https://cdn.cookielaw.org *.webexcontent.com *.eum-appdynamics.com *.appdynamics.com webexapis.com; font-src 'self' https://fonts.gstatic.com https://www.netacad.com code.s4d.io https://code.s4d.io data: blob: https://prod.socialgoodplatform.com https://cdnjs.cloudflare.com code.s4d.io https://code.s4d.io wss://*.wbx2.com; media-src 'self' https://*.salesforce.com https://*.force.com https://*.my.site.com https://*.salesforce-scrt.com https://www.netacad.com data: blob: https://prod.socialgoodplatform.com https://www.netacad.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net code.s4d.io https://code.s4d.io https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://fastly-signed-us-east-1-prod.brightcovecdn.com https://interactivity.viewer.api.brightcove.com; worker-src https://www.netacad.com blob:; frame-ancestors 'none'; 3
upgrade-insecure-requests; default-src 'self' *.leuchtfeuer.com; frame-src 'self' *.consentmanager.net *.youtube.com *.youtube-nocookie.com *.altrulabs.com *.smartrecruiters.com *.equitystory.com *.conti-apps.de *.continental.com *.wowza.com livestream.com *.nc3-cdn.com *.googletagmanager.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.continental.com *.facebook.net *.googleapis.com *.googletagmanager.com *.bing.com *.virtualearth.net www.cdn.botfriendsx.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.doubleclick.net *.flockler.com *.flockler.systems *.continental.com *.google.com *.googleapis.com *.googletagmanager.com *.mouseflow.com *.bing.com *.virtualearth.net *.admiralcloud.com *.altrulabs.com *.smartrecruiters.com *.linkedin.com *.licdn.com *.analytics.google.com *.google-analytics.com *.trkkn.com unpkg.com *.consentmanager.net *.equitystory.com www.cdn.botfriendsx.com api.eu-1.smooch.io blob:; font-src 'self' www.cdn.botfriendsx.com data: *.continental.com *.bing.com *.admiralcloud.com *.altrulabs.com *.gstatic.com; connect-src 'self' *.facebook.net *.linkedin.com *.flockler.com *.flockler.app *.continental.com *.leuchtfeuer.com *.admiralcloud.com *.bing.com *.virtualearth.net *.altrulabs.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.mouseflow.com *.consentmanager.net *.trkkn.com cdn.linkedin.oribi.io www.cdn.botfriendsx.com *.config.eu-1.smooch.io api.eu-1.smooch.io wss://api.eu-1.smooch.io; img-src * data: *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.virtualearth.net; media-src * blob:; report-uri https://sentry.leuchtfeuer.com/api/13/security/?sentry_key=66362f3cb1034383abbd3702c8d1a340 3
default-src https: data:; script-src https: *.amplitude.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src *; 3
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://blueimp.github.io *.youtube.com *.jquery.com *.toast.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com https://snap.licdn.com *.linkedin.com *.lh.pl *.googletagmanager.com *.facebook.net *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com www.googleadservices.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.toast.com *.linkedin.com *.googleapis.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com; img-src 'self' *.linkedin.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com *.lh.pl *.ytimg.com *.googletagmanager.com *.facebook.net *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com www.googleadservices.com data: *.google.pl *.google.com *.google-analytics.com *.facebook.com; font-src 'self' *.gstatic.com; 3
frame-ancestors 'self' https://*.pmo.ee https://*.tvnet.lv https://*.apollo.lv https://*.tvn.lv 3
child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com *.qualified.com; default-src 'self' 'unsafe-inline' vitals.vercel-insights.com *.vimeo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src *.qualified.com player.vimeo.com vars.hotjar.com www.facebook.com t.sharethis.com *.qualified.com *.company-target.com https://challenges.cloudflare.com https://wizlympics-website.vercel.app https://asteroids-website.vercel.app https://path-man-website.vercel.app *.navattic.com *.wiz.io forms.office.com docs.google.com www.googletagmanager.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.youtube.com cdn.forms-content.sg-form.com boards.greenhouse.io job-boards.greenhouse.io https://a26988130118.cdn.optimizely.com https://a26988130118.cdn-pci.optimizely.com hemsync.clickagy.com; worker-src 'self' blob:; connect-src 'self' vitals.vercel-insights.com *.qualified.com wss://*.qualified.com www.google-analytics.com analytics.google.com/g/collect www.google.com *.vimeo.com vimeo.com *.ingest.sentry.io www.datocms-assets.com www.youtube.com legal.wiz.io *.algolia.net *.algolianet.com *.algolia.io *.company-target.com *.demandbase.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.bizible.com bat.bing.com cdn.cookielaw.org tracking.g2crowd.com static.hotjar.com script.hotjar.com *.sharethis.com a.clarity.ms/collect *.onetrust.com *.clarity.ms j.6sc.co snap.licdn.com *.redditstatic.com static.ads-twitter.com ws.zoominfo.com connect.facebook.net tkr.techtarget.com epsilon.6sense.com ipv6.6sc.co c.6sc.co ib.adbnxs.com trk.techtarget.com ib.adnxs.com munchkin.marketo.net 120-tfk-810.mktoutil.com 120-tfk-810.mktoresp.com secure.adnxs.com www.facebook.com cdn.linkedin.oribi.io epsilon-cloudfront.6sense.com tags.clickagy.com *.doubleclick.net ws://localhost:3000 https://logx.optimizely.com https://*.optimizely.com js.zi-scripts.com aorta.clickagy.com hemsync.clickagy.com tags.srv.stackadapt.com *.googleapis.com ctf.wiz-research.com staging-ctf.wiz-research.com api.cr-relay.com analytics.tiktok.com *.tiktokw.us *.mux.com *.supabase.co wss://*.supabase.co hey.wiz.io px.ads.linkedin.com *.techtarget.com tracking-api.g2.com *.reddit.com *.crwdcntrl.net *.googlesyndication.com *.clearbit.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.hotjar.com data:; img-src 'self' 'unsafe-eval' data: https: http: *.hotjar.com tags.srv.stackadapt.com https://ct.capterra.com; media-src 'self' https: blob: mediastream: *.qualified.com; object-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' va.vercel-scripts.com vitals.vercel-insights.com tagmanager.google.com apis.google.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com js.qualified.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net *.hotjar.com *.demandbase.com *.quora.com https://challenges.cloudflare.com tags.srv.stackadapt.com *.navattic.com bwa.marketplace.awsstatic.com cdn.cr-relay.com analytics.tiktok.com *.clearbitjs.com *.clearbitscripts.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.youtube.com cdn.forms-content.sg-form.com boards.greenhouse.io job-boards.greenhouse.io cdn.bizible.com bat.bing.com cdn.cookielaw.org tracking.g2crowd.com static.hotjar.com script.hotjar.com *.sharethis.com a.clarity.ms/collect *.onetrust.com *.clarity.ms j.6sc.co snap.licdn.com *.redditstatic.com static.ads-twitter.com ws.zoominfo.com connect.facebook.net tkr.techtarget.com epsilon.6sense.com ipv6.6sc.co c.6sc.co ib.adbnxs.com trk.techtarget.com ib.adnxs.com munchkin.marketo.net 120-tfk-810.mktoutil.com 120-tfk-810.mktoresp.com secure.adnxs.com www.facebook.com cdn.linkedin.oribi.io epsilon-cloudfront.6sense.com tags.clickagy.com *.doubleclick.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com ws-assets.zoominfo.com js.zi-scripts.com tags.clickagy.com schedule.zoominfo.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.vimeocdn.com *.qualified.com *.hotjar.com tags.srv.stackadapt.com; form-action 'self' www.facebook.com; frame-ancestors 'self' https://partners.wiz.io https://www.wiz.io; 3
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com https://dev.pcgcustomer.nprd.aig.com https://dev2.pcgcustomer.nprd.aig.com https://qa.pcgcustomer.nprd.aig.com https://qa2.pcgcustomer.nprd.aig.com https://uat.pcgcustomer.nprd.aig.com https://perf.pcgcustomer.nprd.aig.com https://perf2.pcgcustomer.nprd.aig.com https://pcgcustomer.aig.com/; upgrade-insecure-requests; 3
frame-ancestors 'self' https://www.oderland.com/ https://www.oderland.dk/ https://www.oderland.no/ https://www.oderland.se/; 3
child-src 'self' https://widgets.outbrain.com/ https://platform.twitter.com/ https://ams.creativecdn.com/ https://gum.criteo.com/ https://fledge.eu.criteo.com/ https://fledge.criteo.com/ https://static.criteo.net/ https://td.doubleclick.net/ https://3689183.fls.doubleclick.net/ https://10089018.fls.doubleclick.net/ https://c1.adform.net/ umap.openstreetmap.fr https://quefairedemesdechets.ademe.fr https://player.ausha.co https://carte-jnr.fr https://826367cf.sibforms.com https://umap.openstreetmap.fr https://remonterletemps.ign.fr https://www.google.com https://www.geoportail.gouv.fr https://my.sendinblue.com https://www.observatoire-des-territoires.gouv.fr https://ssm-ecologie.shinyapps.io umap.incubateur.anct.gouv.fr https://les-mobilites-innov.vercel.app https://my.brevo.com https://www.dailymotion.com https://widget.make.org https://embed.acast.com https://tr.snapchat.com https://insight.adsrvr.org https://fledge.teads.tv https://match.adsrvr.org https://fa4dd5c3.sibforms.com https://geo.dailymotion.com https://macarte.ign.fr https://arcg.is https://experience.arcgis.com https://www.youtube-nocookie.com; frame-src 'self' https://widgets.outbrain.com/ https://platform.twitter.com/ https://ams.creativecdn.com/ https://gum.criteo.com/ https://fledge.eu.criteo.com/ https://fledge.criteo.com/ https://static.criteo.net/ https://td.doubleclick.net/ https://3689183.fls.doubleclick.net/ https://10089018.fls.doubleclick.net/ https://c1.adform.net/ umap.openstreetmap.fr https://quefairedemesdechets.ademe.fr https://player.ausha.co https://carte-jnr.fr https://826367cf.sibforms.com https://umap.openstreetmap.fr https://remonterletemps.ign.fr https://www.google.com https://www.geoportail.gouv.fr https://my.sendinblue.com https://www.observatoire-des-territoires.gouv.fr https://ssm-ecologie.shinyapps.io umap.incubateur.anct.gouv.fr https://les-mobilites-innov.vercel.app https://my.brevo.com https://www.dailymotion.com https://widget.make.org https://embed.acast.com https://tr.snapchat.com https://insight.adsrvr.org https://fledge.teads.tv https://match.adsrvr.org https://fa4dd5c3.sibforms.com https://geo.dailymotion.com https://mission-transition-ecologique.beta.gouv.fr https://macarte.ign.fr https://arcg.is https://experience.arcgis.com https://www.youtube-nocookie.com; script-src 'self' 'unsafe-eval' 'sha256-GEmTd95eAGvrxhP3QnFTr7+Lax78pl1ndxJzchCgn6Y=' 'sha256-4zxVVkPpC89VtojcGa1G5VPzngVkztn2u8JaUsiqZ3w=' 'sha256-d9Nhfu86ZpPLzR1ZFc1Woo6Jv6CtPqCA14mSN/bnDYk=' 'sha256-7m63w4in/vG4uUHtq4LhidCqFYMBnTJtUVGry+V0fMU=' 'sha256-qPWPDs41iWORF0XEtF5fQcKIlJ/yy0M51JKvIw21xkk=' 'sha256-foOqxbTlRYgCsgb2CYnAJnGqKZK3sxeXQydeQSC9pR4=' 'sha256-P4sW2WuBXBFbSe27NM8oQ2M+g7o2IbLqe4V3rux/8eA=' 'sha256-ODp/8+TYjInEiOZmtQ9mvIGHuJOOoSgSr3dYmJiy6Fw=' 'sha256-tUt4X8C2FtEKzcsd6yMq4mgdKCCmx6IFWZqPT4r8mJ8=' 'sha256-1P+17kjHUif7i9SVcb/0INVKhw0vu0L+QErV/nCj6UY=' 'sha256-MdWCW0PX/uFUXD1j3cJocYI+IE9vhIbmmF7msKTK90I=' 'sha256-S4m5DuhyjI+zOUYV2mO/7xUsfgQV0scBzvWlrbJqdko=' 'sha256-uegkKALbOITEttCL5aXtLhQ8+iU8+ms8IPWxae9cX1E=' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'strict-dynamic' 'nonce-hgKAm1O-3ZLgwsVYRbkjOw'; script-src-elem 'self' 'unsafe-eval' 'sha256-GEmTd95eAGvrxhP3QnFTr7+Lax78pl1ndxJzchCgn6Y=' 'sha256-4zxVVkPpC89VtojcGa1G5VPzngVkztn2u8JaUsiqZ3w=' 'sha256-d9Nhfu86ZpPLzR1ZFc1Woo6Jv6CtPqCA14mSN/bnDYk=' 'sha256-7m63w4in/vG4uUHtq4LhidCqFYMBnTJtUVGry+V0fMU=' 'sha256-qPWPDs41iWORF0XEtF5fQcKIlJ/yy0M51JKvIw21xkk=' 'sha256-foOqxbTlRYgCsgb2CYnAJnGqKZK3sxeXQydeQSC9pR4=' 'sha256-P4sW2WuBXBFbSe27NM8oQ2M+g7o2IbLqe4V3rux/8eA=' 'sha256-ODp/8+TYjInEiOZmtQ9mvIGHuJOOoSgSr3dYmJiy6Fw=' 'sha256-tUt4X8C2FtEKzcsd6yMq4mgdKCCmx6IFWZqPT4r8mJ8=' 'sha256-1P+17kjHUif7i9SVcb/0INVKhw0vu0L+QErV/nCj6UY=' 'sha256-MdWCW0PX/uFUXD1j3cJocYI+IE9vhIbmmF7msKTK90I=' 'sha256-S4m5DuhyjI+zOUYV2mO/7xUsfgQV0scBzvWlrbJqdko=' 'sha256-uegkKALbOITEttCL5aXtLhQ8+iU8+ms8IPWxae9cX1E=' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'strict-dynamic' 'nonce-hgKAm1O-3ZLgwsVYRbkjOw'; upgrade-insecure-requests 3
base-uri 'self'; connect-src 'self' plausible.io region1.analytics.google.com *.google.com *.google.se *.google-analytics.com *.googlesyndication.com stats.g.doubleclick.net talk.hyvor.com player.vimeo.com chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net beacon-v2.helpscout.net clients1.google.com wss://soketi.hyvor.com consentcdn.cookiebot.com consent.cookiebot.com px.ads.linkedin.com unpkg.com webforms.pipedrive.com ep1.adtrafficquality.google ep2.adtrafficquality.google; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self' https://cloudamqp.createsend.com; frame-ancestors *; frame-src www.googletagmanager.com platform.twitter.com player.vimeo.com consentcdn.cookiebot.com cse.google.com webforms.pipedrive.com; img-src 'self' imgsct.cookiebot.com i.vimeocdn.com syndication.twitter.com t.co analytics.twitter.com *.google.com *.google.se *.googlesyndication.com www.googleadservices.com googleads.g.doubleclick.net ep1.adtrafficquality.google ep2.adtrafficquality.google dc.ads.linkedin.com px.ads.linkedin.com data:; media-src player.vimeo.com *.vimeocdn.com; object-src 'none'; script-src 'self' unpkg.com www.googletagmanager.com www.googleadservices.com consent.cookiebot.com consentcdn.cookiebot.com plausible.io beacon-v2.helpscout.net player.vimeo.com f.vimeocdn.com www.gstatic.com cdn.jsdelivr.net platform.twitter.com static.ads-twitter.com snap.licdn.com js.createsend1.com cse.google.com www.google.com 'sha256-kklWc/t2/WH5gPZrA2NiJCjW5LCzd3lxXXD9nW2wWkM=' 'sha256-k9i5+gCsm+IZyKv2BRKirkS/QT/xLDCmZlYIpZkXDw8=' webforms.pipedrive.com *.pipedriveassets.com; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com f.vimeocdn.com 'unsafe-inline' *.pipedriveassets.com www.google.com; upgrade-insecure-requests; 3
frame-ancestors 'self' https://sketch.com https://*.sketch.com https://*.netlify.app 3
default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://oebb.celum.cloud https://chcloudoebbexportprod.blob.core.windows.net https://chcloudoebbprod.blob.core.windows.net https://*.streaming.media.azure.net; style-src 'self' 'unsafe-inline' https://*.oebb.at https://*.nightjet.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://cdn.botframework.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io https://*.traumgutscheine.com https://myincert.com https://*.myincert.com https://jrrsxh.obb-italia.com https://8fhpe4.oebb.at; connect-src 'self' blob: https://*.oebb.at https://*.nightjet.com https://obc.railcargo.com https://oebb.celum.cloud https://*.playertec.de https://api.siteimprove.com https://directline.botframework.com https://europe.directline.botframework.com wss://europe.directline.botframework.com wss://directline.botframework.com https://powerva.microsoft.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://*.eu.omnichannelengagementhub.com https://go-eu.trouter.teams.microsoft.com https://*.communication.azure.com https://eu-mobile.events.data.microsoft.com https://*.trouter.teams.microsoft.com wss://*.trouter.teams.microsoft.com https://teams.microsoft.com https://api.userback.io https://tickets-deva.dm.tsint.at https://tickets-stest.dm.tsint.at https://shop.oebbtickets.at https://jrrsxh.obb-italia.com https://8fhpe4.oebb.at; img-src 'self' data: blob: https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://chcloudoebbexportprod.blob.core.windows.net https://chcloudoebbprod.blob.core.windows.net https://*.ytimg.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io; media-src data:; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.streaming.media.azure.net https://*.microsoftstream.com https://www.youtube-nocookie.com https://vimeo.com https://*.vimeo.com https://*.playertec.de https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://*.dynamics.com https://live.virtual-events.at https://service.studiobaff.com https://live.brame-gamification.com https://www.komoot.de https://wien.radelt.at https://rcg.flave.world https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://comms.omnichannelengagementhub.com https://www.traumgutscheine.com https://railtours.traumgutscheine.com https://tickets-deva.dm.tsint.at https://tickets-stest.dm.tsint.at https://shop.oebbtickets.at https://staging.svv.app.simdle.mobi; frame-ancestors 'self' https://*.oebb.at http://fahrplan.oebb.at https://*.nightjet.com https://*.railcargo.com https://oebb-test.hafas.de; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://res-1.cdn.office.net https://res.cdn.office.net; child-src blob: https://*.oebb.at https://www.traumgutscheine.com https://railtours.traumgutscheine.com; worker-src blob: https://*.oebb.at; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://solicitudes.tarjetaabc.cl https://tarjetaabc.cl https://*.tarjetaabc.cl https://515014059.collect.igodigital.com https://cdn.jsdelivr.net https://cdn.cquotient.com https://www.clarity.ms https://static.hotjar.com https://connect.facebook.net https://googleads.g.doubleclick.net https://script.hotjar.com https://p.cquotient.com https://ui.powerreviews.com https://e.cquotient.com https://media.flixfacts.com https://maps.googleapis.com https://media.flixcar.com https://www.entel.cl https://www.google.com/recaptcha/api.js https://www.gstatic.com https://static.powerreviews.com https://h.online-metrix.net https://scripts.clarity.ms https://abc.cl https://h64.online-metrix.net https://analytics.tiktok.com https://storage.googleapis.com https://oc-cache.production.alquimio.cloud https://front-notrack.indexado.production.pmbox.cloud https://front.indexado.production.alquimio.cloud https://*.alquimio.cloud https://*.omnitok.com https://lapolartarjeta.my.site.com https://lapolartarjeta.my.salesforce-scrt.com;frame-ancestors 'self';object-src 'none'; 3
frame-ancestors 'self' *.orange.ro  3
default-src 'self'; form-action 'self' https://*.hsforms.com; object-src 'self'; connect-src 'self' https://api.github.com https://*.hsforms.com https://element.io https://*.hs-banner.com https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com; media-src 'self' https://element.io; style-src 'self' 'unsafe-inline' https://element.io https://*.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://element.io data: https://fonts.gstatic.com; img-src 'self' https://element.io data: https://matomo.riot.im/matomo.php https://*.hsforms.com https://*.hubspot.com https://px.ads.linkedin.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://element.io https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js https://*.hsforms.net https://*.hsforms.com https://js-eu1.hubspot.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hsadspixel.net/fb.js https://js-eu1.hscollectedforms.net/collectedforms.js  https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js; child-src 'self' https://*.hsforms.com; frame-src youtube.com www.youtube-nocookie.com https://*.hsforms.com https://js-eu1.hsforms.net; 3
default-src blob: 'self' https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.iovox.com/ http://vimeo.com https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net; worker-src * blob:; img-src * blob: data:; 3
default-src 'self' easy.gr *.easy.gr *.cookiebot.com *.tawk.to *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google.com *.youtube.com;script-src 'self' *.paypal.com *.paypalobjects.com *.braintreegateway.com easy.gr *.easy.gr *.youtube.com  'unsafe-inline' https://pagead2.googlesyndication.com 'unsafe-eval' *.googleusercontent.com *.gstatic.com tippedjs.com fancyapps.com ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to cdn.jsdelivr.net *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com *.google.com *.google.gr *.youtube.com *.unpkg.com ;style-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net;img-src 'self' blob: data: easy.gr *.easy.gr 'unsafe-inline' https://quickchart.io  ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to cdn.jsdelivr.net tawk.link s3.amazonaws.com *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com cdn.jsdelivr.net *.google.gr *.google.nl *.paypalobjects.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com ;font-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to fonts.gstatic.com *.facebook.com *.facebook.net *.cookiebot.com *.paypalobjects.com stats.g.doubleclick.net ;connect-src 'self' easy.gr *.easy.gr 'unsafe-inline' *.tawk.to wss://*.tawk.to  *.lottiefiles.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net google.com *.youtube.com *.googlesyndication.com ; frame-src 'self' easy.gr *.easy.gr  'unsafe-inline' *.paypal.com *.paypalobjects.com *.googletagmanager.com *.doubleclick.net *.cookiebot.com *.tawk.to ; 3
frame-ancestors 'self' https://*.hotjar.com 3
default-src 'self' *.gstatic.com https://storage.googleapis.com/gdm-deepmind-com-prod-public/; connect-src 'self' *.google-analytics.com *.gstatic.com services.google.com auditrecording-pa.googleapis.com *.google.com *.googlesyndication.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com https://storage.googleapis.com/gdm-deepmind-com-prod-public/; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https://storage.googleapis.com/gdm-deepmind-com-prod-public/; frame-ancestors 'self'; frame-src 'self' www.youtube.com https://storage.googleapis.com/deepmind-media/ ai.google *.googletagmanager.com https://storage.googleapis.com/gdm-deepmind-com-prod-public/; img-src 'self' data: *.googleusercontent.com *.gstatic.com *.googletagmanager.com *.i.ytimg.com i.ytimg.com *.google.com *.googlesyndication.com *.googleadservices.com *.g.doubleclick.net https://storage.googleapis.com/gdm-deepmind-com-prod-public/; manifest-src 'self' https://storage.googleapis.com/gdm-deepmind-com-prod-public/; media-src 'self' *.googlevideo.com https://storage.googleapis.com/gdm-deepmind-com-prod-public/; style-src 'self' 'unsafe-inline' *.google.com *.gstatic.com https://fonts.googleapis.com https://storage.googleapis.com/gdm-deepmind-com-prod-public/; script-src 'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.googletagmanager.com *.googleadservices.com https://storage.googleapis.com/gdm-deepmind-com-prod-public/ 3
frame-ancestors 'self' *.paessler.com 3
default-src 'none'; connect-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://www.google-analytics.com/ https://*.facebook.com/ https://geolocation.onetrust.com/ https://fpf.org/ https://www.cloudflare.com/ https://vimeo.com/ https://log.cookieyes.com/; font-src 'self' data: https://cdnjs.cloudflare.com/ https://*.google.com/ https://*.typekit.net/ https://fonts.gstatic.com/; img-src 'self' data: https://*.gravatar.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.google.com/ https://www.google-analytics.com/ https://fpf.org/ https://img.youtube.com/ https://i.vimeocdn.com/ https://cdn-cookieyes.com/; frame-src 'self' https://www.youtube-nocookie.com/ https://*.twitter.com/ https://*.google.com/ https://*.facebook.com https://*.youtube.com https://*.eventbrite.com/ https://player.vimeo.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://*.gstatic.com/ https://*.google.com/ https://*.typekit.net/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://cdn.cookielaw.org/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.twitter.com/ https://*.gstatic.com/ https://*.google.com/ https://*.eventbrite.com/ https://*.youtube.com/ https://fpf.org/ https://player.vimeo.com/ https://*.vimeocdn.com/ https://cdn-cookieyes.com/ https://*.cookieyes.com/; worker-src 'self' https://*.youtube.com/ https://*.vimeo.com/ blob:; block-all-mixed-content; 3
frame-ancestors 'self' *.cloudera.com 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ *.s3.amazonaws.com *.optimizely.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://*.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com https://gba4ya26.micpn.com/p/js/ https://tr.snapchat.com/config/ https://www.google.com/pagead/ https://bat.bing.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://analytics.tiktok.com https://m5srpdpi.micpn.com https://tags.crwdcntrl.net https://ynnpkxoz.micpn.com https://tag.demandbase.com https://mi.chamberlain.edu https://static.hotjar.com https://s.adroll.com https://script.hotjar.com https://d.adroll.com https://marvel-b2-cdn.bc0a.com https://geoip-js.com *.avaamo.com https://munchkin.marketo.net https://ict.infinity-tracking.net https://js.adsrvr.org https://s.yimg.com https://waldenuniversity.referralrock.com https://cdn.mouseflow.com https://tag.mtrcs.samba.tv https://pixel.mathtag.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://pixel.admedia.com *.googlesyndication.com *.storelocatorwidgets.com https://ajax.googleapis.com https://home-c20.incontact.com https://gateway.on24.com https://www.riddle.com/ *.b0e8.com https://embedr.flickr.com https://widgets.flickr.com *.infinity-tracking.com https://c.hrzn-nxt.com https://public.flourish.studio https://www.redditstatic.com t.contentsquare.net app.contentsquare.com https://www.esyoh.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co *.mnixdata.com https://optimizely-hrd.appspot.com https://aa.trkn.us *.bttrack.com https://bttrack.com https://assets-pcor-dev.adtalem.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.googleapis.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://api.wire.spbx.app *.contentsquare.net  *.ofgreencolumn.com *.fouanalytics.com https://cdn.mobius.highereducation.com/mobius-latest.min.js  https://cdn.us.heap-api.com https://heapanalytics.com https://cdn.eu.heap-api.com; object-src 'none'; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com *.salesforceliveagent.com https://rossu.secure.force.com https://auc--fullsanbox.sandbox.my.salesforce.com https://test.salesforce.com https://login.salesforce.com https://rossu.my.salesforce.com/ *.my.salesforce.com *.my.site.com/ *.force.com/; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/ https://hello.myfonts.net/ https://fast.fonts.net/ https://cdnjs.cloudflare.com/ https://optimize.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdn.storelocatorwidgets.com *.googletagmanager.com https://*.crazyegg.com  *.my.salesforce.com *.my.site.com/ *.force.com/ https://unpkg.com https://use.typekit.net/ https://heapanalytics.com; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com/ https://www.adtalem.com/ https://*.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://www.google-analytics.com https://optimize.google.com https://webtracking.medical.rossu.edu https://analytics.tiktok.com https://rossu.secure.force.com https://webtrackingvet.rossu.edu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://ipv4.d.adroll.com https://pt.ispot.tv *.amazonaws.com https://sp.analytics.yahoo.com https://webtracking.chamberlain.edu https://pixel.mtrcs.samba.tv https://cu.secure.force.com https://bidagent.xad.com https://data.adxcel-ec2.com https://pixel.mathtag.com https://cdnjs.cloudflare.com https://img.storelocatorwidgets.com https://www.googleadservices.com https://arttrk.com ads-api.twitter.com analytics.twitter.com  ads-twitter.com https://bam.nr-data.net *.cookielaw.org *.b0e8.com *.salesforce-sites.com https://trkn.us *.contentsquare.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://live.staticflickr.com https://d.adroll.com https://ad.doubleclick.net https://public.flourish.studio https://l.hrzn-nxt.com https://alb.reddit.com https://analytics.pangle-ads.com *.force.com/ https://px0.pbbl.co https://aa.agkn.com *.t.eloqua.com/ *.my.site.com/ *.adnxs.com/ *.tapad.com/ *.adsrvr.org/ *.bttrack.com/ https://storage.googleapis.com/ https://di.rlcdn.com/ https://assets-pcor-dev.adtalem.com https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.gstatic.com https://maps.googleapis.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://api.wire.spbx.app  *.ofgreencolumn.com https://ml314.com/ https://dpm.demdex.net/ https://heapanalytics.com; media-src 'self' *.avaamo.com; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com https://vr.showmecaribbean.com/ https://e.issuu.com/ https://optimize.google.com *.cdn.optimizely.com https://waldenuniversity.referralrock.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://match.adsrvr.org https://pixel.mathtag.com https://cdn.hypemarks.com https://widget.spreaker.com https://app.calconic.com https://www.google.com *.avaamo.com https://home-c20.incontact.com https://www.riddle.com https://gateway.on24.com https://cdn.yoshki.com https://massinteract.com https://www.flickr.com https://*.siteimprove.com https://public.flourish.studio https://flo.uri.sh https://www.massinteract.com https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co https://unibuddy.co https://events.waldenu.edu https://investors.adtalem.com https://aa.trkn.us *.bttrack.com https://bttrack.com https://www.googletagmanager.com https://app.tintup.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://view-awesome-table.com/ https://gtm.waldenu.edu/ https://www.tiktok.com; frame-ancestors 'self'; child-src 'self' *.youtube.com blob:; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net https://fonts.gstatic.com *.avaamo.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://cdn.mouseflow.com   *.contentsquare.net https://heapanalytics.com; connect-src 'self' wss://wsp43.hotjar.com https://gtm.waldenu.edu https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://*.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/ https://analytics.google.com https://bam.nr-data.net https://ipinfo.io https://www.facebook.com/tr/ https://analytics.tiktok.com https://cdn.linkedin.oribi.io *.optimizely.com https://api.company-target.com https://vc.hotjar.io https://wsp43.hotjar.com https://s.yimg.com *.mktoresp.com https://ict.infinity-tracking.net https://nas.lon.infinity-tracking.net https://pixel.mtrcs.samba.tv https://in.hotjar.com https://segments.company-target.com https://geoip-js.com *.mouseflow.com https://api.tintup.com *.amazonaws.com https://ad.doubleclick.net https://pixel.admedia.com *.mapbox.com *.storelocatorwidgets.com ads-api.twitter.com ads-twitter.com analytics.twitter.com https://917-jig-558.mktoutil.com *.infinity-tracking.com *.contentsquare.net *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://embedr.flickr.com https://bat.bing.com https://discover.waldenu.edu https://www.esyoh.com https://gtm.chamberlain.edu https://gtm.aucmed.edu https://gtm.veterinary.rossu.edu https://gtm.medical.rossu.edu https://analytics.pangle-ads.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://px.ads.linkedin.com/ https://tr6.snapchat.com/ *.mnixdata.com https://integrations.optimizely-edge.com https://www.redditstatic.com https://conversions-config.reddit.com https://www.redditstatic.com *.reddit.com *.bttrack.com https://bttrack.com https://assets-pcor-dev.adtalem.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.googleapis.com https://pcor-dev.adtalem.com https://pcor-qa.adtalem.com https://pcor.adtalem.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://dev-atge-outage.adtalem.com https://qa-atge-outage.adtalem.com https://atge-outage.adtalem.com https://mapsresources-pa.googleapis.com data:  *.ofgreencolumn.com *.fouanalytics.com https://privacyportal.onetrust.com https://api.mobius.highereducation.com/ https://apix.b2c.com/ https://analytics-ipv6.tiktokw.us/ https://cdn.hypemarks.com/ https://www.facebook.com/privacy_sandbox/ https://cdnjs.cloudflare.com/ https://app.unpkg.com/tippy.js@6.3.7 https://unpkg.com/@popperjs/ https://c.us.heap-api.com https://heapanalytics.com https://c.eu.heap-api.com 3
frame-ancestors 'self';  default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 3
default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' blob:; img-src 'self' data: https:; media-src 'self' data: https: blob:; font-src 'self' data: https:; frame-src 'self' https: blob: data: tel:; frame-ancestors 'self' https://loterienationalenationale.qualifioapp.com/ https://experience.adobe.com/ https://aem-nl.prd.natlot.be https://aem-fr.prd.natlot.be https://aem-de.prd.natlot.be https://lonet-acc.powerappsportals.com/; worker-src 'self' 'unsafe-inline' * blob:; connect-src 'self' https: https://sdk.privacy-center.org/ https://api.privacy-center.org/ wss://*.hotjar.com wss://webmessaging.mypurecloud.de; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://live.flyp.tv https://dashboard.stage.bio; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.flockler.com https://*.twimg.com https://cdn.stage.bio https://about.stage.bio; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.3qsdn.com https://api.stage.bio; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.flockler.com https://*.twimg.com https://*.3qsdn.com blob: https://cdn.stage.bio; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital https://preview-kaenef.bmwk.de https://live.flyp.tv https://www.youtube.com; frame-ancestors 'self' http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.init-ag.de; 3
frame-ancestors 'self' https://distributech.com https://www.distributech.com; 3
script-src 'self' kakao.com *.kakao.com t1.daumcdn.net *t1.daumcdn.net addtoany.com *.addtoany.com capitaland.my.site.com ipinfo.io *.google.com google.com *.maps.googleapis.com maps.googleapis.com *.googleapis.com googleapis.com *.developers.google.com developers.google.com *.baidu.com baidu.com *.hm.baidu.com hm.baidu.com *.api.map.baidu.com api.map.baidu.com *.z.moatads.com z.moatads.com *.google-analytics.com google-analytics.com *.addthis.com addthis.com *.addthisedge.com addthisedge.com *.cdn.polyfill.io cdn.polyfill.io *.recaptcha.net recaptcha.net *.gstatic.com gstatic.com *.gstatic.cn gstatic.cn *.googletagmanager.com googletagmanager.com *.consent.trustarc.com consent.trustarc.com *.js-agent.newrelic.com js-agent.newrelic.com *.nr-data.net nr-data.net *.googleadservices.com googleadservices.com *.doubleclick.net doubleclick.net *.licdn.com licdn.com *.snap.licdn.com snap.licdn.com *.tiktok.com tiktok.com *.analytics.tiktok.com analytics.tiktok.com *.facebook.net facebook.net *.connect.facebook.net connect.facebook.net *.facebook.com facebook.com *.ads-twitter.com ads-twitter.com *.static.ads-twitter.com static.ads-twitter.com *.bat.bing.com bat.bing.com *.tag.azame.net tag.azame.net *.analytics.twitter.com analytics.twitter.com *.bp-1c51.kxcdn.com bp-1c51.kxcdn.com *.secure.adnxs.com secure.adnxs.com *.googlesyndication.com googlesyndication.com *.triptease.io triptease.io *.onboard.triptease.io onboard.triptease.io *.secure-hotel-tracker.com secure-hotel-tracker.com *.egain.cloud egain.cloud *.ascottintl.egain.cloud ascottintl.egain.cloud *.criteo.net criteo.net *.static.criteo.net static.criteo.net *.gatag.it gatag.it *.ipinyou.com ipinyou.com *.stats.ipinyou.com stats.ipinyou.com *.youtube.com youtube.com *.toup.net toup.net *.googletraveladservices.com googletraveladservices.com *.mmtro.com mmtro.com *.affilired.com affilired.com *.hotelratematch.com hotelratematch.com *.sojern.com sojern.com *.line-scdn.net line-scdn.net *.yandex.ru yandex.ru *.dwin1.com dwin1.com *.yieldoptimizer.com yieldoptimizer.com *.awin1.com awin1.com *.veinteractive.com veinteractive.com *.ebtrk1.com ebtrk1.com *.qualitedesign.fr qualitedesign.fr *.adroll.com adroll.com *.nxtck.com nxtck.com *.tradedoubler.com tradedoubler.com *.yimg.jp yimg.jp *.123compare.me 123compare.me *.smartparity.com smartparity.com *.booklyng.com booklyng.com *.denomatic.com denomatic.com *.zenaps.com zenaps.com *.chinesean.com chinesean.com *.glopss.com glopss.com *.shareasale.com shareasale.com *.tradetracker.net tradetracker.net *.webgains.com webgains.com *.smct.co smct.co *.sp.analytics.yahoo.com sp.analytics.yahoo.com *.b91.yahoo.co.jp b91.yahoo.co.jp *.derbysoft.com derbysoft.com *.redirect.eqtracking.com redirect.eqtracking.com *.thehotelsnetwork.com thehotelsnetwork.com *.stackla.com stackla.com *.accesstrade.ne.jp accesstrade.ne.jp *.clarity.ms clarity.ms *.taboola.com taboola.com *.hybridtheory.com hybridtheory.com *.go.affec.tv go.affec.tv *.accesstrade.co.id accesstrade.co.id *.sojern.com sojern.com *.consent-pref.trustarc.com consent-pref.trustarc.com *.ailab.criteo.com ailab.criteo.com *.criteo.com criteo.com *.p.relay-t.io p.relay-t.io *.policies.google.com policies.google.com *.privacy.yahoo.co.jp privacy.yahoo.co.jp *.googleadservices.com googleadservices.com *.s.yimg.jp s.yimg.jp *.numberly.com numberly.com *.xandr.com xandr.com *.pinterest.com pinterest.com *.ir.baidu.com ir.baidu.com *.hm.baidu.com hm.baidu.com *.js.adsrvr.org js.adsrvr.org *.insight.adsrvr.org insight.adsrvr.org *.adsrvr.org adsrvr.org *.tawk.to tawk.to *.embed.tawk.to embed.tawk.to *.instagram.com instagram.com *.relay-t.io relay-t.io *.secure-relay.com secure-relay.com *.antvoice.com antvoice.com *.avads.net avads.net *.appsflyer.com appsflyer.com assets.adobedtm.com *.adobe.com adobe.com *.adobedc.net ads.zalo.me ads.zalo.me service.mtcaptcha.com service2.mtcaptcha.com static.cloudflareinsights.com onelink-edge.com sdk.iad-07.braze.com s.zzcdn.me s.zzcdn.me *bing.com bing.com *adroll.com adroll.com wcs.naver.net *.naver.net policy.naver.com *.naver.com doubleclick.net *.doubleclick.net google.com *.google.com business.safety.google static.ads.ana.co.jp *.static.ads.ana.co.jp ana.co.jp *.ana.co.jp service.mtcaptcha.com service2.mtcaptcha.com static.cloudflareinsights.com challenges.cloudflare.com onelink-edge.com www.onelink-edge.com sdk.iad-07.braze.com js.appboycdn.com cdn.branch.io vjs.zencdn.net js.hcaptcha.com ssl.pstatic.net ads.travelaudience.com a2.adform.net s2.adform.net app.link qzonestyle.gtimg.cn js.adsvr.org gc.kis.v2.scr.kaspersky-labs.com ff.kis.v2.scr.kaspersky-labs.com secured-pixel.com apimaponline1.bdimg.com apimaponline2.bdimg.com apimaponline0.bdimg.com log1.toup.net embedsocial.com 360.holomia.com my.matterport.com beyond.3dnest.biz 360.theredmarker.com beyond.3dnest.cn my.matterport.com www.mixgovr.com bit.ly 'unsafe-inline' 'unsafe-eval' 3
connect-src 'self' registry.tierra.net:8443 wss://registry.tierra.net:8443 *.tierra.net *.zdassets.com *.zendesk.com api.smooch.io wss://*.smooch.io *.sentry.io www.google-analytics.com; default-src 'none'; font-src 'self' static.tierra.net maxcdn.bootstrapcdn.com use.fontawesome.com use.typekit.net; frame-src 'self' www.youtube.com player.vimeo.com static.tierra.net; img-src 'self' *.tierra.net secure.gravatar.com *.wp.com *.amazonaws.com *.zendesk.com *.zdassets.com data:; media-src; object-src *.tierra.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.tierra.net ajax.googleapis.com www.googletagmanager.com maxcdn.bootstrapcdn.com use.fontawesome.com *.zdassets.com *.zendesk.com api.smooch.io *.clearhello.com js.stripe.com; style-src 'self' 'unsafe-inline' static.tierra.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com *.typekit.net; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; report-uri /special/report/csp; report-to default 3
frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com https://epaper.daytondailynews.com https://editions.daytondailynews.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.googlesyndication.com www.googletagmanager.com https://connect.facebook.net https://www.facebook.com http://www.instagram.com/embed.js https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://tagmanager.google.com https://www.linkedin.com https://platform.twitter.com/ https://www.youtube.com https://player.vimeo.com https://vimeo.com https://prismic.io https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://static.cdn.prismic.io https://geolocation.onetrust.com https://vitals.vercel-insights.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://va.vercel-scripts.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://vercel.live https://us-central1-relyance-ext.cloudfunctions.net https://consent.app.relyance.ai https://cdn-consent.relyanceconsent.ai https://analytics.ahrefs.com world.org *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://www.googletagmanager.com *.tiktok.com *.ttwstatic.com *.onetrust.com 'unsafe-inline'; connect-src 'self' https://*.googlesyndication.com www.googletagmanager.com https://www.facebook.com https://www.google.com/ https://connect.facebook.net https://app-backend.toolsforhumanity.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.linkedin.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://api.operator.worldcoin.org https://vitals.vercel-insights.com https://vault.pactsafe.io https://secure.ethicspoint.com https://geolocation.onetrust.com https://metrics.worldcoin.org https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://player.vimeo.com https://vimeo.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://us-central1-relyance-ext.cloudfunctions.net https://fleet.orb.worldcoin.org https://consent.app.relyance.ai https://cdn-consent.relyanceconsent.ai https://analytics.ahrefs.com world.org *.vimeocdn.com *.gstatic.com *.tiktokw.us *.tiktok.com *.ttwstatic.com *.onetrust.com; img-src 'self' blob: data: www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://tagmanager.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://worldcoin-company-website.cdn.prismic.io https://www.linkedin.com https://media.licdn.com https://i.ytimg.com https://images.prismic.io https://world-id-assets.com https://prismic-io.s3.amazonaws.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://raw.githubusercontent.com world.org *.gstatic.com *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; media-src 'self' blob: data: https://platform.twitter.com/ https://www.linkedin.com https://media.licdn.com https://worldcoin-company-website.cdn.prismic.io https://images.prismic.io https://prismic-io.s3.amazonaws.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://raw.githubusercontent.com world.org *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; frame-src 'self' https://www.googletagmanager.com/ https://connect.facebook.net https://www.facebook.com https://platform.twitter.com/ https://www.youtube.com https://player.vimeo.com https://www.instagram.com https://vimeo.com https://maps.googleapis.com https://worldcoin-company-website.prismic.io https://data.worldcoin.org https://td.doubleclick.net https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://vercel.live world.org *.vimeocdn.com *.google.com 3
base-uri 'self'; default-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.google.com www.googletagmanager.com nordlayer.com *.nordlayer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googleadservices.com www.google.com www.gstatic.com *.google-analytics.com www.googletagmanager.com https://www.googleanalytics.com https://pagead2.googlesyndication.com googleads.g.doubleclick.net nordlayer.com *.nordlayer.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.typeform.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com https://a.quora.com/qevents.js *.redditstatic.com *.alb.reddit.com px.ads.linkedin.com *.oribi.io snap.licdn.com analytics.twitter.com static.ads-twitter.com connect.facebook.net bat.bing.com p.adsymptotic.com sentry.netaltr.com cdn.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net loader.wisepops.com *.salesloft.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.veritonic.com https://s1.nordcdn.com https://*.clarity.ms https://c.bing.com https://cdn.dreamdata.cloud https://cdn.drda.io; connect-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.google.com *.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com https://pagead2.googlesyndication.com www.googleadservices.com googleads.g.doubleclick.net cdn.growthbook.io nordlayer.com *.nordlayer.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.typeform.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com static.hsappstatic.net *.redditstatic.com *.alb.reddit.com pixel-config.reddit.com conversions-config.reddit.com www.linkedin.com px.ads.linkedin.com snap.licdn.com connect.facebook.net www.facebook.com p.adsymptotic.com sentry.netaltr.com activity.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net loader.wisepops.com bat.bing.com *.salesloft.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://*.intercom-messenger.com wss://*.intercom-messenger.com https://*.veritonicmetrics.com https://sb.nordcdn.com https://*.clarity.ms https://c.bing.com https://cdn.dreamdata.cloud; form-action 'self' webto.salesforce.com https://www.facebook.com/tr *.hsforms.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; frame-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.google.com www.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io www.youtube.com https://www.youtube.com/ www.youtube-nocookie.com https://www.youtube-nocookie.com/ *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.typeform.com notifications.wisepops.com wisepops.net loader.wisepops.com https://*.clarity.ms https://c.bing.com; img-src * data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ct.capterra.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://q.quora.com *.alb.reddit.com px.ads.linkedin.com t.co analytics.twitter.com static.ads-twitter.com *.google-analytics.com stats.g.doubleclick.net www.gstatic.com https://www.googletagmanager.com https://pagead2.googlesyndication.com googleads.g.doubleclick.net cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net assets.wisepops.net loader.wisepops.com www.facebook.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://*.veritonicmetrics.com https://*.clarity.ms https://c.bing.com; style-src 'self' 'unsafe-inline' *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.typeform.com https://fonts.googleapis.com https://s1.nordcdn.com https://sb.nordcdn.com https://*.clarity.ms https://c.bing.com; media-src 'self' 'unsafe-inline' nordlayer.com *.nordlayer.com false https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com; font-src 'self' data: www.google.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://js.intercomcdn.com https://fonts.intercomcdn.com https://*.clarity.ms https://c.bing.com; child-src 'self' *.hsforms.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://fast.wistia.net https://*.clarity.ms https://c.bing.com; 3
frame-ancestors https://events.martech.org https://martech.org 3
default-src 'none'; 3
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.attraqt.io cdn.cookielaw.org privacyportal-de.onetrust.com *.contentsquare.net *.abtasty.com stats.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com www.googletagmanager.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net/npm/roboto-font@0.1.0/ *.walkme.com public.mayday.fr logs-service.mayday.fr logs1412.xiti.com/event ka-p.fontawesome.com/releases/ cdnjs.cloudflare.com/ajax/libs/bootstrap-switch/ cdnjs.cloudflare.com/ajax/libs/Swiper/5.3.7/css/swiper.min.css www.youtube.com wonder.prowebce.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.attraqt.io *.contentsquare.net *.walkme.com *.abtasty.com edenred-faq.mayday.cx/embedded/md-selfcare.umd.js cdnjs.cloudflare.com/ajax/libs/validate.js/ cdnjs.cloudflare.com/ajax/libs/highlight.js/ tag.aticdn.net www.google-analytics.com www.googletagmanager.com ajax.googleapis.com/ajax/libs/webfont stats.g.doubleclick.net googleads.g.doubleclick.net cdn.cookielaw.org; img-src 'self' www.google.com/s2/favicons *.gstatic.com www.google-analytics.com/collect www.googletagmanager.com static.meyclub.com images.meyclub.com www.meyclub.net images.billetel.fr assets-manager.abtasty.com editor-assets.abtasty.com website.tmaster.org click.edenred.fr cdn.cookielaw.org sftpstgchqi54noyumqk.blob.core.windows.net/edenred-selfcare/ i.ytimg.com yt3.ggpht.com s3-eu.walkmeusercontent.com http: data: blob:; media-src 'self'; form-action 'self' www.meyclub.com secure.payzen.eu; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net/npm/roboto-font@0.1.0/ ka-p.fontawesome.com/releases/ data:; worker-src 'self' blob:; 3
frame-ancestors 'self' https://www.carat.fiserv.com; 3
connect-src 'self' https://api2.amplitude.com sr-client-cfg.amplitude.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ *.visualwebsiteoptimizer.com app.vwo.com https://cdn.schemaapp.com https://data.schemaapp.com https://api.schemaapp.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://zn0ng4rqajq6fnr3w-ascensionexperience.siteintercept.qualtrics.com *.qualtrics.com *.google-analytics.com analytics.google.com gtm.prd.healthcare.ascension.org *.ascension.org https://cdn.amplitude.com https://gs.amplitude.com https://api-sr.amplitude.com *.ascension.org;default-src 'self' blob: *.ascension.org;font-src 'self' fonts.gstatic.com https://fonts.googleapis.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://stackpath.bootstrapcdn.com data: *.ascension.org;frame-src 'self' *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ *.youtube.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js app.vwo.com *.visualwebsiteoptimizer.com https://www.google.com/ *.ascension.org;img-src 'self' https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ https://ascensioncrm.my.site.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com *.doubleclick.net *.google-analytics.com analytics.google.com gtm.prd.healthcare.ascension.org *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://zn0ng4rqajq6fnr3w-ascensionexperience.siteintercept.qualtrics.com *.qualtrics.com data: *.ascension.org;object-src 'none' ;script-src 'self' 'unsafe-eval' https://cdn.amplitude.com https://gs.amplitude.com https://api-sr.amplitude.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://tfaforms.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/react/18.2.0/ https://cdnjs.cloudflare.com/ajax/libs/react-dom/18.2.0/  https://cdnjs.cloudflare.com/ajax/libs/es6-shim/ https://cdnjs.cloudflare.com/ajax/libs/es5-shim/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com blob: *.visualwebsiteoptimizer.com app.vwo.com https://cdn.schemaapp.com https://data.schemaapp.com https://api.schemaapp.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://www.gstatic.com/recaptcha/ https://zn0ng4rqajq6fnr3w-ascensionexperience.siteintercept.qualtrics.com *.qualtrics.com *.ascension.org;style-src 'self' 'unsafe-eval' 'unsafe-inline' https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ https://ascensioncrm.my.site.com/ fonts.gstatic.com https://fonts.googleapis.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ *.visualwebsiteoptimizer.com app.vwo.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://stackpath.bootstrapcdn.com *.ascension.org; 3
report-uri https://o4505075539902464.ingest.us.sentry.io/api/4505075559825408/security/?sentry_key=e137a5ec37cf03e1ed168b772c98c0bc; report-to csp; default-src 'self' *.youtube.com player.simplecast.com *.lemonsqueezy.com challenges.cloudflare.com https://lemonsqueezy.nolt.io/ tally.so cdn.prod.website-files.com lemonsqueezy-assets.s3.us-east-2.amazonaws.com; frame-src 'self' https://cdn.embedly.com https://platform.twitter.com https://syndication.twitter.com https://challenges.cloudflare.com https://lemonsqueezy.nolt.io;  connect-src *.lemonsqueezy.com cdn.prod.website-files.com wss://api.inkeep.com *.inkeep.com helpscout-ticket-creation.vercel.app lemonsqueezy-assets.s3.us-east-2.amazonaws.com; media-src 'self' *.lemonsqueezy.com cdn.prod.website-files.com; worker-src 'self'; img-src * blob: data:; font-src * data:; style-src 'self' *.lemonsqueezy.com cdn.prod.website-files.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' challenges.cloudflare.com tally.so cdn.jsdelivr.net cdn.prod.website-files.com code.jquery.com unpkg.com d3e54v103j8qbb.cloudfront.net app.lemonsqueezy.com cdn.usefathom.com assets.lemonsqueezy.com static.cloudflareinsights.com platform.twitter.com 'sha256-I1oqzdG8ABwwJE/CwI40sJxhtAhpql7j/rpDkIXUK1Y=' 'sha256-bdA0cvgVXH8LBxO68C3ExwzyXLRynEkqpwkKp7av3Tk=' 'sha256-YMDz5wGrDesGpPQvZFf+o+To+21PWXozOWgUUKXgPNQ=' 'sha256-KZ7C6zm33y6W2F1lcdoNyLyQoU6ieDA6nnaAoMUIG6o=' 'sha256-olvdWzV5MceIt4AqqXiVXHwHOoytDlQutQSLai2rr3s=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-P6cgBPruhraHLxxJAx7CYIaV6SC4iuvDldsKrdcDCs0=' 'sha256-muoEFIeLVS1tXqNKabm2XW0y+t0Morn0eiyH/4gWSFM=' 'sha256-IWcRBb6qdMcphojQQMlDaQsYG4F8+OUe0cC62k92Fqs=' 'sha256-DJoD3TxxO/wUfm77B3Xg8CeZ9zXmQFghzlrJFbjgsVo=' 'sha256-st/0/OS6vlRZrDF/EgOB9O90ZfXBJEMve3p4NzDKmWw=' 'sha256-rqIrJsr1KxE4sZIs0595EDTZHIse/pQFOveGXTSpgh8=' 'sha256-2+xeZ9uvzc1cztE9neSkGAsRIcQxev8HH3lZeT3IHgc=' 'sha256-ChC+cACPifjKQsvV1eZgCx7ANEc0Q3xy+MqDBFnpyRE=' 'sha256-7/HveZxd4yPf42YIfhxiZDFU/a6RtLtShZj0y0bc0xM=' 'sha256-YAhqsGAb4rs+S5kO4XH1/9mGQq/8NQVJLKJrhNpdFo8=' 'sha256-wEjQdcjT9ia3+uKiDHquc85jb4JdZAOOm9hFbAvVW0Y=' 'sha256-FF3JplMsTlEoGExFy9jNa//bI9hXN1P1Wk7TmC/697w=' 'sha256-FABljtGlF/3YMkSGHKKqY1YQmM6YGrcxBpr97RqRS9s=' 'sha256-fd/AWhZEJywiUTWydT7SaKdliz8IBLf395MJFxoGDOY=' 'sha256-6EsWsKwWbGaxnjI9bo3G4ZW6jUhVwdKYJvwQHKwlL/c=' 'sha256-Z7WzqowjPAR+oYchmMod4lGNr7Qyiu6JCcN+iYRXHCk='; 3
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 3
upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://cdn.euc-freshbots.ai https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' yourhosting.freshchat.com https://cdn.euc-freshbots.ai https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://libraries.hund.io/ https://app.vwo.com/ https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' *.puzzel.com yourhosting.freshchat.com https://cdn.euc-freshbots.ai https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://libraries.hund.io/ https://heatmap.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://dev.visualwebsiteoptimizer.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl *.hsforms.com yourhosting.freshchat.com https://app.vwo.com/ https://secure.livechatinc.com/ https://form.typeform.com/ https://awps01.argewebhosting.nl https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net https://*.googletagmanager.com; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.analytics.google.com *.linkedin.com *.puzzel.com *.argeweb.nl argeweb.netwerkstatus.nl *.google-analytics.com https://rts-euc.freshworksapi.com wss://rts-euc.freshworksapi.com https://www.euc-freshbots.ai https://cdn.euc-freshbots.ai https://monitor.clickcease.com/ https://api.livechatinc.com/ https://ws9.hotjar.com/ wss://ws9.hotjar.com/ https://ws8.hotjar.com/ wss://ws8.hotjar.com/ https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com https://analytics.google.com; form-action https:; frame-ancestors 'self'; report-uri /debug/csp; 3
frame-ancestors 'self' http://*.essilor.com https://*.essilor.com; 3
frame-ancestors 'self' https://www.nevasport.com https://viajes.nevasport.com https://www.infonieve.es https://viajes.infonieve.es https://www.pyreneige.fr https://voyages.pyreneige.fr; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' mw-uk2-uat.thehut.net mw.thghosting.com *.midphase.com *.uk2group.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.dwin1.com *.hsforms.com *.hsforms.net *.google.com *.google.co.uk *.googleapis.com *.gdmdigital.com *.bing.com *.jquery.com platform.linkedin.com www.linkedin.com platform.twitter.com *.pingdom.net *.websitealive.com m.addthisedge.com ssl.google-analytics.com *.addthis.com *.trustpilot.com *.cloudfront.net *.visualwebsiteoptimizer.com *.adroll.com *.facebook.net www.googleadservices.com *.qualtrics.com www.googletagmanager.com www.google-analytics.com cdn.syndication.twimg.com syndication.twitter.com platform.twitter.com fp.gdmdigital.com app.yieldify.com yieldify.com www.gstatic.com *.cloudfront.net tracking.websitealive.com secure.adnxs.com  www.youtube.com s.ytimg.com *.hcaptcha.com https://www.googletagmanager.com; img-src 'self' *.thgingenuity.com img.zohostatic.eu *.midphase.com *.uk2group.com *.bing.com www.linkedin.com *.gravatar.com ssl.google-analytics.com *.pingdom.net *.websitealive.com *.adroll.com *.licdn.com *.twimg.com *.bidswitch.net *.rlcdn.com *.licdn.com www.privacytrust.com *.twitter.com *.openx.net *.doubleclick.net *.cloudfront.net *.adnxs.com go.flx1.com pbs.twimg.com platform.twitter.com *.facebook.com csi.gstatic.com syndication.twitter.com s.c.lnkd.licdn.com *.etrust.org *.gstatic.com 55b558c7-resources.bk-partnersasia.com *.visualwebsiteoptimizer.com www.google-analytics.com www.google.com www.google.co.uk stats.g.doubleclick.net data: https://script.hotjar.com http://script.hotjar.com https://www.googletagmanager.com https://files.readme.io https://*.googleusercontent.com https://support.basekit.com https://cdnjs.cloudflare.com/ajax/libs/twemoji/ style-src 'self' 'unsafe-inline' *.midphase.com *.twitter.com *.google.com *.pingdom.net *.websitealive.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudfront.net; frame-src 'self' *.midphase.com cdn.forms-content.sg-form.com *.uk2group.com *.hsforms.com *.hsforms.net *.facebook.net *.facebook.com https://vars.hotjar.com *.twitter.com *.websitealive.com *.addthis.com *.trustpilot.com *.google.com www.youtube.com app.yieldify.com *.hcaptcha.com https://www.googletagmanager.com; connect-src 'self' *.hcaptcha.com *.google-analytics.com *.sentry.io mw-uk2-uat.thehut.net mw.thghosting.com *.midphase.com m.addthis.com *.trustpilot.com *.pingdom.net *.twitter.com ws://127.0.0.1:35729 http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.visualwebsiteoptimizer.com geo.yieldify.com mw.thghosting.com bat.bing.com https://facebook.com/tr/ https://www.google.com/ccm/ https://www.googletagmanager.com; font-src 'self' data: *.midphase.com http://script.hotjar.com https://script.hotjar.com fonts.gstatic.com maxcdn.bootstrapcdn.com stats.g.doubleclick.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.midphase.com; frame-ancestors 'self'; 3
default-src 'self'; frame-src 'none'; connect-src 'self'; font-src 'self' data:; img-src 'self' data:; media-src data:; script-src 'self' 'unsafe-eval' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; form-action 'none'; 3
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src blob: 'self' https://*.googletagmanager.com https://humansecurity.com https://www.humansecurity.com https://humancms.wpenginepowered.com https://humanstg.wpenginepowered.com https://humancmsstg.wpenginepowered.com https://i.ytimg.com https://3400937.hs-sites.com https://pandoblox.kahon.org https://info.humansecurity.com https://human-headless-frontend-theta.vercel.app http://localhost:3000 https://humanprod.wpenginepowered.com https://*.cookielaw.org https://*.linkedin.com https://*.reddit.com https://*.rlcdn.com https://*.google.com https://*.company-target.com https://*.hubspot.net https://pixel-config.reddit.com https://*.googleusercontent.com https://f.hubspotusercontent30.net https://*.fs1.hubspotusercontent-na1.net https://assets.perimeterx.com https://stg.humansecurity.com https://humansecapi.wpengine.com data:; object-src self https://humansecurity.com https://www.humansecurity.com https://humancms.wpenginepowered.com https://humanstg.wpenginepowered.com https://humanprod.wpenginepowered.com https://humancmsstg.wpenginepowered.com https://stg.humansecurity.com data:; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.ashbyhq.com https://*.clcktrax.com https://*.zi-scripts.com https://*.licdn.com https://*.g2crowd.com https://*.marketo.net https://tags.srv.stackadapt.com https://*.demandbase.com https://*.heap-api.com https://*.ahrefs.com https://*.qualified.com https://*.redditstatic.com https://*.script.ac https://*.doubleclick.net https://*.contentsquare.net https://*.zoominfo.com https://acsbapp.com http://localhost:3000 https://info.humansecurity.com https://js.navattic.com/ https://humanstg.wpenginepowered.com https://humanprod.wpenginepowered.com https://humancmsstg.wpenginepowered.com https://stg.humansecurity.com https://client.px-cloud.net https://humansecapi.wpengine.com https://*.goldcast.io https://*.cookielaw.org https://*.googletagmanager.com; upgrade-insecure-requests; frame-src 'self' https://*.infogram.com https://humansecuritycom https://www.humansecurity.com https://jobs.ashbyhq.com https://humancmsstg.wpenginepowered.com https://www.youtube-nocookie.com https://www.youtube.com https://info.humansecurity.com/ https://capture.navattic.com https://humanstg.wpenginepowered.com https://humanprod.wpenginepowered.com https://*.goldcast.io https://*.company-target.com https://*.googletagmanager.com https://*.vimeo.com https://stg.humansecurity.com https://*.qualified.com https://humansecapi.wpengine.com data:; media-src 'self' blob: https://humansecurity.com https://www.humansecurity.com https://humancms.wpenginepowered.com https://humanstg.wpenginepowered.com https://humancmsstg.wpenginepowered.com https://human-headless-frontend-theta.vercel.app https://humanprod.wpenginepowered.com https://stg.humansecurity.com http://localhost:3000 https://humansecapi.wpengine.com data:; 3
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 3
img-src 'self' *.1rx.io *.360yield.com *.3lift.com *.adnxs.com *.adsafety.net *.adsystem.com *.adxcel-ec2.com *.adyen.com *.afterpay.com *.agkn.com *.alchemer.eu *.amazon-adsystem.com *.awin1.com *.awinblackfriday.com *.bazaarvoice.com *.bidswitch.net *.bing.com *.bing.net *.bounceexchange.com *.braunhousehold.com *.casalemedia.com *.cash.app *.cdnwidget.com *.clarity.ms *.collect.igodigital.com *.commercecloud.salesforce.com *.contentsquare.net *.criteo.com *.delonghi.com *.delonghigroup.com *.demdex.net *.dmxleo.com *.doubleclick.net *.evergage.com *.evgnet.com *.facebook.com *.facebook.net *.feefo.com *.gigya.com *.google-analytics.com *.google.com *.google.it *.googleadservices.com *.googlesyndacation.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.gumgum.com *.heureka.cz *.hotjar.com *.imgstatic.eu *.kenwoodworld.com *.kform.it *.knowledgebase.co *.lightboxcdn.com *.mavenoid.com *.mavenoidfiles.com *.media-amazon.com *.media.net *.mediavine.com *.nutribullet.com *.onlive.site *.outbrain.com *.payments-amazon.com *.paypal.com *.postrelease.com *.profity.ch *.pubmatic.com *.quantserve.com *.roeye.com *.rubiconproject.com *.seadform.net *.seedtag.com *.seznam.cz *.smartadserver.com *.snapengage.com *.sovendus.com *.taboola.com *.tangoo.it *.tangooserver.com *.targeting.unrulymedia.com *.teads.tv *.threekit.com *.tkrconnector.com *.tradedoubler.com *.tremorhub.com *.trustarc.com *.try-snowplow.com *.veritone-ce.com *.wepowerconnections.com *.yahoo.co.jp *.yieldlab.net *.youtube.com *.zbozi.cz ad.doubleclick.net adnxs.com adsystem.com adxcel-ec2.com afterpay.com amazon-adsystem.com assetbank-delonghigroup.s3.eu-west-1.amazonaws.com awinblackfriday.com bing.com bing.net blob: bounceexchange.com clarity.ms dam.braunhousehold.com dam.delonghi.com dam.kenwoodworld.com dam.nutribullet.com dmxleo.com doc-14-1k-sheets.googleusercontent.com doubleclick.net eu-images.contentstack.com facebook.net googleadservices.com googlesyndacation.com googletagmanager.com gumgum.com heureka.cz id5-sync.com imgstatic.eu lh3.ggpht.com maps.googleapis.com mavenoidfiles.com outbrain.com pm-delonghi-assets.com quantserve.com seznam.cz sgtm.delonghi.com sgtm.kenwoodworld.com sgtm.nutribullet.com static.hotjar.com stgt.braunhousehold.com sync.outbrain.com tangoo.it tkrconnector.com try-snowplow.com veritone-ce.com widgets.reevoo.com www.facebook.com www.paypalobjects.com www.snapengage.com yahoo.co.jp zbozi.cz data:;script-src 'self' 'unsafe-inline' *.2trk.info *.abtasty.com *.ad-stir.com *.adform.net *.adition.com *.adnxs.com *.adsrvr.org *.adsystem.com *.adyen.com *.afterpay.com *.alchemer.eu *.alevco.de *.amazon-adsystem.com *.awin1.com *.bannercrowd.net *.bazaarvoice.com *.bestofluck.io *.bing.com *.bounceexchange.com *.bouncex.net *.braunhousehold.com *.casalemedia.com *.cash.app *.cdnbasket.net *.cdnwidget.com *.cfjump.com *.checkout.visa.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.cobrowse.io *.collect.igodigital.com *.contentsquare.com *.contentsquare.net *.cookieless-data.com *.creativecdn.com *.criteo.com *.ctnsnet.com *.curalate.com *.delonghi.com *.delonghigroup.com *.doubleclick.net *.dwin1.com *.easydmp.net *.evergage.com *.evgnet.com *.facebook.com *.facebook.net *.flashtalking.com *.funnelytics.io *.getback.ch *.gigya.com *.go2sdk.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.grmtech.net *.gstatic.com *.heureka.cz *.heureka.group *.heureka.sk *.hotjar.com *.im9.cz *.imedia.cz *.jsdelivr.net *.kenwoodworld.com *.klarna.com *.klarnaservices.com *.ladsp.com *.lightboxcdn.com *.line-scdn.net *.logico3c.com *.marvellousmachine.net *.mastercard.com *.mavenoid.com *.mention-me.com *.mndtrk.com *.noibu.com *.nutribullet.com *.onlive.site *.optimalpeople.fr *.outbrain.com *.ownid.com *.payments-amazon.com *.paypal.com *.pinimg.com *.pinterest.com *.pixeltracker.co *.preciso.net *.profity.ch *.quantcount.com *.quantserve.com *.ratepay.com *.recaptcha.net *.retargeted.co *.roeyecdn.com *.sciencebehindecommerce.com *.seznam.cz *.snapengage.com *.sovendus.com *.sovopt.com *.tangoo.it *.tangooserver.com *.teads.tv *.the.sciencebehindecommerce.com *.threekit.com *.tiktok.com *.tkrconnector.com *.tradedoubler.com *.trkconnector.com *.trustarc.com *.trustpilot.com *.try-snowplow.com *.wknd.ai *.yahoo.co.jp *.yimg.jp *.youtube.com *.zbozi.cz *.zenaps.com 2trk.info ad-stir.com adsystem.com afterpay.com alevco.de api.feefo.com bestofluck.io blob: cfjump.com clarity.ms cloudfront.net cobrowse.io contentsquare.com cookieless-data.com creativecdn.com ctnsnet.com curalate.com doc-14-1k-sheets.googleusercontent.com doubleclick.net go2sdk.com google.com googleadservices.com googletagmanager.com grmtech.net heureka.group heureka.sk im9.cz kenwoodworld.com ladsp.com line-scdn.net maps.googleapis.com marvellousmachine.net mndtrk.com optimalpeople.fr outbrain.com pay.google.com pixeltracker.co pm-delonghi-assets.com preciso.net quantserve.com retargeted.co s.retargeted.co sandbox-assets.secure.checkout.visa.com sandbox.src.mastercard.com sgtm.delonghi.com sgtm.kenwoodworld.com sgtm.nutribullet.com static-eu.payments-amazon.com static.hotjar.com stgt.braunhousehold.com storage.googleapis.com tangoo.it tkrconnector.com trustpilot.com try-snowplow.com view.ceros.com widgets.reevoo.com www.dwin1.com www.facebook.com www.sovopt.com x.klarnacdn.net yahoo.co.jp yimg.jp 'unsafe-eval' localhost:*;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https: http:;connect-src 'self' *.3kit.com *.abtasty.com *.adnxs.com *.adsrvr.org *.adsystem.com *.adyen.com *.alchemer.eu *.amazon-adsystem.com *.amazon.com *.awinblackfriday.com *.bannercrowd.net *.bazaarvoice.com *.bestofluck.io *.bing.com *.bing.net *.braunhousehold.com *.cdnbasket.net *.clarity.ms *.collect.igodigital.com *.contentsquare.net *.contentstack.com *.conversionsapigateway.com *.creativecdn.com *.criteo.com *.delonghi.com *.delonghigroup.com *.doubleclick.net *.evergage.com *.evgnet.com *.facebook.com *.funnelytics.io *.funnelytics.workers.dev *.getback.ch *.gigya.com *.go2sdk.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.heureka.group *.hotjar.com *.kenwoodworld.com *.klarna.com *.klarnaevt.com *.klarnaservices.com *.ladsp.com *.lightboxcdn.com *.mavenoid.com *.mavenoidfiles.com *.mention-me.com *.noibu.com *.nutribullet.com *.onlive.site *.optimalpeople.fr *.optimy.ai *.optimy.app *.ownid.com *.paa-reporting-advertising.amazon *.pinterest.com *.pixeltracker.co *.quantcount.com *.quantserve.com *.reevoo.com *.run.app *.sandbox.paypal.com *.sciencebehindecommerce.com *.sentry.io *.seznam.cz *.snapengage.com *.sovendus.com *.teads.tv *.threekit.com *.tiktok.com *.tkrconnector.com *.trustarc.com *.trustpilot.com *.wepowerconnections.com *.yahoo.co.jp *.youtube.com adnxs.com adsrvr.org adsystem.com api.cquotient.com awinblackfriday.com bannercrowd.net bestofluck.io clarity.ms cloud.news.delonghi.com cloud.news.nutribullet.com conversionsapigateway.com creativecdn.com demo-3.conversionsapigateway.com doc-14-1k-sheets.googleusercontent.com doubleclick.net fb-conv-api-tracking.braunhousehold.com fb-conv-api-tracking.nutribullet.com go2sdk.com google-analytics.com google.com googleadservices.com googletagmanager.com heureka.group ladsp.com mavenoidfiles.com mention-me.com optimy.ai optimy.app pagead2.googlesyndication.com pixeltracker.co quantserve.com run.app sentry.io services.postcodeanywhere.co.uk seznam.cz sgtm.braunhousehold.com sgtm.delonghi.com sgtm.kenwoodworld.com sgtm.nutribullet.com static.hotjar.com stg.api.bazaarvoice.com stgt.braunhousehold.com teads.tv tiktok.com tkrconnector.com trustarc.com trustpilot.com widgets.reevoo.com wss://*.mavenoid.com wss://*.twilio.com wss://optimy.app wss://twilio.com www.facebook.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com www.wepowerconnections.com yahoo.co.jp localhost:*;frame-src *;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self' localhost:*;object-src 'none' 3
frame-ancestors 'self' https://mqalicensurecert.azurewebsites.net https://mqalicensurecertdev.azurewebsites.net https://mqalicensurecerttst.azurewebsites.net http://localhost https://localhost https://flhealthsource.gov 3
frame-ancestors 'self' https://1984.demo-site.is; 3
frame-ancestors 'self' *.thalesgroup.com *.imperva.com 3
child-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.cookieyes.com cdn-cookieyes.com *.paypal.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.paypal.com;frame-ancestors 'self';img-src *.mvmnet.com data: maps.gstatic.com *.gstatic.com *.ggpht.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.facebook.com *.cookieyes.com cdn-cookieyes.com *.paypalobjects.com *.google.it *.paypal.com;manifest-src 'self';media-src 'self';object-src 'self';worker-src 'self'; 3
frame-ancestors 'self' https://*.chilipiper.com https://app.contentful.com *.saucelabs.com:8000 *.saucelabs.com *.saucelabs.net; 3
connect-src 'self' *.zohopublic.eu *.googleadservices.com google.com *.google.com *.analytics.google.com *.google-analytics.com *.cookiebot.com *.doubleclick.net *.omappapi.com pagesense-collect.zoho.eu www.google-analytics.com fonts.googleapis.com https://*.googletagmanager.com *.limesurvey.org wss://vts.zohopublic.eu; default-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.limesurvey.org www.youtube.com frontend.pay1.de www.google.com kiwiirc.com limesurvey.org; font-src 'self' *.zohocdn.com *.typekit.net https://tagmanager.google.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com projectfiles.limesurvey.org github.com; style-src 'unsafe-inline' *.zohocdn.com *.zohopublic.eu heapanalytics.com https://tagmanager.google.com fonts.googleapis.com https://www.googletagmanager.com 'self' maxcdn.bootstrapcdn.com projectfiles.limesurvey.org ajax.googleapis.com www.google.com; form-action 'self' https://authentication.cardinalcommerce.com https://*.six-payment-services.com https://*.securesuite.co.uk https://*.cic.fr https://*.arcot.com www.paypal.com survey.limesurvey.org account.limesurvey.org; frame-ancestors 'self' *.limesurvey.org; img-src 'self' https://*.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com data: *; manifest-src 'self'; media-src 'self' *.zohocdn.com; script-src 'self' *.zohopublic.eu https://privacy.cortina-consult.com https://maillist-manage.eu https://*.zoho.eu https://*.zohocdn.com https://*.limesurvey.org googleads.g.doubleclick.net https://googleads.g.doubleclick.net data: https://tagmanager.google.com https://heapanalytics.com https://*.pagesense.io https://*.omappapi.com https://*.hotjar.com https://*.heapanalytics.com https://*.cookiebot.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com secure.pay1.de projectfiles.limesurvey.org www.google.com www.google-analytics.com appscdn.joomla.org; frame-src www.googletagmanager.com *.zohopublic.eu https://*.hotjar.com https://*.cookiebot.com https://*.visa.com https://authentication.cardinalcommerce.com 3dsecure.icscards.nl https://*.pay1.de docs.google.com https://td.doubleclick.net 'self' *.limesurvey.org kiwiirc.com www.youtube.com limesurvey.org secure.pay1.de; object-src 'self'; report-uri https://www.limesurvey.org/violation.php; 3
default-src 'none'; script-src 'self' 'unsafe-inline' code.etracker.com www.etracker.de default.signalize.com api.signalize.com; img-src 'self' data: api.signalize.com cdn.signalize.com i.ytimg.com; style-src 'self' 'unsafe-inline' api.signalize.com code.etracker.com; font-src 'self' data: api.signalize.com; connect-src 'self' www.etracker.de api.signalize.com; frame-src 'self' www.youtube-nocookie.com; form-action 'self'; base-uri 'self'; media-src 'self'; frame-ancestors https://newapp.etracker.com; 3
frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl http://*.ben.nl https://*.ben.nl https://app.storyblok.com https://internet.odido.nl http://*.odido.nl https://*.odido.nl 3
frame-ancestors 'self' https://teva.dev.amelia.com/ 3
base-uri 'self' https://www.sidn.nl https://www.sidnlabs.nl;default-src 'self';connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.dynamics.com https://*.europe-west4.run.app https://*.facebook.com https://*.googleapis.com https://*.googlesyndication.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.piwik.pro https://*.recruitee.com https://*.sidn.nl https://sidn.nl https://*.twitter.com https://*.typeform.com https://*.usercentrics.eu https://*.usmedia.nl https://api.opencagedata.com https://vimeo.com https://www.google.com https://*.run.app;font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://*.piwik.pro https://*.twitter.com https://*.typeform.com https://vimeo.com;form-action 'self' https://*.dynamics.com https://*.mailplus.nl https://internet.nl https://sidn.activehosted.com https://sidn.recruitee.com;frame-ancestors 'none';frame-src 'self' https://*.azureedge.net https://*.doubleclick.net https://*.dynamics.com https://*.google.com https://*.googleapis.com https://*.sidnlabs.nl https://*.spotify.com https://*.twitter.com https://*.typeform.com https://*.vimeo.com https://*.tmrrw.nl https://anchor.fm https://www.facebook.com https://www.youtube.com;img-src 'self' data: https://*.domain-registry.nl https://*.doubleclick.net https://*.europe-west4.run.app https://*.google.com https://*.google.nl https://*.googleapis.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.piwik.pro https://*.sidn.nl https://*.sidnlabs.nl https://*.statcounter.com https://*.twimg.com https://*.twitter.com https://*.typeform.com https://*.usercentrics.eu https://*.usmedia.nl https://*.viglink.com https://*.vimeocdn.com https://*.youtube.com https://*.ytimg.com https://downloads.ctfassets.net https://images.ctfassets.net https://static.mailplus.nl https://vimeo.com https://www.facebook.com/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.azureedge.net https://*.bizographics.com https://*.cloudfront.net https://*.creative-serving.com https://*.doubleclick.net https://*.dynamics.com https://*.google.com https://*.google.nl https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.mailplus.nl https://*.piwik.pro https://*.statcounter.com https://*.twimg.com https://*.twitter.com https://*.typeform.com https://*.usercentrics.eu https://*.ytimg.com https://connect.facebook.net https://sidn.activehosted.com https://vimeo.com https://www.youtube.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://sidn.activehosted.com https://*.azureedge.net https://*.cloudfront.net https://*.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.mailplus.nl https://*.piwik.pro https://*.sidn.nl https://sidn.nl https://*.usercentrics.eu https://*.ytimg.com https://vimeo.com https://www.youtube.com;style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.mailplus.nl https://*.piwik.pro https://*.twitter.com https://*.typeform.com;report-to default;report-uri https://sidn-nl.uriports.com/reports/report 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://cdn.segment.com https://cdn.acsbapp.com https://www.gstatic.com https://platform.twitter.com https://js.hsforms.net https://js.hs-scripts.com https://js.hubspot.com https://js.hsadspixel.net https://js.hsleadflows.net https://js.hs-analytics.net https://www.google.com https://*.osano.com https://cmp.osano.com https://*.google-analytics.com https://*.hs-banner.com https://www.googletagmanager.com https://consensys.io https://prod.spline.design https://cdn.jsdelivr.net https://static.cloudflareinsights.com https://cdn.skypack.dev https://unpkg.com https://*.consensys.io https://www.youtube.com https://snap.licdn.com https://static.ads-twitter.com https://www.redditstatic.com https://static.hotjar.com https://connect.facebook.net https://vercel.live https://vercel.com; style-src 'self' 'unsafe-inline' https://*.osano.com https://www.googletagmanager.com https://fonts.googleapis.com https://consensys.io https://vercel.live; img-src 'self' blob: data: https://www.googletagmanager.com https://images.ctfassets.net https://downloads.ctfassets.net https://i.ytimg.com https://images.lumacdn.com https://forms-na1.hsforms.com https://px.ads.linkedin.com https://*.ads.linkedin.com https://pbs.twimg.com https://*.reddit.com https://t.co https://*.twitter.com https://analytics.twitter.com https://perf-na1.hsforms.com https://track.hubspot.com https://fonts.gstatic.com https://consensys.io https://app.spline.design https://googleads.g.doubleclick.net https://www.google.com https://www.google.fr https://snap.licdn.com https://*.ads-twitter.com https://static.ads-twitter.com https://*.hotjar.com https://static.hotjar.com https://*.facebook.com https://www.facebook.com https://vercel.live https://vercel.com https://*.pusher.com; font-src 'self' https://consensys.io https://fonts.gstatic.com https://vercel.live https://assets.vercel.com; connect-src 'self' blob: https://www.gstatic.com https://acsbapp.com https://*.acsbapp.com https://forms.hsforms.com https://forms-na1.hubspot.com https://forms.hubspot.com https://api.lu.ma https://tagassistant.google.com https://*.googletagmanager.com wss://*.googletagmanager.com https://api.segment.io https://cdn.segment.com https://price.api.cx.metamask.io https://account.api.cx.metamask.io https://px.ads.linkedin.com https://*.osano.com https://cmp.osano.com https://*.google-analytics.com https://www.google.com https://*.googleadservices.com https://*.google.fr https://js.hs-banner.com https://cta-service-cms2.hubspot.com https://*.reddit.com https://*.redditstatic.com https://api.hubspot.com https://api.hubapi.com https://prod.spline.design https://cdn.jsdelivr.net https://unpkg.com https://api.web3modal.org https://pulse.walletconnect.org https://vimeo.com https://snap.licdn.com https://*.ads-twitter.com https://static.ads-twitter.com https://*.hotjar.com https://static.hotjar.com https://*.facebook.com https://connect.facebook.net https://www.facebook.com https://vercel.live https://vercel.com https://*.pusher.com wss://*.pusher.com; frame-src 'self' https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.google.com https://forms.hsforms.com https://*.osano.com https://www.googletagmanager.com https://boards.greenhouse.io https://vercel.live https://vercel.com; worker-src 'self' blob: https://www.gstatic.com https://*.osano.com https://cmp.osano.com https://cdn.jsdelivr.net https://prod.spline.design; media-src 'self' https://video.twimg.com https://videos.ctfassets.net https://firebasestorage.googleapis.com https://assets.unicorn.studio; object-src 'none'; base-uri 'self'; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self' https://app.contentful.com https://www.google.com; upgrade-insecure-requests 3
default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com www.drupal.org new.drupal.org; report-uri /report-csp-violation 3
default-src 'self' http://apps.commbox.io https://apps.commbox.io//launcher/ https://apps.commbox.io https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self'  https://login.yahav.co.il;  script-src 'self' 'unsafe-inline' 'unsafe-eval' http://apps.commbox.io//Scripts/connect.js https://apps.commbox.io//launcher/  https://apps.commbox.io//Scripts/connect.js   https://maps.googleapis.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' https://apps.commbox.io//Scripts/connect.js   https://apps.commbox.io//Scripts/connect.js  https://apps.commbox.io///Styles/cb_extentions.css https://fonts.googleapis.com  https://fonts.gstatic.com; img-src * 'self' data: https: ; 3
default-src 'self' *.myidx.cloud *.analytics.google.com *.google.com *.google-analytics.com; img-src 'self' 'unsafe-inline' *.myidx.cloud * data: www.w3.org; frame-src www.youtube-nocookie.com 'self' *.myidx.cloud s.company-target.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticcontents.investis.com 77d8e64489354683a242e226ad9ed96b.svc.dynamics.com www.googletagmanager.com confirmsubscription.com vars.hotjar.com in.hotjar.com my.walls.io *.fls.doubleclick.net www.youtube.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com players.brightcove.net rolls-royce.staging.investis.com rolls-royce.production.investis.com www.facebook.com *.doubleclick.net staticzone.idigitalcontents.com viz.tools.investis.com form.typeform.com matt317952.typeform.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.myidx.cloud *.stackadapt.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net assets.investisdigital.com staticcontents.investis.com tagmanager.google.com www.googletagmanager.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com staticzone.idigitalcontents.com viz.tools.investis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fast.fonts.net embed.typeform.com; font-src 'self' 'unsafe-inline' *.myidx.cloud data: fonts.googleapis.com fonts.gstatic.com staticzone.idigitalcontents.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com *.fonts.com fast.fonts.net *.typekit.net; script-src www.youtube.com www.youtube.com/s/player/b2515611/www-widgetapi.vflset/www-widgetapi.js www.youtube.com/iframe_api 'self' 'unsafe-inline' 'unsafe-eval' *.myidx.cloud *.incrementdata.com static.cloudflareinsights.com *.stackadapt.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net mktdplp102cdn.azureedge.net staticcontents.investis.com js-agent.newrelic.com otp.tools.investis.com staticzone.idigitalcontents.com viz.tools.investis.com *.analytics.google.com *.google.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com edge.api.brightcove.com *.googleapis.com tagmanager.google.com stats.g.doubleclick.net *.investisdigital.com googleads.g.doubleclick.net googleadservices.com cdn.jsdelivr.net cdnjs.cloudflare.com facebook.com www.gstatic.com pi.pardot.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com static.ads-twitter.com snap.licdn.com *.googleadservices.com analytics.twitter.com *.flickr.com tag.demandbase.com *.lead-analytics-1000.com *.leadforensics.com track.accountinsight.cloud *.adnxs.com fast.fonts.net *.typekit.net *.lfeeder.com embed.typeform.com; media-src 'self' *.myidx.cloud *.brightcove.com *.brightcovecdn.com brightcove.hs.llnwd.net viz.tools.investis.com; connect-src 'self' https://cdnjs.cloudflare.com/ *.myidx.cloud *.stackadapt.com *.linkedin.com px.ads.linkedin.com/wa/ cdn.linkedin.oribi.io bam.eu01.nr-data.net facebook.com  *.googlesyndication.com *.analytics.google.com *.google.com *.doubleclick.net *.google-analytics.com www.google.co.in analytics.google.com www.facebook.com  tag-logger.demandbase.com www.facebook.com/tr/ in.hotjar.com staticzone.idigitalcontents.com viz.tools.investis.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net ipapi.connectid.cloud api.company-target.com segments.company-target.com track.incrementdata.com *.incrementdata.com *.googleadservices.com googleadservices.com facebook.com *.typekit.net *.amazonaws.com *.googleapis.com; base-uri 'none'; 3
object-src 'none'; img-src * data: blob:; default-src 'self' data: blob: https: *.sentry.io *.stripe.com *.clym.io https://*.hcaptcha.com wss://*.relay.crisp.chat; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' https://*.clym.io https://*.clym-sdk.net https://*.clym-widget.net; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.stripe.com apis.google.com *.clym.io *.clym-sdk.net *.clym-widget.net *.hcaptcha.com *.crisp.chat vercel.live *.googletagmanager.com *.facebook.net googleads.g.doubleclick.net *.ahrefs.com *.g2.com *.redditstatic.com *.licdn.com; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 3
upgrade-insecure-requests; frame-ancestors 'self' blaetterkatalog.musicstore.de 3
frame-ancestors 'self' https://deco.cx https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ 3
frame-ancestors 'self' https://gov.aitu.io; 3
default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 3
frame-src *.sailpoint.com *.facebook.com *.gartner.com *.google.com *.intellimizeio.com/ https://*.qualified.com https://8495553.fls.doubleclick.net/ https://api.intellimize.co/ https://all-demos-sigma.vercel.app/ https://app.smartsheet.com/ https://bid.g.doubleclick.net/ https://bugcrowd.com/ https://business-demo-bay.vercel.app/ https://business-plus-demo.vercel.app/ https://challenges.cloudflare.com/ https://indd.adobe.com https://platform.twitter.com/ https://pixel.mathtag.com/ https://play.vidyard.com https://player.vimeo.com/ https://recaptcha.google.com/recaptcha/ https://sailpoint2016.wpengine.com https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ https://sp-next-sanity.vercel.app/ https://static.hotjar.com https://static.hotjar.io https://syndication.twitter.com/ https://td.doubleclick.net/ https://vars.hotjar.com/ https://vars.hotjar.io/ https://webto.salesforce.com https://w.soundcloud.com/ https://www.brighttalk.com/ https://www.google.com/recaptcha/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.linkedin.com/ https://www.podbean.com/ https://www.youtube-nocookie.com/ https://www.youtube.com; style-src *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.gartner.com https://platform.twitter.com/ https://sailpoint2016.wpengine.com *.twimg.com/ https://code.jquery.com https://c.bing.com https://play.vidyard.com https://fonts.googleapis.com https://res.cloudinary.com https://*.qualified.com https://www.gstatic.com https://www.bloomstreetjapan.com 'unsafe-inline'; script-src blob: *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.gartner.com *.cloudflare.com/ https://sailpoint2016.wpengine.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.zi-scripts.com/ https://cdn.intellimize.co/ https://tags.clickagy.com/data.js *.zoominfo.com https://cdn.ampproject.org/ https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/ https://ib.adnxs.com/ https://tr.outbrain.com/ https://cdn.smartnews-ads.com/ https://pixel.mathtag.com/ https://pixel.advertising.com/ https://amplify.outbrain.com/ https://cnt.ads.8card.net/ https://cdn.syndication.twimg.com/ https://googleads.g.doubleclick.net https://platform.twitter.com https://api.swiftype.com https://code.jquery.com https://code.createjs.com https://www.amcharts.com https://cdn.amcharts.com/ https://connect.facebook.net/ https://j.6sc.co/ https://trk.techtarget.com/ https://googleadservices.com https://www.googleadservices.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://script.hotjar.com https://script.hotjar.io https://play.vidyard.com https://static.hotjar.com/ https://static.hotjar.io https://lltrck.com/scripts/ https://snap.licdn.com/ https://ws.zoominfo.com/ https://bat.bing.com/ https://cdn.cookielaw.org/ http://munchkin.marketo.net/ https://munchkin.marketo.net/ https://d.adroll.com/ https://static.cloudflareinsights.com/beacon.min.js/ *.clarity.ms/ https://instant.page/3.0.0 https://cdn.jsdelivr.net/ https://www.googletagmanager.com/gtm.js https://client.prod.mplat-ppcprotect.com/ https://www.redditstatic.com https://res.cloudinary.com https://ob.forroundprince.com https://obs.forroundprince.com https://*.qualified.com https://www.brighttalk.com/ https://home.integrate.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://lib-3pas.admatrix.jp https://webto.salesforce.com https://www.bloomstreetjapan.com 'unsafe-inline' 'unsafe-eval'; img-src data: *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.twimg.com/ https://sailpoint2016.wpengine.com *.gartner.com https://cnv.event.prod.bidr.io/ https://www.google-analytics.com https://sailpoint-digital-marketing.imgix.net/ https://cdn.cookielaw.org/ https://conversionadvocates.com/ https://www.linkedin.com/ https://t.6sc.co/ https://ups.analytics.yahoo.com/ https://pixel.advertising.com/ https://x.bidswitch.net/ https://cm.g.doubleclick.net/ https://image2.pubmatic.com/ https://beacon.krxd.net/ https://idsync.rlcdn.com/ https://www.googletagmanager.com/ https://pixel.mathtag.com/ https://dsum-sec.casalemedia.com/ https://i.smartnews-ads.com/ https://tr.outbrain.com/ https://sync.taboola.com https://sync.outbrain.com/ https://ads.yahoo.com *.twitter.com https://apt.techtarget.com/ https://dpm.demdex.net/ *.google.com/ https://googleads.g.doubleclick.net https://us-u.openx.net/ https://stags.bluekai.com/ https://www.facebook.com https://io.narrative.io/ https://p.adsymptotic.com/ https://pixel.rubiconproject.com/ https://secure.gravatar.com https://c.bing.com/ *.clarity.ms/ https://lltrck.com/ https://b.6sc.co/ https://bat.bing.com/ https://d.adroll.com https://*.ads.linkedin.com/ https://cdn.vidyard.com/ https://play.vidyard.com https://cdn.sanity.io/ https://ad.ipredictive.com/ https://res.cloudinary.com https://alb.reddit.com https://obs.forroundprince.com https://*.qualified.com https://custom.cvent.com https://googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://*.admatrix.jp https://www.bloomstreetjapan.com 'self'; font-src *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ https://sailpoint2016.wpengine.com https://fonts.gstatic.com https://cdn.cookielaw.org data:; frame-ancestors *.sailpoint.com https://www.majorkeytech.com https://sailpoint2016.wpengine.com 'self'; connect-src ws://localhost:3000/_next/webpack-hmr *.sailpoint.com https://*.apicdn.sanity.io https://*.google-analytics.com https://*.googletagmanager.com https://td.doubleclick.net https://*.g.doubleclick.net https://google.com https://www.googleadservices.com https://*.intellimize.co https://cdn.cookielaw.org https://*.google.com https://play.vidyard.com https://*.onetrust.com https://*.googlesyndication.com https://sailpoint-digital-marketing.imgix.net/ https://cdn.sanity.io/ wss://*.qualified.com https://*.qualified.com wss://ws.hotjar.com https://*.hotjar.io https://px.ads.linkedin.com https://*.6sc.co https://*.6sense.com https://o4507821606436864.ingest.us.sentry.io https://pixel-config.reddit.com https://conversions-config.reddit.com https://www.redditstatic.com https://secure.adnxs.com https://626-lto-177.mktoresp.com https://*.clarity.ms https://js.zi-scripts.com https://ws.zoominfo.com https://obs.forroundprince.com https://analytics-api.integrate.com https://ibc-flow.techtarget.com https://webto.salesforce.com https://www.facebook.com; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com https://*.cookiebot.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://www.googletagmanager.com https://www.google-analytics.com https://consentcdn.cookiebot.com https://connect.ekomi.de https://googleads.g.doubleclick.net https://www.googleadservices.com https://td.doubleclick.net https://pagead2.googlesyndication.com https://connect.facebook.net https://app.cortina-consult.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.cookiebot.com https://consentcdn.cookiebot.com https://app.cortina-consult.com; font-src 'self' https://fonts.gstatic.com https://userlike-cdn-umm.b-cdn.net data:; img-src 'self' data: https: blob:; connect-src 'self' https://*.cookiebot.com https://*.userlike.com https://www.google-analytics.com https://region1.google-analytics.com https://www.google.com https://api.userlike.com wss://*.userlike.com https://connect.ekomi.de https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://td.doubleclick.net https://pagead2.googlesyndication.com https://connect.facebook.net https://www.facebook.com https://app.cortina-consult.com; frame-src 'self' https://consentcdn.cookiebot.com https://*.cookiebot.com https://www.googletagmanager.com https://*.personio.de https://td.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://www.paypal.com https://www.pretago.de; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: * 3
default-src 'self' ajax.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com *.analytics.google.com *.google.com *.google-analytics.com fonts.gstatic.com; img-src 'self' 'unsafe-inline' * data: www.w3.org irs.tools.investis.com; frame-src 'self' *.investis.com *.youtube.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com fonts.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.investisdigital.com fast.fonts.net; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.cloudflareinsights.com cloudflareinsights.com *.google.com *.google-analytics.com ajax.googleapis.com irs.tools.investis.com *.googletagmanager.com *.google-analytics.com *.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.lfeeder.com *.youtube.com youtube-nocookie.com; connect-src 'self' *.investisdigital.com ajax.googleapis.com *.googletagmanager.com *.analytics.google.com *.google.com *.google-analytics.com *.google-analytics.com maps.googleapis.com maps.google.com *.amazonaws.com stats.g.doubleclick.net; base-uri 'none'; 3
frame-ancestors 'none'; default-src 'self' static.zdassets.com viabtc.zendesk.com *.zendesk.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net www.youtube-nocookie.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.zdassets.com res.wx.qq.com viabtc.zendesk.com www.google-analytics.com stats.g.doubleclick.net static.cloudflareinsights.com api.geetest.com api.geevisit.com monitor.geetest.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; style-src 'unsafe-inline' at.alicdn.com viabtc.zendesk.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; img-src i.ytimg.com www.google-analytics.com www.google.com *.aliyuncs.com *.alicdn.com viabtcconfig.oss-cn-shenzhen.aliyuncs.com viapoolconfig.oss-cn-hongkong.aliyuncs.com data: stats.g.doubleclick.net static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me event-verify-test.s3.ap-east-1.amazonaws.com s3.ap-east-1.amazonaws.com *.amazonaws.com viapoolconfig.s3.ap-east-1.amazonaws.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; font-src 'unsafe-inline' at.alicdn.com data: *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; connect-src 'self' viabtc.zendesk.com *.zendesk.com viabtc-help.zendesk.com *.zdassets.com https://widget-mediator.zopim.com https://p.extfun.com wss://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net event-verify-test.s3.ap-east-1.amazonaws.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; frame-src www.bilibili.com player.bilibili.com player.vimeo.com *.viabtc.com *.jumio.com www.youtube.com www.youtube-nocookie.com www.ixigua.com v.qq.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; 3
default-src 'self' 'unsafe-inline' data:  https://idosell.com https://idobooking.com https://*.iai-sa.com https://*.iai-system.com https://*.iai-sa.com https://*.idosell.com https://*.idobooking.com https://*.iai-shop.com https://*.idopayments.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://code.jquery.com https://maxcdn.bootstrapcdn.com wss://iai-call.idosell.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.microsoftonline.com/ https://*.google.pl https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.cookiebot.eu https://*.usercentrics.eu https://mozilla.github.io/ https://www.youtube.com https://cdnjs.cloudflare.com https://cdn-widget.callpage.io https://idosell-pages.vercel.app https://snap.licdn.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net https://*.hubspot.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.usemessages.com https://forms-eu1.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://px.ads.linkedin.com https://*.callpage.io https://api-eu1.hubapi.com https://*.elfsight.com https://phosphor.utils.elfsightcdn.com https://*.typekit.net https://www.slideshare.net https://unpkg.com https://i.ytimg.com https://open.spotify.com https://*.hs-sites-eu1.com https://*.clarity.ms/ https://*.hsappstatic.net https://*.hubspotusercontent-eu1.net https://*.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  https://idosell.com https://idobooking.com https://*.iai-sa.com https://*.iai-system.com https://*.iai-sa.com https://*.idosell.com https://*.idobooking.com https://*.iai-shop.com https://*.idopayments.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://code.jquery.com https://maxcdn.bootstrapcdn.com wss://iai-call.idosell.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.microsoftonline.com/ https://*.google.pl https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.cookiebot.eu https://*.usercentrics.eu https://mozilla.github.io/ https://www.youtube.com https://cdnjs.cloudflare.com https://cdn-widget.callpage.io https://idosell-pages.vercel.app https://snap.licdn.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net https://*.hubspot.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.usemessages.com https://forms-eu1.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://px.ads.linkedin.com https://*.callpage.io https://api-eu1.hubapi.com https://*.elfsight.com https://phosphor.utils.elfsightcdn.com https://*.typekit.net https://www.slideshare.net https://unpkg.com https://i.ytimg.com https://open.spotify.com https://*.hs-sites-eu1.com https://*.clarity.ms/ https://*.hsappstatic.net https://*.hubspotusercontent-eu1.net https://*.bing.com; 3
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.beuth.de *.dinmedia.de *.aks-dinmedia.net https://blickinsbuch.de/gateway/ https://*.blickinsbuch.de/gateway/ *.podigee-cdn.net *.etracker.com *.etracker.de *.ytimg.com *.hotjar.com *.soundcloud.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.youtube.com/iframe_api https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://code.jquery.com https://public.flourish.studio/resources/embed.js *.freshworks.com *.bing.com siteimproveanalytics.com https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.14/widget.module.min.js; style-src 'self' 'unsafe-inline' *.podigee-cdn.net https://fonts.googleapis.com *.freshworks.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.freshdesk.com https://beuth.prudsys-rde.de https://flourish-api.com https://public.flourish.studio https://*.hotjar.com https://stats.g.doubleclick.net https://*.hotjar.io *.etracker.de wss://*.hotjar.com *.freshworks.com *.openstreetmap.org *.friendlycaptcha.com *.googleadservices.com bat.bing.net bat.bing.com *.google.com; font-src 'self' *.podigee-cdn.net https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' blob: data: https://*.blickinsbuch.de https://*.blickinsbuch.net *.soundcloud.com *.podigee-cdn.net https://flourish-api.com https://googleads.g.doubleclick.net https://*.hotjar.com *.google.com *.google.de *.googletagmanager.com *.youtube-nocookie.com *.youtube.com https://flo.uri.sh https://www.openstreetmap.org https://cdn.knightlab.com/; img-src * data:; frame-ancestors 'self' *.dinmedia.de *.aks-dinmedia.net *.din.de *.etracker.com; worker-src 'self' blob:; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://view.ceros.com https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://munchkin.marketo.net https://js.driftt.com https://*.driftt.com https://players.brightcove.net https://*.brightcove.com https://*.brightcove.net https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://*.boltdns.net https://snap.licdn.com https://*.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://*.bing.com https://static.oktopost.com https://*.oktopost.com https://tracking.g2crowd.com https://*.g2crowd.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://edge.api.brightcove.com https://cms.api.brightcove.com https://playback.api.brightcove.com https://analytics.api.brightcove.com https://sadmin.brightcove.com https://gallery.api.brightcove.com https://social.api.brightcove.com https://gallery-metrics.api.brightcove.com https://*.brightcovecdn.com https://manifest.prod.boltdns.net https://app.ezlynx.com https://*.ezlynx.com https://tracking-api.g2.com https://*.g2.com https://d1igp3oop3iho5.cloudfront.net https://connect.facebook.net https://js.zi-scripts.com https://*.zi-scripts.com https://ws-assets.zoominfo.com https://*.zoominfo.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://okt.to https://static.cloudflareinsights.com https://*.facebook.com https://*.fbcdn.net https://ajax.googleapis.com https://*.googleapis.com https://assets.ceros.com https://*.ceros.com https://cdn.rollbar.com https://cdn.intake-lr.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googleadservices.com https://*.googleadservices.com https://web-sdk.smartlook.com https://www.clickcease.com https://insight.appliedsystems.com https://templates.marketo.net https://creative-services.ceros.com https://s.adroll.com https://reg.eventmobi.com https://www.gstatic.com https://dyv6f9ner1ir9.cloudfront.net https://cdnjs.cloudflare.com https://*.marchex.io https://rw1.marchex.io https://www.appliednet.com https://az416426.vo.msecnd.net https://js.monitor.azure.com https://scdn.snapapp.com https://dyv6f9ner1ir9.cloudfront.net https://platform.twitter.com https://scripts.poll-maker.com https://cdn.cookielaw.org https://resources.ezlynx.com https://web-sdk-eu.aptrinsic.com https://cdn.siteimprove.net https://*.clarity.ms https://mountain.com https://*.mountain.com https://static.airtable.com https://*.airtable.com https://assets.adoberesources.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com https://*.google.com https://view.ceros.com https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://munchkin.marketo.net https://js.driftt.com https://*.driftt.com https://players.brightcove.net https://*.brightcove.com https://*.brightcove.net https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://js.driftt.com https://*.driftt.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://*.boltdns.net https://snap.licdn.com https://*.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://*.bing.com https://static.oktopost.com https://*.oktopost.com https://tracking.g2crowd.com https://*.g2crowd.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://edge.api.brightcove.com https://cms.api.brightcove.com https://playback.api.brightcove.com https://analytics.api.brightcove.com https://sadmin.brightcove.com https://gallery.api.brightcove.com https://social.api.brightcove.com https://gallery-metrics.api.brightcove.com https://*.brightcovecdn.com https://manifest.prod.boltdns.net https://app.ezlynx.com https://*.ezlynx.com https://tracking-api.g2.com https://*.g2.com https://d1igp3oop3iho5.cloudfront.net https://connect.facebook.net https://js.zi-scripts.com https://*.zi-scripts.com https://ws-assets.zoominfo.com https://*.zoominfo.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://okt.to https://static.cloudflareinsights.com https://*.facebook.com https://*.fbcdn.net https://ajax.googleapis.com https://*.googleapis.com https://assets.ceros.com https://*.ceros.com https://cdn.rollbar.com https://cdn.intake-lr.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googleadservices.com https://*.googleadservices.com https://web-sdk.smartlook.com https://www.clickcease.com https://insight.appliedsystems.com https://templates.marketo.net https://creative-services.ceros.com https://s.adroll.com https://reg.eventmobi.com https://www.gstatic.com https://dyv6f9ner1ir9.cloudfront.net https://cdnjs.cloudflare.com https://*.marchex.io https://rw1.marchex.io https://www.appliednet.com https://az416426.vo.msecnd.net https://js.monitor.azure.com https://scdn.snapapp.com https://dyv6f9ner1ir9.cloudfront.net https://platform.twitter.com https://scripts.poll-maker.com https://cdn.cookielaw.org https://resources.ezlynx.com https://web-sdk-eu.aptrinsic.com https://cdn.siteimprove.net https://*.clarity.ms https://mountain.com https://*.mountain.com https://static.airtable.com https://*.airtable.com https://assets.adoberesources.net; style-src 'self' 'unsafe-inline' https://view.ceros.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://js.driftt.com https://*.driftt.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://*.boltdns.net https://snap.licdn.com https://*.licdn.com https://static.oktopost.com https://*.oktopost.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.brightcove.com https://*.brightcove.net https://*.brightcovecdn.com https://use.typekit.net https://p.typekit.net https://assets.ceros.com https://*.ceros.com https://d2yeu2mwujl2s5.cloudfront.net https://insight.appliedsystems.com https://templates.marketo.net https://www.appliednet.com https://resources.ezlynx.com https://web-sdk-eu.aptrinsic.com; font-src 'self' data: https://view.ceros.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://form.jotform.com https://*.jotform.com https://vwo.com https://*.vwo.com https://js.driftt.com https://*.driftt.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://static.oktopost.com https://*.oktopost.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.brightcove.com https://*.brightcove.net https://*.brightcovecdn.com https://use.typekit.net https://p.typekit.net https://media-s3-us-east-1.ceros.com https://*.appliedsystems.com https://www.appliednet.com https://resources.ezlynx.com https://dhm5hy2vn8l0l.cloudfront.net; img-src 'self' data: https: https://view.ceros.com https://www.googletagmanager.com https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://players.brightcove.net https://*.brightcove.com https://*.brightcove.net https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://js.driftt.com https://*.driftt.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://*.boltdns.net https://snap.licdn.com https://*.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://*.bing.com https://static.oktopost.com https://*.oktopost.com https://tracking.g2crowd.com https://*.g2crowd.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.brightcovecdn.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://okt.to https://www.appliednet.com https://resources.ezlynx.com https://mountain.com https://*.mountain.com; frame-src 'self' https://*.outgrow.us https://view.ceros.com https://www.googletagmanager.com https://www.google.com https://maps.google.com https://*.google.com https://form.asana.com https://*.asana.com https://airtable.com https://*.airtable.com https://td.doubleclick.net https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://players.brightcove.net https://*.brightcove.com https://*.g2.com https://*.brightcove.net https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://js.driftt.com https://*.driftt.com https://cdn-cookieyes.com https://*.cookieyes.com https://static.oktopost.com https://*.oktopost.com https://js.idio.co https://*.idio.co https://*.brightcovecdn.com https://forms2.itswebs.com https://resources.ezlynx.com https://mountain.com https://*.mountain.com; connect-src 'self' https://www.googletagmanager.com https://app-abk.marketo.com https://*.marketo.com https://*.mktoutil.com https://*.ivans.com https://www.google.com https://google.com https://analytics.google.com https://dev.visualwebsiteoptimizer.com https://stats.g.doubleclick.net https://players.brightcove.net https://*.brightcove.com https://*.brightcove.net https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://*.visualwebsiteoptimizer.com https://js.driftt.com https://*.driftt.com https://metrics.api.drift.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://*.boltdns.net http://*.boltdns.net https://snap.licdn.com https://*.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://*.bing.com https://static.oktopost.com https://*.oktopost.com https://tracking.g2crowd.com https://*.g2crowd.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://web-sdk.smartlook.com https://*.smartlook.com https://*.smartlook.cloud https://manager.eu.smartlook.cloud https://edge.api.brightcove.com https://cms.api.brightcove.com https://playbook.api.brightcove.com https://analytics.api.brightcove.com https://sadmin.brightcove.com https://gallery.api.brightcove.com https://social.api.brightcove.com https://gallery-metrics.api.brightcove.com https://*.brightcovecdn.com https://manifest.prod.boltdns.net https://app.ezlynx.com https://*.ezlynx.com https://tracking-api.g2.com https://*.g2.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://okt.to https://www.facebook.com https://*.facebook.com https://js.zi-scripts.com https://*.zi-scripts.com https://ws-assets.zoominfo.com https://*.zoominfo.com https://373-dbf-030.mktoresp.com https://api.ceros.com https://media.ceros.com https://d1igp3oop3iho5.cloudfront.net https://*.marchex.io https://rw1.marchex.io https://www.appliednet.com https://www.google.ca https://*.google.ca https://resources.ezlynx.com https://esp-eu.aptrinsic.com https://my2.siteimprove.com https://*.clarity.ms https://*.compute.amazonaws.com https://mountain.com https://*.mountain.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://*.cloud.adobe.io wss://*.cloud.adobe.io https://dc.services.visualstudio.com https://js.monitor.azure.com https://assets.adoberesources.net; media-src 'self' https://*.brightcove.com https://*.brightcove.net https://*.boltdns.net http://*.boltdns.net https://*.brightcovecdn.com https://media.ceros.com https://media-s3-us-east-1.ceros.com blob: data:; worker-src 'self' blob:; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'self' https://*.ezlynx.com/ https://*.appliedsystems.com/ https://*.ivans.com/ https://*.agentinsure.com/ https://*.uatezlynx.com/ https://*.vtpezlynx.com/ https://*.devezlynx.com/ https://appliedsystems--devprob.sandbox.my.site.com/ https://appliedsystems--devproa.sandbox.my.site.com/ https://appliedsystems--uat.sandbox.my.site.com/ https://appliedsystems--uat.sandbox.my.site.com/AppliedClientCommunity/s/ https://community.appliedsystems.com/; 3
frame-ancestors https://*.rtl.de https://*.sharemagazines.de https://*.sharemagazines-dev.de 3
default-src 'self' https://*.pusher.com wss://ws-eu.pusher.com wss://ws-eu.pusher.com:443;    worker-src 'self' blob:;    script-src 'self' 'unsafe-eval' 'unsafe-inline' https://plausible.io https://acsbapp.com https://widget.datablocks.se;    connect-src 'self' https://plausible.io https://acsbapp.com https://*.acsbapp.com wss://ws-eu.pusher.com https://sockjs-eu.push https://widget.datablocks.se https://*.mfn.se;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;    img-src 'self' https://*.graphassets.com blob: data:;    media-src 'self' https://*.graphassets.com;    font-src 'self' https://fonts.gstatic.com data:;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    frame-src https://www.youtube.com;    upgrade-insecure-requests; 3
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.npodoc.nl *.2doc.nl *.vprogids.nl *.brainwash.nl *.vprohuman.nl *.npo.nl *.npo-data.nl *.prepr.io vpro.matomo.cloud omroephuman.matomo.cloud; 3
frame-ancestors 'self' http://*.hftmagnates.com/ https://*.hftmagnates.com/ http://fm.fmpedia.lc/ https://fm.fmpedia.lc/ http://il.fmpedia.lc/ https://il.fmpedia.lc/ https://localhost:3002/ https://localhost:3004/ https://localhost:3006/ https://financemagnates.com/ https://financemagnates.com:3002/ https://*.financemagnates.com/ https://*.financemagnates.com:3002/ https://*.financemagnates.com:3004/ https://investinglive.com/ https://investinglive.com:3006/ https://*.investinglive.com/ https://*.investinglive.com:3006/; 3
frame-ancestors https://*.etracker.com; 3
frame-ancestors 'self' https://bechtle.com https://www.bechtle.com https://arp.nl https://prod.arp.nl https://www.arp.nl https://bechtle-clouds.com https://www.bechtle-clouds.com *.clouds.bechtle.de https://services.inmac.com 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; worker-src blob: https:; connect-src ws: wss: https:; font-src 'self' https://themes.googleusercontent.com fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.tolunastart.com data:; 3
frame-ancestors 'self' http://*.commonwealthu.edu https://*.commonwealthu.edu http://commonwealthu.prod.acquia-sites.com https://commonwealthu.prod.acquia-sites.com http://commonwealthustage.prod.acquia-sites.com https://commonwealthustage.prod.acquia-sites.com http://commonwealthudev.prod.acquia-sites.com https://commonwealthudev.prod.acquia-sites.com http://commonwealthura.prod.acquia-sites.com https://commonwealthura.prod.acquia-sites.com http://commonwealth.ddev.site https://commonwealth.ddev.site https://*.vimeo.com https://*.youtube.com https://bbox.blackbaudhosting.com; report-uri https://www.commonwealthu.edu/report-uri/enforce 3
default-src * http: https:; style-src 'self' 'unsafe-inline' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: portalcloud.oni.pt; frame-ancestors 'self' *.gigas.com portalcloud.oni.pt grupogigas.com;img-src data: 'self' 'unsafe-inline' 'unsafe-eval' http: https:; 3
frame-ancestors https://*.builder.io https://builder.io http://localhost:3000 https://*.bodi.com https://*.vercel.app 3
frame-ancestors 'self'  *.dastelefonbuch.de *.schatten.dastelefonbuch.de *.telefonbuch.de *.meinungsmeister.de 3
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.team.blue *.gstatic.com *.google.com *.acsbapp.com mhosting.hu *.mhosting.hu *.iubenda.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com trustpilot.com *.trustpilot.com googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net analytics.tiktok.com connect.facebook.net snap.licdn.com bat.bing.com *.ads-twitter.com c.seznam.cz *.hotjar.com *.ladesk.com srv.isy-teamblue.services srv.motu-teamblue.services *.adform.net www.youtube.com *.clarity.ms; style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net *.mhosting.hu cdn.iubenda.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.acsbapp.com *.doubleclick.net *.facebook.com *.mhosting.hu *.clarity.ms *.iubenda.com googleapis.com *.googleapis.com *.google.com pagead2.googlesyndication.com px.ads.linkedin.com analytics.tiktok.com bat.bing.com *.google-analytics.com *.motu-teamblue.services; font-src 'self' pw.w.org cdn.jsdelivr.net; frame-src 'self' *.team.blue *.google.com *.mhosting.hu *.apps.ladesk.com *.iubenda.com td.doubleclick.net webonic.ladesk.com www.googletagmanager.com; img-src 'self' data: *.google.sk *.facebook.net srv.motu-teamblue.services *.google.com *.doubleclick.net pw.w.org ps.w.org *.googletagmanager.com *.bing.com *.mhosting.hu *.clarity.ms www.facebook.com www.google.com www.google.hu; manifest-src 'self'; media-src 'self'; 3
object-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; 3
default-src 'self' style-src 'unsafe-inline' 3
default-src 'self';  script-src 'self' https://maps.googleapis.com https://newlogin.dimepkairos.com.br https://5chat.5hub.com.br https://script.hotjar.com https://code.jquery.com https://static.hotjar.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.dimepkairos.com.br https://www.google-analytics.com https://cdnjs.cloudflare.com https://l2.io https://cdn.jsdelivr.net https://js-agent.newrelic.com 'unsafe-eval' 'unsafe-inline';  style-src 'self' https://newlogin.dimepkairos.com.br https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.gstatic.com 'unsafe-inline';  font-src 'self' https://newlogin.dimepkairos.com.br https://fonts.gstatic.com;  img-src 'self' data: *;  connect-src 'self' https://maps.googleapis.com https://maps.google.com https://maps.google https://stats.g.doubleclick.net https://tagus.5hub.com.br https://www.google.com https://www.google-analytics.com https://bam.nr-data.net http://127.0.0.1:8731;  frame-src 'self' https://qcmaint.dimepkairos.com.br https://www.google.com https://5chat.5hub.com.br https://www.dimep.space https://qcmaint.mdcomune.com.br https://www.dimepkairos.com.br https://www.mdcomune.com.br https://www.dimepkairos.pt https://www.dimepkairos.com.mx;  object-src 'self';  base-uri 'self';  form-action 'self';  frame-ancestors 'self';  block-all-mixed-content;  upgrade-insecure-requests; 3
default-src 'self'; script-src 'self' img.exaly.com exaly.com static.cloudflareinsights.com pagead2.googlesyndication.com 'nonce-dQw4w9WgXcQWwWwq' 'sha256-qgfrQOR_2si229nQ6Uv2i2s3TKa8zwzQnwfQj366y5E='; style-src 'self' exaly.com fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' exaly.com img.exaly.com; connect-src 'self' img.exaly.com exaly.com fonts.googleapis.com 3
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de *.netzlabor.de *.spaceview.net; connect-src 'self' tracking.netmind-cloud.com *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org *.spaceview.net *.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.start.video-stream-hosting.de *.cloudfront.net vimeo.com multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.googlevideo.com; frame-src 'self' *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com vimeo.com *.cloudfront.net *.gsb.bund.de; frame-ancestors 'self' admin.prod.gsb.bmel.in.bund.de;upgrade-insecure-requests; 3
default-src 'none'; child-src 'self' *.kaltura.com *.surveygizmo.com cdn.calconic.com insuranceservicesofficeinc.demdex.net; connect-src 'self' data: *.albacross.com *.brightcove.com *.commoninja.com *.crazyegg.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.kaltura.com *.kampyle.com *.linkedin.com *.maplecroft.com *.optimizely.com *.srv.stackadapt.com *.xactware.com app.calconic.com bcbolt446c5271-a.akamaihd.net cdn-app.continual.ly cdn.calconic.com cdn.cookielaw.org dc.services.visualstudio.com dl.episerver.net dpm.demdex.net geolocation.onetrust.com google.co.in http://ad.doubleclick.net https://*.6sc.co https://*.6sense.com https://*.influ2.com https://1752680588.rsc.cdn77.org https://adservice.google.com https://analytics-fe.digital-cloud-us-main.medallia.com https://analytics.google.com https://api.adblockertool.com https://api.adblocking247.com https://api.aituria.com https://api.awesomeblocker.com https://api.killadsapi.com https://api.video-adblock.com https://app.continual.ly/ https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://connect.facebook.net https://content.hotjar.io https://epsilon.6sense.com https://fonts.gstatic.com https://ipv6.6sc.co https://js.monitor.azure.com https://metrics.hotjar.io https://s.yimg.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://unpkg.com https://verisk.my.salesforce-scrt.com https://wss-pr.continual.ly:6001 https://www.google.com.et https://www.google.com.pr https://www.google.com.tr hubspot-forms-static-embed.s3.amazonaws.com manifest.prod.boltdns.net opreq.observepoint.com privacyportal.onetrust.com public.flourish.studio secure.adnxs.com vc.hotjar.io verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net ws.hotjar.com wss://ws.hotjar.com; font-src 'self' data: *.cloudfront.net *.googleapis.com *.gstatic.com *.kaltura.com cdnjs.cloudflare.com dl.episerver.net vjs.zencdn.net; frame-src 'self' *.acast.com *.brightcove.net *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google.com *.gstatic.com *.kaltura.com *.kampyle.com *.maplecroft.com *.optimizely.com *.pardot.com *.readymag.com *.surveygizmo.com *.twitter.com *.youtube.com activitymap.adobe.com app.powerbi.com bloomberg.com capture.navattic.com cdn-app.continual.ly cdn.calconic.com datawrapper.dwcdn.net dl.episerver.net flo.uri.sh https://app.continual.ly/ https://open.spotify.com https://verisk.my.site.com https://view.ceros.com https://www.brighttalk.com https://www.googletagmanager.com insuranceservicesofficeinc.demdex.net lifedemo.shinyapps.io optimize.google.com player.vimeo.com public.tableau.com survey.alchemer.com td.doubleclick.net verisk.postclickmarketing.com www.buzzsprout.com www.google.com www.insurancejournal.tv www.youtube-nocookie.com; img-src 'self' data: *.air-worldwide.com *.albacross.com *.brightcove.com *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.linkedin.com *.maplecroft.com *.optimizely.com *.srv.stackadapt.com *.trendemon.com *.twimg.com *.twitter.com *.verisk.com *.youtube.com 6016449.global.siteimproveanalytics.io api.mapbox.com assets.adobedtm.com c.bing.com cdn.cookielaw.org cf-images.us-east-1.prod.boltdns.net cm.everesttech.net dl.episerver.net dpm.demdex.net https://*.6sc.co https://ib.adnxs.com https://sp.analytics.yahoo.com i.ytimg.com jumbe.zaius.com maps.gstatic.com optimize.google.com p.adsymptotic.com public.tableau.com t.influ2.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net w3.poweradvocate.com www.google.co.uk www.google.com www.greatplacetowork.com www.gstatic.com; media-src 'self' blob: *.air-worldwide.com *.gstatic.com *.kaltura.com *.srv.stackadapt.com bcbolt446c5271-a.akamaihd.net dl.episerver.net manifest.prod.boltdns.net; script-src-elem 'self' 'unsafe-inline' *.albacross.com *.cave9tape.com *.cloudfront.net *.cookielaw.org *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.licdn.com *.maplecroft.com *.oktopost.com *.pardot.com *.salesforceliveagent.com *.srv.stackadapt.com *.trendemon.com *.twitter.com *.xactware.com alert.risksolutions.verisk.com assets.adobedtm.com cdn-app.continual.ly cdn.calconic.com cdn.datatables.net cdnjs.cloudflare.com code.jquery.com dl.episerver.net https://*.influ2.com https://app.optimizely.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.optimizely.com https://cdnapisec.kaltura.com https://j.6sc.co https://okt.to https://s.yimg.com https://script.hotjar.com https://static.hotjar.com https://unpkg.com https://verisk.my.site.com https://view.ceros.com https://www.brighttalk.com img.en25.com js.monitor.azure.com maxcdn.bootstrapcdn.com public.flourish.studio risksolutions.verisk.com siteimproveanalytics.com static.oktopost.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.albacross.com *.cave9tape.com *.cloudflare.com *.cloudfront.net *.commoninja.com *.cookielaw.org *.facebook.net *.fraudblocker.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.herbgreencolumn.com *.hsforms.com *.kaltura.com *.licdn.com *.linkedin.com *.maplecroft.com *.oktopost.com *.optimizely.com *.pardot.com *.readymag.com *.salesforceliveagent.com *.trendemon.com *.twimg.com *.twitter.com *.xactware.com *.youtube.com activitymap.adobe.com api-ssl.bitly.com az416426.vo.msecnd.net cdn-app.continual.ly cdn-assets-prod.s3.amazonaws.com cdn.calconic.com cdn.mouseflow.com cdnjs.cloudflare.com code.jquery.com dl.episerver.net geolocation.onetrust.com https://js.monitor.azure.com https://verisk.my.site.com img.en25.com ionfiles.scribblecdn.ne js.hsforms.net js.monitor.azure.com maxcdn.bootstrapcdn.com optimize.google.com player.vimeo.com players.brightcove.net public.flourish.studio public.tableau.com s1065293013.t.eloqua.com script.crazyegg.com secure.leadforensics.com siteimproveanalytics.com unpkg.com vjs.zencdn.net www.buzzsprout.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com *.verisk.com alert.risksolutions.verisk.com cdn-app.continual.ly cdn.jsdelivr.net dl.episerver.net https://app.continual.ly/css/gekr8k83y6vw/custom.css https://cdnjs.cloudflare.com https://unpkg.com https://verisk.my.site.com risksolutions.verisk.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com cdn-app.continual.ly cdn.jsdelivr.net cdnjs.cloudflare.com dl.episerver.net optimize.google.com unpkg.com; worker-src 'self' blob:; script-src-attr 'unsafe-inline' *.srv.stackadapt.com *.xactware.com; frame-ancestors *.cargonet.com *.isomitigation.com *.maplecroft.com *.verisk.com https://verisk.my.salesforce-scrt.com https://verisk.my.site.com https://verisk.my.site.com/; report-to stott-security-endpoint;report-uri https://www.verisk.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 3
default-src 'self' 'unsafe-inline' player.podigee-cdn.net fonts.googleapis.com *.google.at *.google.de *.google.es *.google.ch *.google.com blob:; img-src 'self' cm.everesttech.net secure.gravatar.com i.ytimg.com *.google.at *.google.de *.google.es *.google.ch *.google.com *.axelspringer.com www.googletagmanager.com imgsct.cookiebot.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.podigee-cdn.net www.everestjs.net tags.tiqcdn.com cmp.axelspringer.com www.googletagmanager.com *.google.at *.google.de *.google.es *.google.ch *.google.com consentcdn.cookiebot.com www.googletagmanager.com consent.cookiebot.com ajax.googleapis.com blob:; font-src 'self' player.podigee-cdn.net fonts.gstatic.com data:; frame-ancestors www.axelspringer.com; frame-src open.spotify.com player.podigee-cdn.net www.axelspringer.com cmp.axelspringer.com resources-production.la.welt.de www.youtube.com axelspringerse.demdex.net *.google.at *.google.de *.google.es *.google.ch *.google.com www.googletagmanager.com embed.acast.com consentcdn.cookiebot.com blob:; connect-src 'self' as.axelspringer.com dpm.demdex.net cmp.axelspringer.com *.google.at *.google.de *.google.es *.google.ch *.google.com consentcdn.cookiebot.com *.google-analytics.com googleads.g.doubleclick.net 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.google.com *.google.de *.mdex.de *.gstatic.com *.yoast.com *.googlesyndication.com *.googleadservice.com data: https:; frame-ancestors 'self' 3
frame-ancestors 'self' https://*.ccma.cat http://*.ccma.cat https://*.3cat.cat http://*.3cat.cat; 3
frame-ancestors 'self' https://attivazioni.windtre.it attivazioni.windtre.it https://ac.windtre.it ac.windtre.it https://www.windtrebusiness.it www.windtrebusiness.it https://shop.windtre.it shop.windtre.it https://buy.shop.windtre.it  buy.shop.windtre.it https://selfcare-pwa-bs.gcp.windtre.it https://www.segnoverde.it https://www.windtrelucegas.it ; 3
default-src 'self' 'unsafe-inline' *; img-src 'self' * blob: data: cdnjs.cloudflare.com https://*.productfruits.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/r ecaptcha/ https://accounts.google.com/gsi/button https://*.productfruits.com https; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com https:; style-src 'unsafe-inline' *; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.deepdyve.com https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://play.google.com/log https://accounts.google.com/gsi https://accounts.google.com/gsi/client https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com https://bant.io https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://beacon-v2.helpscout.net https://connect.facebook.net https://rum-static.pingdom.net https://assets.customer.io https://js.maxmind.com/js/apis/geoip2/v2.1/geoip2.js https://platform.twitter.com/widgets.js https://sealserver.trustwave.com/seal.js https://static.cloudflareinsights.com/ 'unsafe-inline' https://code.tidio.co https://widget-v4.tidiochat.com https://*.productfruits.com https://cdn.mxpnl.com https://appsforoffice.microsoft.com https://ajax.googleapis.com https://www.clarity.ms https://scripts.clarity.ms; media-src 'unsafe-inline' code.tidio.co widget-v4.tidiochat.com blob:; connect-src 'unsafe-inline' sentry-new.tidio.co socket.tidio.co api-v2.tidio.co https: wss:; worker-src 'self' blob:; 3
frame-ancestors 'self' https://app.unbouncepreview.com https://app.unbounce.com https://learn.salfinc.com https://learn.self.inc; 3
default-src 'self' * data: blob: https: *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com cdn.cookielaw.org *.tctm.co *.tctm.xyz *.clarity.ms *.peacebanana.com *.ostrichesica.com *.googlesyndication.com *.cloudflareinsights.com *.cheqzone.com *.cloudfront.net *.datadoghq-browser-agent.com *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: safetydetectives.com *.safetydetectives.com safetydetective.com *.safetydetective.com  *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.googletagmanager.com *.googleapis.com *.gstatic.com ; 3
object-src *.calgary.ca:*; frame-ancestors *.calgary.ca:* *.coc.ca *.arcgis.com 3
frame-ancestors 'self' https://platform.netmeds.tech 3
frame-ancestors https://app.contentstack.com/; 3
default-src 'self' wss: https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.atriumhealth.org https://*.evgnet.com https://*.fortawesome.com https://*.googleapis.com https://*.odeza.com https://atriumhealth.secure.force.com https://atriumhealthbotv4windows.azurewebsites.net https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://clres.s3.amazonaws.com https://code.jquery.com https://dev.virtualearth.net https://developers.google.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://static.cloud.coveo.com https://unpkg.com https://www.bing.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://js.stripe.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.atriumhealth.org https://*.evgnet.com https://*.fortawesome.com https://use.fortawesome.com https://*.googleapis.com https://*.odeza.com https://atriumhealth.us-7.evergage.com https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://clres.s3.amazonaws.com https://code.jquery.com https://dev.virtualearth.net https://developers.google.com https://maxcdn.bootstrapcdn.com https://r.bing.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://static.cloud.coveo.com https://unpkg.com https://www.bing.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://js.stripe.com; 3
default-src 'self' *.vidyard.com *.onetrust.com *.zi-scripts.com *.salesloft.com;                     frame-ancestors 'self';                     form-action *;                     object-src 'none';                     base-uri 'none';                     style-src * 'unsafe-inline';                     script-src * 'unsafe-inline' 'unsafe-eval' blob:;                     img-src * 'unsafe-inline' 'unsafe-eval' data: blob:;                     connect-src *;                     worker-src * blob:;                     frame-src * blob:;                     font-src * data:;                     media-src *; 3
base-uri 'self';connect-src 'self' portal.dimdi.de *.itzbund.de;frame-ancestors 'self' piwikweb.prod.gsb.service.zivb.net;frame-src icd.who.int https://icdapi-de-prerelease.azurewebsites.net;img-src 'self' data: https://www.youtube.com https://piwik.itzbund.de;media-src 'self' multimedia.gsb.bund.de https://www.youtube.com;object-src 'none' multimedia.gsb.bund.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://piwik.itzbund.de https://icdcdn.who.int;style-src 'self' 'unsafe-inline' https://icdcdn.who.int; 3
frame-ancestors 'self' *.telekurier.at; 3
upgrade-insecure-requests; frame-src https://start26.sptpub.com https://widget.swapped.com https://player.twitch.tv/ https://oauth.telegram.org/ https://pulsegiftcards.com https://global.frcapi.com/ https://challenges.cloudflare.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://pay.skrill.com/ https://intercom-sheets.com/ https://sandbox.swapped.com/; frame-ancestors 'none'; 3
default-src 'self' d30ia583fbtg8i.cloudfront.net cdn.cookielaw.org www.google-analytics.com *.hidglobal.com *.hid.gl *.mktoresp.com sentry.io www.trustradius.com *.zoominfo.com; connect-src 'self' *.6sc.co *.6sense.com *.adobe.io wss://*.adobe.io insights.algolia.io *.algolia.net *.algolianet.com bat.bing.com *.clarity.ms d30ia583fbtg8i.cloudfront.net dudodiprj2sv7.cloudfront.net cdn.cookielaw.org stats.g.doubleclick.net analytics.google.com www.google-analytics.com www.google.com pagead2.googlesyndication.com *.hidglobal.com *.interactivecalculator.com gmc.lingotek.com px.ads.linkedin.com 289-tsc-352.mktoresp.com 874-yjr-516.mktoweb.com *.omappapi.com siteintercept.qualtrics.com hidglobal.my.salesforce-sites.com www.trustradius.com p.typekit.net use.typekit.net upload.uploadcare.com js.zi-scripts.com *.zoominfo.com https://www.google-analytics.com https://www.googletagmanager.com https://metrics.hidglobal.com/; font-src 'self' maxcdn.bootstrapcdn.com d30ia583fbtg8i.cloudfront.net dudodiprj2sv7.cloudfront.net fonts.gstatic.com *.interactivecalculator.com www.trustradius.com use.typekit.net p.typekit.net; frame-src 'self' documentcloud.adobe.com bugcrowd.com d30ia583fbtg8i.cloudfront.net bid.g.doubleclick.net hidglobal-communities.force.com hidglobal.force.com hidglobal.secure.force.com *.visual.force.com hidglobal.formstack.com www.google.com www.google-analytics.com www.googletagmanager.com indd.adobe.com info.hidglobal.com *.interactivecalculator.com html5-player.libsyn.com 874-yjr-516.mktoweb.com hid-mobile.netlify.app hid-mobile-access-cn.netlify.app hid-mobile-access-fr.netlify.app hid-mobile-access-jp.netlify.app hid-mobile-access-kr.netlify.app *.my.salesforce.com hidglobal.my.salesforce.com hidglobal.my.salesforce-sites.com hidglobal.my.site.com sketchfab.com open.spotify.com cdn.thinglink.me www.trustradius.com player.vimeo.com; img-src 'self' data: *.6sc.co assets.adoberesources.net s3.amazonaws.com bat.bing.com ct.capterra.com *.clarity.ms d30ia583fbtg8i.cloudfront.net cdn.cookielaw.org stats.g.doubleclick.net www.facebook.com www.google.com tagmanager.google.com ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com lh3.googleusercontent.com ssl.gstatic.com www.gstatic.com *.hid.gl *.hidglobal.com hidglobal.com www.hidglobal.cn *.interactivecalculator.com gmc.lingotek.com px.ads.linkedin.com 874-yjr-516.mktoweb.com *.omappapi.com wec-assets.terminus.services cdn.thinglink.me media.trustradius.com www.trustradius.com ucarecdn.com i.vimeocdn.com i.ytimg.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' *.6sc.co documentcloud.adobe.com assets.adoberesources.net bat.bing.com sjs.bizographics.com bugcrowd.com assets.bugcrowdusercontent.com www.clarity.ms d30ia583fbtg8i.cloudfront.net cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.com connect.facebook.net apis.google.com www.google.com tagmanager.google.com www.googleadservices.com www.google-analytics.com ajax.googleapis.com www.googleapis.com www.googletagmanager.com www.gstatic.com *.hidglobal.com info.hidglobal.com *.interactivecalculator.com https://cdn.jsdelivr.net snap.licdn.com px.ads.linkedin.com www.linkedin.com munchkin.marketo.net 874-yjr-516.mktoweb.com *.omappapi.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com hidglobal.my.salesforce-sites.com vidassets.terminus.services wec-assets.terminus.services www.thinglink.com cdn.thinglink.me www.trustradius.com ucarecdn.com js.zi-scripts.com *.zoominfo.com https://cdnjs.cloudflare.com https://d3js.org https://embed.interactivecalculator.com https://metrics.hidglobal.com/; script-src-elem 'self' 'unsafe-inline' *.6sc.co documentcloud.adobe.com assets.adoberesources.net bat.bing.com sjs.bizographics.com bugcrowd.com assets.bugcrowdusercontent.com www.clarity.ms d30ia583fbtg8i.cloudfront.net cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.com connect.facebook.net apis.google.com www.google.com tagmanager.google.com www.googleadservices.com www.google-analytics.com ajax.googleapis.com www.googleapis.com www.googletagmanager.com www.gstatic.com *.hidglobal.com info.hidglobal.com *.interactivecalculator.com https://cdn.jsdelivr.net snap.licdn.com px.ads.linkedin.com www.linkedin.com munchkin.marketo.net 874-yjr-516.mktoweb.com *.omappapi.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com hidglobal.my.salesforce-sites.com vidassets.terminus.services wec-assets.terminus.services www.thinglink.com cdn.thinglink.me www.trustradius.com ucarecdn.com js.zi-scripts.com *.zoominfo.com https://cdnjs.cloudflare.com https://d3js.org https://embed.interactivecalculator.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com d30ia583fbtg8i.cloudfront.net tagmanager.google.com fonts.googleapis.com info.hidglobal.com *.interactivecalculator.com 874-yjr-516.mktoweb.com *.omappapi.com hidglobal.my.salesforce-sites.com cdn.thinglink.me www.trustradius.com p.typekit.net use.typekit.net https://cdnjs.cloudflare.com https://use.typekit.net; form-action 'self' d30ia583fbtg8i.cloudfront.net *.ddev.site www.google-analytics.com *.hid.gl *.hidglobal.com info.hidglobal.com *.interactivecalculator.com *.mktoresp.com 874-yjr-516.mktoweb.com hidglobal.qualtrics.com webto.salesforce.com sentry.io www.trustradius.com; frame-ancestors 'self' hidglobal.com www.hidglobal.com 3
frame-ancestors 'self' www.cv.ee cv.ee www.cv.lv cv.lv www.prakse.lv prakse.lv https://www.fritz-henkel.com https://fritz-henkel.com dm.henkel-dam.com; 3
frame-ancestors self *.deluxe.com deluxe.lookbookhq.com;, default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://internetcomputer.matomo.cloud; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://*.internetcomputer.org https://*.basemaps.cartocdn.com https://*.githubusercontent.com https://*.ctfassets.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.internetcomputer.org https://ic0.app https://internetcomputer.matomo.cloud https://*.githubusercontent.com; frame-src 'self'; object-src 'none'; media-src 'self'; child-src 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self'; worker-src 'self'; 3
font-src 'self' themes.googleusercontent.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 3
frame-ancestors 'self' http://tutorialcorreo.xsi.es http://correo.natural.es http://correo.mundored.com http://mundored.com https://correo.nuevecomanueve.es 3
default-src 'self'; script-src  'sha256-HLcA1CDTwKDheRtAqwh6iM6SYZPA1z1OyiDmdfapFAc='  'sha256-9bZc2e8ZEdu9do2uwbvDUAwV6DQyl6m+y+xdvA6yND0='  'sha256-UOTA5xvdRKEvExl5ejqWOgPNsJq15wX0UXum1hT3T7w='  'sha256-lesBel43sM1Hnt05BLbYUoe4p9V6UNMbsLu5baxxQXQ='  'self' https://sc.lfeeder.com/ https://bat.bing.com/ https://www.clarity.ms/ https://scripts.clarity.ms https://cdn.snitcher.com/ https://snid.snitcher.com https://vimeo.com/ https://www.vimeo.com/ https://acsbapp.com/ http://tools.euroland.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d3e54v103j8qbb.cloudfront.net/ https://tools.euroland.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.gstatic.com/ https://cc.cdn.civiccomputing.com/ https://player.vimeo.com https://www.googletagmanager.com/ https://www.google.com/; font-src 'self' data: https://acsbapp.com/ https://fonts.gstatic.com/; style-src 'self' 'unsafe-inline' embed.typeform.com https://fonts.googleapis.com/; connect-src 'self' https://cs.lf-discover.com/ https://b.clarity.ms/ https://bat.bing.net/ https://bat.bing.com/ https://radar.snitcher.com https://snid.snitcher.com api.typeform.com *.google-analytics.com *.webflow.com *.acsbapp.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://clapi.civiccomputing.com/ https://pagead2.googlesyndication.com/ https://apikeys.civiccomputing.com/ https://www.google-analytics.com/  https://www.googletagmanager.com/ https://www.google.com/ https://our.umbraco.com/ *.google.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' td.doubleclick.net rive.app form.typeform.com https://cdn.embedly.com/ https://gamma.euroland.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com/ https://tools.eurolandir.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://tr.lfeeder.com/ https://bat.bing.com/ https://c.clarity.ms cat.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://entaingroup.com/ https://www.googletagmanager.com/ https://web1.acsbapp.com/ https://acsbapp.com/ https://uploads-ssl.webflow.com/ https://i.vimeocdn.com/ https://dashboard.umbraco.com/ https://our.umbraco.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.bing.com/ https://www.github.com/ https://github.com/; object-src 'none'; base-uri 'self'; media-src 'self' https://web1.acsbapp.com/; worker-src blob: 'self'; 3
frame-ancestors 'self' https://*.etracker.com https://*.it-nr.de https://*.itk-rheinland.de https://*.duesseldorf.de https://*.rhein-kreis-neuss.de 3
default-src 'self'; script-src *.maps.yandex.net  *.yandex.ru api-maps.yandex.ru 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; frame-src yandex.ru api-maps.yandex.ru 'self'  'unsafe-inline' 'unsafe-eval'; connect-src *.yandex.ru  *.1c-bitrix.ru 'self' 3
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://mc.yandex.ru *.licdn.com https://browser.sentry-cdn.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/js/swiper.min.js https://googleads.g.doubleclick.net/ https://api-maps.yandex.ru/ https://yastatic.net/ https://core-renderer-tiles.maps.yandex.net https://ashotb2b.pbx.mts.am/callback.js?uid=3822cf6b-fe65-4d68-980d-fe4b344ba376 *.googletagmanager.com/gtag/ http://www.viva.am/page-not-found https://api-maps.yandex.ru/2.1/?apikey=855a6e65-595e-4144-a39b-bcac9495ca90&load=Map&lang=en_US&amp https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/css/swiper.min.css https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/css/intlTelInput.css https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.linkedin.com https://mc.yandex.ru https://static.mts.ru/ https://www.google.am https://www.google.com https://api-maps.yandex.ru/ https://core-renderer-tiles.maps.yandex.net/ https://yandex.com/ https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/img/flags.png 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src view.joomag.com viewer.joomag.com https://maps.google.com/ https://www.google.com/ https://www.youtube.com/ https://mc.yandex.ru/ https://td.doubleclick.net/ https://www.googletagmanager.com/ *.yandex.com/ https://yandex.com/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://cdn.linkedin.oribi.io https://mc.yandex.ru https://mc.yandex.md https://px.ads.linkedin.com/wa/ https://analytics.google.com/ *.googletagmanager.com/gtag/ https://suggest-maps.yandex.ru/v1/suggest?apikey=a84162da-2823-4250-961a-655808c97cca&types=biz%2Cgeo&text=%D0%A8%D0%BE%D0%BA%D0%BE%D0%BB%D0%B0%D0%B4%D0%BD%D0%B8%D1%86%D0%B0&lang=en_US&results=5&origin=jsapi2Geocoder&print_address=1&bbox=44.41558624267572%2C40.130943052328576%2C44.58038116455074%2C40.21561459277751&strict_bounds=0 *.google.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://viewer.joomag.com/ https://view.joomag.com/ https://maps.google.com/ https://www.google.com/ 'self' web-chat.nativechat.com 3
form-action 'self' https://*.entorno.es; frame-ancestors 'none'; report-uri https://nicdev9.entorno.es/scp-report.php 3
default-src https://*.experimentation.dev *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.thernovotools.com *.thernovotools-preview.com dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com s096l072-hc-mwf-prd.app.intra bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src blob: data: *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src track.securedvisit.com sv.bosch-homecomfort.com track.sv.rkdms.com images.securedvisit.com *.google-analytics.com *.googletagmanager.com *.kameleoon.eu *.kameleoon.com *.experimentation.dev s096l072-hc-mwf-prd.app.intra bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src content.securedvisit.com bosch-tt.kittelberger.net bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src blob: track.sv.rkdms.com content.securedvisit.com api.securedvisit.com *.google-analytics.com *.googletagmanager.com *.experimentation.dev *.kameleoon.io *.kameleoon.eu *.kameleoon.com bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src api.securedvisit.com dqm.crownpeak.com *.thernovotools.com *.thernovotools-preview.com mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: blob:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' blob: public-eur.mkt.dynamics.com assets-eur.mkt.dynamics.com cxppusa1formui01cdnsa01-endpoint.azureedge.net *.google.de *.googleadservices.com widget.trustpilot.com track.securedvisit.com sv.bosch-homecomfort.com mplus-bosch.alo-tech.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.ecorebates.com googleads.g.doubleclick.net www.google.com *.experimentation.dev *.kameleoon.io *.kameleoon.eu *.kameleoon.com *.buderus.com *.googlesyndication.com fi-v2-configs.global.commerce-connector.com api-eu.global.commerce-connector.com www.facebook.com facebook.com wss://*.hotjar.com *.hotjar.io wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.bosch-thermotechnology.com *.hotjar.com px.ads.linkedin.com  bat.bing.net bat.bing.com 3
default-src  'nonce-hoganlovells' 'unsafe-eval' 'unsafe-inline' 'self' https://js-agent.newrelic.com/nr-spa-1.287.0.min.js  https://cdn.cookielaw.org https://www.googletagmanager.com https://snap.licdn.com https://siteimproveanalytics.com https://cdnjs.cloudflare.com https://www.google-analytics https://px.ads.linkedin.com https://www.google-analytics.com/g/collect https://www.google-analytics.com/j/collect https://cdn.cookielaw.org/scripttemplates/202411.1.0/otBannerSdk.js https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://stats.g.doubleclick.net https://www.google.com https://www.google-analytics.com/privacy-sandbox/register-conversion https://www.googletagmanager.com/gtm.js https://uat.hoganlovells.com/sitecore%20modules/Web/ExperienceForms/scripts/jquery.validate.unobtrusive.min.js https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://gov-bam.nr-data.net https://ixfd2-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000294730/ https://www.gstatic.com/recaptcha/releases/GUGrl5YkSwpBsxsF3eY665Ye/recaptcha__en.js https://api.brightedge.com https://*.bc0a.com https://cdn.b0e8.com; script-src  'nonce-hoganlovells' 'unsafe-eval' 'self'  'sha256-WT4qd3gJtJQDYXyKtHX6iIB5IZwfE6Bxhtd77cL64tA=' 'sha256-vEkJj/R31JLSdY8n9ZKfaxOKk0Fd8mOkUGyXOb7WPOY=' 'sha256-eDsy1jShDpLbZjxP9CkllkzCfhk1u1KWM8wOh2Fahl4=' 'sha256-sid2kaSVJh5qFyQJeIGP5TgTiBPo/E2bdGJuZN/icgA=' 'sha256-e8cSpMBvC7UGovdXxxq7OBk0cGQIsxkm8bBEtP+8saM=' 'sha256-half8Y9QpA7jfOPOG5MUtUX/UjBcpX4KYqx6HyIReK0=' 'sha256-P19G123RRRuqW2nAoSy070lTcbLUM7nfcJzlU8orSsU=' 'sha256-lxqPty6iMKOLFA++olxqXS5AqUItkOSuGiPnS8D8JA0=' 'sha256-9AKG8G4ujpI1AYi0lJ0c3zETP29Uqy2y32UYtfOCqO4=' 'sha256-meaR+uXojrNrr7JHWLNfD5kHCClfjyq+IiGJHjKPd2o=' 'sha256-ReCvORoeGPyzEG+Rzx6oHrMAdEUWkx7jETsA7ch+BAw=' 'sha256-PmhrYYK6Z+IDbOSHwj/aMB6piHNddweJeUhyG/lwsWI=' 'sha256-gWYWh58IInRJM/TfEAyDSqqUqeg1g132la7SSy3EU2c=' 'sha256-nDofDprPn6tbk+PpHK8LYjzGRz/qHLvFS/ZWkbr/Og8=' 'sha256-tnRJWQk5z7/rxXHPce70m03EafMiRJNaQC9y561CFVs=' 'sha256-F7q5PLXtiNgpJWn15f34jWNu6uopV5HjQ+LyHFc47u8=' 'sha256-Emro2CZ7p344Hn2b+dbuqMyTUsD6ffUeqmSLjXB7UCk=' https://www.google-analytics.com/j/collect https://snap.licdn.com https://siteimproveanalytics.com https://px.ads.linkedin.com https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://cdn.cookielaw.org  https://cdn.cookielaw.org/scripttemplates/202411.1.0/otBannerSdk.js https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://js-agent.newrelic.com/nr-spa-1.278.2.min.js https://embedsocial.com https://stats.g.doubleclick.net https://www.google-analytics.com/privacy-sandbox/register-conversion https://www.googletagmanager.com/gtm.js https://www.hoganlovells.com/ https://cdn.bc0a.com/autopilot/f00000000294730/autopilot_sdk.js https://api.brightedge.com https://*.bc0a.com https://cdn.b0e8.com   https://ixfd2-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000294730/ https://www.hoganlovells.com/-/media/ https://www.hoganlovells.com/cdn-cgi/scripts/ https://www.google-analytics.com/analytics.js; base-uri 'self'; style-src 'unsafe-inline' 'self' 'unsafe-hashes' https://fonts.googleapis.com https://embedsocial.com *; media-src 'unsafe-eval' 'self'; img-src  * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self' * data:; frame-src https://hoganlovells.qumucloud.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.podbean.com https://podcasters.spotify.com https://open.spotify.com https://creators.spotify.com https://embedsocial.com https://embed.podcasts.apple.com/ https://alumni.hoganlovells.com/ https://omny.fm/ https://www.paperturn-view.com https://w.soundcloud.com/ https://www.gstatic.com/ https://www.google.com/ https://hogan-lovells-lead.paperturn-view.com https://hogan-lovells.foleon.com https://insights.hoganlovells.com/; 3
frame-ancestors 'self' https://*.mindtickle.com 3
default-src 'self' http: https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' https://partner-dev.magasin.dk https://www.partner.magasin.dk 3
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: https: http://localhost:*; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; upgrade-insecure-requests; frame-src 'self' https://tools.eurolandir.com https://streams.nfgd.nl https://player.vimeo.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; worker-src 'self'; connect-src 'self' https: wss: https://www.google-analytics.com https://analytics.google.com https://vimeo.com; 3
frame-ancestors 'self'; default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-inline' blob: cdn.lvvwd.com *.lvvwd.com *.juicer.io *.digicert.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net *.facebook.com *.cludo.com *.cludo.com.cdn.cloudflare.net apps.usw2.pure.cloud cdn.jwplayer.com api.flickr.com *.onelink-edge.com *.youtube.com talkdeskchatsdk.talkdeskapp.com data:; connect-src 'self' *.lvvwd.com *.juicer.io *.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.doubleclick.net *.cludo.com *.cludo.com.cdn.cloudflare.net cdn.jwplayer.com entitlements.jwplayer.com  cdn3.wowza.com *.onelink-edge.com api.talkdeskapp.com data:; font-src 'self' *.lvvwd.com *.juicer.io *.jwpcdn.com *.gstatic.com data:; img-src 'self' *.lvvwd.com *.snwa.com *.springspreserve.org *.google.com *.juicer.io *.cdninstagram.com prd.jwpltx.com seal.digicert.com maps.gstatic.com *.googleapis.com *.googletagmanager.com cdn.jwplayer.com assets-jpcust.jwpsrv.com live.staticflickr.com *.cludo.com *.facebook.com *.fbcdn.net *.facebook.net  blob: data:; frame-src 'self' *.captionedtext.com *.youtube.com *.doubleclick.net *.google.com *.facebook.com talkdeskchatsdk.talkdeskapp.com data:; media-src 'self' *.lvvwd.com cdn3.wowza.com blob: data:; 3
base-uri 3
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 3
worker-src blob: https://*.georgeson.com https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://content-assets.computershare.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.evidon.com https://img03.en25.com https://js.adsrvr.org https://snap.licdn.com https://view.ceros.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://secure.quantserve.com https://*.pub.sfmc-content.com https://rules.quantcount.com https://*.adsrvr.org https://snap.licdn.com https://widget.trustpilot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.crazyegg.com https://bat.bing.com https://gateway.zscloud.net https://*.usw2.pure.cloud https://*.nr-data.net https://*.newrelic.com https://*.usw2.pure.cloud https://*.cshare.net https://apps.mypurecloud.com 'unsafe-eval' https://*.google.com https://partner.googleadservices.com https://*.google https://pagead2.googlesyndication.com;connect-src https://www.googletagmanager.com https://www.google-analytics.com https://s508159127.t.eloqua.com https://*.evidon.com https://cdn.linkedin.oribi.io https://siteintercept.qualtrics.com https://rules.quantcount.com https://pixel.quantcount.com https://stats.g.doubleclick.net https://*.crazyegg.com https://px.ads.linkedin.com https://content-images.computershare.com https://*.nr-data.net https://shyrka-prod-usw2.s3.us-west-2.amazonaws.com https://*.newrelic.com https://*.usw2.pure.cloud wss://*.usw2.pure.cloud https://www.google.com https://*.mypurecloud.com wss://*.mypurecloud.com https://*.google https://pagead2.googlesyndication.com;img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://content-images.computershare.com data: https://content-images.computershare.com https://*.evidon.com https://px.ads.linkedin.com https://insight.adsrvr.org https://siteintercept.qualtrics.com https://pixel.quantcount.com https://pixel.quantserve.com https://pixel.rubiconproject.com https://*.crazyegg.com https://secure.adnxs.com https://bat.bing.com https://bs.serving-sys.com https://gateway.zscloud.net https://*.usw2.pure.cloud https://*.google.com https://*.gstatic.com https://pagead2.googlesyndication.com https://*.google;frame-src https://bc-unclaimedassets.computershare.co.uk https://view.ceros.com https://player.vimeo.com https://landing.computershare.com https://www.youtube.com https://www.military.com https://sls.co1.qualtrics.com https://*.pub.sfmc-content.com https://*.adsrvr.org https://widget.trustpilot.com https://*.pub.s6.sfmc-content.com https://www.canva.com https://*.crazyegg.com https://www.youtube-nocookie.com https://gateway.zscloud.net https://*.computershare.com https://*.usw2.pure.cloud https://www.googletagmanager.com https://*.doubleclick.net https://syndicatedsearch.goog https://apps.mypurecloud.com;style-src 'self' 'unsafe-inline' https://*.computershare.com https://www.google.com;default-src 'self' https://*.computershare.com;media-src 'self' https://*.computershare.com;font-src 'self' data: https://*.computershare.com; 3
upgrade-insecure-requests; default-src https://*.apptio.com 'self'; script-src 'self' https://*.apptio.com https://cdn-app.pathfactory.com/ https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js https://web.cvent.com https://www.cvent-assets.com https://bat.bing.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://*.cloudfront.net/fullcircle.js https://dev.visualwebsiteoptimizer.com https://*.wistia.com https://*.wistia.net https://www.trustradius.com https://googleads.g.doubleclick.net https://*.clarity.ms https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://tag.demandbase.com https://tracking.intentsify.io https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://www.google.com/pagead/conversion_async.js https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js https://src.litix.io https://*.addthis.com https://*.moatads.com https://*.addthisedge.com https://cdn.shortpixel.ai https://app.vwo.com https://s.pointerpro.com https://snap.licdn.com https://*.ibm.com https://*.s81c.com https://tags.tiqcdn.com https://cdn.segment.com https://consent.trustarc.com https://scripts.demandbase.com https://*.tealiumiq.com https://cdn.metadata.io/site-script.js https://my.g2.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' blob: https://*.apptio.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.shortpixel.ai https://fast.wistia.com https://www.cvent-assets.com https://www.gartner.com https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://app.cdn.lookbookhq.com https://app.vwo.com https://cdn-app.pathfactory.com 'unsafe-inline'; object-src 'self'; base-uri 'self'; connect-src 'self' https://*.apptio.com https://*.mktoresp.com https://935-cth-469.mktoutil.com https://www.facebook.com https://apptio.widen.net https://cf-store.widencdn.net/apptio https://api.company-target.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net https://bat.bing.com https://cdn.linkedin.oribi.io https://cdn.cookielaw.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.wistia.net https://*.litix.io https://geolocation.onetrust.com https://*.cloudfront.net https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io https://www.trustradius.com https://jukebox.pathfactory.com https://embedwistia-a.akamaihd.net https://spcollector.pathfactory.com https://st.fullcircleinsights.com https://*.addthis.com https://www.facebook.com https://segments.company-target.com https://tag-logger.demandbase.com https://px.ads.linkedin.com https://platformapi.metadata.io https://my.g2.com https://www.g2.com https://*.ibm.com https://*.tealiumiq.com https://*.segment.com; font-src 'self' data: https://fonts.gstatic.com https://*.cloudfront.net https://cdn.shortpixel.ai https://*.wistia.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com https://cdn-app.pathfactory.com https://cdn.pathfactory.com https://*.gartner.com https://tag-logger.demandbase.com https://1.www.s81c.com; frame-src 'self' https://*.apptio.com https://js.driftt.com https://web.cvent.com https://vars.hotjar.com https://www.facebook.com https://www.gartner.com https://fast.wistia.net https://fast.wistia.com https://maps.google.com https://www.google.com https://*.addthis.com https://*.doubleclick.net https://app.vwo.com https://s.pointerpro.com https://s.company-target.com https://apptio.jifflenow.com https://reprint.forrester.com https://www.figma.com https://www.g2.com https://www.googletagmanager.com/; img-src 'self' data: blob: https://*.apptio.com https://*.bing.com https://*.clarity.ms https://cdn.shortpixel.ai https://s.w.org https://*.cloudfront.net https://*.wistia.com https://*.visualwebsiteoptimizer.com https://embedwistia-a.akamaihd.net https://*.wistia.net https://id.rlcdn.com https://match.prod.bidr.io https://*.linkedin.com https://www.facebook.com https://connect.facebook.net https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.googletagmanager.com https://segments.company-target.com https://*.adsymptotic.com https://cdn.cookielaw.org https://reviews.static.gartner.com https://cdn.pathfactory.com https://media.trustradius.com https://*.s81c.com https://images.g2crowd.com https://www.g2.com; manifest-src 'self'; media-src 'self' blob: data: https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://js.driftt.com https://episodes.castos.com; worker-src https://*.apptio.com blob: 'self'; frame-ancestors 'self' https://*.apptio.com https://*.tbmcouncil.org https://*.tbmconference.org https://*.ibm.com https://apptio.lookbookhq.com; 3
child-src 'self' *.facebook.com connect.facebook.net www.googletagmanager.com *.vidyard.com *.trustarc.com go.jaggaer.com jaggaer.cuvama.com https://*.qualified.com; connect-src 'self' *.googletagmanager.com *.googlesyndication.com pi.pardot.com go.jaggaer.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.trustarc.com *.linkedin.com *.6sense.com secure.adnxs.com js.zi-scripts.com *.6sc.co *.qualified.com ws.zoominfo.com wss://ws.qualified.com play.vidyard.com *.clarity.ms  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' wss://*.qualified.com play.vidyard.com; font-src 'self'  *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.facebook.com connect.facebook.net; frame-src 'self' www.slideshare.net *.facebook.com *.doubleclick.net *.google.com blob: www.google.com play.vidyard.com go.jaggaer.com jaggaer.cuvama.com *.trustarc.com app.qualified.com play.goconsensus.com *.youtube.com www.youtube-nocookie.com *.linkedin.com player.vimeo.com *.soundcloud.com platform.twitter.com www.googletagmanager.com promo.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' pi.pardot.com; img-src 'self' pi.pardot.com *.googlesyndication.com *.youtube.com match.adsrvr.org go.jaggaer.com wec-assets.terminus.services *.ytimg.com *.bing.com *.doubleclick.net *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.vidyard.com data: ts.w.org s.w.org ps.w.org *.linkedin.com *.trustarc.com consent.truste.com *.6sc.co *.clarity.ms https://*.qualified.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self'  s.w.org app.qualified.com mediastream:; script-src 'self'  'unsafe-inline'  'unsafe-eval' *.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com https://ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com  cdn.jsdelivr.net js.zi-scripts.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' *.usbrowserspeed.com *.googlesyndication.com wec-assets.terminus.services tracking.intentsify.io https://*.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com cdn.jsdelivr.net  js.zi-scripts.com *.clarity.ms *.youtube.com platform.twitter.com blob: data: *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr  'unsafe-inline' ; style-src 'self'  'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com *.googleapis.com *.gstatic.com  cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net; worker-src 'self'  blob: *.qualified.com;  upgrade-insecure-requests; 3
form-action 'self'; frame-ancestors 'self'; 3
script-src 'unsafe-inline' 'unsafe-eval' *.bradescoseguros.com.br *.bradescosaude.com.br *.bradescoautore.com.br *.bradescovp.com.br *.bradescodental.com.br *.bradescocapitalizacao.com.br *.mediservice.com.br *.novamedsaude.com.br *.bradseg.com.br *.googletagmanager.com *.google.com *.googleapis.com *.facebook.net *.licdn.com *.cloudflare.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.goadopt.io *.typeform.com *.hotjar.com *.iesnare.com *.medallia.com *.kampyle.com *.datatables.net *.evgnet.com *.thunderhead.com *.handtalk.me *.js.org *.clarity.ms *.jsdelivr.net *.jquery.com *.sunovitoso.com *.blob *.fullstory.com bradescoseguros.csod.com *.bradescoseguros.csod.com viacep.com.br *.go-mpulse.net; frame-ancestors 'self' *.bradescoseguros.com.br *.bradescosaude.com.br *.bradescoautore.com.br *.bradescovp.com.br *.bradescodental.com.br *.bradescocapitalizacao.com.br *.mediservice.com.br *.novamedsaude.com.br *.bradseg.com.br *.googletagmanager.com *.google.com *.googleapis.com *.facebook.net *.licdn.com *.cloudflare.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.goadopt.io *.typeform.com *.hotjar.com *.iesnare.com *.medallia.com *.kampyle.com *.datatables.net *.evgnet.com *.thunderhead.com *.handtalk.me *.js.org *.clarity.ms *.jsdelivr.net *.jquery.com *.sunovitoso.com *.blob *.fullstory.com bradescoseguros.csod.com *.bradescoseguros.csod.com viacep.com.br *.go-mpulse.net; 3
connect-src 'self' data: *.ampproject.org *.clarity.ms/collect *.facebook.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.linximpulse.net *.loggly.com *.plyr.io *.rdstation.com.br *.retargeter.com.br *.shopback.net *.shopconvert.com.br *.shoptarget.com.br *.voxus.tv api.ipify.org ckies.net https://ampcid.google.com.br https://analytics.tiktok.com/ https://api2.amplitude.com/2/httpapi https://app.securiti.ai https://app.splithero.com/api/sync https://bat.bing.com https://boards-api.greenhouse.io https://cdn-prod.securiti.ai https://cdn.linkedin.oribi.io https://cdn.privacytools.com.br https://dashboard.purplemetrics.com.br https://freegeoip.app https://noembed.com https://notify.bugsnag.com https://px.ads.linkedin.com https://s.yimg.com https://stats.g.doubleclick.net https://suportelinx.my.salesforce-scrt.com https://viacep.com.br https://www.googletagmanager.com wss://*.hotjar.com www.google-analytics.com https://*.tintim.app; font-src 'self' data: *.gstatic.com script.hotjar.com https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ampproject.org *.bizographics.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.novahaus.com.br *.omguk.com *.rawgit.com *.rdstation.com.br *.reclameaqui.com.br *.shopback.net *.shopconvert.com.br *.shoptarget.com.br *.tailtarget.com *.unpkg.com *.voxus.com.br *.w3-edge.com *.youtube.com *.ytimg.com https://analytics.tiktok.com https://app.splithero.com https://bat.bing.com https://cdn-prod.securiti.ai https://cdn.amplitude.com https://cdn.jsdelivr.net/gh/davidmz/apng-canvas@v2.0.0/build/apng-canvas.min.js https://cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@3.3.0/dist/index.js https://cdn.mouseflow.com https://cdn.privacytools.com.br https://dashboard.purplemetrics.com.br https://s.yimg.com https://suportelinx.my.site.com https://unpkg.com https://www.clarity.ms snap.licdn.com targeting.voxus.tv https://*.tintim.app/; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net https://cdn-prod.securiti.ai https://dashboard.purplemetrics.com.br/widget/widget.css https://dashboard.purplemetrics.com.br/widget/styles.css https://cdn.privacytools.com.br/ https://suportelinx.my.site.com; img-src 'self' data: *.linx.com.br *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com https://www.gstatic.com https://bat.bing.com https://sp.analytics.yahoo.com https://*.tailtarget.com https://qr-code.ithemes.com https://*.purplemetrics.com.br/ https://c.clarity.ms/ https://c.bing.com/ https://cdn.privacytools.com.br/; default-src https: 3
default-src https: data: 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.routledge.com mailto: https://privacy.informa.com/ https://transcend-cdn.com/ https://*.transcend.io/ https://app.gotowebinar.com/ https://*.cookielaw.org/ https://*.ads-twitter.com https://*.adsymptotic.com https://*.advancedcustomfields.com https://*.akamaihd.net https://*.altmetric.com https://*.baidu.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.cloudfront.net https://*.cnzz.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.formstack.com https://*.github.io https://*.google-analytics.com https://*.google.be https://*.google.co.uk https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gravatar.com https://*.gravityforms.com https://*.gravityforms.local https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com/ https://*.jquery.com https://*.jsdelivr.net https://*.licdn.com https://*.linkedin.com https://*.oribi.io/ https://*.netdna-ssl.com https://*.newrelic.com https://*.googlesyndication.com/ https://*.pardot.com https://*.tandf.co.uk https://*.tandfonline.com https://*.taylorandfrancis.com https://*.thinglink.com https://*.twimg.com https://*.twitter.com https://*.typekit.net https://*.vimeo.com https://*.w.org https://*.wistia.com https://*.wp.com https://*.wpengine.co.uk https://*.wpengine.com https://*.wpengineapi.com https://*.wpmudev.org https://*.youtube.com https://abc123-wpengine.netdna-ssl.com https://bam.eu01.nr-data.net https://cnzz.mmstat.com https://i.ytimg.com https://placehold.it https://t.co https://tandfapi.co.uk https://web-player.art19.com https://wpengine.com https://wpmudev.com https://yoast.com; font-src https: 'self' data: ; img-src * 'self' data: blob: ; worker-src https: 'self' blob: ; 3
connect-src 'self' https://analytics-framework-service.eks.staging.ethos-int.com https://ipinfo.io/json https://segment-api.ethoslife.com https://api.stage.ethoslife.com https://www.ethoslife.com https://api.ethoslife.com https://browser-intake-datadoghq.com https://io.ethoslife.com https://*.ethoslife.com wss://io.ethoslife.com https://www.getethos.com https://api.getethos.com https://io.getethos.com wss://io.getethos.com https://*.ar1d.net https://*.segment.io https://*.bing.com https://*.fullstory.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://google.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://boards-api.greenhouse.io https://api.stripe.com https://*.launchdarkly.com https://*.adroll.com https://*.pinterest.com https://*.katch.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://d2m2wsoho8qq12.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.ar1d.net https://*.optimizely.com https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://*.ethos.com wss://*.ethos.com https://rum-http-intake.logs.datadoghq.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com/ https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://*.userway.org https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://hello.staticstuff.net https://win.staticstuff.net https://*.transcend.io https://late-glade-2372.tines.com https://hooks.torq.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://gum.criteo.com https://*.athenahq.ai https://ethos-life.sjv.io https://*.ads-twitter.com; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.userway.org blob: https://*.transcend.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stage.ethoslife.com https://acdn.adnxs.com https://*.ethoslife.com https://*.getethos.com https://*.netlify.com https://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://*.segment.com https://*.bing.com https://*.fullstory.com https://fullstory.com https://*.taboola.com https://*.linkedin.com https://*.licdn.com https://js.stripe.com https://*.quora.com https://*.adroll.com https://*.pinimg.com https://aa.agkn.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://*.cloudfront.net https://*.katch.com https://js.driftt.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.optimizely.com https://assets.customer.io http://tagmanager.google.com/debug http://www.googletagmanager.com https://optimizely.s3.amazonaws.com/ https://*.hotjar.com https://www.datadoghq-browser-agent.com/datadog-rum-us.js https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://vt.myvisualiq.net https://px.airpr.com/airpr.js https://cdn.pbbl.co https://*.userway.org https://amplify.outbrain.com https://tr.outbrain.com https://*.segment.com https://*.segment.io https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://hello.staticstuff.net https://win.staticstuff.net https://cdn.riskid.security https://*.transcend.io/ https://www.youtube-nocookie.com/ https://unpkg.com/netlify-cms@%5E2.0.0/dist/netlify-cms.js https://media-library.cloudinary.com https://websitevisitorleads.com https://*.pinterest.com https://*.ethos.com https://dynamic.criteo.com https://*.athenahq.ai https://utt.impactcdn.com/A2901942-2a08-47f6-a038-7076e31122041.js https://*.ads-twitter.com; object-src 'self'; frame-src 'self' https://www.googletagmanager.com https://stage.ethoslife.com https://agents.stage.ethoslife.com https://agents.ethoslife.com https://quote-widget.ethoslife.com https://quote-widget.getethos.com https://*.facebook.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com/ https://js.stripe.com https://d2m2wsoho8qq12.cloudfront.net/ https://hooks.stripe.com https://ethslf.com https://player.vimeo.com https://fast.wistia.net https://www.quotelab.com https://t1.webbconnected.com https://www.emjcd.com https://cj.dotomi.com https://www.mailtrck.com https://www.trcknow.com https://pranwtr.com https://gztkr.mobi https://prformc.com https://www.authoritytrcker.com https://315track.com https://js.driftt.com https://share.intercom.io https://*.optimizely.com https://vars.hotjar.com https://cdn.pbbl.co https://app.storylane.io https://js.storylane.io https://cloudinary.com/ https://console.cloudinary.com/ https://*.userway.org https://www.xol82trk.com https://hackerone.com https://*.transcend.io https://ct.pinterest.com/ https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net; font-src 'self' data: https://*.gstatic.com https://js.intercomcdn.com https://script.hotjar.com https://*.userway.org; img-src 'self' data: http://www.google-analytics.com http://bat.bing.com https://res.cloudinary.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.ca https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.bing.com https://*.yahoo.com https://*.googletagmanager.com https://*.taboola.com https://*.linkedin.com https://create.leadid.com https://data.adxcel-ec2.com https://*.pinterest.com https://*.adroll.com https://*.twitter.com https://*.reddit.com https://*.quora.com https://click.clktraker.com https://pinterest.adsymptotic.com https://*.bluekai.com https://*.rlcdn.com https://*.adnxs.com https://*.nextinsure.com https://*.digitru.st https://*.sharethrough.com https://*.quotelab.com https://*.shmktpl.com https://*.bizographics.com https://*.openx.net https://*.bidswitch.net https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.outbrain.com https://eb2.3lift.com https://fcmatch.youtube.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://track.customer.io/ https://*.segment.io https://*.hotjar.com https://t.myvisualiq.net https://tapestry.tapad.com https://loadus.exelator.com https://dpm.demdex.net https://dpx.airpr.com https://pixel.pointmediatracker.com/ https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://*.userway.org https://tr.outbrain.com https://pixel.videohub.tv https://rp.liadm.com https://analytics.tiktok.com https://data.adxcel-ec2.com https://i.ytimg.com/; media-src 'self' https://js.intercomcdn.com https://*.userway.org https://res.cloudinary.com; default-src 'self'; worker-src 'self' https://www.datadoghq-browser-agent.com/datadog-rum-v4.js; frame-ancestors https://agents.ethoslife.com; 3
frame-ancestors 'self' http://*.essilorluxottica.com https://*.essilorluxottica.com; 3
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.clarity.ms https://plausible.io https://analytics.ahrefs.com https://js-eu1.hs-scripts.com https://securepubads.g.doubleclick.net https://js.stripe.com https://fonts.bunny.net https://challenges.cloudflare.com https://*.magicpages.co https://*.mymagic.page;  style-src 'self' 'unsafe-inline' https://fonts.bunny.net https://*.magicpages.co https://*.mymagic.page;  img-src 'self' data: https: blob:;  connect-src 'self' https://www.google-analytics.com https://www.clarity.ms https://plausible.io https://analytics.ahrefs.com https://*.hsforms.com https://*.hubspot.com https://zentrale.link https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.stripe.com https://api.tinybird.co https://api.eu.tinybird.co https://*.magicpages.co https://*.mymagic.page;  font-src 'self' data: https://fonts.bunny.net;  frame-src 'self' https://*.youtube.com https://*.vimeo.com https://js.stripe.com https://challenges.cloudflare.com https://*.magicpages.co https://*.mymagic.page;  object-src 'none';  base-uri 'self';  form-action 'self';  upgrade-insecure-requests; 3
default-src 'self' 'unsafe-inline'; child-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.telia.fi *.google.com *.google.fi addsearch.com *.addsearch.com *.searchcdn.com *.lekane.net *.survicate.com *.twitter.com *.ads-twitter.com *.facebook.net *.facebook.com code.jquery.com b2b-eshop-preprod.online-channels.com *.online-channels.com cdn.jsdelivr.net *.licdn.com unpkg.com *.igodigital.com *.linkedin.com *.cloudfront.net https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com *.browser-intake-datadoghq.eu *.blueconic.net *.kampyle.com *.medallia.eu *.decibelinsight.net *.decibel.com blob: cdn.cookielaw.org videobot.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com cdn.signalfx.com *.googleapis.com *.gstatic.com https://www.datadoghq-browser-agent.com/ https://coverage.ddc.teliasonera.net *.youtube.com *.youtube-nocookie.com *.bc0a.com *.addsearch.com *.customersaas.com https://cdn.stape.io *.spotify.com *.cloudflarestream.com; style-src 'self' 'unsafe-inline' *.telia.fi *.google.com *.google.fi addsearch.com *.addsearch.com *.searchcdn.com *.cloudfront.net hello.myfonts.net b2b-eshop-preprod.online-channels.com *.online-channels.com cdn.jsdelivr.net *.lekane.net *.igodigital.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.blueconic.net *.kampyle.com *.medallia.eu *.googletagmanager.com *.gstatic.com *.customersaas.com *.spotify.com *.cloudflarestream.com; img-src 'self' data: *.telia.fi *.facebook.com *.facebook.net *.amazonaws.com *.cloudfront.net beacon.krxd.net *.linkedin.com *.searchcdn.com addsearch.com *.addsearch.com *.igodigital.com t.co *.atdmt.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.fi https://*.google.de https://*.google.ee https://*.google.es https://*.google.fr https://*.google.se https://*.google.lu https://*.google.hu https://*.google.iq https://*.google.ru https://google.com https://*.googlesyndication.com https://www.google.co.uk https://www.google.co.in https://www.google.com.tr https://ad.doubleclick.net *.blueconic.net *.kampyle.com *.medallia.eu geolocation.onetrust.com cdn.cookielaw.org *.cloudflarestream.com https://optimizely.teliacompany.com https://www.sttinfo.fi https://maps.googleapis.com https://maps.gstatic.com *.googletagmanager.com *.gstatic.com *.customersaas.com *.spotify.com *.cloudflarestream.com; font-src 'self' data: https://fonts.gstatic.com *.kampyle.com *.medallia.eu *.googletagmanager.com *.gstatic.com *.customersaas. *.spotify.com *.cloudflarestream.com; object-src 'none'; media-src 'self' data: blob: *.telia.fi *.cloudflarestream.com; connect-src 'self' wss://*.telia.fi hello.myfonts.net *.doubleclick.net *.lekane.net wss://*.lekane.net *.searchcdn.com *.facebook.com *.igodigital.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fi https://google.com https://*.googlesyndication.com https://www.googleadservices.com *.browser-intake-datadoghq.eu *.blueconic.net https://px.ads.linkedin.com *.kampyle.com *.medallia.eu *.decibelinsight.net wss://*.decibelinsight.net *.decibel.com geolocation.onetrust.com privacyportal-de.onetrust.com cdn.cookielaw.org *.videobot.com *.cloudflarestream.com https://optimizely.teliacompany.com rum-ingest.eu0.signalfx.com https://*.telia.fi https://maps.googleapis.com https://maps.gstatic.com *.bc0a.com *.addsearch.com *.customersaas.com *.spotify.com *.cloudflarestream.com; frame-src 'self' platform.twitter.com *.doubleclick.net *.google.com *.google.fi *.facebook.com *.searchcdn.com *.survicate.com *.cloudfront.net https://www.googletagmanager.com https://cat.telia.fi *.blueconic.net *.kampyle.com *.medallia.eu videobot.com https://optimizely.teliacompany.com *.youtube-nocookie.com *.youtube.com https://coverage.ddc.teliasonera.net https://teliacompany.speedtestcustom.com *.spotify.com *.cloudflarestream.com; worker-src 'self' blob: *.lekane.net *.telia.fi 3
default-src gap://ready file://* * data:; style-src 'self' http://* https://* 'unsafe-inline'; script-src 'self' http://* https://* 'unsafe-inline' 'unsafe-eval' blob: 3
upgrade-insecure-requests; base-uri 'self'; object-src 'self'; frame-ancestors 'self'; form-action 'self'; 3
default-src 'self'; img-src 'self' data: blob: 'unsafe-inline'; object-src 'none'; script-src products-matomo.jar.media 'self' 'unsafe-inline'; connect-src 'self' *.jar.media *.invokable.gmbh; style-src 'self' 'unsafe-inline'; frame-src 'self'; frame-ancestors 'self'; 3
worker-src blob:;default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://go.to.peoplefluent.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com https://www.clickcease.com https://td.doubleclick.net https://*.propensity.com https://*.js.ubembed.com  https://*.ubembed.com https://*.g2.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.g2.com https://*.ubembed.com https://js.storylane.io https://peoplefluent.storylane.io;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://go.to.peoplefluent.com https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://www.clickcease.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://www.youtube.com https://*.brilliantlocco.com https://*.propensity.com https://*.js.ubembed.com  https://*.ubembed.com https://*.ubembed.com https://*.g2.com https://jscloud.net https://js.storylane.io https://peoplefluent.storylane.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://microapps.pf-labs.net https://cdn.inspectlet.com https://go.to.peoplefluent.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.brilliantlocco.com https://*.propensity.com https://*.js.ubembed.com  https://*.ubembed.com https://*.g2.com https://*.ubembed.com https://js.storylane.io https://peoplefluent.storylane.io;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net https://fonts.gstatic.com https://js.storylane.io https://peoplefluent.storylane.io;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://*.propensity.com https://*.js.ubembed.com  https://*.ubembed.com https://*.g2.com https://js.storylane.io https://peoplefluent.storylane.io;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://s.clarity.ms https://c.bing.com https://*.clarity.ms https://*.brilliantchap.com https://i.ytimg.com https://googleads.g.doubleclick.net https://*.brilliantlocco.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://www.googleadservices.com https://bat.bing.net https://js.storylane.io https://peoplefluent.storylane.io https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.ubembed.com https://*.g2.com https://*.propensity.com https://*.js.ubembed.com  https://*.ubembed.com https://*.g2.com https://js.storylane.io https://peoplefluent.storylane.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://go.to.peoplefluent.com https://stats.g.doubleclick.net https://monitor.clickcease.com https://region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://adservice.google.com https://*.google.com https://cdn.linkedin.oribi.io https://s.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.api.sanity.io https://px.ads.linkedin.com https://*.brilliantlocco.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.propensity.com https://*.js.ubembed.com  https://*.ubembed.com https://*.g2.com https://*.ubembed.com https://www.googleadservices.com https://bat.bing.net https://jscloud.net https://js.storylane.io https://peoplefluent.storylane.io 3
object-src 'none'; report-uri /report-csp-violation 3
default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https: mailto: blob:; object-src 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; frame-ancestors 'self' *.netscout.com thescout.sharepoint.com netscout.pathfactory.com; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 3
frame-ancestors 'self' https://*.cit.com https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com onlineapps-conv.readiness.ibanking-services.com onlineapps.ibanking-services.com ibanking-services.com https://*.fisglobal.com https://*.citbank.com https://citcom-dev.ase1-dev.citnet.cit.com https://*.firstcitizens.com 3
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline' 3
frame-ancestors 'self' http://localhost:8000 http://*.localhost:8000 https://*.dev.000.ue-ict.net/ https://dev.000.ue-ict.net/ https://*.pre.000.ue-ict.net/ https://pre.000.ue-ict.net/ https://*.universidadeuropea.com/; 3
frame-ancestors 'self' manyavar--dev.sandbox.lightning.force.com manyavar--uat.sandbox.lightning.force.com manyavar.lightning.force.com 3
default-src 'self' http://*.jwpcdn.com; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://*.jwpcdn.com http://*.googleapis.com http://*.googletagservices.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *; script-src-elem 'self' 'unsafe-inline' *; media-src 'self' blob: data: *; img-src 'self' blob: data: *; font-src 'self' http://*.gstatic.com http://*.civicscience.com; frame-src 'self' *; object-src 'self' *; base-uri 'self'; form-action 'self'; frame-ancestors 'self' http://localhost:* https://*.dev-univision.com https://*.univision.com https://*.tudn.com https://*.mulher.com.br https://*.delicioso.com.br https://*.zappeando.com.br https://*.tasaudavel.com.br https://*.lasestrellas.tv https://*.canal5.com https://*.elnu9ve.com https://*.distritocomedia.com https://*.televisa.com https://*.unicable.tv https://*.telehit.com https://*.losbingers.com https://*.bandamax.tv https://*.lacasadelosfamososmexico.tv http://*.uvn.io http://*.psdops.com https://static.univision.com https://viz.flowics.com https://*.flowics.com https://asset-cdn.flowics.com https://*.lightboxcdn.com https://www.lightboxcdn.com https://d1d3r9ycsgcvfq.cloudfront.net https://dlteo4612k88e.cloudfront.net https://d3txwxt3zc43fw.cloudfront.net https://*.vix.com https://*.vix.tv https://*.todoelmundialporvix.com https://todoelmundialporvix.com; block-all-mixed-content; 3
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.contra.com https://contra.com https://*.ads.linkedin.com https://snap.licdn.com https://connect.facebook.net https://www.facebook.com https://www.tiktok.com/embed.js https://*.tiktokcdn-us.com https://*.ttwstatic.com https://www.instagram.com/embed.js https://www.youtube.com https://gist.github.com https://platform.twitter.com https://challenges.cloudflare.com https://accounts.google.com https://apis.google.com https://googletagmanager.com https://www.googletagmanager.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.posthog.com https://app.intercom.io https://js.intercomcdn.com https://widget.intercom.io https://*.stripe.com https://*.airwallex.com https://static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js https://js.hscta.net https://*.hubspot.com https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com; style-src 'self' 'unsafe-inline' https://builds.contra.com https://github.githubassets.com https://*.ttwstatic.com; img-src 'self' data: blob: https://*.contra.com https://*.ads.linkedin.com https://*.linkedin.com https://www.facebook.com https://storage.googleapis.com https://cdn.loom.com https://*.googleusercontent.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.intercom-attachments.eu https://*.intercom.io https://*.intercomassets.com https://*.intercomassets.eu https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://*.stripe.com https://*.stream-io-cdn.com https://no-cache.hubspot.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com https://api.producthunt.com; font-src 'self' data: https://builds.contra.com https://fonts.gstatic.com https://*.intercomcdn.com; connect-src 'self' https://*.contra.com https://contra.api-fast.cloudinary.com https://api.cloudinary.com https://*.ads.linkedin.com https://connect.facebook.net https://www.facebook.com blob: https://www.loom.com https://prod.spline.design https://storage.googleapis.com https://*.ingest.sentry.io http://localhost:8969/stream https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://*.posthog.com https://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com wss://*.intercom.io https://*.stripe.com https://chat.stream-io-api.com wss://chat.stream-io-api.com https://*.airwallex.com https://*.hubspot.com https://*.hubapi.com; frame-src 'self' https://embed-v2.testimonial.to/ https://www.facebook.com/ https://instagram.com https://m.youtube.com https://platform.twitter.com https://player.vimeo.com https://rive.app https://www.instagram.com https://www.tiktok.com https://www.youtube.com https://www.loom.com https://www.behance.net https://www.canva.com https://codepen.io https://codesandbox.io https://share.descript.com https://www.figma.com https://embed.figma.com https://gist.github.com https://www.linkedin.com https://assets.pinterest.com https://replit.com https://w.soundcloud.com https://my.spline.design https://prod.spline.design https://open.spotify.com https://stackblitz.com https://docs.google.com https://*.framer.app https://*.framer.website https://*.learnframer.site https://inquiry.withpersona.com https://storage.googleapis.com https://challenges.cloudflare.com https://content.googleapis.com https://accounts.google.com https://content-people.googleapis.com https://www.googletagmanager.com https://*.doubleclick.net https://intercom-sheets.com https://*.stripe.com https://*.airwallex.com https://*.hubspot.com https://*.hs-sites.com https://*.hsforms.net https://*.hsforms.com https://*.figma.site https://*.bolt.host https://*.dreamflow.app https://*.netlify.app https://*.lovable.app https://*.figma.site https://*.replit.app https://*.vercel.app; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; media-src 'self' data: blob: https://media.contra.com https://builds.contra.com https://*.intercomcdn.com https://*.intercomcdn.eu https://*.stream-io-cdn.com; report-uri https://o382696.ingest.us.sentry.io/api/5302437/security/?sentry_key=3545da037ee749aa92a658508243b17d; 3
frame-ancestors 'self';default-src 'self';frame-src 'self' *.youtube.com https://youtu.be https://www.youtube-nocookie.com *.biomerieux.com *.soundcloud.com *.demdex.net *.adobe.com elearning.easygenerator.com bmx-emlearning.com player.vimeo.com *.google.com https://www.gstatic.com *.doubleclick.net https://www.googletagmanager.com *.figma.com;script-src *.adobe.com https://*.adobedtm.com *.google.com https://www.gstatic.com https://cdn.cookielaw.org *.onetrust.com https://dpm.demdex.net *.youtube.com *.gigya.com *.scene7.com *.biomerieux.com https://www.googletagmanager.com https://munchkin.marketo.net https://connect.facebook.net https://bat.bing.com https://bat.bing.net https://snap.licdn.com https://www.storygize.net https://bh.contextweb.com *.d41.co *.doubleclick.net *.figma.com 'self' 'unsafe-eval' 'unsafe-inline' blob:;img-src 'self' https: data:;style-src *.scene7.com *.biomerieux.com 'self' 'unsafe-inline';connect-src 'self' https:;font-src 'self' https://fonts.gstatic.com *.figma.com data:;media-src 'self' https: blob:; 3
frame-ancestors 'self' https://mobile.southwest.com https://mobile-offline.southwest.com https://www.southwest.com https://www.swabiz.com; 3
default-src 'none'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; connect-src 'self' https:; media-src *.kaltura.com blob: data:; worker-src blob: 3
default-src 'self' https://geodis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com unpkg.com *.cloudflare.com cdn.jsdelivr.net *.smart-tribune.com polyfill.io cdn.cookielaw.org tag.aticdn.net *.googleapis.com *.adroll.com snap.licdn.com *.optimonk.com connect.facebook.net *.newrelic.com *.pardot.com bat.bing.com hcaptcha.com crm.geodis.com *.iti-maps.fr lex.33across.com static.hotjar.com script.hotjar.com www.gstatic.com matomojs.trackify.info *.extranet.geodis.org polyfill-fastly.io googleads.g.doubleclick.net www.googleadservices.com analytics.geodis.com analytics.intranet.geodis.org; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdnjs.cloudflare.com *.smart-tribune.com https://cdn.jsdelivr.net uloga.github.io www.gstatic.com analytics.intranet.geodis.org; img-src * 'self' 'unsafe-inline' https://geodis.com data: www.googletagmanager.com https://geodis.widen.net https://server.arcgisonline.com *.widencdn.net *.xiti.com https://cdn.cookielaw.org https://www.google.com *.smart-tribune.com https://maps.gstatic.com *.ads.linkedin.com www.google.fr *.adroll.com pixel.rubiconproject.com sync.outbrain.com dsum-sec.casalemedia.com image2.pubmatic.com sync.taboola.com eb2.3lift.com www.facebook.com www.google.pl bat.bing.com www.google-analytics.com px.ads.linkedin.com www.google.be; media-src 'self' https://geodis.com https://geodis.widen.net *.widencdn.net; frame-src 'self' https://www.youtube.com geodis.widen.net cf-store.widencdn.net cf-store.widencdn.net newassets.hcaptcha.com *.doubleclick.net x.adroll.com *.googletagmanager.com; frame-ancestors 'self' https://sites-ms.lumapps.com https://dwp.geodis.com https://wishes.geodis.com; font-src 'self' data: *.smart-tribune.com fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net github.com unpkg.com; connect-src 'self' geodis.com *.google.com adservice.google.com *.smart-tribune.com cdn.cookielaw.org www.google-analytics.com *.doubleclick.net *.onetrust.com maps.googleapis.com *.optimonk.com *.analytics.google.com bam.nr-data.net cdn.linkedin.oribi.io *.hcaptcha.com bat.bing.com bat.bing.net px.ads.linkedin.com www.google.fr analytics.google.com www.google.pl *.google.com www.google.ca region1.analytics.google.com *.analytics.google.com www.google.com.mx www.google.co.uk www.google.sk stats.g.doubleclick.net www.google.ae vc.hotjar.io metrics.hotjar.io *.hotjar.io wss://ws.hotjar.com www.google.de www.google.co.nz www.google.bg www.google.es *.extranet.geodis.org google.com unpkg.com region1.google-analytics.com analytics.geodis.com *.googlesyndication.com; upgrade-insecure-requests 3
default-src * 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com js-agent.newrelic.com pi.pardot.com *.gstatic.com connect.facebook.net *.googletagmanager.com bam.nr-data.net *.google-analytics.com *.clarity.ms bat.bing.com *.spscommerce.com j.6sc.co/6si.min.js googleads.g.doubleclick.net *.intercom.io js.intercomcdn.com *.youtube.com static.ads-twitter.com snap.licdn.com ws.zoominfo.com tag.demandbase.com *.calendly.com *.g2.com *.stackadapt.com *.googleadservices.com *.gaconnector.com acsbapp.com *.6sc.co *.6sense.com *.tfaforms.net *.company-target.com https://google.com *.typeform.com *.intellimize.co tags.srv.stackadapt.com google.com www.google.com https://tags.srv.stackadapt.com https://js.zi-scripts.com blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com bat.bing.com *.stackadapt.com spscommerce.tfaforms.net stackpath.bootstrapcdn.com *.typeform.com *.intellimize.co fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: ps.w.org *.google.com bat.bing.com b.6sc.co *.facebook.com analytics.twitter.com *.spscommerce.com *.linkedin.com match.prod.bidr.io id.rlcdn.com *.company-target.com t.co *.g2.com *.stackadapt.com *.doubleclick.net *.clarity.ms js.intercomcdn.com *.intercomassets.com *.bing.com blubrry.co google.com www.google.ca www.google.com.ph www.googleadservices.com www.google.com.mx bat.bing.net www.google.com blubrry.com www.google.co.nz www.google.com.tr www.google.com.au www.google.hn cdn.honey.io connect.facebook.net www.google.co.uk www.google.com.pr www.google.fi www.google.be www.google.de www.google.sc www.google.com.pk www.google.nl www.google.ru www.google.co.kr www.google.cm www.google.com.sg s.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com www.googletagmanager.com; connect-src 'self' bat.bing.com bam.nr-data.net stats.g.doubleclick.net google-analytics.com ipv6.6sc.co secure.adnxs.com wss://nexus-websocket-a.intercom.io *.clarity.ms api.company-target.com *.facebook.com cdn.linkedin.oribi.io c.6sc.co adservice.google.com ws.zoominfo.com *.intercom.io *.stackadapt.com *.demandbase.com *.gaconnector.com *.linkedin.com *.acsbapp.com acsbapp.com *.tfaforms.net *.company-target.com *.google.com *.typeform.com *.intellimize.co google.com yoast.com www.google.com bat.bing.net www.googleadservices.com www.google.ca region1.google-analytics.com www.google.com.ph www.google.com.pk www.g2.com https://js.zi-scripts.com *.6sense.com https://sourcemap.devowl.io www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com fonts.intercomcdn.com at.alicdn.com stackpath.bootstrapcdn.com data: fonts.googleapis.com; object-src * *.stackadapt.com *.tfaforms.net; media-src * js.intercomcdn.com *.clarity.ms; frame-src 'self' maps.googleapis.com *.youtube.com *.google.com *.facebook.com go.spscommerce.com *.calendly.com *.company-target.com *.demandbase.com calendly.com *.getreprise.com go.pardot.com *.iheart.com *.doubleclick.net youtube.com spscommerce.my.site.com player.captivate.fm *.tfaforms.net intercom-sheets.com universal.accessibe.com www.podbean.com *.typeform.com *.intellimize.co 117822509.intellimizeio.com pwm-image.trendmicro.com bat.bing.com demo.spscommerce.com maps.google.com www.googletagmanager.com; child-src 'self' intercom-sheets.com *.intercom-reporting.com *.youtube.com fast.wistia.net player.vimeo.com www.googletagmanager.com; frame-ancestors * spscommerce.my.site.com https://intercom-sheets.com/; upgrade-insecure-requests; block-all-mixed-content; report-uri https://www.spscommerce.com?gdsih-csp-report; 3
frame-ancestors 'self' https://*.salt.ch; 3
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: https: blob: filesystem: file:; frame-ancestors 'self' 3
default-src 'self' 'unsafe-inline' fellow.app; frame-ancestors 'self' https://fellow.app https://*.fellow.app https://staging.fellow.co https://*.staging.fellow.co; connect-src 'self' api.hubapi.com api.hubspot.com api.segment.io cdn.segment.com fellow.app forms.hsforms.com forms.hubspot.com heapanalytics.com https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com monitor.clickcease.com stats.g.doubleclick.net www.facebook.com google-analytics.com *.google-analytics.com analytics.google.com *.analytics.google.com *.googleadservices.com bat.bing.com yoast.com my.wpengine.com cdn.linkedin.oribi.io px.ads.linkedin.com forms.hscollectedforms.net *.chilipiper.com *.clarity.ms c.bing.com app.clearbit.com share.cello.so growthbook-proxy.fellow.app pocustrack.com *.pocustrack.com framerusercontent.com *.framerusercontent.com *.framerstatic.com *.framer.com *.framercdn.com *.framer.app *.framercanvas.com *.hsforms.net *.hsforms.com *.hubspot.com app.revenuehero.io api.rudderstack.com *.dataplane.rudderstack.com cdn.rudderlabs.com cdn.jsdelivr.net pixel-config.reddit.com ads.reddit.com www.redditstatic.com conversions-config.reddit.com www.google.com google.com data.debugbear.com *.beehiiv.net *.intercom.io *.intercomcdn.com *.intercomusercontent.com pro.ip-api.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://nexus-europe-websocket.intercom.io wss://nexus-australia-websocket.intercom.io wss://*.intercom-messenger.com app.ablecdp.com ga.jspm.io; img-src 'self' blob: data: https: monitor.clickcease.com script.hotjar.com static.hotjar.com js.chilipiper.com google-analytics.com *.google-analytics.com analytics.google.com *.analytics.google.com *.framerusercontent.com *.framerstatic.com *.framer.com *.framercdn.com *.framer.app *.framercanvas.com; media-src 'self' *.cloudfront.net *.vidyard.com fellow.app framerusercontent.com *.framerusercontent.com *.framerstatic.com *.framer.com *.framercdn.com *.framer.app *.framercanvas.com; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.adroll.com *.hs-banner.com *.hs-scripts.com *.hsappstatic.net *.twimg.com *.twitter.com *.youtube.com *.cloudflare.com ddwl4m2hdecbv.cloudfront.net bat.bing.com cdn.heapanalytics.com cdn.segment.com connect.facebook.net ct.capterra.com d.adroll.mgr.consensu.org fellow.app forms.hubspot.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net js.hsleadflows.net monitor.clickcease.com optimize.google.com script.hotjar.com static.hotjar.com snap.licdn.com static.cloudflareinsights.com static.hotjar.com www.clickcease.com google-analytics.com *.google-analytics.com www.google.com googleadservices.com *.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com www.gstatic.com *.googleoptimize.com youtube.com js.usemessages.com *.vidyard.com www.gstatic.com js.chilipiper.com use.fontawesome.com yoast.com fellowapp.bamboohr.com *.clarity.ms c.bing.com tag.clearbitscripts.com *.clearbitjs.com assets.cello.so embed.typeform.com bat.bing.com *.pocustrack.com pocustrack.com framerusercontent.com framer.com *.framerusercontent.com *.framerstatic.com *.framer.com *.framercdn.com *.framer.app *.framercanvas.com *.hsforms.net app.revenuehero.io cdn.rudderlabs.com cdn.jsdelivr.net www.redditstatic.com embeds.beehiiv.com cdn.debugbear.com beehiiv-adnetwork-production.s3.amazonaws.com https://s3-us-west-2.amazonaws.com/b2bjsstore/ *.intercom.io js.intercomcdn.com app.ablecdp.com cdn.cookie-script.com ga.jspm.io; frame-src 'self' blob: fellow.app app.hubspot.com forms.hubspot.com vars.hotjar.com www.facebook.com player.vimeo.com vimeo.com www.youtube.com youtube.com optimize.google.com anchor.fm *.twitter.com open.spotify.com embed-standalone.spotify.com *.vidyard.com www.google.com recaptcha.google.com *.chilipiper.com clarity.microsoft.com bid.g.doubleclick.net td.doubleclick.net form.typeform.com forms.hsforms.com *.schedulehero.io embeds.beehiiv.com www.googletagmanager.com framer.com *.framerusercontent.com *.framerstatic.com *.framer.com *.framercdn.com *.framer.app *.framercanvas.com intercom-sheets.com *.hubspot.com; font-src 'self' data: fellow.app fonts.gstatic.com script.hotjar.com *.typekit.net framerusercontent.com *.framerusercontent.com *.framerstatic.com *.framer.com *.framercdn.com *.framer.app *.framercanvas.com fonts.intercomcdn.com; style-src 'self' 'unsafe-inline' *.twitter.com fellow.app fonts.googleapis.com optimize.google.com static.hotjar.com script.hotjar.com embed.typeform.com *.typekit.net *.framerusercontent.com *.framerstatic.com *.framer.com *.framercdn.com *.framer.app *.framercanvas.com 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.6sc.co https://*.6sense.com https://*.adroll.com https://marvel-b2-cdn.bc0a.com https://bat.bing.com https://assets.calendly.com https://www.comparably.com https://connect.facebook.net https://cdn.cookielaw.org https://*.demandbase.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com https://plausible.io https://security.imprivata.com https://tracking.intentsify.io https://jobs.jobvite.com https://snap.licdn.com https://*.linkedin.com https://src.litix.io https://app-sj13.marketo.com https://munchkin.marketo.net https://scout-cdn.salesloft.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.wistia.net https://js.zi-scripts.com https://pagead2.googlesyndication.com https://ws-assets.zoominfo.com https://www.googleadservices.com https://www.googletagmanager.com https://www.onelink-edge.com https://www.redditstatic.com https://a.usbrowserspeed.com; style-src 'self' 'unsafe-inline' blob: https://assets.calendly.com https://fonts.googleapis.com https://security.imprivata.com https://app-sj13.marketo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fast.wistia.com; img-src 'self' data: https://*.6sc.co https://*.6sense.com https://*.adroll.com https://bat.bing.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://google.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://security.imprivata.com https://px.ads.linkedin.com https://app-sj13.marketo.com https://id.rlcdn.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.wistia.net https://i.ytimg.com https://segments.company-target.com  https://alb.reddit.com https://www.redditstatic.com https://www.facebook.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://*.youtube.com; frame-src 'self' https://x.adroll.com https://*.podcasts.apple.com https://demo.arcade.software https://calendly.com https://s.company-target.com https://www.comparably.com https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net https://security.imprivata.com https://jobs.jobvite.com https://app-sj13.marketo.com https://*.spotify.com https://player.vimeo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fast.wistia.com https://fast.wistia.net https://*.youtube.com https://scheduler.zoom.us/; frame-ancestors 'self'; child-src 'self' blob: https://*.youtube.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.net https://embed-ssl.wistia.com; connect-src 'self' https://*.6sc.co https://*.6sense.com https://bat.bing.com https://api.company-target.com https://cdn.cookielaw.org https://tag-logger.demandbase.com https://stats.g.doubleclick.net https://*.google-analytics.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://*.googletagmanager.com https://analytics.google.com https://google.com https://www.google.com https://www.onelink-edge.com https://plausible.io https://px.ads.linkedin.com https://*.litix.io https://geolocation.onetrust.com https://privacyportal.onetrust.com https://scout.salesloft.com https://sentry.io/api/* https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://fast.wistia.net https://ws.zoominfo.com https://js.zi-scripts.com https://pixel-config.reddit.com https://ads.reddit.com https://www.redditstatic.com https://www.facebook.com/privacy_sandbox https://o133414.ingest.us.sentry.io/api/4507454004789248/envelope/; report-uri https://o133414.ingest.us.sentry.io/api/4507454004789248/security/?sentry_key=227a1f1da0ce8dfdc74b1333e0e62a83&sentry_environment=prod; upgrade-insecure-requests 3
default-src 'self'; script-src 'self'   https://metrics.hotjar.io https://googleads.g.doubleclick.net https://subscriptions.smartrecruiters.com https://static.smartrecruiters.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.smartrecruiters.com  https://static.smartrecruiters.com; script-src-elem 'self' 'unsafe-inline' https://782-qcg-656.mktoweb.com https://googleads.g.doubleclick.net https://subscriptions.smartrecruiters.com https://static.smartrecruiters.com https://snap.licdn.com https://cdn-ukwest.onetrust.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://va.vercel-scripts.com https://vercel.live https://d35vb5cccm4xzp.cloudfront.net https://js.hsforms.net/forms/v2.js https://js-eu1.hsforms.net https://js.hsforms.net https://static.hsappstatic.net https://145747460.fs1.hubspotusercontent-eu1.net https://*.wistia.com https://*.wistia.net http://fast.wistia.com http://fast.wistia.net https://browser.sentry-cdn.com http://js-eu1.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://js-eu1.hs-scripts.com https://js.driftt.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hsadspixel.net https://js-eu1.hubspot.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://va.vercel-scripts.com https://vercel.live https://d35vb5cccm4xzp.cloudfront.net https://js.hsforms.net/forms/v2.js https://js-eu1.hsforms.net https://js.hsforms.net https://static.hsappstatic.net https://145747460.fs1.hubspotusercontent-eu1.net https://*.wistia.com https://*.wistia.net http://fast.wistia.com http://fast.wistia.net https://browser.sentry-cdn.com http://js-eu1.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://js-eu1.hs-scripts.com https://js.driftt.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hsadspixel.net https://js-eu1.hubspot.com https://snap.licdn.com https://cdn.bc0a.com https://www.smartrecruiters.com https://static.smartrecruiters.com https://www.google-analytics.com https://bat.bing.com https://static.hotjar.com https://connect.facebook.net https://s.comparesoft.com https://tag.demandbase.com https://static.oktopost.com https://ws.zoominfo.com https://tracking.g2crowd.com https://js-eu1.hscollectedforms.net https://script.hotjar.com https://social.ifs.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://edge.sitecorecloud.io https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://static.smartrecruiters.com https://fonts.googleapis.com; img-src 'self' data: https: https://edge.sitecorecloud.io https://www.googletagmanager.com; font-src 'self' data: https://fast.wistia.net https://fonts.gstatic.com https://vercel.live/geist.woff2 https://vercel.live/geist_mono.woff2 https://fonts.googleapis.com; connect-src 'self' https://xmc-ifsworldope2235-ifsxmcfa6a-prod5c9c.sitecorecloud.io/ https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://metrics.hotjar.io https://www.google.com https://www.google.co.uk https://www.google.co.in https://www.googleadservices.com https://googleads.g.doubleclick.net https://subscriptions.smartrecruiters.com https://region1.analytics.google.com https://snap.licdn.com https://privacyportal-uk.onetrust.com https://geolocation.onetrust.com https://region1.google-analytics.com https://cdn-ukwest.onetrust.com https://www.google-analytics.com https://discover.sitecorecloud.io https://edge-platform.sitecorecloud.io https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://*.wistia.com https://*.wistia.net https://browser.sentry-cdn.com http://fast.wistia.com http://fast.wistia.net http://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://www.googletagmanager.com https://api-eu1.hubapi.com https://static.hsappstatic.net https://cta-eu1.hubspot.com https://api.company-target.com https://px.ads.linkedin.com https://analytics.google.com	https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://ixfd2-api.bc0a.com https://cdn.bc0a.com https://api.exchangeratesapi.io https://valuestudio-roi.ifs.ai https://www.smartrecruiters.com https://static.smartrecruiters.com https://ifs-p-001.sitecorecontenthub.cloud https://tracking-api.g2.com https://tag-logger.demandbase.com https://www.facebook.com https://t.comparesoft.com https://forms-eu1.hscollectedforms.net https://vc.hotjar.io https://bat.bing.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; frame-src 'self' https://xmc-ifsworldope2235-ifsxmcfa6a-prod5c9c.sitecorecloud.io https://careers.smartrecruiters.com https://play.goconsensus.com https://subscriptions.smartrecruiters.com https://cdn-ukwest.onetrust.com https://api.exchangeratesapi.io https://valuestudio-roi.ifs.ai https://www.smartrecruiters.com https://static.smartrecruiters.com https://static.smartrecruiters.com https://valuestudio-roi.ifs.ai https://www.youtube.com https://www.google.com https://vercel.live http://js-eu1.hsforms.net https://www.googletagmanager.com https://forms-eu1.hsforms.com https://js.driftt.com https://s.company-target.com https://play.goconsensus.com https://www.facebook.com; media-src 'self' blob: https: data: https://player.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com; object-src 'self'; base-uri 'self'; form-action 'self' https://forms-eu1.hsforms.com; worker-src 'self' blob:; manifest-src 'self' 3
default-src 'self' mychart.org *.mychart.org;       script-src 'self' mychart.org *.mychart.org 'unsafe-inline' 'unsafe-eval' stats-test.epic.com stats.epic.com;       connect-src 'self' mychart.org *.mychart.org stats-test.epic.com stats.epic.com;       style-src 'self' mychart.org *.mychart.org fonts.googleapis.com 'unsafe-inline';       font-src 'self' mychart.org *.mychart.org fonts.gstatic.com;       img-src 'self' blob: mychart.org *.mychart.org i.ytimg.com ichart2.epic.com data: stats-test.epic.com stats.epic.com epicpublicsitesqa.blob.core.windows.net epicpublicsitesstg.blob.core.windows.net media.epic.com cfvod.kaltura.com;       media-src 'self' mychart.org *.mychart.org cdn.epic.com;       frame-src 'self' mychart.org *.mychart.org cdnapisec.kaltura.com; 3
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.addthis.com *.addthisedge.com *.adnxs.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org *.adsymptotic.com *.advertising.com *.akamaihd.net *.amazon-adsystem.com *.bing.com *.bluekai.com *.c212.net *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.crwdcntrl.net *.cvent-assets.com *.cvent.com *.d1emzqdvia1vut.cloudfront.net *.demandbase.com *.demdex.net *.doubleclick.net *.drivetheweb.com *.errors.adobeaemcloud.com *.everesttech.net *.exelator.com *.google-analytics.com *.google.com *.google.ie *.googleadservices.com *.googletagmanager.com *.gstatic.com *.highcharts.com *.hotjar.com *.ibm.com *.ispot.tv *.jquery.com *.jsdelivr.net *.linkedin.com *.marketo.net *.marketo.com *.mathtag.com *.medallia.eu *.mediaroom.com *.mktoweb.com *.mktoweb.net *.moatads.com *.newrelic.com *.nr-data.net *.omtrdc.net *.pippio.com *.prnewswire.com *.qualtrics.com *.adobeaemcloud.com *.redditstatic.com *.rlcdn.com *.s81c.com *.simplecast.com *.simplecastcdn.com *.sitescout.com *.survata.com *.taboola.com *.talentbrew.com *.talentbrew.io *.teads.tv *.tealiumiq.com *.tidaltv.com *.tiqcdn.com *.tiqcdn.com *.trustarc.com *.truste-svc.net *.truste.com *.trustradius.com *.turn.com *.twitter.com *.typekit.net *.w55c.net *.wallst.com *.yahoo.co.jp *.yahoo.com *.youtube.com *.company-target.com *.licdn.com *.pdst.fm *.kyndryl.com *.scene7.com *.cloudfront.net *.unpkg.com unpkg.com *.seg.js *.adobe.com *.googleapis.com amplify.outbrain.com tr.outbrain.com wave.outbrain.com *.yimg.jp *.trendemon.com *.flourish.studio *.adoberesources.net *.googleusercontent.com; object-src 'none'; worker-src blob: 3
frame-ancestors 'self' https://www.sbb.ch 3
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://kofax.lightning.force.com https://www.kofax.com https://www.google.co.in https://www.googleadservices.com https://images.g2crowd.com/ https://nytrng.com https://r2.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://www.tungstenautomation.com https://www.tungstenautomation.de https://www.tungstenautomation.fr https://www.gstatic.com https://stagecd.tungstenautomation.com https://stagecd.tungstenautomation.fr https://stagecd.tungstenautomation.de https://app.shop.pe https://addshoppers.s3.amazonaws.com https://shopper.shop.pe https://d2mjzob2nc713b.cloudfront.net https://shop.pe https://r1.visualwebsiteoptimizer.com https://shop.pe/widget https://ws.zoominfo.com https://www.linkedin.com https://ad.doubleclick.net https://ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://apps.sitecore.net https://b.6sc.co https://bat.bing.com https://c.6sc.co https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdn.fontawesome.com https://cdn.vidyard.com https://code.jquery.com https://connect.facebook.net https://d30ia583fbtg8i.cloudfront.net https://dev.visualwebsiteoptimizer.com https://dudodiprj2sv7.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://privacyportal-de.onetrust.com https://googleads.g.doubleclick.net https://img.en25.com https://insight.adsrvr.org https://ipv6.6sc.co https://j.6sc.co https://js.adsrvr.org https://js.zi-scripts.com/ https://js.driftt.com https://lift-ai-js.marketlinc.com https://match.adsrvr.org https://media.trustradius.com https://play.vidyard.com https://px.ads.linkedin.com https://rc-sc.js.driftt.com https://s2023.t.eloqua.com https://s7.addthis.com https://site-concierge.driftt.com https://snap.licdn.com https://stats.g.doubleclick.net https://td.doubleclick.net https://8054516.fls.doubleclick.net https://use.fontawesome.com https://visitor-scoring-new.marketlinc.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.trustradius.com https://hook.eu1.make.com https://www.visualize-roi.com https://gateway.zscloud.net https://tungstenautomation--prodtest.sandbox.my.site.com https://tungstenautomation--prodtest.sandbox.lightning.force.com https://kofax--simpdev10.sandbox.my.site.com https://www.youtube.com/iframe_api https://i3.ytimg.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.amazonaws.com https://d2d7do8qaecbru.cloudfront.net https://webto.salesforce.com https://kofax.lightning.force.com https://tungstenautomation--qa.sandbox.lightning.force.com https://tungstenautomation--qa.sandbox.my.site.com https://ob.roundprincemusic.com https://obs.roundprincemusic.com https://manage.safeopt.com https://ondemand.registration.eu.goldcast.io https://regbuilder.eu.goldcast.io https://ws-assets.zoominfo.com/formcomplete.js https://analytics.fatmedia.io https://cdn-0.d41.co https://ff.d41.co https://paapi1685.d41.co https://id.rlcdn.com https://ecf.d41.co https://v2.d41.co https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://r4.visualwebsiteoptimizer.com https://r5.visualwebsiteoptimizer.com https://r6.visualwebsiteoptimizer.com https://adservice.google.com https://conversions-config.reddit.com https://pavff7534.d41.co https://www.youtube.com https://*.mountain.com  https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://cdn.dreamdata.cloud https://placehold.co https://dwin1.com https://awin1.com https://zenaps.com https://the.sciencebehindecommerce.com https://wepowerconnections.com https://latern.roeyecdn.com https://latern.roeye.com https://lantern.roeyecdn.com https://lantern.roeye.com https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://www.the.sciencebehindecommerce.com https://www.wepowerconnections.com https://www.latern.roeyecdn.com https://www.latern.roeye.com https://www.lantern.roeyecdn.com https://www.lantern.roeye.com https://server-side-tagging-27si5ue54a-uc.a.run.app/  https://server-side.tungstenautomation.com http://server-side.tungstenautomation.com https://pagead2.googlesyndication.com https://assets.tvscipixel.com https://tvspix.com https://www.studentdiscount.com; worker-src 'self' blob: https://www.tungstenautomation.com; upgrade-insecure-requests; block-all-mixed-content 3
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.hubspot.com *.cookielaw.org *.cdntwrk.com *.wistia.com *.wistia.net *.q2.com *.sentry-cdn.com *.clarity.ms *.google.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.gstatic.com *.hsappstatic.com *.hsappstatic.net *.hubspot.net *.hs-banner.com *.hsadspixel.net *.hs-analytics.com *.hs-analytics.net *.licdn.com *.marketo.net *.marketo.com *.zoominfo.com *.bizible.com *.6sc.co *.qualified.com *.segment.com *.bugcrowd.com *.bugcrowdusercontent.com bugcrowd.com *.jsdeliver.net *.jsdelivr.net *.cloudflare.com *.doubleclick.net *.youtube.com *.hubspotusercontent-na1.net *.pathfactory.com *.zuddl.com 8ab0a26cb0027939bcf5-49c99c3c0c9c98b3365b710757036e1b.ssl.cf5.rackcdn.com *.crazyegg.com *.callrail.com; style-src 'self' *.q2.com 'report-sample' 'unsafe-inline' *.cdntwrk.com *.googleapis.com *.hsappstatic.net *.hubspot.net *.jsdeliver.net *.jsdelivr.net *.marketo.com 7044196.fs1.hubspotusercontent-na1.net 7044196.fs2.hubspotusercontent-na1.net *.hubspotusercontent-na1.net *.pathfactory.com *.googletagmanager.com *.zuddl.com *.qualified.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.mktoresp.com *.hubspotusercontent-na1.net *.google.com *.hubspot.com *.hs-banner.com *.onetrust.com *.cookielaw.org *.wistia.com *.embed-cloudfront.wistia.com *.wistia.net *.6sc.co *.6sense.com *.qualified.com wss://*.qualified.com *.segment.com *.segment.io *.linkedin.com *.google-analytics.com *.clarity.ms *.hubapi.com *.doubleclick.com https://stats.g.doubleclick.net *.zoominfo.com *.adnxs.com *.litix.io *.marketo.com *.doubleclick.net *.youtube.com *.pathfactory.com *.zuddl.com api.prod.zuddl.com *.crazyegg.com *.gonorth.io *.callrail.com *.googleadservices.com *.sentry-cdn.com *.hsappstatic.net; font-src 'self' data: *.gstatic.com *.cdntwrk.com *.wistia.com *.wistia.net 7044196.fs1.hubspotusercontent-na1.net *.pathfactory.com *.zuddl.com; frame-src 'self' *.q2.com *.qualified.com *.doubleclick.net *.wistia.net *.gstatic.com *.google.com *.googletagmanager.com *.bugcrowd.com bugcrowd.com *.hubspotvideo.com *.marketo.com *.youtube.com *.pathfactory.com *.uberflip.com *.zuddl.com *.on24.com *.qualified.com; img-src 'self' *.q2.com data: *.hubspotusercontent-na1.net *.hsappstatic.net *.6sc.co *.cdntwrk.com *.cookielaw.org *.wistia.com *.hsforms.com *.linkedin.com *.hubspot.com *.hubspot.net *.bizible.com *.cloudinary.com *.clarity.ms *.bing.com *.googletagmanager.com *.placeholder.com *.marketo.com googleads.g.doubleclick.net *.doubleclick.net *.google.com *.doubleclick.net *.youtube.com *.hubspotusercontent40.net *.pathfactory.com *.bizibly.com *.gstatic.com *.zuddl.com *.imgix.net *.wistia.net *.qualified.com; manifest-src 'self'; media-src 'self' *.q2.com 7044196.fs1.hubspotusercontent-na1.net 7044196.fs2.hubspotusercontent-na1.net 7044196.fs1.hubspotusercontent-eu1.net 7044196.fs2.hubspotusercontent-eu1.net *.marketo.com blob: *.doubleclick.net *.youtube.com *.pathfactory.com; form-action 'self' *.marketo.com *.mktoweb.com *.zuddl.com *.callrail.com *.googleadservices.com *.qualified.com; frame-ancestors 'self' *.q2.com *.pathfactory.com *.lookbookhq.com; report-to https://343747560e392f7a31ae9a0247c09302.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 3
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src https:; base-uri 'self'; form-action 'self' https:; worker-src 'self' blob:; 3
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; worker-src blob:; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 3
frame-ancestors www.medidata.com medidata.com next.medidata.com loc.medidata.com explorer.medidata.com https://*.mdsol.com test-medidata-next.pantheonsite.io ecoa-medidata-corporate.pantheonsite.io dev-medidata-next.pantheonsite.io blog-medidata-corporate.pantheonsite.io dev-medidata-corporate.pantheonsite.io test-medidata-corporate.pantheonsite.io 26five-medidata-corporate.pantheonsite.io perf-medidata-corporate.pantheonsite.io tags-medidata-corporate.pantheonsite.io web.cvent.com mdsol.preview.salesforce-experience.com mdsol.live-preview.salesforce-experience.com mdsol.my.site.com *.3ds.com 3
block-all-mixed-content; connect-src 'self' www.dreamland.be www.dreamland.nl https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.google.com https://*.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://*.icecat.biz https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com https://*.visualwebsiteoptimizer.com app.vwo.com https://sibautomation.com https://in-automate.brevo.com https://static.zohocdn.com https://desk.zoho.eu https://ct.pinterest.com https://*.clarity.ms/ https://sst.dreamland.be https://sst.dreamland.nl; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.icecat.biz https://*.campaign.playable.com https://static.zohocdn.com https://webfonts.zohowebstatic.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://*.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com app.vwo.com https://*.visualwebsiteoptimizer.com https://bethenexthero.com https://space-worlds.bricks.plus https://legobelgium.s3.eu-west-1.amazonaws.com/ https://space-game.be https://gaming-contest.eu https://f1-contest.com https://desk.zoho.eu https://ar.salta.com https://www.googletagmanager.com https://td.doubleclick.net https://ct.pinterest.com https://*.cloudflare.com https://dreamlandbe.zohodesk.eu https://sst.dreamland.be https://sst.dreamland.nl https://*.g.doubleclick.net https://game.girls-contest.com 'self'; img-src 'self' data: about: www.dreamland.be www.dreamland.nl https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://*.g.doubleclick.net https://www.googleadservices.com https://tpc.googlesyndication.com https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://*.icecat.biz https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://static.zohocdn.com https://sst.dreamland.be https://sst.dreamland.nl; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://*.icecat.biz https://*.campaign.playable.com https://*.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://static.zohocdn.com; upgrade-insecure-requests 3
default-src 'self' https://*.giosg.com https://*.giosgusercontent.com https://*.interactionbuilder.giosg.com https://*.mouseflow.com; img-src 'self' https://*.mouseflow.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.fi https://*.google.ie https://*.google.nl https://*.bing.com https://*.omtrdc.net https://*.tt.omtrdc.net https://*.onetrust.com https://*.onetrust.eu https://*.demdex.net https://*.everesttech.net https://*.adobedtm.com https://*.facebook.com https://*.linkedin.com https://*.adform.net https://*.g.doubleclick.net https://app.readpeak.com https://*.giosgusercontent.com https://images.ctfassets.net https://bat.bing.net https://www.googletagmanager.com data:;media-src https://*;script-src 'unsafe-inline' 'unsafe-eval' https://* https://*.chat-app.lahitapiola.fi https://lt-chat-app-dev.s3.eu-west-1.amazonaws.com https://lt-chat-app-sit.s3.eu-west-1.amazonaws.com https://lt-chat-app.s3.eu-west-1.amazonaws.com;style-src 'unsafe-inline' 'self' https://* https://*.chat-app.lahitapiola.fi https://lt-chat-app-dev.s3.eu-west-1.amazonaws.com https://lt-chat-app-sit.s3.eu-west-1.amazonaws.com https://lt-chat-app.s3.eu-west-1.amazonaws.com;connect-src https://* wss://*.service.lahitapiola.fi; frame-src https://* https://*.chat-app.lahitapiola.fi https://lt-chat-app-dev.s3.eu-west-1.amazonaws.com https://lt-chat-app-sit.s3.eu-west-1.amazonaws.com https://lt-chat-app.s3.eu-west-1.amazonaws.com;worker-src blob:; child-src https://*.mouseflow.com blob:;font-src 'self' https://*.googleapis.com/ https://*.gstatic.com https://*.giosgusercontent.com https://*.mouseflow.com; 3
default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' data: blob: wss: https: edge.adobedc.net adobedc.demdex.net *.adobe.com *.adobe.io cdn.cookielaw.org assets.adobedtm.com kit.fontawesome.com ka-p.fontawesome.com munchkin.marketo.net adobedc.demdex.net snap.licdn.com *.drift.com js.driftt.com js.zi-scripts.com j.6sc.co geolocation.onetrust.com ipv6.6sc.co c.6sc.co b.6sc.co epsilon.6sense.com px.ads.linkedin.com static.cloud.coveo.com boards.greenhouse.io *.mktoresp.com *.zoominfo.com job-boards.greenhouse.io api.company-target.com *.org.coveo.com synopsysnonproduction2yln023as.analytics.org.coveo.com *.brighttalk.com brighttalk.com js.zi-scripts.com *.blackduck.com blackduck.com players.brightcove.net *.brightcove.com manifest.prod.boltdns.net *.brightcovecdn.com googletagmanager.com *.googletagmanager.com *.google.com *.google.ca *.google.co.uk google.co.in google.com *.google-analytics.com google-analytics.com googleads.g.doubleclick.net td.doubleclick.net *.googleapis.com *.gstatic.com *.leadspace.com *.clarity.ms *.bing.com *.bing.net *.bing-int.com *.6sc.co *.6sense.co 846-esg-342.mktoutil.com  801-wre-860.mktoutil.com  *.youtube.com *.widget.surveymonkey.com *.surveymonkey.com cdn.smassets.net *.qualified.com *.redditstatic.com; 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 3
base-uri 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net;child-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net;connect-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel: https://pub.highlight.io https://*.qualtrics.com webpack://*;default-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel:;font-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data:;form-action 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net  https://*.bethematch.org;frame-ancestors 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net  https://*.bethematch.org https: data:;frame-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;img-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;manifest-src 'self';media-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data:;script-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;style-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data:;worker-src data: blob:; 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.jsdelivr.net *.googleapis.com *.jquery.com *.vimeo.com *.vimeocdn.com *.cookielaw.org *.vimeocdn.com *.airbud.io unpkg.com:* *.cloudflare.com *.google.com *.montefioreeinstein.org *.montefiore.org www.montefiore.org mychart.montefiore.org npmychart.montefiore.org *.localizejs.com *.localizecdn.com *.123formbuilder.com *.ctctcdn.com *.blackbaudcdn.net *.go-mpulse.net  *.ada.support *.blackbaudhosting.com *.googletagmanager.com *.blackbaud.com *.youtube.com *.gstatic.com *.perfalytics.com api.perfalytics.com perfalytics.com *.launchdarkly.com *.akstat.io *.jquery.com *.flywire.com *.bootstrapcdn.com *.ctctcdn.com s3.amazonaws.com/downloads.mailchimp.com/ *.jwpcdn.com *.youtube-nocookie.com cdn.plyr.io assets.gyant.com pds.fabrichealth.com pds.stage.fabrichealth.com pds.qa.fabrichealth.com pds.dev.fabrichealth.com *.kameleoon.com *.kameleoon.io *.kameleoon.eu *.kameleoon.net; upgrade-insecure-requests 3
default-src 'self' 'unsafe-inline' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googletagmanager.com *.smartsuppcdn.com *.gopaycdn.com *.gopaycdn-test.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.bing.com *.clarity.ms; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com *.hostedstatus.com *.leady.com *.crazyegg.com *.hotjar.com *.hotjar.io wss://*.hotjar.com googleads.g.doubleclick.net *.googlesyndication.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com wss://*.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com *.clarity.ms *.licdn.com *.linkedin.com *.seznam.cz *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com *.hotjar.com *.crazyegg.com *.facebook.net *.leady.com c.imedia.cz *.googleadservices.com *.seznam.cz *.smartsuppchat.com *.doubleclick.net *.smartsuppcdn.com *.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com *.bing.com *.clarity.ms *.licdn.com *.linkedin.com; img-src 'self' data: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com *.typekit.net *.gstatic.com *.googletagmanager.com *.facebook.com *.seznam.cz *.smartsuppcdn.com *.maxcdn.com *.gopaycdn.com *.gopaycdn-test.com *.hotjar.com *.bing.com *.clarity.ms *.licdn.com *.linkedin.com; style-src 'self' 'unsafe-inline' *.gopay.cz *.gopay.com *.typekit.net *.googletagmanager.com *.googleapis.com *.gopaycdn.com *.gopaycdn-test.com *.hotjar.com; frame-src *; child-src 'none'; frame-ancestors *; font-src 'self' data: use.typekit.net fonts.gstatic.com *.hotjar.com; object-src 'none'; report-to 'default'; 3
frame-ancestors 'self' https://*.cloudfront.net/ https://*.inovalon.com https://*.optimizely.com https://www.mdon-line.com/ https://inovalon.canto.com; 3
default-src 'self'; script-src 'self' https://www.nate.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://main.nateimg.co.kr; object-src 'none'; 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; 3
frame-ancestors 'self' *.umcchurches.org https://trinityoran.org https://enfieldum.org https://canaanum.org https://umclowell.org http://wesleychapelumcreidsville.org https://thearisenetwork.net https://indioumc.org https://sshpumc.org https://www.graceumcmesa.org https://everettumc.org https://unitedchurchofthetford.org https://zionumchurch.com 3
connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.doubleclick.net https://insight.adsrvr.org www.googleadservices.com px.ads.linkedin.com  *.facebook.com/ *.6sc.co capig.stape.do wss://*.hotjar.com *.hotjar.io https://*.qualtrics.com https://api.sitelytics.tech https://ce.lijit.com;frame-ancestors 'self' ww.google.com;object-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google.com www.googletagmanager.com cdn.jsdelivr.net https://js.adsrvr.org www.buzzsprout.com www.youtube.com connect.facebook.net static.ads-twitter.com snap.licdn.com *.6sc.co *.hotjar.com https://*.qualtrics.com https://cdn.delivr.ai;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com https://www.international.com; 3
frame-ancestors 'self' https://ntb-centrum.mironet.cz/ https://totem.apps.mironet.cz/ 3
frame-ancestors 'self' https://*.dub.co 3
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 3
frame-ancestors 'self'; default-src 'self'  https://*.clarity.ms https://c.bing.com https://*.webinargeek.com wss://*.liveperson.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.conversationalsdevelopment.nl wss://api.seamly-app.com wss://api.qooqie.com https://api.seamly-app.com https://*.sharethis.com https://*.visualwebsiteoptimizer.com https://useruploads.vwo.io https://app.vwo.com https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; 3
frame-ancestors 'self';media-src 'self' js.intercomcdn.com; connect-src 'self' https://api.sail-track.com https://cdn.cookielaw.org api-iam.intercom.io nexus-websocket-a.intercom.io api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io geolocation.onetrust.com api.sail-personalize.com api.company-target.com www.google-analytics.com *.clarity.ms siteintercept.qualtrics.com cdn.cookielaw.org ak.sail-track.com stats.g.doubleclick.net tag-logger.demandbase.com;default-src 'self';frame-src 'self' js.driftt.com s.company-target.com intercom-sheets.com;script-src 'self' 'unsafe-inline' widget.intercom.io *.intercomcdn.com cdn.heapanalytics.com www.googletagmanager.com static.cloudflareinsights.com tag.demandbase.com www.clarity.ms ak.sail-horizon.com www.google-analytics.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com cdn.cookielaw.org js.driftt.com *.clarity.ms;style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com;img-src 'self' *.intercomcdn.com www.google-analytics.com fonts.gstatic.com fast.fonts.net cdn.cookielaw.org heapanalytics.com c.clarity.ms id.rlcdn.com c.bing.com segments.company-target.com www.google.com www.google.com.np www.googletagmanager.com static.intercomassets.com data:;object-src 'none';base-uri 'self';form-action 'self';upgrade-insecure-requests 3
frame-ancestors 'self' https://open-educational-resources.de https://analyse.dipf.de/ http://analyse.dipf.de/; 3
default-src 'self' blob: data: mailto: tel: 'unsafe-inline' 'unsafe-eval' *.onetrust.com *.cookielaw.org *.adobedtm.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.ca *.googleapis.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.boltdns.net *.demdex.net *.hotjar.com *.twitter.com *.licdn.com *.facebook.net *.zencdn.net *.twitter.com *.go-mpulse.net *.ads-twitter.com *.gstatic.com *.linkedin.com *.hotjor.io *.akstat.io *.customgpt.ai *.botframework.com *.powerplatform.com *.akamaihd.net *.panter.biz *.advancedbionics.com *.salesforce.com *.bing.com *.fonts.net *.doubleclick.net *.salesforceliveagent.com *.salesforce-sites.com *.callrail.com *.microsoft.com *.logwork.com wss://*.botframework.com *.googlesyndication.com *.clarity.ms https://product-support-global.phonak.com https://dsp-media.eskimi.com https://unitron-discover.panter.biz https://install.events https://*.spotme.com https://spotme.com https://it2v7.interactiv-doc.fr https://acrobatservices.adobe.com https://viewlicense.adobe.io https://logwork.com https://emersya.com https://*.hotjar.io wss://*.hotjar.com https://zingtree.com https://tridimens.ch https://www.google.com https://www.googleadservices.com https://www.phonak.com.seg https://sonova.tt.omtrdc.net *.stackadapt.com *.force.com https://sonova--qas.sandbox.my.site.com https://ab--q.sandbox.my.site.com https://ab--q.sandbox.my.salesforce-scrt.com https://ab.my.site.com https://ab.my.salesforce-scrt.com https://www.youtube.com https://www.youtube-nocookie.com https://advancedbionics.formstack.com https://static.formstack.com https://js.stripe.com; img-src 'self' data: *.phonak.com *.advancedbionics.com *.cookielaw.org *.day.com *.everesttech.net https://t.co https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com *.twitter.com *.googletagmanager.com *.gstatic.com *.brightcove.com *.customgpt.ai *.googleapis.com *.google-analytics.com *.boltdns.net *.demdex.net *.linkedin.com *.facebook.com *.facebook.net *.bing.com https://sonovahansatonproduction.112.2o7.net *.emersya.com i.ytimg.com https://install.events/ https://*.spotme.com https://spotme.com; 3
default-src 'self' https://www.figma.com/ https://cdnjs.cloudflare.com/ https://plugin.handtalk.me https://stats.g.doubleclick.net; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com https://dec.azureedge.net/ https://rum-static.pingdom.net munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net http://maps.google.com https://unpkg.com www.googletagmanager.com https://*.cookiebot.com *.ads-twitter.com *.doubleclick.net *.teads.tv *.cdnjs.cloudflare.com plugin.handtalk.me https://d335luupugsy2.cloudfront.net https://cdn.jsdelivr.net *.plugin.handtalk.me https://www.gstatic.com/ https://static.elfsight.com/ https://cdn.curator.io/ https://snap.licdn.com/ https://cdn.commented.io/ https://brand.phinia.com/ *.adform.net https://px.ads.linkedin.com https://js.createsend1.com https://secure.imaginative-trade7.com/js/807289.js https://tags.srv.stackadapt.com 'self' js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.curator.io/ https://tags.srv.stackadapt.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src data: blob: * 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com https://consentcdn.cookiebot.com https://td.doubleclick.net https://fledge.teads.tv https://cloud.news.borgwarner.com https://brand.phinia.com/ https://open.spotify.com https://www.googletagmanager.com/ forms.hsforms.com; connect-src accounts.google.com https://*.googleapis.com/ *.mktoresp.com *.pingdom.net *.visualstudio.com http://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.teads.tv https://api.mypartfinder.com https://webservice.tecalliance.services https://stats.g.doubleclick.net https://pageview-notify.rdstation.com.br https://popups.rdstation.com.br https://*.handtalk.me https://core.service.elfsight.com https://storage.elfsight.com https://www.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://api.curator.io https://px.ads.linkedin.com https://cdn.dev.commented.io wss://api.commented.io https://functions.commented.io https://cdn-image.commented.io https://api.commented.io https://brand.phinia.com/ https://s3.eu-west-2.amazonaws.com https://createsend.com https://tags.srv.stackadapt.com https://cdn.commented.io 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net https://curatorio.s3.amazonaws.com/ https://curator-assets.b-cdn.net https://dms.licdn.com; child-src 'self' https://www.figma.com/ https://www.google.com/ *.borgwarner.com borgwarner.com https://*.cookiebot.com https://plugin.handtalk.me phinia.wd5.myworkdayjobs.com configurator.delphiautoparts.com data: 3
object-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self' 3
default-src 'self';form-action 'self'; object-src 'self'; frame-ancestors 'self'; connect-src 'self' ely-keskus.fi *.youtube.com *.tyomarkkinatori.fi *.ahtp.fi keha-matomo-sdg-qa-qa.azurewebsites.net *.cookiebot.com wss://*.tyomarkkinatori.fi *.elisa.fi wss://*.elisa.fi tetyomarkkinatori.boost.ai lukija.aimater.com fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' *.elisa.fi fonts.googleapis.com *.youtube.com gstatic.com blob:; img-src * data: blob:; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' *.tyomarkkinatori.fi *.ahtp.fi *.elisa.fi lukija.aimater.com tetyomarkkinatori.boost.ai *.cookiebot.com keha-matomo-sdg-qa-qa.azurewebsites.net youtube.com blob:; frame-src 'self' data: feed.mikle.com *.elisadesk.com *.cookiebot.com *.youtube.com; media-src 'self' data: blob:; font-src 'self' data: fonts.gstatic.com; 3
frame-ancestors https://*.todsgroup.com 3
upgrade-insecure-requests;         frame-ancestors 'self' https://*.schaeffler.com; img-src 'self' https://maps.googleapis.com         https://maps.gstatic.com https://cdn.cookielaw.org https://www.schaeffler.com         https://*.schaeffler-cdn.com https://*.linkedin.com https://www.facebook.com         https://www.google-analytics.com https://www.google.com https://www.google.de         https://www.googletagmanager.com https://*.fbcdn.net https://*.twimg.com/         https://*.ytimg.com https://*.ggpht.com/ https://*.licdn.com         https://userlike-cdn-operators.userlike.com https://cdn.socialstudio.radian6.com          https://media-aftermarket.schaeffler.com https://eqs-cockpit.com  	https://sch-cor-website-cdn-stage.mishost.ch https://sch-cor-website-cdn-live.mishost.ch https://www.eqs.com 	https://*.doubleclick.net 	data: blob:; 3
block-all-mixed-content; frame-ancestors 'self'; object-src 'none' 3
frame-src https://www.youtube.com https://www.youtube-nocookie.com; 3
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.sitecorecloud.io data: https://edge.sitecorecloud.io https://www.googletagmanager.com https://img.youtube.com https://i.vimeocdn.com https://i.ytimg.com; media-src 'self' https://edge.sitecorecloud.io https://*.sitecorecontenthub.cloud embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; object-src 'self' https://edge.sitecorecloud.io https://otp.tools.investis.com; frame-src 'self' *.oneok.com https://edge.sitecorecloud.io https://www.google.com https://www.youtube.com https://player.vimeo.com https://otp.tools.investis.com; connect-src 'self' https://*.sitecorecloud.io https://www.google-analytics.com *.oneok.com https://vimeo.com; frame-ancestors 'none'; 3
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; worker-src blob: 3
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 3
frame-ancestors 'self' temenos.seismic.com 3
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; img-src 'self' data: https:; font-src 'self' data:; style-src 'self' 'unsafe-inline'; style-src-attr 'unsafe-inline'; script-src 'self' https://static.cloudflareinsights.com 'wasm-unsafe-eval' 'unsafe-inline'; connect-src 'self' https://cloudflareinsights.com; worker-src 'self' blob:; manifest-src 'self'; frame-src 'self'; media-src 'self' 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tarteaucitron.io https://cdn.tarteaucitron.io https://browser.sentry-cdn.com https://js-de.sentry-cdn.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://region1.google-analytics.com https://region1.analytics.google.com https://widget.trustpilot.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tarteaucitron.io **https://www.googletagmanager.com**; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https://secure.gravatar.com https://tarteaucitron.io https://cdn.tarteaucitron.io https://www.google-analytics.com https://www.google.com https://www.google.fr https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com https://widget.trustpilot.com; connect-src 'self' https://browser.sentry-cdn.com https://js-de.sentry-cdn.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.fr https://www.facebook.com https://widget.trustpilot.com **https://www.googletagmanager.com**; frame-src 'self' https://tarteaucitron.io https://colisprive.com https://www.googletagmanager.com https://connect.facebook.net https://widget.trustpilot.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://colisprive.com; upgrade-insecure-requests; block-all-mixed-content; 3
default-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://js.stripe.com; worker-src 'self' blob:; img-src 'self' data: https://m.nownownow.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.b-cdn.net; media-src 'self' blob: https://m.sive.rs https://*.b-cdn.net; frame-src https://www.youtube-nocookie.com https://js.stripe.com; frame-ancestors 'self'; object-src 'none' 3
default-src 'none';object-src 'none';manifest-src 'self';base-uri 'none';style-src 'self' 'unsafe-inline' https://*.cdn.flockler.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/ https://fonts.googleapis.com/;img-src * data:;media-src 'self' https://media-api.flockler.com/ https://dms.licdn.com/;font-src 'self' https://*.cloudfront.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/;form-action 'self' https://publish.ne.cision.com/Subscription/ https://login.microsoftonline.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/ https://mktdplp102cdn.azureedge.net/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://unpkg.com/@frontify/ https://*.dynamics.com/ https://tietoevry-ext.boost.ai/ https://tietoevry.piwik.pro/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google.com/recaptcha/api.js https://www.google.com/pagead/ https://www.googleadservices.com/ https://s.usea01.idio.episerver.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://sc.lfeeder.com/ https://connect.facebook.net/ https://acdn.adnxs.com/ https://cdn.mookie1.com/ https://az416426.vo.msecnd.net/ https://www.youtube.com/ https://dl.episerver.net/ https://player.vimeo.com/ https://plugins.flockler.com/ https://alb.reddit.com/ https://www.redditstatic.com/ https://bat.bing.com/ https://bat.bing.net https://js.monitor.azure.com/ https://*.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net/ https://plugin.sopro.io/;frame-ancestors 'self';frame-src 'self' https://dashboard.find.episerver.net/ https://www.googletagmanager.com/ https://maps.google.com/ https://www.google.com/ https://gfx.tools.investis.com/ https://viz.tools.investis.com/ https://irs.tools.investis.com/ https://tietoevry.dfs.investis.com/ https://tools.euroland.com/ https://tools.eurolandir.com/ https://open.spotify.com/ https://*.svc.dynamics.com/ https://www.youtube.com/ https://vimeo.com/ https://player.vimeo.com/ https://brand.tietoevry.com/ https://td.doubleclick.net/ https://qcnl.tv/;connect-src 'self' https://*.svc.dynamics.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://assets-eur.mkt.dynamics.com/ https://public-eur.mkt.dynamics.com/ https://dc.services.visualstudio.com/ https://brand.tietoevry.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://tietoevry.piwik.pro/ https://api.flockler.app/ https://stats-api.flockler.app/ https://tietoevry-ext.boost.ai/ https://cs.lf-discover.com/ https://www.google.com/ https://ib.adnxs.com/ https://pixel-config.reddit.com/ https://www.redditstatic.com/ https://conversions-config.reddit.com/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://bat.bing.com/ https://bat.bing.net https://*.clarity.ms https://www.googleadservices.com/ https://googleads.g.doubleclick.net/; 3
frame-ancestors 'self' https://playground.mrf.io 3
object-src 'none'; base-uri 'none' 3
base-uri self; frame-ancestors none 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src 'self' data: blob: *.wistia.net *.wistia.com *.amazonaws.com embedwistia-a.akamaihd.net; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src 'self' https: blob: data:; frame-ancestors 'self' https://events.bandwidth.com https://app.zuddl.com; style-src * 'unsafe-inline'; worker-src 'self' blob:; font-src 'self' data: blob: *.wistia.net *.wistia.com *.leandata.com *.gstatic.com; 3
frame-ancestors 'self' https://cxagent.nicecxone.com https://max.niceincontact.com https://max.nice-incontact.com 3
base-uri 'self' https://portofantwerpbruges.matomo.cloud;child-src 'none';connect-src 'self' https://portofantwerpbruges.matomo.cloud *.sharethis.com https://*.snapchat.com https://sc-static.net https://*.hsforms.net https://*.hubapi.com https://*.hsforms.com https://*.hsappstatic.net https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hubspot.com https://*.hs-scripts.com http://*.hs-scripts.com https://*.googlesyndication.com https://*.google-analytics.com https://insights.algolia.io https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://*.doubleclick.net https://*.usercentrics.eu https://webapps.portofantwerpbruges.com https://geocode.arcgis.com wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com wss://*.hotjar.io http://*.hotjar.io https://*.hotjar.io https://*.google.com https://*.linkedin.oribi.io https://www.clarity.ms https://*.clarity.ms https://*.linkedin.com https://data.stbuttons.click https://www.facebook.com https://*.bing.com https://cdn.jsdelivr.net;media-src 'self' https://d2csxpduxe849s.cloudfront.net https://media.portofantwerp.com https://media.portofantwerpbruges.com;default-src 'self' https://d2csxpduxe849s.cloudfront.net https://media.portofantwerp.com https://media.portofantwerpbruges.com;font-src 'self' https://sc-static.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com;form-action 'self' https://analytics.clickdimensions.com https://www.facebook.com https://*.hsforms.com;frame-ancestors 'self';frame-src *;img-src 'self' https://portofantwerpbruges.matomo.cloud https://*.hubspotusercontent-eu1.net https://*.snapchat.com https://sc-static.net https://*.hsforms.net https://*.hubapi.com https://*.hsforms.com https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hubspot.com https://*.hsappstatic.net https://*.hs-scripts.com http://*.hs-scripts.com https://*.doubleclick.net https://*.googlesyndication.com *.sharethis.com https://*.amazonaws.com https://cdn.uc.assets.prezly.com https://cdn.uc.assets.hubspot.com https://www.google.be d2csxpduxe849s.cloudfront.net https://media.portofantwerp.com https://media.portofantwerpbruges.com https://*.portofantwerpbruges.com https://www.google-analytics.com https://app.clickdimensions.com www.googletagmanager.com https://*.google.com http://services.arcgisonline.com http://server.arcgisonline.com https://webapps.portofantwerpbruges.com https://unpkg.com https://www.facebook.com https://t.co https://*.twitter.com https://*.linkedin.com https://p.adsymptotic.com https://cdn.jwplayer.com https://*.jwpcdn.com https://www.google.nl https://*.google.de https://www.googleadservices.com https://www.clarity.ms https://*.clarity.ms https://*.bing.com data: https://idloom.events https://www.google.hu https://fonts.gstatic.com https://*.usercentrics.eu;manifest-src 'self';object-src 'none';script-src 'self' https://portofantwerpbruges.matomo.cloud https://cdn.matomo.cloud http://*.hsforms.net https://*.snapchat.com https://sc-static.net https://*.hsforms.net https://*.hubapi.com https://*.hsforms.com https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hubspot.com https://static.hsappstatic.net https://*.hubspotusercontent-eu1.net https://*.hs-scripts.com http://*.hs-scripts.com https://*.linkedin.com https://*.googlesyndication.com *.sharethis.com https://port-of-antwerp-bruges.involve.me https://*.usercentrics.eu https://www.googletagmanager.com https://www.google-analytics.com https://edge.marker.io https://cdn-us.clickdimensions.com https://analytics.clickdimensions.com https://z.moatads.com 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://cdn.jsdelivr.net https://webapps.portofantwerpbruges.com https://geocode.arcgis.com https://*.google.com https://www.gstatic.com https://snap.licdn.com https://*.ads-twitter.com https://connect.facebook.net wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com wss://*.hotjar.io http://*.hotjar.io https://*.hotjar.io https://www.googleadservices.com https://mfpembedcdnweu.azureedge.net https://*.doubleclick.net https://cdn.jwplayer.com https://*.jwpcdn.com https://www.clarity.ms https://*.clarity.ms https://*.bing.com https://static.cloudflareinsights.com;style-src 'self' 'unsafe-inline' https://portofantwerpbruges.matomo.cloud https://fonts.googleapis.com https://cdn-us.clickdimensions.com https://unpkg.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://www.googletagmanager.com;worker-src 'self'; 3
frame-ancestors 'self' *.amplience.net adm.dynamicyield.eu 3
img-src * data: blob:; script-src 'self' 'unsafe-eval' cdnjs.cloudflare.com https://api.mapbox.com https://api.tiles.mapbox.com https://embed.typeform.com https://npmcdn.com widget.trustpilot.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src *; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self'; upgrade-insecure-requests 3
object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data: 3
frame-ancestors 'self' https://dev.colsubsidio.com 3
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https: *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com core.spreedly.com https://secure.paygate.co.za/payweb3/process.trans *.cardinalcommerce.com *.salesforceliveagent.com https://secure-test.worldpay.com/shopper/3ds/ddc.html https://seo.mageplaza.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.vuse.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com core.spreedly.com *.vimeo.com *.doubleclick.net https://static.addtoany.com https://map.pargo.co.za *.prod.marketing.bat.net *.non-prod.marketing.bat.net *.contentsquare.net *.vuse.com https://pay.google.com https://secure-test.worldpay.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.openpay.mx *.openpay.co https://*.moneris.com/ *.opencontrol.mx *.kaptcha.com *.openpay.pe *.salesforce.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https: data: *.cloudflare.com *.gstatic.com magefan.com cm.magefan.com *.postimg.cc *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal core.spreedly.com *.subscribepro.com *.cookielaw.org *.pcapredict.com *.salesforce.com *.postcodeanywhere.co.uk *.doubleclick.net *.prod.marketing.bat.net *.non-prod.marketing.bat.net *.reviews.co.uk https://static.addtoany.com https://unpkg.com https://staticw2.yotpo.com http://staticw2.yotpo.com https://widgetsrepository.yotpo.com https://cdn-widgetsrepository.yotpo.com https://js-agent.newrelic.com *.newrelic.com *.salesforceliveagent.com https://t.contentsquare.net https://sec.webeyez.com https://static.vic-m.co https://js.adsrvr.org *.adform.net https://widgetcdn.zoomengage.com https://c.lytics.io https://connect.facebook.net *.facebook.com https://widgetapi.zoomengage.com *.zoomengage.com *.vuse.com https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.googleoptimize.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com s7.addthis.com *.avada.io *.mapbox.com https://*.moneris.com/ *.googleapis.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.force.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.reviews.io *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.subscribepro.com *.fontawesome.com *.postcodeanywhere.co.uk *.prod.marketing.bat.net *.non-prod.marketing.bat.net https://accounts.google.com/gsi/style http://staticw2.yotpo.com/assets/open_sans.css https://staticw2.yotpo.com/assets/open_sans.css http://staticw2.yotpo.com/ https://staticw2.yotpo.com/ *.contentsquare.net *.vuse.com *.cloudflare.com *.mapbox.com https://*.moneris.com/ *.salesforce.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.prod.marketing.bat.net *.non-prod.marketing.bat.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.subscribepro.com core.spreedly.com *.cookielaw.org *.google.com *.doubleclick.net *.onetrust.com *.prod.marketing.bat.net *.non-prod.marketing.bat.net *.secure.paygate.co.za services.postcodeanywhere.co.uk https://maps.googleapis.com/ https://staticw2.yotpo.com http://staticw2.yotpo.com https://widgetsrepository.yotpo.com https://cdn-widgetsrepository.yotpo.com https://w2.yotpo.com/ https://ssapi.vuse.com/ *.newrelic.com *.salesforce.com *.salesforceliveagent.com *.contentsquare.net https://q-eu1.az.contentsquare.net https://k-eu1.az.contentsquare.net https://sec.webeyez.com https://static.vic-m.co https://js.adsrvr.org https://s2.adform.net https://widgetcdn.zoomengage.com https://c.lytics.io https://connect.facebook.net *.facebook.com *.vuse.com ekr.zdassets.com/ *.openpay.mx *.openpay.co https://get.geojs.io *.avada.io *.openpay.pe webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudfront.net *.reviews.io *.reviews.co.uk t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
frame-ancestors 'self' https://www.endesaclientes.com https://syndication.teleborsa.it https://accounts-coll.enel.com:9443 https://assets.adobedtm.com http://52.144.89.133 https://enel.taleo.net https://reg.enel.it https://aemproddmz.enel.com https://endesa.cogitodesk.com https://www.energiaxxi.com https://www.endesatarifasluzygas.com https://watlab.es https://*.watlab.es 3
frame-ancestors 'self'; report-uri https://o28929.ingest.us.sentry.io/api/676675/security/?sentry_key=ece733f80e4d4958a8c9cfc1f5a6a5db 3
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.xilo.net/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 3
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';script-src-attr * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none';frame-src * data: blob:;form-action *;base-uri 'self';object-src 'none' 3
base-uri 'self'; frame-ancestors *;frame-src *;child-src 'self';block-all-mixed-content;object-src 'none'; prefetch-src 'self';worker-src 'self'; default-src https: data: ws:; script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline'; 3
frame-ancestors 'self' *.webex.com 3
frame-ancestors 'self' https://app.optimizely.com https://*.optimizely.com; 3
upgrade-insecure-requests; frame-ancestors 'self' tigertech.net *.tigertech.net; 3
block-all-mixed-content; frame-ancestors 'self' https://dash.cloudflare.com 3
default-src 'self'; script-src 'self' 'nonce-e62489e6-c573-493f-b0f0-6093a4363b76' dnstest2.ficora.fi dnstest.traficom.fi stat.traficom.fi analytiikka.ahtp.fi; img-src 'self' data: *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; style-src 'self' 'nonce-e62489e6-c573-493f-b0f0-6093a4363b76' dnstest2.ficora.fi dnstest.traficom.fi; font-src 'self'; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; connect-src 'self' https://stat.traficom.fi analytiikka.ahtp.fi; form-action 'self' 3
script-src-elem link.sportsgirl.com.au *.wufoo.com *.pinterest.com *.jotform.com *.jotfor.ms *.squarecdn.com https://api.smooch.io/faye https://cdn-widgetsrepository.yotpo.com https://rum.hlx.page *.hotjar.com *.rmp.rakuten.com *.facebook.net *.googletagmanager.com *.api.useinsider.com foursixty.com *.adsrvr.org *.scarabresearch.com *.plugins.emarsys.net stockinstore.net *.reloop.com.au *.resultspage.com *.pinimg.com *.bing.com *.tiktok.com *.newrelic.com *.google-analytics.com https://3739-1.sli-r.com/r-api/ https://googleads.g.doubleclick.net *.stockinstore.net *.cloudflare.com https://maps.googleapis.com *.afterpay.com *.addressfinder.io https://www.google.com https://www.gstatic.com *.sli-r.com *.braintreegateway.com *.paypal.com https://ap-gateway.mastercard.com *.zdassets.com https://www.googleadservices.com https://staticw2.yotpo.com https://tpc.googlesyndication.com https://jp-tags.rd.linksynergy.com api.neverbounce.com *.forter.com *.surveymonkey.com *.googleapis.com *.kaltura.com *.creativecdn.com *.sli-spark.com *.useinsider.com https://t.contentsquare.net/uxa/a699efee42df6.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.jotfor.ms https://cdn-widget-assets.yotpo.com *.sli-r.com https://foursixty.com/ *.resultspage.com *.stockinstore.net https://assets.api.useinsider.com/ *.addressfinder.io https://fonts.googleapis.com https://staticw2.yotpo.com *.creativecdn.com https://cdn-widgetsrepository.yotpo.com *.useinsider.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com 'unsafe-inline' data: *.gstatic.com *.typekit.net *.stockinstore.net *.afterpay.com *.hotjar.com *.useinsider.com *.yotpo.com *.googleapis.com *.jotfor.ms *.slant.co cdn.neverbounce.com *.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * link.sportsgirl.com.au link.sussan.com.au 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.mastercard.com *.adsrvr.org *.useinsider.com *.linksynergy.com *.tiktok.com *.hotjar.com *.doubleclick.net *.demdex.net *.reloop.com.au *.myunidays.com *.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com bid.g.doubleclick.net *.youtube-nocookie.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk * *.sharethis.com *.pinterest.com https://bid.g.doubleclick.net *.cloudflarestream.com videodelivery.net *.surveymonkey.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.paypal.com *.sportsgirl.com.au *.suzannegrae.com.au *.sussan.com.au *.cdninstagram.com *.gstatic.com *.googleapis.com *.google.com *.google.com.au *.google.co.nz *.google.com.ua *.google.by *.google.us *.google.de *.stockinstore.net *.rakuten.com *.afterpay.com *.nr-data.net *.adsrvr.org *.linksynergy.com *.bing.com *.doubleclick.net *.resultspage.com *.resultsstage.com *.resultsdemo.com *.useinsider.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.unidays.world www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com *.cloudfront.net *.jotfor.ms *.jotform.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com *.youtube.com https://site-assets.afterpay.com/ *.kaltura.com *.facebook.com https://static.zdassets.com/web_widget/latest/basic_settings_avatar.png www.google.com.ua *.sharethis.com *.pinterest.com *.sli-spark.com https://yotpo-editor-production.s3.amazonaws.com *.creativecdn.com https://barcode.tec-it.com https://c.contentsquare.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.plugins.emarsys.net *.scarabresearch.com tagmanager.google.com *.paypal.com *.resultspage.com *.resultsstage.com *.resultsdemo.com *.gstatic.com *.google.com *.sli-spark.com *.cloudfront.net *.sli-r.com *.mastercard.com *.googleapis.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.cloudflare.com *.useinsider.com *.livechatinc.com *.adsrvr.org *.newrelic.com *.getwisp.co *.linksynergy.com *.rakuten.com *.afterpay.com *.nr-data.net *.bing.com *.hotjar.com *.tiktok.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.myunidays.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleadservices.com *.yotpo.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.youtube.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk *.squarecdn.com https://hbiq.net songbirdstag.cardinalcommerce.com *.sharethis.com https://rum.hlx.page *.googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.addressfinder.io static.afterpay.com/ tagmanager.google.com fonts.google.com *.googleapis.com *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.afterpay.com *.api.useinsider.com *.reloop.com.au *.hotjar.com unsafe-inline *.yotpo.com *.squarecdn.com assets.braintreegateway.com *.jotfor.ms *.sharethis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: blob: *.kaltura.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addressfinder.io static.afterpay.com *.scarabresearch.com *.eservice.emarsys.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.paypal.com *.braintree-api.com *.braintreegateway.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.cloudflare.com *.googleapis.com *.rakuten.com *.nr-data.net *.useinsider.com *.amplitude.com *.tiktok.com *.hotjar.com *.demdex.net *.everesttech.net *.adobedtm.com *.reloop.com.au *.myunidays.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com *.cloudfront.net *.forter.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com vimeo.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.cardinalcommerce.com *.google.com google.com *.afterpay.com *.sentry.io *.api.useinsider.com wss://api.smooch.io/faye https://sst.suzannegrae.com.au *.sharethis.com insight.adsrvr.org *.facebook.com *.hotjar.io *.pinterest.com wss://ws.hotjar.com/api/v2/client/ws *.zdassets.com *.bing.com *.zendesk.com *.zendesk-eu.my.sentry.io https://www.google.com.au/ads/* https://www.google.com.au/ analytics.pangle-ads.com *.kaltura.com *.creativecdn.com *.sussan.com.au analytics-ipv6.tiktokw.us https://sst.sportsgirl.com.au *.siteperformancetest.net https://siteperformancetest.net *.contentsquare.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e350c8f5-2076-4690-909d-d997db0d337e.sansec.watch/; 3
default-src 'self' https://servicios.rnpdigital.com https://www.rnpdigital.com; connect-src 'self' https://servicios.rnpdigital.com https://www.youtube.com https://*.tawk.to wss://*.tawk.to https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com; form-action 'self' https://servicios.rnpdigital.com https://*.google.com https://*.tawk.to; font-src 'self' data: https://*.tawk.to https://fonts.gstatic.com; frame-ancestors 'self' https://www.rnpdigital.com https://servicios.rnpdigital.com https://www.youtube.com https://www.facebook.com; frame-src 'self' https://*.tawk.to https://www.youtube.com https://www.facebook.com https://servicios.rnpdigital.com; img-src 'self' data: https://*.tawk.to https://cdn.jsdelivr.net https://tawk.link https://s3.amazonaws.com https://www.googletagmanager.com https://www.google.co.cr https://servicios.rnpdigital.com https://www.rnpdigital.com; media-src 'self' https://*.tawk.to; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://servicios.rnpdigital.com https://www.googletagmanager.com https://*.tawk.to https://cdn.jsdelivr.net https://www.google-analytics.com https://www.youtube.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://*.tawk.to https://fonts.googleapis.com https://cdn.jsdelivr.net; 3
frame-ancestors 'self' redbus.my.site.com partners.apnacomplex.com m-redbus-id.cdn.ampproject.org www.google.com www.google.co.id m.redbus.id m.redbus.my m.redbus.sg seocms.redbus.com seoplatform.redbus.com:3000; worker-src 'self' blob:; default-src 'self' firebasestorage.googleapis.com c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com h.online-metrix.net s3.rdbuz.com *.doubleclick.net graph.facebook.com *.redbus.in  *.redbus.com *.googleapis.com www.google-analytics.com www.googletagmanager.com *.google.com *.google.co.in *.facebook.net www.googleadservices.com www.facebook.com recorder.sessionstack.com o2.mouseflow.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com flackr.github.io *.moengage.com dynamic.criteo.com *.newrelic.com *.sentry-cdn.com *.ttwstatic.com *.clarity.ms www.lacmp.net cdn.debugbear.com flackr.github.io redbus.my.site.com www.youtube.com stackpath.bootstrapcdn.com unpkg.com *.redbus.com *.moengage.com in.fw-cdn.com *.freshchat.com cdn.conveythis.com *.googleoptimize.com app.link cdn.branch.io beacon.riskified.com tags.tiqcdn.com cdn-akamai.mookie1.com *.firebaseio.com h.online-metrix.net *.twitter.com static.ads-twitter.com *.googletagservices.com bam.nr-data.net *.doubleclick.net maxcdn.bootstrapcdn.com *.google.com cdn.jsdelivr.net sslwidget.criteo.com static.criteo.net cdn.mouseflow.com maps.googleapis.com sg-pl.vizury.com cdnjs.cloudflare.com adservice.google.co.in ssl.google-analytics.com pagead2.googlesyndication.com www.google-analytics.com cdn.sessionstack.com www.googletagmanager.com connect.facebook.net *.googleadservices.com *.rdbuz.com *.redbus.in www.gstatic.com; img-src 'self' data: blob: unicorn.indorent.co.id tiles.stadiamaps.com iconslib.rapyd.net rbdatum.s3.amazonaws.com *.clarity.ms bs.serving-sys.com product-image.globaltix.com img.youtube.com *.makemytrip.com moe-email-campaigns.s3.amazonaws.com *.moengage.com mmt.servedbyadbutler.com servedbyadbutler.com iconslib.rapyd.net *.twitter.com gos3.ibcdn.com lh3.googleusercontent.com i.ytimg.com img.riskified.com web-elb *.online-metrix.net *.goibibo.com barcode-latam.s3.amazonaws.com t.co www.googletagmanager.com *.doubleclick.net tpc.googlesyndication.com *.gstatic.com maps.googleapis.com *.s3.ap-southeast-1.amazonaws.com s3-ap-southeast-1.amazonaws.com *.s3-ap-southeast-1.amazonaws.com h.online-metrix.net www.google.co.in *.redbus.in *.google.com www.google-analytics.com  ssl.google-analytics.com *.facebook.com *.rdbuz.com api.midtrans.com www.glassdoor.co.in; style-src 'self' 'unsafe-inline' blob: *.ttwstatic.com redbus.my.site.com cdn.jsdelivr.net stackpath.bootstrapcdn.com *.freshchat.com www.googletagmanager.com maxcdn.bootstrapcdn.com *.google.com cdnjs.cloudflare.com fonts.googleapis.com fonts.googleapis.com *.rdbuz.com st.redbus.in  *.rdbuz.com; font-src 'self' data: maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.rdbuz.com st.redbus.in fonts.gstatic.com; frame-src 'self' gumi.criteo.com redbus.my.site.com partners.apnacomplex.com m.redbus.sg m.redbus.my *.moengage.com m.redbus.my *.freshchat.com payment.pagoefectivo.pe st.redbus.in *.twitter.com www.youtube-nocookie.com *.firebaseapp.com *.firebaseio.com www.surveymonkey.com *.google.com isb.au1.qualtrics.com www.googletagservices.com www.googletagmanager.com *.redbus.com h.online-metrix.net *.doubleclick.net *.vizury.com *.facebook.com www.youtube.com dis.as.criteo.com; object-src 'self'; connect-src 'self' *.redbus.in *.moengage.com browser.sentry-cdn.com *.ingest.de.sentry.io *.clarity.ms data.debugbear.com www.lacmp.net *.redbus.my redbus.my.salesforce-scrt.com wss://tracking.yourbus.in:1031 barcode-latam.s3-ap-southeast-1.amazonaws.com cxselfhelp.s3-ap-southeast-1.amazonaws.com recorder.sessionstack.com *.moengage.com *.makemytrip.com pagead2.googlesyndication.com *.google.com *.aws.elastic-cloud.com api2.branch.io wss://rbpub.redbus.vn wss://rbpub.redbus.com *.googleapis.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com www.google-analytics.com *.facebook.com 3
default-src 'self' https://*.diligent.com https://*.flowise.theanswer.ai https://*.theanswer.ai localhost:8888 https://*.sentry.io https://*.facebook.com vitals.vercel-insights.com https://*.hubapi.com https://*.hsforms.com https://*.hs-scripts.com https://*.hsforms.net https://*.hscollectedforms.net https://*.netlify.app https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.optimizely.com https://*.qualified.com; style-src 'self' 'unsafe-inline' https://diligent.com https://*.diligent.com https://*.sentry.io fonts.googleapis.com vitals.vercel-insights.com https://*.hs-scripts.com https://*.hsforms.net https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com http://*.marketo.com https://*.marketo.com https://*.netlify.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://diligent.com https://*.diligent.com https://*.flowise.theanswer.ai https://*.theanswer.ai https://*.sentry.io https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com vitals.vercel-insights.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.jquery.com https://*.hs-scripts.com https://*.hsforms.net netlify-cdp-loader.netlify.app http://*.marketo.com https://*.marketo.com https://www.redditstatic.com https://js.zi-scripts.com https://diligent.widget.insent.ai https://*.netlify.app https://cdn.bizible.com https://*.rudderlabs.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://bat.bing.com https://j.6sc.co https://ct.capterra.com https://munchkin.marketo.net https://*.googlesyndication.com https://*.chilipiper.com https://*.crazyegg.com https://*.doubleclick.net https://*.cookiebot.com https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.optimizely.com https://js.qualified.com; connect-src 'self' https://diligent.com https://*.diligent.com https://*.flowise.theanswer.ai https://*.theanswer.ai localhost:8888 https://*.sentry.io https://*.facebook.com vitals.vercel-insights.com https://*.hubapi.com https://*.hsforms.com https://*.hs-scripts.com https://*.hsforms.net https://*.hscollectedforms.net https://*.netlify.app https://*.googletagmanager.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://js.zi-scripts.com https://*.zoominfo.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://api.rudderstack.com https://px.ads.linkedin.com https://*.mktoresp.com http://*.mktoresp.com https://*.dataplane.rudderstack.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://*.chilipiper.com https://*.rudderlabs.com https://*.crazyegg.com https://*.google.com https://*.doubleclick.net https://*.cookiebot.com https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.optimizely.com https://*.qualified.com wss://*.qualified.com https://bat.bing.com; font-src 'self' https://diligent.com https://*.diligent.com https://*.sentry.io fonts.gstatic.com https://*.hs-scripts.com https://*.hsforms.net data: https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.netlify.app; frame-src 'self' https://diligent.com https://*.diligent.com lastrev.com forms.hsforms.com https://play.vidyard.com https://*.theanswer.ai https://*.flowise.theanswer.ai https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.marketo.com https://diligent.widget.insent.ai https://*.netlify.app https://*.chilipiper.com https://*.fls.doubleclick.net https://www.facebook.com https://*.facebook.com https://*.cookiebot.com https://*.optimizely.com https://*.cdn.optimizely.com https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.qualified.com https://*.navattic.com; img-src * data: https://diligent.com https://*.diligent.com https://*.googletagmanager.com https://*.ctfassets.net https://*.googletagmanager.com https://*.google-analytics.com https://*.netlify.app https://*.qualified.com; media-src * data:; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com https://*.facebook.com; frame-ancestors 'self' https://lastrev.com https://lr-live-editor.netlify.app https://*.theanswer.ai https://*.flowise.theanswer.ai http://localhost:3333 https://localhost:3333 https://*.sanity.studio https://*.sanity.io https://*.netlify.app https://diligent.com https://*.diligent.com; block-all-mixed-content; upgrade-insecure-requests; 3
default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; child-src * 'self' blob: http:;font-src * data: 3
frame-ancestors 'self', frame-ancestors 'self' 3
frame-ancestors 'self'; object-src 'self'; script-src 'self' https:  'unsafe-eval' 'unsafe-inline' blob:; 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 3
default-src 'self' *avatel.es avatel.es; style-src 'self' 'unsafe-inline' avatel.es *.avatel.es *.googleapis.com *.jsdelivr.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' avatel.es *.avatel.es *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com connect.facebook.net analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleadservices.com *.doubleclick.net player.vimeo.com f.vimeocdn.com cdn.jsdelivr.net cdn-cookieyes.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' avatel.es *.avatel.es *.jquery.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com connect.facebook.net analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleadservices.com *.doubleclick.net player.vimeo.com f.vimeocdn.com cdn.jsdelivr.net cdn-cookieyes.com; connect-src 'self' 'unsafe-inline' blob: avatel.es *.avatel.es clictv.es *.clictv.es *.googleapis.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.doubleclick.net *.facebook.com *.googlesyndication.com log.cookieyes.com https://cdn-cookieyes.com www.google.com fresnel.vimeocdn.com https://directory.cookieyes.com; img-src 'self' 'unsafe-inline' blob: data: avatel.es *.avatel.es secure.gravatar.com *.google.com *.google.es analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleapis.com maps.gstatic.com *.facebook.com correostelecom.es *.correostelecom.es *.doubleclick.net https://cdn-cookieyes.com ade.googlesyndication.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' avatel.es *.avatel.es *.google.com *.doubleclick.net avatel.speedtestcustom.com *.facebook.com *.googletagmanager.com *.googlesyndication.com player.vimeo.com youtube.com *.youtube.com; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; worker-src 'self' blob: avatel.es *.avatel.es; 3
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 3
default-src * blob:; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.melita.com https://*.melitabusiness.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.zopim.com https://static.zdassets.com https://*.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googleadservices.com https://*.facebook.net https://*.doubleclick.net https://*.addthis.com https://cdn.mxpnl.com https://*.youtube.com https://*.moatads.com https://*.addthisedge.com https://fast.wistia.com https://beacon-v2.helpscout.net https://ekr.zdassets.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://www.googleoptimize.com https://kit.fontawesome.com https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/11.1.0/jsrsasign-all-min.js https://consent.cookiebot.eu https://consent.cookiebot.com https://cdn-cookieyes.com https://consentcdn.cookiebot.eu; style-src 'self' 'unsafe-inline' https://*.melita.com https://*.melitabusiness.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.fontawesome.com *.visualwebsiteoptimizer.com app.vwo.com *.licdn.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://*.zopim.com https://*.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; connect-src * 'self' blob:; form-action 'self' https://*.facebook.com https://*.melita.com; frame-ancestors 'self'; upgrade-insecure-requests 3
default-src 'self' http: https: ws: wss: data: blob:; frame-ancestors 'self'; script-src 'strict-dynamic' https: 'self'; 3
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 3
base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' https:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 3
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://vippsmobilepay.boost.ai https://vippsmobilepaytest.boost.ai https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com https://www.gstatic.com https://vipps.no https://www.vipps.no https://vipps.se https://www.vipps.se https://mobilepay.dk https://www.mobilepay.dk https://mobilepay.fi https://www.mobilepay.fi;  connect-src 'self' https://vippsmobilepay.boost.ai https://vippsmobilepaytest.boost.ai https://consent.cookiebot.com https://consentcdn.cookiebot.com https://zai55r7s.api.sanity.io wss://zai55r7s.api.sanity.io https://api-js.mixpanel.com https://www.google.com https://test.salesforce.com https://webto.salesforce.com https://vipps--sanitydev.sandbox.my.salesforce.com;  style-src 'self' 'unsafe-inline' https://vipps.no https://www.vipps.no https://vipps.se https://www.vipps.se https://mobilepay.dk https://www.mobilepay.dk https://mobilepay.fi https://www.mobilepay.fi;  img-src 'self' blob: data: https://vipps.no https://mobilepay.dk https://imgsct.cookiebot.com https://cdn.sanity.io https://i.ytimg.com;  font-src 'self' https://designsystem.vipps.io;  frame-src 'self' https://consentcdn.cookiebot.com/ https://www.youtube.com/ https://www.google.com/;  object-src 'none';  base-uri 'self';  form-action 'self';  frame-ancestors 'self' https://vippsmobilepay-uat.sanity.studio/ https://vippsmobilepay.sanity.studio/ https://www.sanity.io/;  upgrade-insecure-requests 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://www.googletagmanager.com https://www.google-analytics.com https://*.g.doubleclick.net https://snap.licdn.com https://*.googlesyndication.com https://img.en25.com https://connect.facebook.net https://static.ads-twitter.com https://ws.zoominfo.com https://*.googleadservices.com https://*.google.com https://*.brightcove.com https://*.gstatic.com https://maps.googleapis.com https://*.hotjar.com https://*.clarity.ms https://vjs.zencdn.net https://secure.p04.eloqua.com https://tag.demandbase.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://*.opendns.com https://opencdn.fpjs.sh https://fpnpmcdn.net https://*.linkedin.com https://*.gartner.com https://cdnjs.cloudflare.com https://openfpcdn.io https://*.adtrafficquality.google https://*.company-target.com https://*.blackfire.io https://*.ads-twitter.com https://*.facebook.net https://*.licdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.viavisolutions.com https://*.googleapis.com https://tags.srv.stackadapt.com https://www.googletagmanager.com https://players.brightcove.net https://www.gartner.com https://*.brightcove.com; img-src 'self' about: blob: data: https://*.viavisolutions.com http://comms.viavisolutions.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googlesyndication.com https://*.google.com https://maps.gstatic.com https://maps.googleapis.com https://*.clarity.ms https://t.co https://analytics.twitter.com https://*.linkedin.com https://www.facebook.com https://*.brightcove.com https://ws.zoominfo.com https://*.boltdns.net https://fonts.gstatic.com https://id.rlcdn.com https://segments.company-target.com https://tags.srv.stackadapt.com https://stickerly.pstatic.net https://players.brightcove.net https://*.gartner.com https://*.clarity.ms https://*.bing.com https://*.linkedin.com; media-src 'self' blob: https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.akamaihd.net https://*.cf.brightcove.com; frame-src 'self' https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://*.youtube.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://www.facebook.com https://s.company-target.com https://td.doubleclick.net https://widget.spreaker.com https://packetpushers.net https://*.gartner.com https://*.linkedin.com https://www.googletagmanager.com https://*.libsyn.com; frame-ancestors 'self' https://*.viavisolutions.com https://viavi.seismic.com; child-src 'self' blob: https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://*.youtube.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://www.facebook.com https://s.company-target.com https://widget.spreaker.com https://packetpushers.net https://*.gartner.com https://*.linkedin.com; font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://players.brightcove.net https://*.brightcove.com; connect-src 'self' https://*.viavisolutions.com https://players.brightcove.net https://*.gstatic.com https://www.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.google.com https://maps.googleapis.com https://*.g.doubleclick.net https://tags.srv.stackadapt.com https://*.brightcove.com https://ws.zoominfo.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.clarity.ms https://*.boltdns.net https://*.akamaihd.net https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com https://tag-logger.demandbase.com https://*.opendns.com https://px.ads.linkedin.com https://api.fpjs.io https://www.feedrapp.info https://*.adtrafficquality.google https://*.ceros.com https://*.brightcovecdn.com https://*.google-analytics.com; report-uri /report-csp-violation 3
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; media-src 'self' blob: https: ; font-src 'self' data: https: ; worker-src 'self' blob: ; 3
default-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com  https://*.youtube.com https://*.g.doubleclick.net/ https://*.siteimproveanalytics.io https://*.linkedin.com https://*.cloudflare.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com  https://*.youtube.com https://*.g.doubleclick.net/ https://*.siteimproveanalytics.io https://*.linkedin.com https://*.blob.core.windows.net https://siteimproveanalytics.com https://snap.licdn.com https://secure.intelligence-enterprise.com https://public.flourish.studio https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.allenovery.com flo.uri.sh https://*.ceros.com https://cdn.yoshki.com https://cdn.iframe.ly https://*.twitter.com https://*.spotify.com https://*.podbean.com https://*.intelligence-enterprise.com;style-src 'self' 'unsafe-inline' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com  https://*.youtube.com https://*.g.doubleclick.net/ https://*.siteimproveanalytics.io https://*.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com;img-src 'self' blob: data: https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com  https://*.youtube.com https://*.g.doubleclick.net/ https://*.siteimproveanalytics.io https://*.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.intelligence-enterprise.com;font-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.cloudflare.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com data:;connect-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://noembed.com https://*.cloudflare.com https://*.g.doubleclick.net https://*.passle.net https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com;object-src 'none';base-uri 'self';form-action 'self';frame-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.allenovery.com flo.uri.sh https://*.ceros.com https://cdn.yoshki.com https://cdn.iframe.ly https://*.twitter.com https://*.spotify.com https://*.podbean.com https://youtube.com https://*.youtube.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com;block-all-mixed-content;upgrade-insecure-requests; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.steelhousemedia.com/ https://*.bazaarvoice.com/ https://mpsnare.iesnare.com/ https://bat.bing.com/ https://cdns.brsrvr.com/ https://*.fullstory.com/ 'unsafe-inline' https://*.krxd.net/ https://h.online-metrix.net/ https://*.igodigital.com/ https://*.certcapture.com/ https://*.qualtrics.com/ https://*.kaspersky-labs.com/ https://s.go-mpulse.net/ https://www.youtube.com/ https://ajax.googleapis.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://*.cookiehub.net https://cdn.cookiehub.eu https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.hsadspixel.net https://*.hs-analytics.net https://js.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://js.zi-scripts.com https://tags.clickagy.com/ https://plausible.io ;frame-ancestors 'self' *.seismic.com;worker-src 'self' blob:; 3
frame-ancestors 'self' https://*.movavika.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr http://webvisor.com http://*.webvisor.com https://webvisor.com https://*.webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707147/security/?sentry_key=839cab03978446cdbf603f5f5022e843&sentry_environment=production; report-to csp-endpoint 3
default-src *.crazyegg.com *.cognigy.ai *.iubenda.com blob: wss: https: 'unsafe-inline' 'unsafe-eval';   img-src https: data:;   font-src https: data:;   object-src 'self' blob:;   media-src 'self' https://foundever.com https://*.foundever.com data: blob:; upgrade-insecure-requests;frame-ancestors 'none'; 3
frame-ancestors 'self' *.checkout.com; 3
upgrade-insecure-requests; frame-ancestors 'self' ; report-uri https://cspreports.realpage.com/api/reports/save/violation; 3
default-src 'self' *.everllence.com *.man-es.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.amazon-adsystem.com *.bing.com *.bing.net cdnjs.cloudflare.com cdn.cookielaw.org *.clarity.ms cookie-cdn.cookiepro.com *.doubleclick.net *.everllence.com *.facebook.net *.googleapis.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.hotjar.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hubspot.com code.jquery.com *.licdn.com *.linkedin.com *.man-es.com *.onetrust.com *.paa-reporting-advertising.amazon *.podigee-cdn.net *.podigee.io *.youtube.com; script-src-elem 'self' 'unsafe-inline' *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hubspot.com *.hsadspixel.net web-analytics.everllence.com cdn.cookielaw.org *.hotjar.com cdnjs.cloudflare.com *.bing.com *.adnxs.com *.youtube.com *.amazon-adsystem.com *.facebook.net *.licdn.com *.googletagmanager.com googleads.g.doubleclick.net *.clarity.ms maps.googleapis.com maps.gstatic.com *.everllence.com upgrade-advisor.everllence.com; frame-src 'self' map.baidu.com *.map.baidu.com *.doubleclick.net everllence.com *.everllence.com www.google.com www.googletagmanager.com *.hsforms.net *.hsforms.com *.man-es.com *.mandieselturbo.com *.s4hana.ondemand.com *.podigee-cdn.net *.podigee.io player.vimeo.com saipeexternalpmanes.blob.core.windows.net www.youtube-nocookie.com; connect-src 'self' *.adnxs.com api.addsearch.com *.amazon-adsystem.com *.bing.net *.bing.com cdnjs.cloudflare.com cdn.cookielaw.org ad.doubleclick.net *.doubleclick.net everllence.com *.everllence.com web-analytics.everllence.com *.facebook.com google.com *.google.com analytics.google.com *.analytics.google.com *.googleapis.com *.google-analytics.com *.googlesyndication.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.hsforms.com *.hubspot.com *.linkedin.com *.man-es.com *.s4hana.ondemand.com geolocation.onetrust.com privacyportal-eu.onetrust.com *.paa-reporting-advertising.amazon forms-eu1.hscollectedforms.net static.hsappstatic.net api-eu1.hubapi.com *.clarity.ms *.mandieselturbo.com; style-src 'unsafe-inline' 'self' *.googleapis.com cdn.cookielaw.org *.onetrust.com *.everllence.com; font-src 'self' data: *.googleapis.com fonts.gstatic.com cdn.cookielaw.org *.everllence.com; img-src data: 'self' *.adnxs.com *.bing.com *.cloudfront.net cdn.cookielaw.org ad.doubleclick.net *.everllence.com *.facebook.com *.google.de maps.googleapis.com *.hsforms.com maps.gstatic.com ade.googlesyndication.com *.googletagmanager.com *.linkedin.com *.man-es.com *.google.com *.google.dk track-eu1.hubspot.com google.nl googleadservices.com www.googleadservices.com www.google.nl *.google.co.in *.mandieselturbo.com; media-src  'self' 3
default-src 'self' recrutement.orano.group oranoweb.cms.orano.group https://career-i18n.demo.cleverconnect.com career.demo.cleverconnect.com *.google.fr *.google.com *.google-analytics.com *.googletagmanager.com analytics.tiktok.com *.facebook.com *.sc-static.net snap.licdn.com insight.adsrvr.org googleads.g.doubleclick.net www.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org code.jquery.com ws.facil-iti.com tag.aticdn.net www.googletagmanager.com www.google-analytics.com https://s4.ispring.eu https://11471784.fls.doubleclick.net https://secure.adnxs.com https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com https://logws1332.ati-host.net *.goldenbees.fr https://cdn.facil-iti.app https://ecb.qualquantsignals.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com snap.licdn.com https://api.smalk.ai https://www.clarity.ms; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://unpkg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://ws.facil-iti.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.xiti.com *.ati-host.net https://secure.adnxs.com *.blob.core.windows.net cdn.orano.group oranocms.azureedge.net *.adsrvr.org https://raw.githubusercontent.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.fr https://www.google.com https://ecb.qualquantsignals.com https://ws.facil-iti.com https://*.tile.openstreetmap.org https://*.tile.openstreetmap.fr https://tiles.stadiamaps.com https://px.ads.linkedin.com; media-src 'self' data: blob: *.ausha.co; frame-src https://cdn.streamlike.com https://ws.facil-iti.com 'self' https://oranoweb.cms.orano.group/ recrutement.orano.group *.youtube.com *.youtube.fr https://11471784.fls.doubleclick.net www.google.com https://cdn.facil-iti.app/ https://web-service.facil-iti.app/ https://www.googletagmanager.com/ https://orano.kantree.io/ https://td.doubleclick.net https://lookerstudio.google.com/ https://reservation.orano.group/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com ws.facil-iti.com recrutement.orano.group https://reservation.orano.group/ blob:; connect-src 'self' https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com accounts.google.com https://www.google.com https://googleads.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.xiti.com ws.facil-iti.com recrutement.orano.group www.googletagmanager.com www.google-analytics.com http://oranoweb.cms.orano.group https://s4.ispring.eu https://logws1332.ati-host.net https://maps.googleapis.com/ https://pagead2.googlesyndication.com/ https://web-service.facil-iti.app https://dhllvtr.pa-cd.com wss://ws.hotjar.com https://content.hotjar.io https://px.ads.linkedin.com https://*.clarity.ms; 3
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 3
frame-ancestors self vsadmin.badge.nl 3
font-src fonts.gstatic.com use.typekit.net data: *.hotjar.com https://components-bnpl-pe-bbva-moprestamo-com.s3.amazonaws.com *.fontawesome.com maxcdn.bootstrapcdn.com *.flixcar.com *.flixfacts.com *.jsdelivr.net *.cloudflare.com *.googleapis.com *.1worldsync.com *.moprestamo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.embluemail.com *.facebook.com *.lacuracao.pe *.efe.com.pe https://forms.hsforms.com *.hsforms.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.pmbox.cloud *.inconcertcc.com *.moprestamo.com *.criteo.net *.flixcar.com *.os.tc *.onesignal.com *.doubleclick.net *.vnforapps.com *.online-metrix.net gum.criteo.com fledge.us.criteo.com *.livechatinc.com *.pointandplace.com *.powr.io *.omnitok.com *.hs-sites.com viewer.mudi.com.co v1.modern-life-interactive.com https://forms.hsforms.com *.hsforms.com https://secure.livechatinc.com widget.powerpay.pe 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.efe.com.pe *.flixcar.com *.flix360.com https://*.hotjar.com *.moprestamo.com *.google.com.pe *.lacuracao.pe *.doubleclick.net *.emxdgt.com *.bidswitch.net img *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.criteo.com *.bluekai.com *.yahoo.com *.clmbtech.com *.smaato.net *.sharethrough.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.bing.com *.teads.tv *.3lift.com *.omnitagjs.com *.casalemedia.com *.stickyadstv.com *.360yield.com *.embluemail.com *.yieldmo.com *.tremorhub.com *.mediavine.com *.liadm.com *.flix360.io *.aralego.com *.criteo.net *.aralego.net *.vnforapps.com *.online-metrix.net *.yahoo.net *.contextweb.com *.demoup.com *.pointandplace.com *.adform.net *.adgrx.com *.powrcdn.com *.1rx.io *.alquimio.cloud *.yandex.com *.yandex.ru *.yads.tech *.yango.com cm.g.doubleclick.net t.adx.opera.com *.agkn.com *.unrulymedia.com *.1worldsync.com *.windows.net *.clarity.ms *.hsforms.net *.hsforms.com *.hubspotusercontent-na1.net *.hubspot.com yandex.ru *.hsappstatic.net *.fwmrm.net *.adsrvr.org *.bidr.io *.sitescout.com *.crwdcntrl.net lacuracao.pe viewer.mudi.com.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.embluemail.com *.hotjar.com storage.googleapis.com *.flixfacts.com *.flixcar.com *.onesignal.com onesignal.com *.inconcertcc.com *.moprestamo.com https://www.google.com https://maps.googleapis.com *.criteo.com *.tiktok.com *.flix360.io *.pointandplace.com *.vnforapps.com *.ccdc02.com *.online-metrix.net *.amazonaws.com *.demoup.com *.livechatinc.com *.powr.io *.omnitok.com infimv.com *.topsort.com *.jsdelivr.net *.yads.tech *.1worldsync.com *.clarity.ms *.hsforms.net *.hsadspixel.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hscollectedforms.net *.mfsac.com.pe *.viewer.mudi.com.co components-bnpl-pe-bbva-production.moprestamo.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co *.hotjar.com *.moprestamo.com *.fontawesome.com maxcdn.bootstrapcdn.com onesignal.com *.flixcar.com *.cloudflare.com *.googleapis.com *.1worldsync.com viewer.mudi.com.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.demoup.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com api.comapi.com bam.nr-data.net *.culqi.com *.alquimio.cloud  *.hotjar.com *.hotjar.io wss://*.hotjar.com *.criteo.com *.doubleclick.net *.embluemail.com onesignal.com google.com.pe *.pointandplace.com *.flixcar.com *.google.com.pe *.vnforapps.com *.tiktok.com *.pangle-ads.com *.demoup.com *.flix360.com *.powr.io *.topsort.com *.yandex.com *.yandex.ru *.yads.tech *.yango.com *.omnitok.com *.psychological.ai *.hsforms.net *.hsforms.com *.amazonaws.com *.hubspot.com *.clarity.ms *.hubapi.com *.hscollectedforms.net/ facebook.com *.onesignal.com mudiview.mudi.com.co:7443 viewer.mudi.com.co *.modern-life-interactive.com modern-life-interactive.com *.1worldsync.com https://www.google.com mo-services-bnpl-pe-production.moprestamo.com *.moprestamo.com api.powerpay.pe docs.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
frame-ancestors *.kioxia.com 3
frame-ancestors 'self'; report-uri /csp-log.php 3
default-src 'none'; child-src 'self' *.kaltura.com *.surveygizmo.com cdn.calconic.com insuranceservicesofficeinc.demdex.net; connect-src 'self' data: *.albacross.com *.brightcove.com *.commoninja.com *.crazyegg.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.kaltura.com *.kampyle.com *.linkedin.com *.maplecroft.com *.optimizely.com *.srv.stackadapt.com *.xactware.com app.calconic.com bcbolt446c5271-a.akamaihd.net cdn-app.continual.ly cdn.calconic.com cdn.cookielaw.org dc.services.visualstudio.com dl.episerver.net dpm.demdex.net geolocation.onetrust.com google.co.in http://ad.doubleclick.net https://*.6sc.co https://*.6sense.com https://*.influ2.com https://1752680588.rsc.cdn77.org https://adservice.google.com https://analytics-fe.digital-cloud-us-main.medallia.com https://analytics.google.com https://api.adblockertool.com https://api.adblocking247.com https://api.aituria.com https://api.awesomeblocker.com https://api.killadsapi.com https://api.video-adblock.com https://app.continual.ly/ https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://connect.facebook.net https://content.hotjar.io https://epsilon.6sense.com https://fonts.gstatic.com https://ipv6.6sc.co https://js.monitor.azure.com https://metrics.hotjar.io https://s.yimg.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://unpkg.com https://verisk.my.salesforce-scrt.com https://wss-pr.continual.ly:6001 https://www.google.com.et https://www.google.com.pr https://www.google.com.tr hubspot-forms-static-embed.s3.amazonaws.com manifest.prod.boltdns.net opreq.observepoint.com privacyportal.onetrust.com public.flourish.studio secure.adnxs.com vc.hotjar.io verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net ws.hotjar.com wss://ws.hotjar.com; font-src 'self' data: *.cloudfront.net *.googleapis.com *.gstatic.com *.kaltura.com cdnjs.cloudflare.com dl.episerver.net vjs.zencdn.net; frame-src 'self' *.acast.com *.brightcove.net *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google.com *.gstatic.com *.kaltura.com *.kampyle.com *.maplecroft.com *.optimizely.com *.pardot.com *.readymag.com *.surveygizmo.com *.twitter.com *.youtube.com activitymap.adobe.com app.powerbi.com bloomberg.com capture.navattic.com cdn-app.continual.ly cdn.calconic.com datawrapper.dwcdn.net dl.episerver.net flo.uri.sh https://app.continual.ly/ https://open.spotify.com https://verisk.my.site.com https://view.ceros.com https://www.brighttalk.com https://www.googletagmanager.com insuranceservicesofficeinc.demdex.net lifedemo.shinyapps.io optimize.google.com player.vimeo.com public.tableau.com survey.alchemer.com td.doubleclick.net verisk.postclickmarketing.com www.buzzsprout.com www.google.com www.insurancejournal.tv www.youtube-nocookie.com; img-src 'self' data: *.air-worldwide.com *.albacross.com *.brightcove.com *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.linkedin.com *.maplecroft.com *.optimizely.com *.srv.stackadapt.com *.trendemon.com *.twimg.com *.twitter.com *.verisk.com *.youtube.com 6016449.global.siteimproveanalytics.io api.mapbox.com assets.adobedtm.com c.bing.com cdn.cookielaw.org cf-images.us-east-1.prod.boltdns.net cm.everesttech.net dl.episerver.net dpm.demdex.net https://*.6sc.co https://ib.adnxs.com https://sp.analytics.yahoo.com i.ytimg.com jumbe.zaius.com maps.gstatic.com optimize.google.com p.adsymptotic.com public.tableau.com t.influ2.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net w3.poweradvocate.com www.google.co.uk www.google.com www.greatplacetowork.com www.gstatic.com; media-src 'self' blob: *.air-worldwide.com *.gstatic.com *.kaltura.com *.srv.stackadapt.com bcbolt446c5271-a.akamaihd.net dl.episerver.net manifest.prod.boltdns.net; script-src-elem 'self' 'unsafe-inline' *.albacross.com *.cave9tape.com *.cloudfront.net *.cookielaw.org *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.licdn.com *.maplecroft.com *.oktopost.com *.pardot.com *.salesforceliveagent.com *.srv.stackadapt.com *.trendemon.com *.twitter.com *.xactware.com alert.risksolutions.verisk.com assets.adobedtm.com cdn-app.continual.ly cdn.calconic.com cdn.datatables.net cdnjs.cloudflare.com code.jquery.com dl.episerver.net https://*.influ2.com https://app.optimizely.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.optimizely.com https://cdnapisec.kaltura.com https://j.6sc.co https://okt.to https://s.yimg.com https://script.hotjar.com https://static.hotjar.com https://unpkg.com https://verisk.my.site.com https://view.ceros.com https://www.brighttalk.com img.en25.com js.monitor.azure.com maxcdn.bootstrapcdn.com public.flourish.studio risksolutions.verisk.com siteimproveanalytics.com static.oktopost.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.albacross.com *.cave9tape.com *.cloudflare.com *.cloudfront.net *.commoninja.com *.cookielaw.org *.facebook.net *.fraudblocker.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.herbgreencolumn.com *.hsforms.com *.kaltura.com *.licdn.com *.linkedin.com *.maplecroft.com *.oktopost.com *.optimizely.com *.pardot.com *.readymag.com *.salesforceliveagent.com *.trendemon.com *.twimg.com *.twitter.com *.xactware.com *.youtube.com activitymap.adobe.com api-ssl.bitly.com az416426.vo.msecnd.net cdn-app.continual.ly cdn-assets-prod.s3.amazonaws.com cdn.calconic.com cdn.mouseflow.com cdnjs.cloudflare.com code.jquery.com dl.episerver.net geolocation.onetrust.com https://js.monitor.azure.com https://verisk.my.site.com img.en25.com ionfiles.scribblecdn.ne js.hsforms.net js.monitor.azure.com maxcdn.bootstrapcdn.com optimize.google.com player.vimeo.com players.brightcove.net public.flourish.studio public.tableau.com s1065293013.t.eloqua.com script.crazyegg.com secure.leadforensics.com siteimproveanalytics.com unpkg.com vjs.zencdn.net www.buzzsprout.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com *.verisk.com alert.risksolutions.verisk.com cdn-app.continual.ly cdn.jsdelivr.net dl.episerver.net https://app.continual.ly/css/gekr8k83y6vw/custom.css https://cdnjs.cloudflare.com https://unpkg.com https://verisk.my.site.com risksolutions.verisk.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com cdn-app.continual.ly cdn.jsdelivr.net cdnjs.cloudflare.com dl.episerver.net optimize.google.com unpkg.com; worker-src 'self' blob:; script-src-attr 'unsafe-inline' *.srv.stackadapt.com *.xactware.com; frame-ancestors *.cargonet.com *.isomitigation.com *.maplecroft.com *.verisk.com https://verisk.my.salesforce-scrt.com https://verisk.my.site.com https://verisk.my.site.com/; report-to stott-security-endpoint;report-uri https://alert.risksolutions.verisk.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 3
frame-ancestors 'self'; frame-src  *.facebook.com *.google.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.versio.nl *.freshdesk.com *.freshchat.com *.typeform.com *.hsforms.com *.doubleclick.net *.yourhosting.nl *.cookiebot.com 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3
frame-ancestors 'self' *.voc.ai *.shulex.com 3
img-src * data:; default-src *;  style-src * 'unsafe-inline'; worker-src 'self' blob: ; script-src * 'unsafe-inline' 'unsafe-eval' 3
default-src * data: *.crazyegg.com 'unsafe-eval' 'unsafe-inline' blob:; font-src 'self' fonts.gstatic.com *.crazyegg.com data:; script-src * *.crazyegg.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src * *.crazyegg.com 'unsafe-inline' data:; img-src * *.crazyegg.com data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 3
default-src 'self';    connect-src 'self' wss://webmessaging.usw2.pure.cloud https://browser-intake-us5-datadoghq.com https://www.googleadservices.com https://*.clarity.ms https://www.facebook.com https://ws.zoominfo.com https://js.zi-scripts.com https://aorta.clickagy.com https://hemsync.clickagy.com https://api.usw2.pure.cloud/ https://api-cdn.usw2.pure.cloud/ https://*.api.sanity.io https://*.apicdn.sanity.io wss://*.api.sanity.io https://csp.withgoogle.com https://google.com https://*.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.gstatic.com https://shop.ezeefiber.com https://api.vercel.com https://vercel.live https://maps.googleapis.com https://fresnel.vimeocdn.com https://sockjs-us3.pusher.com https://*.weglot.com https://cdn-api-weglot.com wss://ws-us3.pusher.com https://recruitingbypaycor.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://bat.bing.com https://amazon-adsystem.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon/ https://paa-reporting-advertising.amazon/ https://www.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com https://mybundle.tv https://www-app-dev.mybundle.tv https://px.premion.com;    script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: http://www.gstatic.com https://bat.bing.com https://www.clarity.ms https://connect.facebook.net https://www.facebook.com https://js.zi-scripts.com https://tags.clickagy.com https://*.jquery.com https://apps.usw2.pure.cloud https://www.google.com https://shop.ezeefiber.com https://googleads.g.doubleclick.net https://recruitingbypaycor.com http://recruitingbypaycor.com https://player.vimeo.com  https://ezeefiber.speedtestcustom.com/ https://c.speedtestcustom.com https://www.googletagmanager.com https://recruitingbypaycor.com https://f.vimeocdn.com https://maps.googleapis.com https://cdn.weglot.com https://mybundle.tv https://www-app-dev.mybundle.tv https://vercel.live https://www.gstatic.com https://*.hotjar.com http://www.youtube.com https://www.youtube.com https://www.googleadservices.com https://amazon-adsystem.com https://*.amazon-adsystem.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://px.premion.com;    style-src 'self' 'unsafe-inline' https://vercel.live https://shop.ezeefiber.com https://recruitingbypaycor.com https://ezeefiber.speedtestcustom.com/ https://c.speedtestcustom.com https://fonts.googleapis.com https://cdn.weglot.com https://www.gstatic.com/ *.visualwebsiteoptimizer.com app.vwo.com;    img-src 'self' blob: data: https://bat.bing.com https://www.facebook.com https://www.google.com https://www.google.com.mx https://www.google.ae https://www.google.co.uk https://lh3.googleusercontent.com https://shop.ezeefiber.com https://www.googletagmanager.com https://cdn.sanity.io https://i.vimeocdn.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.weglot.com https://vercel.live https://vercel.com https://www.gstatic.com https://i.ytimg.com https://insight.adsrvr.org https://googleads.g.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io;    media-src 'self' https://cdn.sanity.io https://player.vimeo.com https://www.youtube.com;    frame-src 'self' https://hemsync.clickagy.com https://apps.usw2.pure.cloud https://player.vimeo.com https://www.youtube.com https://ezeefiber.speedtestcustom.com/ https://td.doubleclick.net https://recruitingbypaycor.com https://vercel.live https://www.googletagmanager.com https://mybundle.tv https://www-app-dev.mybundle.tv https://www.google.com https://www.gstatic.com *.visualwebsiteoptimizer.com app.vwo.com;    font-src 'self' https://fonts.gstatic.com https://vercel.live https://assets.vercel.com;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'self' https://ezeefiber.speedtestcustom.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://*.google.com https://*.gstatic.com;    upgrade-insecure-requests; 3
default-src *; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3
default-src 'self'; script-src 'self' siteimproveanalytics.com *.siteimproveanalytics.io static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' *.global.siteimproveanalytics.io www.etracker.de; connect-src 'self' www.etracker.de; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' *.etracker.com; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com info.gesundheitsministerium.gv.at player.vimeo.com; form-action 'self'; media-src 'self' http://www.oegsbarrierefrei.at; block-all-mixed-content; upgrade-insecure-requests; 3
default-src 'self' 'unsafe-eval' http: https: ws: wss: data: blob: 'unsafe-inline'; 3
default-src 'self'; img-src 'self' data: *.msb.se *.mcf.se i.ytimg.com maps.gstatic.com maps.googleapis.com; frame-src 'self' mailto: qcnl.tv api.screen9.com *.youtube.com youtube.com www.google.com *.mynewsdesk.com brandrisk.smhi.se lastkaj.msb.se mcf.ungapped.io msb.ungapped.io ui.ungapped.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.readspeaker.com tracking.webbanalys.msb.se maps.googleapis.com www.google.com; style-src 'self' 'unsafe-inline' *.readspeaker.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' sr.artologik.net srtry.artologik.net *.mynewsdesk.com tracking.webbanalys.msb.se *.readspeaker.com www.youtube.com www.google.com www.gstatic.com maps.googleapis.com dashboard.webbanalys.msb.se/js/container_F96Nf4nS_preview.js; frame-ancestors 'self'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ims.tescoinsurance.com ims2.tescotravelmoney.com *.oracleinfinity.io *.oracle.com *.oraclecloud.com *.trustpilot.com *.woopra.com *.fls.doubleclick.net fls.doubleclick.net *.lpsnmedia.net *.google.com *.googleapis.com *.qubit.com *.travelex.net *.adobedtm.com *.vo.msecnd.net bat.bing.com c.evidon.com cdn.cookielaw.org *.decibelinsight.net cm.everesttech.net connect.facebook.net dc.services.visualstudio.com *.cloudfront.net *.demdex.net flex.cybersource.com *.g.doubleclick.net *.hotjar.com *.liveperson.net *.tescobank.com *.ensighten.com r.turn.com royalsunallianceinsu.tt.omtrdc.net rsa.d2.sc.omtrdc.net rum-static.pingdom.net service.maxymiser.net *.google-analytics.com stash.qubitproducts.com static.ads-twitter.com static.goqubit.com tescobank.azureedge.net ue.enablermail.com www.facebook.com www.google.co.uk *.googleadservices.com *.googletagmanager.com *.gstatic.com track.omguk.com wss://sync.onfido.com wss://collection.decibelinsight.net mpsnare.iesnare.com *.adnxs.com s.yimg.com *.sociomantic.com p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net *.google-analytics.com ; style-src 'self' 'unsafe-inline' *.oracleinfinity.io *.oracle.com *.oraclecloud.com *.googleapis.com apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net *.kampyle.com *.medallia.eu ; img-src 'self' data: blob: * ; child-src 'self' blob: ; font-src 'self' data: * ; connect-src 'self' ims.tescoinsurance.com ims2.tescotravelmoney.com *.oracleinfinity.io *.oracle.com *.oraclecloud.com bam-cell.nr-data.net *.woopra.com *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.lpsnmedia.net *.google.com *.googleapis.com *.qubit.com *.travelex.net *.adobedtm.com *.vo.msecnd.net bat.bing.com c.evidon.com cdn.cookielaw.org *.decibelinsight.net cm.everesttech.net connect.facebook.net dc.services.visualstudio.com *.cloudfront.net *.demdex.net flex.cybersource.com *.g.doubleclick.net *.hotjar.com *.liveperson.net *.tescobank.com *.ensighten.com r.turn.com royalsunallianceinsu.tt.omtrdc.net rsa.d2.sc.omtrdc.net rum-static.pingdom.net service.maxymiser.net *.google-analytics.com stash.qubitproducts.com static.ads-twitter.com static.goqubit.com tescobank.azureedge.net ue.enablermail.com www.facebook.com www.google.co.uk *.googleadservices.com *.googletagmanager.com *.gstatic.com track.omguk.com wss://sync.onfido.com wss://collection.decibelinsight.net mpsnare.iesnare.com *.adnxs.com s.yimg.com *.sociomantic.com  *.tiles.mapbox.com api.mapbox.com events.mapbox.com p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu ; frame-src 'self' *.trustpilot.com *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.tescobank.com tescobank.demdex.net *.vo.msecnd.net service.maxymiser.net p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net ; frame-ancestors 'self' *.tescobank.com ; object-src 'self' *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.tescobank.com tescobank.demdex.net; media-src 'self' apps.commbox.io ; 3
default-src 'self' blob: data: https: wss:; frame-ancestors 'self' *.brighthr.com app.brighthr.ie app.brighthr.com.au *.brightsafe.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://pixel.byspotify.com lex.33across.com *.adroll.com *.awin1.com *.bing.com *.cloudflareinsights.com *.convertexperiments.com *.doubleclick.net https://bat.bing-int.com *.dwin1.com connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com maps.googleapis.com *.googleoptimize.com *.googletagmanager.com *.quantcount.com *.quantserve.com *.gstatic.com  *.hotjar.com cdn.landbot.io snap.licdn.com app-lon04.marketo.com cdn.dreamdata.cloud *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io munchkin.marketo.net *.mplat-ppcprotect.com *.nyltx.com *.onetrust.com qvdt3feo.com *.rakuten.com lantern.roeyecdn.com *.ruleranalytics.com the.sciencebehindecommerce.com *.livechatinc.com smct.co js.smct.co js.smct.io *.stackadapt.com *.stripe.com *.visualwebsiteoptimizer.com *.youtube.com *.canarytokens.com *.invocacdn.com *.clarity.ms px.ads.linkedin.com; style-src 'self' 'unsafe-inline' data: https:; worker-src 'self' blob:; report-uri https://brighthr.report-uri.com/r/d/csp/enforce; 3
frame-ancestors 'self' chayns.de qa.chayns.de tobit.team qa.tobit.team fff.chayns.site 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.nic-t.ru https://nic-t.ru https://www.nic-t.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://*.googleapis.com https://*.gstatic.com https://mc.yandex.ru https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.nic-t.ru https://nic-t.ru https://www.nic-t.ru https://*.googleapis.com https://*.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https: http:; font-src 'self' data: https://*.nic-t.ru https://nic-t.ru https://www.nic-t.ru https://*.googleapis.com https://*.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.nic-t.ru https://nic-t.ru https://www.nic-t.ru https://*.yandex.ru https://*.yandex.net https://mc.yandex.ru https://www.google-analytics.com https://api-eu.mixpanel.com https://*.mixpanel.com; frame-src 'self' https://*.nic-t.ru https://nic-t.ru https://www.nic-t.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://webvisor.com https://*.youtube.com https://*.vimeo.com; frame-ancestors 'self' https://*.nic-t.ru https://nic-t.ru https://www.nic-t.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://webvisor.com; worker-src 'self' blob: https://*.nic-t.ru; object-src 'none'; base-uri 'self'; form-action 'self' https://*.nic-t.ru; media-src 'self' https://*.nic-t.ru data: blob:; manifest-src 'self' https://*.nic-t.ru; 3
default-src 'self' https: http: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' https: data:; connect-src 'self' https: wss:; worker-src 'self' blob:; frame-ancestors 'self'; 3
connect-src 'self' *.laerdal.com laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com *.monitor.azure.com *.applicationinsights.azure.com *.google.com *.gigya.com *.cookielaw.com *.cookielaw.org *.onetrust.com *.posthog.com googleads.g.doubleclick.net cdn.jsdelivr.net *.salesforce-scrt.com *.talkdeskapp.com *.dynatrace.com *.us1.twilio.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.facebook.com *.facebook.net *.ubembed.com ipapi.co *.googleadservices.com *.googletagmanager.com *.linkedin.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; default-src 'self' data: blob: laerdal.com *.laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com; font-src 'self' data: blob: *.laerdal.com laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com *.bootstrapcdn.com *.gstatic.com *.blob.core.windows.net *.cloudfront.net *.cloudflare.com *.talkdeskapp.com at.alicdn.com *.hotjar.com; frame-ancestors 'self'; frame-src laerdal.com *.laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com *.gigya.com pointerpro.com *.pointerpro.com *.livechatinc.com laerdal.my.site.com *.buzzsprout.com *.talkdeskapp.com *.youtube.com youtube.com youtu.be *.googletagmanager.com *.google.com s.surveyanyplace.com *.youku.com *.flipsnack.com *.episerver.net *.calameo.com; img-src 'self' data: https: laerdal.com *.laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com googleads.g.doubleclick.net laerdal.info *.googletagmanager.com cdn.brandfolder.io *.convertflow.co *.facebook.com *.facebook.net *.talkdeskdev.com *.talkdesk.com *.google-analytics.com *.linkedin.com *.baidu.com *.doubleclick.net *.ytimg.com *.hotjar.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: laerdal.com *.laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com *.blob.core.windows.net *.cloudflareinsights.com *.monitor.azure.com *.azure.com *.cookielaw.org *.convertflow.co *.en25.com code.jquery.com *.bootstrapcdn.com *.gigya.com *.gstatic.com *.google.com *.googleapis.com googleads.g.doubleclick.net *.livechatinc.com laerdal.my.site.com *.talkdeskapp.com *.ubembed.com *.google-analytics.com *.doubleclick.net *.vo.msecnd.net *.googletagmanager.com cdn.jsdelivr.net snap.licdn.com *.facebook.net *.hotjar.com youtube.com *.youtube.com; style-src 'self' 'unsafe-inline' laerdal.com *.laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com *.blob.core.windows.net *.bootstrapcdn.com *.googleapis.com *.posthog.com laerdal.my.site.com cdn.jsdelivr.net *.gstatic.com; report-to csp-report-to 3
report-uri https://www.jarscr.com 3
default-src 'self' https: data: blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; frame-ancestors 'self'; 3
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https: http:; font-src 'self' https: data:; connect-src 'self' https: wss: ws: data: http://127.0.0.1:11100; frame-src 'self' https: blob:; object-src 'none'; base-uri 'self'; media-src 'self' blob: https:; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 3
script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net *.facebook.com static.cloudflareinsights.com www.gstatic.com d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com *.ibb.co.com *.facebook.com www.googletagmanager.com d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.jsdelivr.net d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;form-action 'self' *.facebook.com;frame-src static.goolec.com www.youtube.com youtube.com *.facebook.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com *.facebook.com d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;media-src d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';frame-ancestors 'self';object-src 'none' 3
default-src 'none'; connect-src 'self' https://cdn.linkedin.oribi.io https://forms.hsforms.com https://px.ads.linkedin.com https://nagra.matomo.cloud/; font-src 'self'; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://forms.hsforms.com/; img-src 'self' data: https://px.ads.linkedin.com https://px4.ads.linkedin.com https://i.ytimg.com https://img.youtube.com https://forms.hsforms.com https://forms-na1.hsforms.com; manifest-src 'self'; media-src 'self'; script-src 'self' https://snap.licdn.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://nagra.matomo.cloud https://static.cloudflareinsights.com cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline' https://nagra.matomo.cloud/; style-src 'self' 'unsafe-inline'; worker-src 'self'; base-uri 'self'; frame-ancestors 'self' 3
script-src 'unsafe-inline' self; 3
frame-ancestors 'self' wss://*.zopim.com wss://*.hotjar.com *.api.friendlycaptcha.com *.jobsplice.com  *.eu-api.friendlycaptcha.eu  secure-ds.serving-sys.com *.goldenbees.fr *.botrecruiter.com *.evergage.com *.youtube-nocookie.com  *.evgnet.com  secure.adnxs.com  *.criteo.net *.addthisedge.com *.ads-twitter.com  *.infogram.com *.adnxs.com *.optimalworkshop.com   *.audioboom.com   *.acsbapp.com  acsbap.com *.appcast.io *.bizographics.com *.bootstrapcdn.com *.browser-update.org *.cloudflare.com *.cloudfront.net *.cloudinary.com *.criteo.com *.eggplant.cloud *.fontawesome.com *.google.co.uk *.google.ie *.googleadservices.com *.indeed.com *.ionicframework.com *.jquery.com *.jsdelivr.net *.moatads.com *.npmcdn.com *.plyr.io *.recaptcha.net *.scorecardresearch.com *.serving-sys.com *.sndcdn.com *.unpkg.com *.vimeocdn.com *.ytimg.com *.zencdn.net *.zendesk.com *.hays.ie *.d3fw5vlhllyvee.cloudfront.net vc.hotjar.io *.addthis.com *.outbrain.com *.licdn.com *.doubleclick.net acsbapp.com *.accesstrade.net consent-or.trustarc.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com secure.imaginative-trade7.com  *.yahooapis.com  *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com prefmgr-cookie.truste-svc.net hm.baidu.com  data: 3
default-src *.myidx.cloud 'self' *.lfeeder.com sc.lfeeder.com lftracker.leadfeeder.com liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn *.selective.com *.d41.co tags.srv.stackadapt.com *.imirwin.com px.ads.linkedin.com geo.privacymanager.io cdn.linkedin.oribi.io cdn.cookielaw.org cdn.linkedin.oribi.io api.company-target.com geolocation.onetrust.com adservice.google.com www.clarity.ms stats.g.doubleclick.net bam.nr-data.net *.anura.io script.anura.io ads.anura.io www.google-analytics.com *.hotjar.io *.hotjar.com wss://*.hotjar.com www.youtube.com viz.tools.investis.com edge.api.brightcove.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net www.facebook.com lpcdn.lpsnmedia.net ka-f.fontawesome.com ka-p.fontawesome.com *.d41.co customer.selective.com www.google.com segments.company-target.com; img-src *.myidx.cloud 'self' data: *.lfeeder.com *.leadfeeder.com www.google.co.za l.mbs.zip log.pinterest.com tr.lfeeder.com translate.google.com www.google.com.jm www.google.co.uk https://survey-images.hotjar.com www.google.com.jm content.selective.com www.google.com.pe www.google.com.mx www.googleadservices.com photos.prnewswire.com c212.net mma.prnewswire.com tags.srv.stackadapt.com analytics.imirwin.com http://www.selective.com googleads.g.doubleclick.net liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn www.businesswire.com cts.businesswire.com t.co c.bing.com segments.company-target.com di.rlcdn.com id.rlcdn.com c.clarity.ms px4.ads.linkedin.com p.adsymptotic.com tracking.selective.com www.youtube.com p.adsymptotic.com www.linkedin.com viz.tools.investis.com *.gstatic.com tagmanager.google.com cdn.cookielaw.org www.googletagmanager.com i.ytimg.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com analytics.twitter.com lpcdn.lpsnmedia.net www.rumiview.com customer.selective.com blob:; frame-src *.myidx.cloud 'self' data: tel: www.houzz.com support.google.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net anwebconsole translate.googleapis.com redirect.isolation.zscaler.com login.microsoftonline.com 127.0.0.1 customer.selective.com beuniquelyinsured.selective.com va.shiftstatus.liveperson.net support.google.com va.msghist.liveperson.net va.idp.liveperson.net liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn selective-qa.hclvoltmx.net i.ytimg.com www.youtube.com *.company-target.com view.ceros.com www.facebook.com www.google.com player.vimeo.com otp.tools.investis.com irs.tools.investis.com *.hotjar.com lpcdn.lpsnmedia.net bid.g.doubleclick.net td.doubleclick.net va-s.c.liveperson.net https://www.googletagmanager.com; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net tags.srv.stackadapt.com https://www.googletagmanager.com http://www.google-analytics.com liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn www.youtube.com tagmanager.google.com fonts.googleapis.com ka-f.fontawesome.com viz.tools.investis.com use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; font-src *.myidx.cloud 'self' data: croissant-services-data-public-assets-us-east-2-production.s3.us-east-2.amazonaws.com https://script.hotjar.com images.simplycodes.com tagmanager.google.com viz.tools.investis.com fonts.gstatic.com ka-f.fontawesome.com ka-p.fontawesome.com fonts.googleapis.com  use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.lfeeder.com *.leadfeeder.com sc.lfeeder.com lftracker.leadfeeder.com *.myidx.cloud *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net he70.82omyo.com www.selective.com qvdt3feo.com/events.js tags.srv.stackadapt.com liveassistfor365.com *.bc0a.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn launchpad.privacymanager.io ats-wrapper.privacymanager.io launchpad-wrapper.privacymanager.io static.cloudflareinsights.com *.imirwin.com view.ceros.com static.ads-twitter.com *.d41.co ats.rlcdn.com www.youtube.com www.gstatic.com www.google.com bam.nr-data.net js-agent.newrelic.com tagmanager.google.com www.googleadservices.com *.googleapis.com cdn.jsdelivr.net script.anura.io www.google-analytics.com viz.tools.investis.com *.hotjar.com www.googletagmanager.com s.ytimg.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net tag.simpli.fi i.simpli.fi ajax.googleapis.com snap.licdn.com googleads.g.doubleclick.net lptag.liveperson.net connect.facebook.net assets.adobedtm.com accdn.lpsnmedia.net accdn.lpsnmedia.net va.v.liveperson.net lpcdn.lpsnmedia.net www.rumiview.com otp.tools.investis.com img.en25.com www.clarity.ms analytics.twitter.com cdn.cookielaw.org; connect-src *.myidx.cloud 'self' *.bc0a.com clientstream.launchdarkly.com c.ba.contentsquare.net in.hotjar.com c.ba.contentsquare.net surveystats.hotjar.io https://script.hotjar.com ask.hotjar.io surveystats.hotjar.io segments.company-target.com www.googletagmanager.com region1.google-analytics.com kit.fontawesome.com www.googleadservices.com www.facebook.com wss://va.msg.liveperson.net 38.108.179.5 privacyportal.onetrust.com analytics.imirwin.com ka-p.fontawesome.com www.clarity.ms px.ads.linkedin.com geolocation.onetrust.com cdn.cookielaw.org liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn www.google.com geo.privacymanager.io api.company-target.com www.google-analytics.com hotjar.com content.hotjar.io tags.srv.stackadapt.com ws.hotjar.com vc.hotjar.io wss://ws.hotjar.com metrics.hotjar.io ads.anura.io script.anura.io; worker-src 'self' selective.com blob:; report-uri https://stageselectiveidx2025.report-uri.com/r/d/csp/reportOnly; style-src-elem 'self' 'unsafe-inline' data: p.typekit.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net fonts.googleapis.com www.gstatic.com tags.srv.stackadapt.com; script-src-elem 'self' 'unsafe-inline' data: *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net sc.lfeeder.com www.selective.com *.bc0a.com qvdt3feo.com/events.js tags.srv.stackadapt.com liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn launchpad.privacymanager.io ats-wrapper.privacymanager.io launchpad-wrapper.privacymanager.io static.cloudflareinsights.com *.imirwin.com view.ceros.com static.ads-twitter.com *.d41.co ats.rlcdn.com www.youtube.com www.gstatic.com www.google.com bam.nr-data.net js-agent.newrelic.com tagmanager.google.com www.googleadservices.com *.googleapis.com cdn.jsdelivr.net script.anura.io www.google-analytics.com viz.tools.investis.com *.hotjar.com www.googletagmanager.com s.ytimg.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net tag.simpli.fi i.simpli.fi ajax.googleapis.com snap.licdn.com googleads.g.doubleclick.net lptag.liveperson.net connect.facebook.net assets.adobedtm.com accdn.lpsnmedia.net accdn.lpsnmedia.net va.v.liveperson.net lpcdn.lpsnmedia.net www.rumiview.com otp.tools.investis.com img.en25.com www.clarity.ms analytics.twitter.com cdn.cookielaw.org; child-src blob:; 3
frame-ancestors self *.contorion.net *.storyblok.com 3
frame-ancestors 'self' commander.weatherops.com 3
default-src *.myidx.cloud 'self' blob: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net *.prod.boltdns.net *.cookielaw.org cdn.cookielaw.org *.analytics.google.com cdnjs.cloudflare.com *.google.com *.google-analytics.com *.googletagmanager.com googleapis.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com www.google-analytics.com fonts.googleapis.com fonts.gstatic.com arg.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com stats.g.doubleclick.net vjs.zencdn.net sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com viz.tools.investis.com *.googletagmanager.com *.arceralifesciences.com assets.adobedtm.com; img-src *.myidx.cloud 'self' 'unsafe-inline' blob: * data: www.w3.org manifest.prod.boltdns.net players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com arg.tools.investis.com snap.licdn.com staticcontents.investisdigital.com staticcontents.investis.com code.jquery.com; frame-src *.myidx.cloud 'self' www.googletagmanager.com *.doubleclick.net *.blubrry.com atkinsrealis.com http://www.atkinsrealis.com/ *.atkinsrealis.com ir.connectidfeed.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.flockler.com *.doubleclick.net *.doubleclick.net players.brightcove.net www.google.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com bcove.video cloud.3dissue.com lavalab-montreal.netlify.app *.googletagmanager.com; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticzone.idigitalcontents.com flockler.com *.investisdigital.com *.flockler.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com staticcontents.investisdigital.com staticcontents.investis.com; font-src *.myidx.cloud 'self' 'unsafe-inline' * data: vjs.zencdn.net fonts.googleapis.com fonts.gstatic.com; script-src *.myidx.cloud viz.tools.investis.com 'self' *.doubleclick.net atkinsrealis.cm.invdcloud-is.co.uk 'unsafe-inline' 'unsafe-eval' static.trackedweb.net static.cloudflareinsights.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com preview-experiences.brightcove.net connect.facebook.net staticzone.idigitalcontents.com manifest.prod.boltdns.net blob: *.investisdigital.com *.jquery.com flockler.com *.flockler.com arg.investisdigital.net www.google.com www.gstatic.com maps.google.com maps.googleapis.com googleapis.com *.googleapis.com *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com arg.investis.com arg.tools.investis.com snap.licdn.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com vjs.zencdn.net secure.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com; connect-src *.myidx.cloud 'self' *.highcharts.com assets.adobedtm.com cdnjs.cloudflare.com code.jquery.com *.arceralifesciences.com *.googletagmanager.com viz.tools.investis.com *.doubleclick.net *.linkedin.com region1.google-analytics.com atkinsrealis.cd.invdcloud-is.co.uk staticzone.idigitalcontents.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com r1.trackedweb.net *.hs.llnwd.net *.google.com cdn.linkedin.oribi.io *.analytics.google.com *.google-analytics.com *.google.com *.investisdigital.com *.investis.com *.linkedin.oribi.io arg.tools.investis.com manifest.prod.boltdns.net maps.google.com gallery-metrics.api.brightcove.com flockler.com *.flockler.com privacyportal-de.onetrust.com *.cookielaw.org cdn.cookielaw.org www.googleadservices.com www.google-analytics.com maps.googleapis.com googleapis.com *.googleapis.com players.brightcove.net edge.api.brightcove.com f1.media.brightcove.com stats.g.doubleclick.net secure.brightcove.com f1.cf.brightcove.com *.execute-api.eu-west-1.amazonaws.com manifest.prod.boltdns.net geolocation.onetrust.com *.onetrust.com; base-uri 'self'; form-action 'self'; script-src-elem 'self' *.highcharts.com *.doubleclick.net *.adobedtm.com atkinsrealis.cm.invdcloud-is.co.uk 'unsafe-inline' 'unsafe-eval' static.trackedweb.net sc.lfeeder.com static.cloudflareinsights.com communications.atkinsrealis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com preview-experiences.brightcove.net connect.facebook.net staticzone.idigitalcontents.com manifest.prod.boltdns.net blob: *.investisdigital.com *.jquery.com flockler.com *.flockler.com arg.investisdigital.net www.google.com www.gstatic.com maps.google.com maps.googleapis.com googleapis.com *.googleapis.com *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com arg.investis.com arg.tools.investis.com snap.licdn.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com vjs.zencdn.net secure.brightcove.com f1.cf.brightcove.com 3
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com; 3
frame-ancestors https://flcourts-admin.ccplatform.net https://flcourts-admin.ccstage.net 3
default-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;frame-src 'self' *;font-src 'self' * data:;connect-src 'self' *;child-src 'self' * 3
default-src *; script-src * 'unsafe-inline' blob:; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-ancestors 'self'; connect-src * blob:; report-uri /report-csp-violation 3
default-src https: 'unsafe-inline' 'unsafe-eval' data: wss://ws.hotjar.com https://zn9nu0hwrbff0dgcq-cnhind.siteintercept.qualtrics.com; upgrade-insecure-requests;  frame-ancestors 'self' https://prod103.cnhrents.com; https://prod103.newholland.com; https://prod103.casece.com; https://prod103-ce.newholland.com; https://prod103.caseih.com; https://www.cnhrents.com; https://prodstaging.cnhrents.com; https://prodstaging103-ce.newholland.com; https://prodstaging103.newholland.com; https://prodstaging103.caseih.com; https://prodstaging103.casece.com; 3
frame-ancestors https://*.contentful.com https://www.google.com/ 'self'; 3
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 3
default-src 'none'; object-src 'self'; media-src blob: https://s3.amazonaws.com https://*.genial.ly https://*.aiaibot.com https://*.elsevier.com https://*.zdassets.com https://*.scene7.com https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://*.userway.org https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://*.hirslanden.ch https://*.ibelsa.com https://*.yandex.ru https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com  https://*.doubleclick.net https://*.med-congress.just-medical.com; font-src 'self' data: https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.yandex.ru https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com  https://*.doubleclick.net https://*.elfsightcdn.com https://*.med-congress.just-medical.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://elshbe.mediclinic.co.za https://superspider-dev.azurewebsites.net https://*.data.adobedc.net https://extend.vimeocdn.com https://*.sc.omtrdc.net https://*.2o7.net https://assets.adobedtm.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://portal.k8s.preprod.msio.cloud https://*.aiaibot.com https://analytics.tiktok.com https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.yandex.ru https://*.zdassets.com https://analytics-eu.clickdimensions.com https://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.scene7.com https://*.pinimg.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://play.pod.co https://siteimproveanalytics.com https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://cdn.dotcy.com.cy https://*.crazyegg.com https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com https://*.podcast.co https://*.pod.co https://*.radio.co https://code.jquery.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.clever-click.ch https://*.sli.do https://scatec.io https://soundcloud.com/ https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://*.hirslanden.ch https://www.recaptcha.net https://*.ibelsa.com https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.elfsightcdn.com https://*.doubleclick.net https://analytics.ahrefs.com https://*.med-congress.just-medical.com; connect-src 'self' https://px.ads.linkedin.com/wa https://*.googlesyndication.com https://cdn.linkedin.oribi.io https://adservice.google.com https://analytics.google.com https://*.112.2o7.net https://dpm.demdex.net https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.aiaibot.com https://api.bing.microsoft.com https://analytics.tiktok.com https://*.yandex.ru https://pecontent-health-elsevier-com.s3.amazonaws.com https://*.zdassets.com https://*.elsevier.com https://*.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.pinterest.com https://*.medicosearch.ch https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://stats.g.doubleclick.net https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://er24.info https://*.typeform.com https://*.wistia.com https://*.litix.io https://www.facebook.com https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://*.onetrust.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://ton.twimg.com https://*.clever-click.ch https://scatec.io https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://*.hirslanden.ch https://www.recaptcha.net https://*.ibelsa.com https://*.snapchat.com https://*.ads-twitter.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://analytics.ahrefs.com https://*.doubleclick.net https://*.med-congress.just-medical.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://portal.k8s.preprod.msio.cloud https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://*.crazyegg.com https://ton.twimg.com https://*.userway.org https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.yandex.ru https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://analytics.ahrefs.com https://*.med-congress.just-medical.com; frame-src 'self' https://feed.yellow.camera https://*.pinterest.com https://hirslandenag.demdex.net https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch https://analytics-eu.clickdimensions.com https://*.goreview.co.za https://*.aiaibot.com https://webform.mediclinicsa.co.za https://*.indigo.online https://*.artbutler.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.tourmkr.com https://tourmkr.com https://*.tourextender.ch https://tourextender.ch https://*.podigee.com https://*.podigee-cdn.net https://*.infomaniak.com https://*.business360.ch https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://*.doubleclick.ne https://*.pinimg.com https://*.doubleclick.net https://*.yandex.ru https://play.pod.co https://*.onedoc.ch https://onedoc.ch https://vimeo.com https://*.vimeo.com https://*.brightcove.net https://mixlr.com https://*.mixlr.com https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.mediclinic.co.za https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.google.com https://*.googletagmanager.com https://w.soundcloud.com https://cdn.dotcy.com.cy https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.info https://*.datahouse.ch https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://www.facebook.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://event.hirslanden.ch https://www.recaptcha.net https://*.ibelsa.com https://*.mediclinic.ae https://*.google.com https://*.elfsightcdn.com https://*.doubleclick.net https://*.med-congress.just-medical.com https://ucrm-app-p.eu.hcnet.biz https://demo.emarsys.net https://*.ucrm-app-p.eu.hcnet.biz https://analytics.ahrefs.com https://*.hirslanden.ch https://*.demo.emarsys.net; child-src 'self' blob: https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://ton.twimg.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://event.hirslanden.ch https://*.ibelsa.com https://*.yandex.ru https://*.snapchat.com https://*.ads-twitter.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://analytics.ahrefs.com https://*.med-congress.just-medical.com; frame-ancestors 'self' https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://event.hirslanden.ch https://*.ibelsa.com https://*.yandex.ru https://*.snapchat.com https://*.ads-twitter.com https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://analytics.ahrefs.com https://*.mediclinic.ae https://*.hirslanden.ospanel.services; 3
frame-ancestors 'self' https://m.v12finance.com/ https://sapc.thewosgroup.com; 3
child-src 'self' blob: *.somfy.fr lcx-widgets-eu.bambuser.com gum.criteo.com analytics.tiktok.com *.pinterest.com tr.snapchat.com sc-static.net static.ads-twitter.com https://*.tagcommander.com *.tagcommander.com optimize.google.com gateway.euronext.com forms.logiforms.com https://*.iadvize.com *.iadvize.com *.trustedshops.com aax-eu.amazon-adsystem.com *.trustcommander.net *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com boutique.somfy.fr www.youtube.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at https://soundcloud.com https://www.youtube.com https://www.lespetitespierres.org *.rlets.com https://giphy.com https://www.franceinter.fr *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com www.123formbuilder.com https://c.imedia.cz player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net www.ausschreiben.de cdn.thinglink.me *.thinglink.com form.123formbuilder.com https://form.123formbuilder.com https://px.ads.linkedin.com *.px.ads.linkedin.com https://www.linkedin.com *.linkedin.com https://d6tizftlrpuof.cloudfront.net player.teester.com landings.somfy.co.il my.matterport.com *.myfeelback.com *.kameleoon.com *.kameleoon.eu https://somfyicebucket.com actorssl-5637.kxcdn.com *.smart-tribune.com cdnjs.cloudflare.com polyfill.io secure.livechatinc.com *.test.somfy.com *.ppr.somfy.com *.usabilla.com; frame-ancestors 'self' https://*.somfy.com https://*.batchgeo.com 3
frame-ancestors 'self' https://www.rhonefm.ch; 3
connect-src 'self' https: wss:; default-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' blob:; script-src https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 3
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.lcmchealth.org 3
default-src https://*.experimentation.dev *.kameleoon.com *.kameleoon.eu *.kameleoon.io dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com s096l072-hc-mwf-prd.app.intra bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src *.kameleoon.eu *.kameleoon.com *.experimentation.dev *.google-analytics.com *.googletagmanager.com s096l072-hc-mwf-prd.app.intra bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src *.experimentation.dev *.kameleoon.io *.kameleoon.eu *.kameleoon.com *.googletagmanager.com bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com *.google-analytics.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src *.experimentation.dev *.kameleoon.io *.kameleoon.eu *.kameleoon.com www.facebook.com facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' https: *.google.com wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 3
default-src 'self' *.google.com *.addthis.com *.brazenconnect.com *.youtube.com *.vimeo.com *.dvidshub.net *.military.com *.cloudfront.net; img-src 'self' data: *.mapbox.com *.sharethis.com *.bing.com *.clarity.com *.clarity.ms *.linkedin.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.storeimaging.com *.ytimg.com *.vimeocdn.com *.click2apply.net *.staticflickr.com *.cloudfront.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.mapbox.com *.jsdelivr.net *.googleapis.com *.fonts.net *.cloudfront.net *.brazenconnect.com; font-src 'self' *.jsdelivr.net *.gstatic.com *.fonts.net; script-src-elem 'self' 'unsafe-inline' *.mapbox.com *.sharethis.com *.clarity.com *.clarity.ms *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.licdn.com *.brazenconnect.com *.addthis.com *.moatads.com *.addthisedge.com *.military.com *.cloudfront.net *.vimeo.com; connect-src 'self' *.mapbox.com *.sharethis.com *.clarity.com *.clarity.ms *.googleapis.com *.google-analytics.com *.addthis.com *.brazenconnect.com *.linkedin.com *.linkedin.oribi.io *.luckyorange.com *.luckyorange.net wss://*.live *.doubleclick.net; form-action 'self' *.gdmissionsystems.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 3
frame-ancestors 'self' *.ourbit.com *.ourbit.io *.seebestfirst.com *.seebestsecond.com 3
frame-ancestors 'self' https://cdn-pre.tngdigital.com.my https://cdn.tngdigital.com.my; object-src 'none'; upgrade-insecure-requests; script-src 'self' rum.hlx.page assets.adobedtm.com *.googletagmanager.com *.google-analytics.com analytics.tiktok.com *.adsrvr.org tags.crwdcntrl.net connect.facebook.net *.doubleclick.net *.google.com *.innity.net *.outbrain.com *.hotjar.com *.onetrust.com *.line-scdn.net *.demdex.net *.omtrdc.net *.cimb.com.sg *.quantserve.com *.quantcount.com *.brand-display.com *.fontawesome.com *.pand.ai *.mookie1.com *.cimbclicks.com.my *.bbci.co.uk *.oracleinfinity.io *.oracle.com *.gstatic.com *.licdn.com *.recaptcha.net *.adobe.com *.cloudfront.net *.youtube.com *.googleusercontent.com *.youtube-nocookie.com *.azureedge.net *.blob.core.windows.net 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.google.com https://recaptcha.net https://www.recaptcha.net *.doubleclick.net *.brand-display.com *.googletagmanager.com *.adsrvr.org *.demdex.net *.forksurge.com *.crwdcntrl.net *.cloudfront.net youtube-nocookie.com *.youtube-nocookie.com https://*.fls.doubleclick.net players.brightcove.net *.youtube.com irs.tools.investis.com *.googleusercontent.com *.azureedge.net; 3
frame-ancestors https://ads.tiktok.com 3
default-src 'self' * data:; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; style-src  'self' 'unsafe-inline' * 3
default-src https: wss: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; font-src https: 'self' data:; frame-src https: mailto:;frame-ancestors 'self'; 3
default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://www.googletagmanager.com https://addsearch.com https://*.addsearch.com https://*.searchcdn.com https://d20vwa69zln1wj.cloudfront.net https://www.google-analytics.com https://www.googleanalytics.com https://*.outbrain.com https://snap.licdn.com https://assets.apollo.io https://www.redditstatic.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://analytics.tiktok.com https://connect.facebook.net https://j.6sc.co https://amplify.outbrain.com https://tr.outbrain.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hubspot.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://s8.searchcdn.com https://grid.is https://edge.fullstory.com https://www.comeet.co https://player.vimeo.com https://www.youtube.com https://apollo.io https://cdn.ampproject.org https://bugcrowd.com https://assets.bugcrowdusercontent.com https://www.google.com https://optimize.google.com https://www.googleoptimize.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://js.hscta.net https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://cta-service-cms2.hubspot.com https://tagmanager.google.com https://www.gstatic.com https://bat.bing.com https://*.omappapi.com https://widget.manychat.com https://app.calculatorstudio.co https://cdn.userway.org https://static.oktopost.com https://okt.rapyd.net https://www.clarity.ms https://scripts.clarity.ms; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.addsearch.com https://*.searchcdn.com https://*.cloudfront.net https://optimize.google.com https://www.comeet.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleoptimize.com https://*.omappapi.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.userway.org; img-src 'self' https: data: blob:; connect-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://aplo-evnt.com https://api.ipstack.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://analytics.google.com https://www.google-analytics.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://ipv6.6sc.co https://analytics.tiktok.com https://dashboard.rapyd.net https://api.hubapi.com https://*.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.linkedin.oribi.io https://c.6sc.co https://edge.fullstory.com https://rs.fullstory.com https://secure.adnxs.com https://*.visualwebsiteoptimizer.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.omappapi.com https://app.vwo.com https://api.userway.org https://cdn.userway.org https://*.api.userway.org https://o.clarity.ms; font-src 'self' data: https://fonts.gstatic.com https://cdn.userway.org; frame-ancestors 'self' https://www.google.com https://grid.is https://www.rapyd.is; frame-src https://www.rapyd.net https://*.outbrain.com https://td.doubleclick.net https://aax-eu.amazon-adsystem.com https://www.facebook.com https://optimize.google.com https://www.google.com https://forms.hsforms.com https://grid.is https://www.rapyd.is https://www.comeet.co https://player.vimeo.com https://bugcrowd.com https://www.googleoptimize.com https://www.youtube.com https://apollo.io https://s-eu1.hscta.net https://no-cache.hubspot.com https://*.hs-sites-eu1.com https://*.hs-sites.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.googletagmanager.com https://app.calculatorstudio.co https://cdn.userway.org 3
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.bing.com https://*.clarity.ms https://*.wistia.com https://*.wistia.net; script-src-elem 'report-sample' 'unsafe-inline' blob: https://*.hotjar.com maps.googleapis.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/js/63/1b/places.js https://cdn.leandata.com/js-snippet/ld-book-v2.js https://cdn1.leandata.com/js-snippet/ld-book-popup.js https://maps.googleapis.com/maps-api-v3/api/js/63/1b/main.js https://*.clarity.ms https://*.bing.com https://elfsightcdn.com/platform.js https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 https://static.cloudflareinsights.com/* https://*.rib-software.com https://*.rib-software.com/* https://cdn.livechatinc.com/tracking.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://api.livechatinc.com/ https://connect.facebook.net/ https://www.facebook.com/ https://region1.google-analytics.com/ https://www.youtube.com/ https://ajax.cloudflare.com/ https://api.ipify.org/ https://ipapi.co https://ipapi.co/json/ https://privacy-proxy.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://uct.service.usercentrics/* https://app.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://region1.analytics.google.com/ https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/ https://static.elfsight.com/platform/platform.js https://universe-static.elfsightcdn.com/ https://tr.capterra.com/static/wp.js https://www.google.com/ccm/collect https://px.ads.linkedin.com/collect https://*.bing.com https://tr.capterra.com/static/vcvr.js https://api.ipapi.com https://*.oktopost.com https://okt.to https://techweb-staging.rib-international.com; connect-src 'self' https://www.google.com/pagead/form-data/971683776 google.com maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://*.clarity.ms https://www.facebook.com https://connect.facebook.net https://*.wistia.com https://*.wistia.net https://tr.capterra.com/static/sp.js.map https://techweb-staging.rib-international.com https://aggregator.service.usercentrics.eu https://px.ads.linkedin.com https://region1.google-analytics.com https://region1.analytics.google.com https://core.service.elfsight.com https://elfsightcdn.com/platform.js https://ipapi.co/* https://api.ipify.org https://graphql.usercentrics.eu/graphql https://privacy-proxy.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://uct.service.usercentrics.eu https://privacy-proxy-server.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://cdnjs.cloudflare.com https://googletagmanager.com https://tagmanager.google.com https://www.google.com/ccm/collect https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://api.usercentrics.eu https://stats.g.doubleclick.net https://analytics.google.com https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com https://tr.capterra.com/events/ https://app.leandata.com/routeFromFormInput https://app.leandata.com/* https://api.ipapi.com https://ipapi.co/latlong/  https://ipapi.co https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io; style-src 'self' 'report-sample' 'unsafe-inline' https://fast.wistia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' data: https://*.hotjar.com https://*.wistia.com https://go.rib-software.com/* https://*.rib-software.com/ https://*.rib-software.com/* https://fonts.gstatic.com https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js https://cdn1.leandata.com/OpenSans-Light.ttf https://cdn1.leandata.com/OpenSans-Regular.ttf https://cdn1.leandata.com/OpenSans-SemiBold.ttf https://cdn1.leandata.com/OpenSans-Bold.ttf; frame-src 'self' data: https://rib-software.my.leandata.com/ https://go.rib-software.com/* https://*.rib-software.com/ https://*.rib-software.com/* https://fast.wistia.com https://fast.wistia.net https://www.meinauftrag.rib.de/ https://www.rib-software.com/* https://go.pardot.com/* https://go.pardot.com/ https://go.esam.ncee.rib-software.com/* https://go.esam.ncee.rib-software.com/ https://api.ipify.org/ https://secure.livechatinc.com/ https://td.doubleclick.net/ https://www.byggeweb.dk/ https://app.usercentrics.eu/ https://posimyththemes.com/ https://region1.analytics.google.com/ https://go.rib-software.com/ https://tragwerksplanung.rib-software.com/ https://www.rib-tragwerksplanung.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com https://wistia.com https://wistia.net https://www.youtube.com https://www.googletagmanager.com/ https://www.google.com/ccm/collect https://px.ads.linkedin.com/collect; frame-ancestors 'self' https://go.rib-software.com/* https://*.rib-software.com/*; img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com https://*.clarity.ms https://*.bing.com https://*.wistia.com https://*.wistia.net https://www.facebook.com/ https://connect.facebook.net/ https://analytics.google.com/ https://i.ytimg.com/ https://px4.ads.linkedin.com/ https://www.google.de/ads/ga-audiences https://region1.analytics.google.com/ https://uct.service.usercentrics.eu/ https://www.google.co.in/ads/ga-audiences https://app.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://googleads.g.doubleclick.net/ https://i.vimeocdn.com/ https://www.linkedin.com/ https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/flag-icons/6.6.6/flags/4x3/in.svg https://brand-assets.capterra.com/badge/aaa52fe9-1c4f-40ab-b128-68d9d56b4881.svg https://brand-assets.capterra.com https://rib-software.com/app/uploads/2022/10/success.png https://cdn1.leandata.com/images/form-submit-confirmation.svg; manifest-src 'self'; media-src 'self' https://*.wistia.com https://*.wistia.net; worker-src 'self' ; child-src https://www.youtube.com/ https://app.usercentrics.eu/ https://wistia.com https://wistia.net; report-uri https://65f14453bc57ae1120bf6fd9.endpoint.csper.io/?v=1; 3
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dom101.mapres *.dom101.intres *.dom101.prdres hcaptcha.com *.hcaptcha.com *.tiqcdn.com my.tealiumiq.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.youtube.com youtube.com *.ausha.co *.2o7.net *.omtrdc.net; connect-src *.dom101.mapres *.dom101.intres *.dom101.prdres 'self' hcaptcha.com *.hcaptcha.com *.tealiumiq.com *.2o7.net *.omtrdc.net; img-src data: 'self' hcaptcha.com *.hcaptcha.com *.gravatar.com *.2o7.net *.omtrdc.net *.googleapis.com *.groupebpce.fr *.intrabpce.fr; style-src 'self' hcaptcha.com *.hcaptcha.com 'unsafe-inline'; font-src data: 'self'; frame-ancestors *.dom101.mapres *.dom101.intres *.dom101.prdres 'self'; frame-src https: *; script-src-attr 'unsafe-inline'; worker-src *.bluecoat.com; report-uri https://www.csp.bpce.fr/v1/record?id=SIUAS; media-src 'self'; 3
script-src 'unsafe-eval' 'unsafe-inline' 'self' global.oktacdn.com            static.cloud.coveo.com *.getsitecontrol.com *.clarity.ms *.bing.com siteintercept.qualtrics.com zn1xi1bzr9ed0u8xc-enbridgegas.siteintercept.qualtrics.com www.googletagmanager.com www.google.com kendo.cdn.telerik.com enerline.enbridgegas.com       oc-cdn-public.azureedge.net p.typekit.net          github.com fonts.googleapis.com op3static.oktacdn.com www.gstatic.com google.com/recaptcha        cdn.jsdelivr.net use.typekit.net homerenorebateapi.parachutesoftware.com homerenovationsavings.ca enbridgegas.com          app.usercentrics.eu cdnjs.cloudflare.com code.jquery.com www.w3.org ajax.googleapis.com              datatables.net snap.licdn.com googleads.g.doubleclick.net connect.facebook.net                  player.vimeo.com www.savewithgas.com ws1.postescanada-canadapost.ca                  az416426.vo.msecnd.net tcservices.uniongas.com enbridgegas.ca1.qualtrics.com web.cmp.usercentrics.eu js.monitor.azure.com;            style-src 'unsafe-eval' 'unsafe-inline' 'self' global.oktacdn.com                static.cloud.coveo.com *.getsitecontrol.com siteintercept.qualtrics.com zn1xi1bzr9ed0u8xc-enbridgegas.siteintercept.qualtrics.com www.googletagmanager.com www.google.com kendo.cdn.telerik.com                  github.com fonts.googleapis.com op3static.oktacdn.com www.gstatic.com                                         google.com/recaptcha app.usercentrics.eu cdnjs.cloudflare.com tcservices.uniongas.com enerline.enbridgegas.co oc-cdn-public.azureedge.net cdn.jsdelivr.net use.typekit.net homerenorebateapi.parachutesoftware.com homerenovationsavings.ca enbridgegas.com p.typekit.net             ws1.postescanada-canadapost.ca www.w3.org getbootstrap.com enbridgegas.ca1.qualtrics.com; 3
default-src 'self' mittwald.de *.mittwald.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net pixel.byspotify.com assets.calendly.com *.youtube.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net www.redditstatic.com *.signalize.com *.etracker.com *.etracker.de *.hotjar.com pretix.eu *.ads.linkedin.com snap.licdn.com *.googletagmanager.com *.adform.net mittwald.de *.mittwald.de; style-src 'self' 'unsafe-inline' *.etracker.com assets.calendly.com *.hotjar.com pretix.eu; img-src 'self' data: www.etracker.de assets.calendly.com userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com alb.reddit.com *.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.adform.net px.ads.linkedin.com mittwald.de *.mittwald.de; font-src 'self' data: assets.calendly.com assets.calendly.com userlike-cdn-umm.b-cdn.net fonts.gstatic.com *.hotjar.com mittwald.de *.mittwald.de; connect-src 'self' pixels.spotify.com wss://umd.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com www.redditstatic.com *.signalize.com *.etracker.de *.etracker.com *.hotjar.com *.hotjar.io wss://*.hotjar.com pretix.eu px.ads.linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.adform.net pixel-config.reddit.com mittwald.de *.mittwald.de blob:; media-src 'self' userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com mittwald.de *.mittwald.de blob:; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net mittwald.de *.mittwald.de blob:; frame-src 'self' td.doubleclick.net googletagmanager.com *.googletagmanager.com calendly.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net *.youtube.com www.youtube-nocookie.com player.vimeo.com *.adform.net pretix.eu mittwald.de *.mittwald.de; frame-ancestors 'self' https://*.etracker.com; 3
child-src 'self'; connect-src 'self' https://*.analytics.google.com https://*.aptrinsic.com/ https://*.cookiereports.com https://*.data-crypt.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.linkedin.com https://*.monitor.azure.com https://*.mottmac.com https://*.optimizely.com https://*.qualtrics.com https://*.shorthand.com https://*.unsplash.com https://d1igp3oop3iho5.cloudfront.net https://dc.services.visualstudio.com https://siteintercept.qualtrics.com https://zn2qs6vrp6mppl1rp-mottmac.siteintercept.qualtrics.com/; font-src 'self' https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.typekit.net/; frame-src 'self' https://*.blubrry.com https://*.doubleclick.net https://*.idio.episerver.net https://*.optimizely.com https://*.qualtrics.com https://*.shorthand.com https://*.spotify.com/ https://*.sproutsocial.com https://*.youtube-nocookie.com https://*.youtube.com https://calendly.com/ https://flo.uri.sh/ https://mmal01mstr91jlbprep.dxcloud.episerver.net/ https://player.vimeo.com https://public.flourish.studio/ https://www.podbean.com/; img-src 'self' data: https://*.analytics.google.com https://*.cloudfront.net https://*.google-analytics.com https://*.google.co.uk https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.idio.episerver.net https://*.lfeeder.com https://*.linkedin.com https://*.mottmac.com https://*.optimizely.com https://*.qualtrics.com https://*.shorthandstories.com https://*.siteimproveanalytics.io https://*.ytimg.com https://maps.gstatic.com https://optimizely-public-design-assets.s3.amazonaws.com https://siteintercept.qualtrics.com; manifest-src 'self'; media-src 'self' https://*.idio.episerver.net https://*.mottmac.com https://*.optimizely.com https://*.shorthandstories.com; script-src-elem 'self' 'unsafe-inline' https://*.cloudfront.net https://*.cookiereports.com https://*.data-crypt.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.idio.episerver.net https://*.lfeeder.com https://*.optimizely.com https://*.qualtrics.com https://*.shorthand.com https://*.shorthandstories.com https://*.youtube.com https://assets.calendly.com/assets/external/widget.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/dist/feather.min.js https://cdn.jsdelivr.net/npm/feather-icons/dist/feather.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://code.jquery.com/jquery-3.2.1.slim.min.js https://flo.uri.sh/ https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://news.files.bbci.co.uk https://optimizely-cmp-analytics.com/analytics.js https://player.vimeo.com https://public.flourish.studio/ https://siteimproveanalytics.com https://siteintercept.qualtrics.com https://snap.licdn.com https://web-sdk-eu.aptrinsic.com/api/aptrinsic.js https://zn2qs6vrp6mppl1rp-mottmac.siteintercept.qualtrics.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://*.cookiereports.com https://*.googletagmanager.com https://*.idio.episerver.net https://*.qualtrics.com https://cdn.optimizely-cmp-analytics.com https://js.monitor.azure.com https://optimizely-cmp-analytics.com/ https://public.flourish.studio/; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://*.shorthandstories.com https://*.typekit.net/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css https://web-sdk-eu.aptrinsic.com/style.css; style-src 'self' 'unsafe-inline' https://*.googleapis.com; script-src-attr 'unsafe-inline' https://*.idio.episerver.net; worker-src blob:; 3
img-src 'self' data:; 3
default-src https: http: 'unsafe-inline' data: blob: 'unsafe-eval' 3
frame-ancestors 'self'  https://dvag.test.dlstages01.dvag.de https://dvag.dev.dlstages01.dvag.de https://static.test.dlstages01.dvag.de https://static.dev.dlstages01.dvag.de https://static-career.test.dlstages01.dvag.de https://static-career.dev.dlstages01.dvag.de https://berater.finanzanalyse.dvag https://uat.berater.finanzanalyse.dvag https://staging.berater.deutschefin.tech https://vpd.finanzanalyse.dvag https://uat.vpd.finanzanalyse.dvag https://www.finanzanalyse.dvag https://uat.finanzanalyse.dvag https://benutzerkonto.abnahme.dvag https://benutzerkonto.dvag https://catalog.finanzanalyse.dvag https://uat.catalog.finanzanalyse.dvag 3
default-src * data: 'unsafe-inline' blob:; frame-ancestors 'self' https://goflo.nl https://onlinegallery.art https://accept.onlinegallery.art http://onlinegallery-art.rowhel.gooser.nl; img-src * data: blob: 3
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' 3
default-src 'self' data: blob: *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://plausible.io; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src 'self' data: https://*.medium.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.4160.nodely.dev https://plausible.io https://api.emailjs.com; frame-src 'self' https://*.loom.com https://*.youtube.com https://customer-79jhngjtc25rkvy9.cloudflarestream.com; frame-ancestors 'none'; report-to default 3
script-src 'self' blob: *.hcsctest.net *.hcsc.net rum.hlx.page 'sha256-roBKNtTORGqYTZrY132I7LjnRPmJRBYk0vsWsfTJfi8=' 'sha256-Hu+TB+7+tbK6BX5NWGt+0M+Bq+eQTLzu4mfAdMsLwio=' 'sha256-m6IeQPb422Ecu6vAsJ4XwC+Q4Bnlo5vWz/eAbO1BMMY=' 'sha256-SPsZXjscKwSgFBbdcFRAE/GR7YyFgkl7d5tVBREd+pE=' 'sha256-SDHTnkuO02em0DcuwqvF5tDafRm8LYNMnYP+a2QMeyA=' 'sha256-oFLLqxbCZekFnkJfG4JJcqpyCzBF/l8PMUBQFcUbeZ0=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-+YZqnAWTPJ9G7/VImu/8MHnpEzn7upBYnPfVF/yMQp4=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' *.decibelinsight.net *.twitter.com hcsctest.net *.bcbsil.com *.bcbstx.com *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' *.twitter.com hcsc.demdex.net players.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com cdn.decibelinsight.net collection.decibelinsight.net, frame-ancestors 'self', worker-src 'self' blob:, upgrade-insecure-requests 3
default-src 'self' http: https: ws: wss: 'unsafe-inline' 'unsafe-eval' data:; child-src 'self' blob: https:; img-src 'self' blob: data: https:; worker-src 'self' blob: https: 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; object-src 'none'; 3
default-src https: *.hotjar.com *.hotjar.io *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; font-src https: *.hotjar.com *.hotjar.io *.wistia.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: *.hotjar.com *.hotjar.io *.tawk.to cdn.jsdelivr.net tawk.link *.iubenda.com *.wistia.com *.wistia.net data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com *.wistia.com *.wistia.net *.tawk.to cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src https: wss://*.qualified.com *.ws7.qualified.com *.litix.io *.wistia.com *.tawk.to wss://*.tawk.to *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src https: 'self' blob: *.hotjar.com *.hotjar.io *.tawk.to fast.wistia.com fast.wistia.net; style-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com fast.wistia.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; media-src * blob: data: https: *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; 3
default-src 'none'; connect-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; frame-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; script-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/ 'unsafe-inline'; style-src 'unsafe-inline'; 3
frame-ancestors 'self' https://appgate.lookbookhq.com https://appgate.pathfactory.com https://ww3.appgate.com https://appgate.sharepoint.com https://appgate.pathfactory.com https://360fraud.pathfactory.com https://360fraud.lookbookhq.com https://www.360fraud.ai 3
font-src 'self' *.gstatic.com *.cloudflare.com *.sfdcstatic.com *.cstatic.co.za *.lastchance.co.za data:;img-src 'self' *.commercecloud.salesforce.com *.demandware.net *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.lastchance.co.za *.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za googleadservices.com *.googleadservices.com *.gstatic.com *.tiktok.com *.contentsquare.net *.pixlee.com *.pixlee.co *.edgecastcdn.net *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za purecatamphetamine.github.io *.cloudflare.com *.jsdelivr.net *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com data: *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com *.ytimg.com blob:;script-src 'self' 'unsafe-eval' *.googleapis.com *.salesforce.com *.salesforceliveagent.com *.cloudflareinsights.com cloudflareinsights.com *.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com vic-m.co *.vic-m.co mimecastprotect.com *.mimecastprotect.com *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.cloudflare.com *.jsdelivr.net *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com unsafe-inline *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com *.amplitude.com *.lastchance.co.za cnstrc.com *.cnstrc.com;frame-src 'self' *.salesforce.com *.salesforceliveagent.com *.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com googleadservices.com *.googleadservices.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.paypal.com *.paypalobjects.com *.pargo.co.za salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com;frame-ancestors 'self' *.salesforce.com *.salesforceliveagent.com *.force.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com;script-src-elem 'self' 'unsafe-inline' *.force.com *.lightning.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.secure.force.com *.cloudflareinsights.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com googleadservices.com *.googleadservices.com *.facebook.net *.facebook.com *.youtube.com google.com vic-m.co *.vic-m.co mimecastprotect.com *.mimecastprotect.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.cloudflare.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.jsdelivr.net *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com *.amplitude.com *.cnstrc.com cnstrc.com;connect-src 'self' api.cquotient.com *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.lastchance.co.za *.demandware.net *.force.com *.salesforce-sites.com *.secure.force.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com *.amplitude.com cnstrc.com *.cnstrc.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.jsdelivr.net unpkg.com *.unpkg.com *.salesforce.com salesforce-sites.com *.salesforce-sites.com *.turnto.eu *.force.com *.secure.force.com *.googletagmanager.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com;style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.jsdelivr.net unpkg.com *.unpkg.com *.salesforce.com salesforce-sites.com *.turnto.eu *.salesforce-sites.com *.force.com *.secure.force.com *.googletagmanager.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com;media-src 'self' *.amplience.net api.cquotient.com *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.lastchance.co.za *.demandware.net *.force.com development-eu01-capeunion.demandware.net *.salesforce-sites.com *.secure.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.media.amplience.net *.static.amplience.net *.capeunionmart.co.za *.cstatic.co.za *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com *.ytimg.com blob:;worker-src 'self' *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.lastchance.co.za blob:;child-src 'self' blob:;script-src-attr 'self' 'unsafe-inline';upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;object-src 'none' 3
default-src 'self' 'unsafe-inline' data: *.onetrust.com *.datatables.net *.trackingplan.com *.wsasitecore.net *.site.com *.salesforce-scrt.com *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.salesforce-sites.com *.widexpro.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.cookielaw.org *.typekit.net *.azureedge.net *.azurefd.net *.youtube-nocookie.com *.bootstrapcdn.com *.w3.org *.doubleclick.net *.facebook.net *.mouseflow.com *.googlesyndication.com *.gstatic.com *.sleeknote.com *.stackadapt.com *.linkedin.com *.shoeboxonline.com *.nr-data.net *.force.com *.nakanohito.jp gift.echoes.plus blob:; img-src 'self' data: blob: *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.widexpro.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.ytimg.com *.cloudflare.com *.cookielaw.org *.onetrust.com *.azureedge.net *.azurefd.net *.linkedin.com *.w3.org *.googletagmanager.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.facebook.com *.ggpht.com *.ytimg.com *.sleeknote.com *.shoeboxonline.com *.sivantos.com *.auditionsolidarite.org *.nakanohito.jp *.userlocal.jp *.simpli.fi *.doubleclick.net www.googleadservices.com *.convertexperiences.com *.convertexperiments.com gift.echoes.plus; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.clarity.ms *.jquery.com *.datatables.net *.simpli.fi *.site.com *.cookieinformation.com *.rawgit.com *.salesforce-sites.com *.salesforceliveagent.com *.salesforce.com *.jsdelivr.net *.widex.com *.wsa.com *.signia.net *.signia-hearing.com *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.widexpro.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.cookielaw.org *.onetrust.com *.youtube-nocookie.com *.azureedge.net *.azurefd.net *.facebook.net *.doubleclick.net *.googlesyndication.com https://browser-update.org *.w3.org *.youtube.com *.livechatinc.com *.newrelic.com *.nr-data.net *.stackadapt.com *.gstatic.com *.sleeknote.com *.licdn.com *.shoeboxonline.com *.piwik.pro *.google-analytics.com *.mouseflow.com *.force.com *.nakanohito.jp js.adsrvr.org qvdt3feo.com cdn.bttrack.com static.airtable.com *.convertexperiences.com *.convertexperiments.com gift.echoes.plus; frame-src https://embedsocial.com https://sst.coselgi.com/ https://sst.rexton.com/ https://sst.signia-pro.com/ https://wsaud.my.site.com/ https://wsaud--playground.sandbox.my.site.com/ https://insight.adsrvr.org/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://cdn.cookielaw.org https://www.shoeboxonline.com/ https://www.google.com/  https://features.signia-hearing.com/ https://service.force.com/ https://embed.acast.com/ https://www.googletagmanager.com/ https://airtable.com/ https://sst.audioservice.com https://sst.widex.com https://sst.signia.net https://sst.signia-pro.com https://sst.widexpro.com; media-src storage.userlocal.jp *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.widexpro.com *.azureedge.net *.azurefd.net; worker-src blob:; child-src blob: 3
default-src 'self'  *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com ; connect-src 'self' *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com  *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net ; script-src 'self' 'unsafe-inline'   *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com  *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net  ; style-src 'self'  'unsafe-inline'  *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com  *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net *.googleapis.com ; style-src-elem 'self' 'unsafe-inline'  *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com  *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net *.googleapis.com ; font-src 'self' data:  *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com   *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net *.gs.com fonts.gstatic.com  ; img-src 'self' data: *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com  syndicatedsearch.goog *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net *.googleapis.com syndicatedsearch.goog ; child-src 'self' blob:  *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com  syndicatedsearch.goog ; object-src 'none' ; frame-ancestors 'self'  *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com  *.ria.site.gs.com *.advisorsolutions.site.gs.com  *.gstatic.com ; upgrade-insecure-requests; block-all-mixed-content 3
frame-ancestors "none" 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.vimeocdn.com *.youtube-nocookie.com *.usefathom.com plausible.io *.pingdom.net *.slideshare.net *.onetrust.com *.libsyn.com *.crazyegg.com *.polyfill.io *.matomo.cloud *.doubleclick.net *.adtran *.adva.com *.advaoptical.com *.pardot.com *.akamaized.net *.cookielaw.org cdn.matomo.cloud *.vimeo.com *.jquery.com cdn.jsdelivr.net *.jsdelivr.net cdn.sheetjs.com *.google.com widget.trustpilot.com *.cloudflare.com cdn.cloudflare.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.googleadservices.com *.googleoptimize.com googleads.g.doubleclick.net *.cloudfront.net js-agent.newrelic.com *.linkedin.com www.clarity.ms www.tiktok.com lf16-tiktok-web.ttwstatic.com www.googleadservices.com googleads.g.doubleclick.net *.sendinblue.com *.twitter.com *.facebook.net *.twimg.com designbysoap.b-cdn.net blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;  script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googletagmanager.com *.cloudflare.com *.jquery.com *.matomo.cloud cdn.sheetjs.com plausible.io cdn.cookielaw.org *.pingdom.net https://www.google-analytics.com https://pi.pardot.com  https://script.crazyegg.com apis.google.com *.gstatic.com  https://www.google.com https://web.adtran.com https://region1.google-analytics.com; img-src * 'self' data: blob:; frame-ancestors 'self'; object-src 'none' 3
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' 'self' data: https:; report-uri /report-csp-violation 3
default-src * 'self' blob: data: gap:; style-src * 'self' 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * 'self' 'unsafe-inline' blob: data: gap:; connect-src 'self' * 'unsafe-inline' blob: data: gap:; frame-src * 'self' blob: data: gap: 3
default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self' https://storable.my.salesforce.com https://storable.lightning.force.com; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 3
default-src * 'unsafe-inline' 'unsafe-eval' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 3
upgrade-insecure-requests; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 3
default-src 'self'; script-src 'self' https://js.stripe.com 'unsafe-inline'; frame-src 'self' https://js.stripe.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' 3
frame-ancestors 'self' https://*.ageoflearning.com https://*.abcmouse.com; 3
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.wistia.com *.wistia.net http://js.hsforms.net/ https://forms.hsforms.com/ https://js.hs-banner.com https://js.hsleadflows.net *.hubspot.com https://js.hscollectedforms.net cdn.kendostatic.com https://az416426.vo.msecnd.net/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com *.demandbase.com https://rec.smartlook.com https://snap.licdn.com https://www.redditstatic.com https://tracking-cdn.figpii.com *.inspectlet.com https://statics-cdn.figpii.com slideslive.com/embed_presentation.js *.zoominfo.com tags.clickagy.com https://cdnjs.cloudflare.com *.doubleclick.net *.hawksearch.net *.g2crowd.com *.sentry-cdn.com/ *.google.com *.vimeo.com *.hs-scripts.com *.hs-analytics.net *.baidu.com *.bcebos.com https://vi.ml314.com https://pagead2.googlesyndication.com https://wwwstage.siemens.com *.usercentrics.eu assets.adobedtm.com w3.siemens.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.wistia.com https://www.googletagmanager.com *.hawksearch.net *.usercentrics.eu 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.altair.com *.google-analytics.com *.linkedin.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.hsleadflows.net *.hsforms.com *.usercentrics.eu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com *.google.com/ https://px.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com *.hubspot.com *.hsappstatic.net https://alb.reddit.com https://hn.inspectlet.com https://connect.facebook.net https://px.adentifi.com https://rtb.adentifi.com https://cm.g.doubleclick.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.m *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.g2crowd.com *.hawksearch.net *.hawksearch.com *.baidu.com https://aff-im.cdn.bcebos.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.wistia.com https://www.altair.com/include-header-footer/fonts/; frame-src *.hubspot.com *.hsforms.com *.hs-sites.com *.usercentrics.eu *.google.com *.youtube.com https://player.vimeo.com https://mkt.panopticon.altair.com *.facebook.com *.slideslive.com *.wistia.com *.wistia.net hemsync.clickagy.com *.company-target.com https://slideslive.com *.doubleclick.net *.googletagmanager.com *.hsforms.net *.baidu.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com https://api.hubapi.com *.usercentrics.eu https://dc.services.visualstudio.com *.company-target.com https://manager.eu.smartlook.cloud https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://sessions.bugsnag.com *.figpii.com wss://tdw.figpii.com *.inspectlet.com wss://ws.inspectlet.com https://slideslive.com https://web-writer.us.smartlook.cloud https://*.googlesyndication.com cdn.linkedin.oribi.io *.zoominfo.com *.clickagy.com *.demandbase.com *.doubleclick.net *.linkedin.com *.hawksearch.net *.hawksearch.com *.redditstatic.com *.reddit.com *.g2crowd.com *.wistia.net *.g2.com *.google.com https://google.com *.hsforms.com *.baidu.com https://www.facebook.com https://www.googletagmanager.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wistia.net *.wistia.com https://embedwistia-a.akamaihd.net *.baidu.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 3
default-src * 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; connect-src * blob:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 3
frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph; 3
frame-ancestors 'self' https://*.storyblok.com/ 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss://* https://*; 3
frame-ancestors 'self'  https://next.adabra.com/ https://my.adabra.com/ https://app.blendee.com/ 3
frame-ancestors *.netrtl.com 3
frame-ancestors 'self' https://PRD.S4HANA.CORP.TELSTRA.COM 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.wpengine.com www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com google-analytics.com analytics.google.com www.google-analytics.com assets.calendly.com *.calendly.com cdn.jsdelivr.net geoip-js.com consent.cookiebot.com connect.facebook.net www.clickcease.com bat.bing.com j.6sc.co *.hotjar.com snap.licdn.com bot.leadoo.com *.doubleclick.net *.cookiebot.com munchkin.marketo.net js.zi-scripts.com *.clarity.ms ct.capterra.com c.sf-syn.com assets.adoberesources.net documentcloud.adobe.com *.salesloft.com 3
frame-ancestors 'self' https://*.ticombo.ae https://*.ticombo.al https://*.ticombo.ar https://*.ticombo.at https://*.ticombo.be https://*.ticombo.bg https://*.ticombo.ch https://*.ticombo.cn https://*.ticombo.com https://*.ticombo.com.br https://*.ticombo.com.tr https://*.ticombo.cz https://*.ticombo.de https://*.ticombo.dk https://*.ticombo.ee https://*.ticombo.es https://*.ticombo.eu https://*.ticombo.fi https://*.ticombo.fr https://*.ticombo.ge https://*.ticombo.gr https://*.ticombo.hk https://*.ticombo.hr https://*.ticombo.hu https://*.ticombo.ie https://*.ticombo.in https://*.ticombo.is https://*.ticombo.it https://*.ticombo.jp https://*.ticombo.kr https://*.ticombo.lt https://*.ticombo.lv https://*.ticombo.mk https://*.ticombo.mx https://*.ticombo.net https://*.ticombo.nl https://*.ticombo.no https://*.ticombo.pl https://*.ticombo.pt https://*.ticombo.qa https://*.ticombo.ro https://*.ticombo.rs https://*.ticombo.se https://*.ticombo.si https://*.ticombo.sk https://*.ticombo.sr https://*.ticombo.us https://*.ticomboinfo.hk; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazon-adsystem.com amazon-adsystem.com *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.virtualearth.net ssl.ak.dynamic.tiles.virtualearth.net virtualearth.net *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.thunderhead.com cdn.thunderhead.com thunderhead.com cookielaw.org *.netdirector.auto netdirector.auto onetrust.com *.a.run.app *.ads.linkedin.com *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.configureconnect.com *.coreweave.com *.decibel.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jaguarlandroverclassic.com *.jlr-dev.com *.jlr-dev.gorillastreaming.com wss://*.jlr-dev.gorillastreaming.com *.jlr.gorillastreaming.com wss://*.jlr.gorillastreaming.com *.kampyle.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.medallia.eu *.my.salesforce.com *.netdirector.co.uk *.omtrdc.net *.onetrust.com *.pinimg.com *.pinterest.com *.podscribe.com *.psyma.com *.rangerover.com *.sandbox.my.salesforce-scrt.com *.sandbox.my.site.com *.sc-static.net *.scene7.com *.securedvisit.com *.sfmc-content.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.userlike.com *.web.app *.woosmap.com *.yahoo.co.jp wss://a3pm2e78krufa2-ats.iot.us-west-2.amazonaws.com https://api.jlr-ddc.com https://api.pre-prod.jlr-ddc.com api.pureweb.io https://api.staging.jlr-ddc.com https://api.tomtom.com asset.mlpx-engine.com assets.exatom.io b-cdn.net c0.adalyser.com cashoffer.accu-trade.com cdn.cookielaw.org cdn.jsdelivr.net collector-37690.tvsquared.com config.landrover.com cookie-cdn.cookiepro.com d34r8q7sht0t9k.cloudfront.net decibel.com global.stun.twilio.com gtm-loadtest.mobify-storefront.com gtm-production.mobify-storefront.com gtm-uat.mobify-storefront.com jlr-360--naptdev1.sandbox.lightning.force.com jlr-360--prepgold.sandbox.lightning.force.com jlr-360.lightning.force.com jlr-360.my.salesforce-scrt.com jlr-360.my.site.com landroverusa.com ldti.syndication.kbb.com leasinglandrover.de lighthouse.edoinc.com wss://lo.msg.liveperson.net loadtest.reserve.landrover.com wss://o5fowqu27k.execute-api.us-west-2.amazonaws.com perseus-consumer-qa.rhcapl.com pixel.tapad.com psyma.com https://services.postcodeanywhere.co.uk snippet.maze.co sophus3.com syndication.kbb.com uat.reserve.landrover.com wss://umd.userlike.com userlike.com web.app www.jnaevents.com www.leasinglandrover.de https://www.rsvpdefender.com wss://xbejkea53vcrjoora2bwxpvfha.appsync-realtime-api.us-west-2.amazonaws.com pinimg.com pinterest.com podscribe.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.unpkg.com unpkg.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com *.connect.agency rum.hlx.page; 3
frame-ancestors https://tools.univer.se 3
frame-ancestors 'self' https://wood.showpad.biz https://www.wood.showpad.biz https://www.wood.showpad.com https://wood.showpad.com; 3
default-src 'self';     script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;     style-src 'self' 'unsafe-inline' https:;     img-src 'self' data: https:;     media-src 'self' https:;     font-src 'self' data: https:;     connect-src 'self' https:;     frame-src 'self' https:;     object-src 'none';     base-uri 'self';     form-action 'self';     frame-ancestors 'none'; 3
default-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' data: https: service-content.lumion.com services.lumion3d.net lumion.com s.ytimg.com www.youtube.com www.youtube-nocookie.com kit.fontawesome.com kit-free.fontaw.com ajax.googleapis.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com t.co ipapi.co www.google-analytics.com www.googleadservices.com connect.facebook.net static.ads-twitter.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io www.google.com www.facebook.com fonts.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com https://*.sheerid.com platform.twitter.com; frame-ancestors 'self' https://*.storyblok.com/; frame-src https://calendly.com/ https://www.googletagmanager.com/ https://meetings-eu1.hubspot.com/ https://app-eu1.hubspot.com/ https://portal.productboard.com https://*.hsforms.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://11264468.fls.doubleclick.net/ https://td.doubleclick.net/ download.lumion.com https://*.sheerid.com view.mylumion.com www.youtube.com www.youtube-nocookie.com platform.twitter.com vars.hotjar.com www.facebook.com syndication.twitter.com player.vimeo.com; object-src 'none'; 3
frame-ancestors 'self' https://extrawatch.com https://app.extrawatch.com; upgrade-insecure-requests; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.hellweg.digital  *.chatvisor.com *.clic2buy.com *.dynamicyield.com *.ecn-ldr.de *.econda-monitor.de *.facebook.net *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hellweg.test hibitaro.de *.hibitaro.de *.idealo-partner.com *.jsdelivr.net *.loadbee.com *.payments-amazon.com *.paypal.com *.pay1.de *.searchhub.io *.tp-de.net *.trustedshops.com *.usercentrics.eu;                 frame-src *.econda-monitor.de *.google.com *.googletagmanager.com *.hellweg.test hibitaro.de *.hibitaro.de *.idealo-partner.com *.loadbee.com *.paypal.com secure.pay1.de *.tp-de.net *.usercentrics.eu *.youtube.com *.youtube-nocookie.com; 3
default-src 'self' https: https://*.wistia.com https://*.wistia.net; font-src 'self' https: data: https://*.wistia.com; img-src 'self' http: https: data: blob: https://*.wistia.com https://*.wistia.net; object-src 'none'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval' blob: https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.sentry-cdn.com/; style-src 'self' http: https: 'unsafe-inline' blob: https://fast.wistia.com; connect-src 'self' http: https: blob: ws: wss: https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net; worker-src 'self' https: blob:; media-src 'self' https: blob: https://*.wistia.com https://*.wistia.net; child-src 'self' blob:; frame-src 'self' https: blob: https://fast.wistia.com https://fast.wistia.net 3
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 3
default-src 'self'; frame-ancestors 'self'; form-action 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; upgrade-insecure-requests; 3
default-src 'self' https://*.wistia.com https://*.wistia.net; connect-src * data: https: https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://app.storylane.io; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io https://app.storylane.io data: https:; img-src * 'self' data: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://app.storylane.io; media-src * 'self' data: blob: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://app.storylane.io; style-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://fast.wistia.com https://app.storylane.io;font-src * data: https:; frame-src * data: https: https://fast.wistia.com https://fast.wistia.net https://app.storylane.io; child-src blob:; worker-src 'self' blob:; frame-ancestors 'self' https://*.wistia.com https://*.wistia.net https://src.litix.io https://app.storylane.io; 3
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; 3
default-src * 'unsafe-inline' 'unsafe-eval' data:; 3
frame-ancestors 'self' https://app.contentful.com https://app.eu.contentful.com 3
frame-ancestors https://*.contentstack.com; 3
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.youtube.com feedback.hubapi.com feedback-eu1.hubapi.com *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net static.hsappstatic.net *.hubspot.com *.hscta.net *.hubapi.com *.sentry.io *.wistia.net *.wistia.com browser.sentry-cdn.com cdn.jsdelivr.net fast.wistia.com f.vimeocdn.com *.hsforms.com *.googletagmanager.com js.sentry-cdn.com *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.usemessages.com *.hubspotfeedback.com *.hsadspixel.net *.hs-banner.com *.hsleadflows.net *.hs-scripts.com player.vimeo.com src.litix.io tagmanager.google.com vimeo.com *.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' blob: *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn.jsdelivr.net fast.wistia.com fonts.googleapis.com tagmanager.google.com *.googletagmanager.com; object-src embedwistia-a.akamaihd.net; frame-src 'self' play.hubspotvideo.com play-eu1.hubspotvideo.com *.hubspot.net *.hs-sites.com *.hubspot.com *.vimeo.com *.youtube.com *.wistia.com *.wistia.net *.hsforms.com *.hsforms.net *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.googletagmanager.com; child-src 'self' blob: *.vimeo.com app.hubspot.com *.hsforms.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net vimeo.com *.googletagmanager.com; img-src 'self' data: *.hsforms.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net no-cache.hubspot.com *.hscta.net *.hubspot.com *.hsforms.com *.vimeocdn.com *.vimeo.com *.wistia.com *.wistia.net *.hubspot.net cdn.jsdelivr.net embedwistia-a.akamaihd.net fonts.gstatic.com *.googletagmanager.com; font-src 'self' data: *.wistia.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com; connect-src 'self'  hubspot-forms-static-embed.s3.amazonaws.com *.google-analytics.com *.hscta.net *.hubspot.com *.hs-banner.com *.wistia.com *.litix.io *.sentry.io *.hubapi.com cdn.jsdelivr.net embedwistia-a.akamaihd.net *.hscollectedforms.net fonts.gstatic.com fonts.googleapis.com *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hubspotfeedback.com *.hsleadflows.net *.usemessages.com sentry.io vimeo.com *.googletagmanager.com; manifest-src 'self'; form-action 'self' forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.vimeo.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net vimeo.com; worker-src 'self' blob:; 3
default-src 'self' https://share.transistor.fm https://service.force.com https://sketchfab.com https://play.vidyard.com https://static.elekta.com; frame-ancestors 'self'; font-src 'self' data:; img-src 'self' https://stats.elekta.com https://play.vidyard.com https://cdn.vidyard.com https://api.mapbox.com https://*.googletagmanager.com https://*.ads.linkedin.com; script-src 'self' 'unsafe-eval' https://stats.elekta.com https://cdn.pardot.com https://pi.pardot.com https://success.elekta.com https://play.vidyard.com https://*.googletagmanager.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://service.force.com https://community.elekta.com; connect-src 'self' https://community.elekta.com https://api.mapbox.com https://success.elekta.com https://stats.elekta.com https://*.algolianet.com https://*.algolia.net https://play.vidyard.com https://ir.elekta.com/latest-news/ https://ko5zn8xqvb.execute-api.eu-central-1.amazonaws.com/Prod/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.ads.linkedin.com 3
frame-ancestors 'self' app.contentful.com;  upgrade-insecure-requests 3
frame-src https://challenges.cloudflare.com https://www.googletagmanager.com https://privacyassure.force.com https://sbx-privacyassure.cs219.force.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com  https://forms.hsforms.com https://www.youtube.com https://ustglobalinc.jifflenow.com https://js.hsforms.net https://view.ceros.com https://player.vimeo.com https://download-video.akamaized.net https://app.hubspot.com https://vars.hotjar.com https://ustglobal.demdex.net https://app.hubspot.com https://13505543.fls.doubleclick.net https://s.company-target.com https://td.doubleclick.net  https://form.typeform.com https://resources.digital-cloud-west.medallia.com https://ust-gen.eu.ada.support; frame-ancestors 'self' 3
default-src 'self'; connect-src * data: 'unsafe-inline'; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src 'self' blob:; child-src blob:; 3
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; child-src * 'self'; frame-src * 'self'; frame-ancestors * 'self'; form-action * 'self' 3
style-src 'report-sample' 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://embed.typeform.com/ https://cdn.honey.io/ https://mozbar.moz.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css https://cdn.jsdelivr.net/npm/toastify-js/src/toastify.min.css https://cdn.jsdelivr.net/npm/instantsearch.css@7.3.1/themes/reset-min.css https://fonts.googleapis.com https://hsiassetstorage.sfo2.digitaloceanspaces.com;  object-src 'none';  base-uri 'self';  font-src 'self' data: https://fonts.googleapis.com https://hsiassetstorage.sfo2.digitaloceanspaces.com https://fonts.gstatic.com;  frame-src 'self' https://hsiassetstorage.sfo2.digitaloceanspaces.com/ https://*.healthsafetyinstitute.com/ https://form.typeform.com/ https://js.hsforms.net/ https://roicalculator.sandbox.hsiplatform.com/ https://www.g2.com/ https://hsi.storylane.io/ https://js.storylane.io/ https://cmp.osano.com/ https://cdn.osano.com/ https://*.osano.com/ https://view.ceros.com/ https://webcasts.td.org/ https://hsi.hs-sites.com/ https://widgets.boast.io/ https://s.pointerpro.com/ https://block.opendns.com/ *.opendns.com https://cn1759620867-8-7vnsr40081.ibosscloud.com/ https://bpb.opendns.com/ https://a46b2ba213084fe2909a2975f59efe90.pages.ubembed.com/ https://www.classmarker.com/ https://univ.sosintl.com/ https://www.osmanager4.com/ https://forms.hsforms.com/ https://otis.osmanager4.com/ https://app.hubspot.com/ https://www.facebook.com/ https://td.doubleclick.net https://vimeo.com/ https://www.googletagmanager.com https://player.vimeo.com https://swiftcdn6.global.ssl.fastly.net;  img-src 'self' data: https: https://hsiassetstorage.sfo2.digitaloceanspaces.com/;  manifest-src 'self';  report-uri https://6672f92ed528e3ceb6b0d39f.endpoint.csper.io/?v=0;  frame-ancestors 'self' https://hsiassetstorage.sfo2.digitaloceanspaces.com/ https://vimeo.com https://googletagmanager.com https://fastly.net https://webcasts.td.org;  worker-src 'self' blob:; 3
frame-ancestors https://wpp-wdcee.wirecard.com 3
base-uri 'self'; script-src 'report-sample' 'unsafe-eval' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-8hfDTWqu8k9HvHzrkzt+xhtPpKaUxiTKKafbnLtHZCs=' 'sha256-SMUeP6E2pMrxXZ8/eWo6OvoLUN6jMLYb5qEUgHaaDrA=' 'sha256-EUBEF5WvTGqk0hm+1BG7zR6I+6+DGb6OOh8cyLSJhBk=' 'sha256-EVfbJoCaYvQGy63aF4IaFkCgygoCP13tlf39WBoqnmQ=' 'sha256-XnNQECY9o+nIv2Qgcd1A39YarwxTm10rhdzegH/JBxY=' 'sha256-0XMgg4rqcxPYJ6gk7kILQRAbBe9xK3+Ik6iWqGJcYWg=' 'sha256-g8iVyamDwt3OeOKt7rpBJ01H71OFT38TNW31YoDqtg4=' 'sha256-L0DnDaq26Adb1CiOJaNeUyPd9e4qJm+x6Ywtoa+S3+4=' 'sha256-U7KwF5KvWsJaK9Am2TfiRzMq4/MU6CWFj0mfRqtZkfA=' 'sha256-910MBH4o0XYmt2KdyUfPUnjODdvSFGgoCIXR7njrfSw=' 'sha256-nwrPrPUzetXBOU2PA9lEiV0YlyEa2u1K1E9PzmP4iY8=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-/bm28XTHBk/2+8w4OK5Z3PKsnHRjh6YGqEZrDmAzpxo=' 'sha256-un4Od7TXS3yFrOZTtMAVbkJ1wXe6c2+09LvfoBl4jh4=' 'sha256-fe+DmxUPcLoM27k80UR5jvvr4aLfF0rSHKV5SemJPzg=' 'sha256-qo1RuSBojC8D1TICoE4IFgVurx/k8U1oZK9MRDE/KlE=' 'sha256-mRKioI8+U/Z6IlUernsYX+VQ/+1ZmIz0Exd6vI7EZNY=' 'sha256-hRyOf0WLnTNjcFQ90fQeHumVAWjriqpnqRUaI6h1vj0=' 'sha256-8W8281SYt1k0eR9Y0z66gdPlhw9xO1U+Pwx9xjYYfwo=' 'sha256-q5qXN11uZHDKvdYtrAbOosaCyKbZxuxxNck525tOrsk=' 'sha256-PGwKPKtgIFR7BBaTEzRxRl4FWV1uufjCt5TVa6TI12k=' 'sha256-W0QY3aFcPnZSSetdi5gTeKy2IQMi3eCafbIVKAa20Zg=' 'sha256-aroGK3JMjlNu/zPuSeivrWD3UC/3tMaU+UuxKWdimpM=' 'sha256-ky6kwALluZeYIOUb67vYvNIm+6GYo9ZIpE5+6fUAbiU=' 'sha256-hMbRFabSSL7CIDsoqw8tkSvYtzZ1NeJqQyhGZdSdnxQ=' 'sha256-ceLZobD9Q86jstPOfW76BNTxXlZ7mTw0PF66debOnx4=' 'sha256-X2HVLVOvP9Opbf0ClAql73Fbwflss+KO544zddICf4U=' 'sha256-aZTZsmwqKP8HIwXU9SL0uRZWX9soMifegql0XmccYEw=' 'sha256-1rN3TBB70ehRoaiW/CvP3GHTNFr593iDXloGmle9JiY=' 'sha256-x1FQfFjfHqekbV7feKwmQ6gSdooZVGPGLXw1OK5YdiI=' 'sha256-yri+yF9cdn4VkD2uOCWeqlkqpeFZ/SmhDMhon/fQzEc=' 'sha256-XjcRVp58oyAqZCEyhIdbxI6UjLqnQdmi6PBfRy1+BgA=' 'sha256-Gjk/4NYwu3CbqK8Gj2MWMzyS9v/i8sLwf6xwP/oH5M8=' 'sha256-bQXNx2wNfK+Khvyw++rw7cScVp1Eo8GHhINrXBvF2Kc=' 'sha256-Kqjmds221Sxp42v6MMfVXhclGVC7fCZX4ESjxL3gVLw=' 'sha256-mK2LcNpqkDcXTppsyMqneuE6GEJ5j+7REt0lTsRKUUU=' 'sha256-fCl5PYrISg7MPsnIeZ+T6npnLgyi68m9NcGT5ONA6pI=' 'sha256-H50ABvo0XriiYrFw1nag3drPHQoIE34FfOWFzlCHy3E=' 'sha256-wE+KqdimW+7MWcIE1UdqfODsz8hgcsyd2YuAQ4gVmTY=' 'sha256-MaUq5Wt30Bl8clIlW7/zvNPuKmnZdlAxopQigKrPLso=' 'sha256-I3J1LKXta0FJ/3+aa+dBNCE5dV3fjcG7p7ulnbtcMp0=' 'sha256-zpqVdE6ttrmhTiPbjKj6s39iaE9RMfzNp6aF7UKwtBY=' 'sha256-8kotGhRmEBiesu8MHsrDeRTEpj3SSDokReILPbeA37I=' 'sha256-OyfHFA4tRzHfTynnYncdFb31ISeCD7Am01txqn+O4ys=' 'sha256-DMT61jx96o8Zt4O6NPLDbLFDtyQSPa4zNGgdA8jCqF4=' 'sha256-cdJLDgaTPPJz9rqWbXcX70modqLshn8Wti8X7csGKLs=' 'sha256-Ubpp3UAuqVQ2aqrQydRcFipkEq08tYYEskh9QC1G50Q=' 'sha256-savpz652hUrFSTNoRdzTuvttLoQ8UN1p2KhaqZs4RFo=' 'sha256-d7o/iD0TcPtTf9pAbqA9aa2qsmdqPtbqxI3YMwTtrrA=' 'sha256-vKTtXqBsPdGS4/zx94PM36gvdxCJ/Ax00pQQzPjQipM=' 'sha256-JX/B96MKyLyvkF8KBl3WNnl4E4qTPbCHIVjK18Wsrv4=' 'sha256-dC/jD1PLk3u5eHvMjPSU2sn/MZtS9SvfrUHfM/0ljNg=' 'sha256-2SogunjLOxlI7Wg4N9b3QeLMc6iMRcqBOb+GKaaTRms=' 'sha256-F9WIjqwVFa6OdXSzHYNoMqL8JLBqUXo1Pi7efWcW6Hc=' 'sha256-f43zB0nOsgPWXfe3o5rddAbhDW/vcFrzBSDkk4HjcqI=' 'sha256-X2KwazXyKFvTF732X/K2aV1GfPZfEs0LxZqe2fVEgbQ=' 'sha256-JD3QNZMrcbKEHx/fiFA48Q4qfUSRVJzNY0ddMrIDldw=' 'sha256-a0LCXoGMhTbJbdBhYjYs9SWYUfLEQOK28ScGPz95OGU=' 'sha256-VYS39htFWvCvYYrTQn4ez8xMVDSeicx8R1U9gHHa/L4=' 'sha256-1FUf92d8M0aWiFhHusEbrbvKvdlvOfIDUWvDuHX7azY=' 'sha256-sqW8524g0j12xbmtKsHgQfe51jDLhz9YvpU9qyQxiI4=' 'sha256-ucwtwaqudZNf484xeYY9MAAbU75rmfC+aTIMIPnp/+M=' 'self' www.linkedin.com/autofill/js/autofill.js static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com content.linkedin.com snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com sjs.bizographics.com *.salesforceliveagent.com bcvipva02.rightnowtech.com bcvipac02.rightnowtech.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net cdn.linkedin.oribi.io cdn.tt.omtrdc.net bat.bing.com connect.facebook.net cdn.walkme.com gist.github.com embedr.flickr.com; worker-src 'none'; frame-ancestors 'self' *.linkedin.com experience.adobe.com; frame-src blob: lnkd-communities: voyager: *; connect-src wss: blob: data: *; img-src blob: data: android-webview-video-poster: *; media-src blob: data: *; style-src 'unsafe-inline' *; form-action 'self' *.linkedin.com linkedin.secure.force.com linkedinresearch.qualtrics.com *.salesforceliveagent.com linkedin.my.salesforce-sites.com; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=m 3
Content-Security-Policy: default-src https: 3
default-src 'self' https://*.doubleclick.net https://*.seeburger-news.com https://*.seeburger.com https://forms.office.com https://munchkin.marketo.net https://v.qq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.seeburger-news.com https://*.seeburger.com https://bat.bing.com https://cdn.plyr.io https://ce.lijit.com https://googleads.g.doubleclick.net https://googletagmanager.com https://idx.liadm.com https://munchkin.marketo.net https://secure.curl7bike.com https://secure.leadforensics.com https://snap.licdn.com https://tagmanager.google.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://www.clickcease.com https://www.googletagmanager.com https://www.youtube.com https://tracking-api.g2.com https://tracking-api.production.g2.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.google-analytics.com https://*.linkedin.com https://*.seeburger.com https://fonts.gstatic.com https://googletagmanager.com https://i.ytimg.com https://monitor.clickcease.com https://secure.curl7bike.com https://secure.leadforensics.com https://ssl.gstatic.com https://www.google.com https://www.google.de https://www.googleadservices.com https://www.gstatic.com https://wwwseeburgercom-160c6.kxcdn.com www.googletagmanager.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com forms.office.com https://go.seeburger-news.com https://td.doubleclick.net https://v.qq.com https://www.googletagmanager.com https://www.youtube.com; connect-src 'self' https://*.doubleclick.net https://*.seeburger-news.com https://*.seeburger.com https://forms.office.com https://munchkin.marketo.net https://v.qq.com https://*.google-analytics.com https://*.mktoresp.com https://*.mktoutil.com https://adservice.google.com https://analytics.google.com https://cdn.plyr.io https://googleads.g.doubleclick.net https://idx.liadm.com https://ldynamicspublicapi.leadforensics.com https://monitor.clickcease.com https://noembed.com https://px.ads.linkedin.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com wss://*.seeburger.com https://tracking-api.g2.com https://tracking-api.production.g2.com; font-src 'self' https://*.doubleclick.net https://*.seeburger-news.com https://*.seeburger.com https://forms.office.com https://munchkin.marketo.net https://v.qq.com data: https://fonts.gstatic.com; frame-ancestors 'self' https://*.seeburger.com www.googletagmanager.com; media-src 'self' https://*.doubleclick.net https://*.seeburger-news.com https://*.seeburger.com https://forms.office.com https://munchkin.marketo.net https://v.qq.com *; style-src 'self' https://*.doubleclick.net https://*.seeburger-news.com https://*.seeburger.com https://forms.office.com https://munchkin.marketo.net https://v.qq.com 'unsafe-inline' https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com 'report-sample'; report-uri https://sentry2.in2code.de/api/7/security/?sentry_key=ac5a04f3144e74ea1ccb11c69823ed60 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com wss: ws: https: http: *.microsoft.com login.microsoftonline.com; img-src https: http: data: *.kerio.com; 3
default-src 'self' https: data: blob: 'unsafe-inline' 3
default-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; frame-ancestors * 3
script-src * 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' https://*${toyota_KZ_RU_ROOT} https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 3
default-src 'self' www.google.com www.googletagmanager.com storage.googleapis.com www.youtube.com secure.livechatinc.com *.stripe.com truevalue.fisherprinting.net ezadtv.app.ezai.io td.doubleclick.net; connect-src 'self' *.facebook.com www.googletagmanager.com www.google-analytics.com api.ezai.io analytics.google.com vc.hotjar.io ws.hotjar.com wss://ws.hotjar.com content.hotjar.io truevalue.fisherprinting.net api.polotno.com api.polotno.dev api.livechatinc.com *.google.com; font-src * data:; img-src * data: blob:; media-src blob: storage.googleapis.com www.youtube.com; script-src * connect.facebook.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; 3
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests; 3
default-src 'self' https://*.cobytes.com; base-uri 'self' https://*.cobytes.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.delivery.rocketcdn.me https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://use.typekit.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net https://connect.facebook.net https://googleads.g.doubleclick.net; img-src 'self' data: https://*.delivery.rocketcdn.me https://*.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com https://p.typekit.net https://imgsct.cookiebot.com https://secure.gravatar.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.nl https://www.googleadservices.com; font-src 'self' data: https://*.delivery.rocketcdn.me https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://yoast.com https://www.google.com; form-action 'self' https://*.cobytes.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consentcdn.cookiebot.com https://www.googletagmanager.com https://api.wp-rocket.me https://cobytes.pipedrive.com; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.cobytes.com/api/18/security/?sentry_key=be8d1ecc0a39a743267d314a7fd02311 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.bing.com https://*.amplitude.com https://*.hotjar.com https://*.sentry.io https://*.privacy-center.org https://*.launchdarkly.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com https://*.gstatic.com; img-src * data: blob:; frame-src 'self' https://*.googletagmanager.com; connect-src 'self' https: wss: *.packitos.com; media-src 'self' data:; font-src 'self' data: *.packitos.com https://*.packlink.com https://*.hotjar.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'none'; report-uri https://o90715.ingest.us.sentry.io/api/5675883/security/?sentry_key=a06b36e8665147f8a1ec3e1f84a15483; 3
frame-ancestors 'self' https://web.telegram.org 3
script-src * 'self' 'unsafe-inline' 'unsafe-eval'  3
default-src https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';upgrade-insecure-requests 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net https:; style-src 'self' 'unsafe-inline' *.tawk.to fonts.googleapis.com cdn.jsdelivr.net https:; img-src 'self' data: *.tawk.to cdn.jsdelivr.net tawk.link s3.amazonaws.com https:; connect-src 'self' *.tawk.to wss://*.tawk.to https://*.tawk.help; font-src 'self' data: *.tawk.to fonts.gstatic.com https:; frame-src 'self' *.tawk.to https:; object-src 'self'; base-uri 'self'; form-action 'self' *.tawk.to; frame-ancestors 'self'; upgrade-insecure-requests; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; frame-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; connect-src 'self' https://*.in.bot https://facillgpd.com.br/ https://message-hub.hostinger.com https://www.google-analytics.com https://www.facebook.com https://cdn.socket.io/ https://api.inbot.com.br/; worker-src 'self' blob:; upgrade-insecure-requests 3
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *;base-uri 'self' *;form-action 'self' *; font-src * data:; 3
frame-ancestors 'self' *.k-asap.eu; 3
default-src 'self' 'unsafe-inline' region1.google-analytics.com stats.g.doubleclick.net www.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://platform.twitter.com https://www.linkedin.com https://indd.adobe.com https://syndication.twitter.com/; connect-src *; font-src *; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://imtcast.imt.fr/ https://haltools.archives-ouvertes.fr/ https://indd.adobe.com/ https://barometredelascienceouverte.esr.gouv.fr/ https://www.rcf.fr https://platform.twitter.com https://www.linkedin.com https://syndication.twitter.com/ https://v.calameo.com/ https://player.vimeo.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com region1.google-analytics.com stats.g.doubleclick.net google-analytics.com www.youtube.com www.youtube-nocookie.com https://cdn.jsdelivr.net https://platform.linkedin.com https://www.linkedin.com googletagmanager.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill-fastly.io https://www.google.com localhost:35729 yui.yahooapis.com; script-src-elem * 'unsafe-inline' localhost:35729; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdnjs.cloudflare.com; frame-ancestors 'self'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.usercentrics.eu https://eu.i.posthog.com https://*.eu.i.posthog.com https://eu-assets.i.posthog.com https://*.cookieinformation.com https://*.hometogo.com https://*.google-analytics.com https://*.facebook.net https://*.g.doubleclick.net https://*.creativecdn.com https://unpkg.com https://bat.bing.com https://*.criteo.net https://*.criteo.com https://*.hubspot.com https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hotjar.com https://*.freshchat.com https://*.ardennes-etape.be https://*.ardennes-etape.fr https://*.ardennes-etape.nl https://*.ardennes-etape.com https://*.ardennes-etape.de https://*.ardennes-etape.co.uk; style-src 'self' 'unsafe-inline' https://*.freshchat.com https://*.ardennes-etape.be https://*.ardennes-etape.fr https://*.ardennes-etape.nl https://*.ardennes-etape.com https://*.ardennes-etape.de https://*.ardennes-etape.co.uk; font-src 'self' data:; img-src 'self' data: https:; frame-src 'self' https://*.creativecdn.com https://*.googletagmanager.com https://*.usercentrics.eu https://*.cookieinformation.com https://*.doubleclick.net https://*.appspot.com https://*.criteo.com https://*.freshchat.com https://*.ardennes-etape.be https://*.ardennes-etape.fr https://*.ardennes-etape.nl https://*.ardennes-etape.com https://*.ardennes-etape.de https://*.ardennes-etape.co.uk; connect-src 'self' https: wss: https://policy.app.cookieinformation.com https://eu.i.posthog.com https://*.eu.i.posthog.com; child-src 'self' https://app.usercentrics.eu https://policy.app.cookieinformation.com; worker-src 'self' blob:; frame-ancestors 'self' https://*.ardennes-etape.be https://*.ardennes-etape.fr https://*.ardennes-etape.nl https://*.ardennes-etape.com https://*.ardennes-etape.de https://*.ardennes-etape.co.uk 3
default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 3
form-action 'self' netsafe.hdfcbank.com acs.hu.bpcbt.com vbv2.nonghyup.com acs-challenge.prod.nightjar.enginebystarling.net 3dsecure.maybank.co.id acs20.tpb.vn *.icicibank.com dig-acs2.cafis-paynet.jp acs.wooricard.com:9602 3d-secure.pluscard.de secure.3ds.cornercard.ch secure.3ds.cornercard.eu acs1.viseca.ch 3dsmy.ocbc.com *.axis.bank.in *.redsys.es 3dsecure.mbbank.com.vn:9699 3dsecure.mbbank.com.vn 3dsecure.bri.co.id coapacs2c.pingan.com.cn acs.cupdapp.cn acs.entersektehs.com 3dsecure.starlingbank.com betalen.rabobank.nl *.mpts.modirum.com ecacs2areq.wooribank.com.kh cimb-securee-pay.cimb.com secure.dkb.de 3ds.psbc.com acsv2.m2pfintech.com acs.ababank.com acs2.kasikornbank.com 3ds.bancochile.cl paiement2.secure.lcl.fr forisau-vbv.mycardplace.com gbemv3dsecure.garanti.com.tr acs.shinhancard.com 3dsecure.bankmandiri.co.id *.3ds.entersekt.com usecure.ucb.com.bd:9606 securehdfc-acs2ui-b1-indmum-mumsif.hdfc.bank.in esecure.sia.eu 3dsec.cardcenter.ch 3dsecure.bankmega.com *.uobgroup.com acscloud-prd-sg.hitrust.com *.wibmo.com family.ctbcbank.com securedmy.maybank.com ims.euronet3dsecure.com authentication-acs.marqeta.com *.apac.citibank.com 3ds.wizit.money 3ds.oschadbank.ua wlp-acs.com *.wlp-acs.com xmoney.3dsacs.net emv3dsmethod.secureacs.com 3ds.seglan.com crqsbiacs.sbi.bank.in acs.spdb.com.cn:9741 dig3ds.cafis-paynet.jp ch-acs3.cafis-paynet.jp emv3dsauth.secureacs.com verify.monzo.com webauthen.nccc.com.tw emv3ds-acs.nccc.com.tw esecure.acb.com.vn id.3dsecure.infinitium.com emv3dsweb.santander.com.br acs.fssnet.co.in acs-jcn.dnp-cdms.jp 3dsecure.maubank.mu debitc2.3debspay.boc.cn acs.capitalone.com acs.capitalone.com 3dcustomer.creditcard.cmbc.com.cn 3dsecure.cgbchina.com.cn acs.hanacard.co.kr 3dsecure.klikbca.com acs.redbanc.cl 3dsecure2.vietcombank.com.vn acs2.edb.com 3dauthentication.bankcomm.com 3ds.cathay-cube.com.tw 3ds.cathaybk.com.tw 3ds.vib.com.vn 3ds.emlpayments.com *.acs.cmbchina.com *.adyen.com *.americanexpress.com *.apata.io *.cardinalcommerce.com *.facebook.com *.paypal.com acssys.ccb.com.cn xykpay.3d2.icbc.com.cn acsauth.abchina.com.cn acs.revolut.com api.bazaarvoice.com ct.pinterest.com debitc2.3debspay.boc.cn/acs-auth-web www.rsa3dsauth.co.uk www.mycardsecure.com mycardsecure.com *.arcot.com pilot-payflowlink.paypal.com stg.api.bazaarvoice.com www.paypal.com www.sandbox.paypal.com www.securesuite.co.uk www.securesuite.net www.rsa3dsauth.com authentication.cardinalcommerce.com creditc2.3debspay.boc.cn; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' d1m2uzvk8r2fcn.cloudfront.net cfjump.calvinklein.com.au applepay.cdn-apple.com *.abtasty.com *.afterpay.com *.attraqt.io *.bazaarvoice.com *.braintreegateway.com *.cardinalcommerce.com *.cfjump.com cfjump.calvinklein.co.nz cfjump.tommy.com cfjump.vanheusen.com.au *.contentsquare.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.magento-ds.com *.newrelic.com *.nr-data.net *.particularaudience.com *.paypal.com *.paypalobjects.com *.pinimg.com *.pmnts-sandbox.io *.pmnts.io *.stockinstore.net *.teads.tv *.tiktok.com *.trurating.com *.vimeocdn.com *.yimg.com *.zdassets.com *.zendesk.com *.zipmoney.com.au api.braintreegateway.com app.contentsquare.com *.zip.co cdn.attraqt.io cdn.evgnet.com cdn.particularaudience.com cdnjs.cloudflare.com ct.pinterest.com d94qwxh6czci4.cloudfront.net ecommwidget.trurating.com gateway.pmnts-sandbox.io gateway.pmnts.io bat.bing.com *.forter.com d2nww8zpyj5pk0.cloudfront.net dlthst9q2beh8.cloudfront.net d2w2nqfk3z9hdt.cloudfront.net js.afterpay.com js.sandbox.afterpay.com js.squarecdn.com/square-marketplace.js portal.afterpay.com portal.clearpay.co.uk portal.sandbox.afterpay.com portal.sandbox.clearpay.co.uk static.afterpay.com *.clarity.ms mpsnare.iesnare.com rules.quantcount.com sc-static.net secure.quantserve.com static.zipmoney.com.au tr.snapchat.com vimeo.com www.google-analytics.com www.google.com www.vimeo.com zip.co *.wlp-acs.com emvacs.bkm.com.tr acs.hu.bpcbt.com forisasia-vbv.mycardplace.com 3dsecuredebit.klikbca.com acs.edb.com acs1.edb.com 3dsecure.cgbchina.com.cn sv.creditcard.ecitic.com debitc2.3debspay.boc.cn webauthen.nccc.com.tw emv3ds-acs.nccc.com.tw family.ctbcbank.com www.acs3d.fisc.com.tw 3dsecure.klikbca.com 3ds1.nexigroup.com emvacs.2c2p.com secure-acs2ui gbemv3dsecure.garanti.com.tr 3ds.seglan.com ; frame-src *; default-src 'self' 'unsafe-eval' 'unsafe-inline' static.shopback.com api.fillr.com m.cmpgn.page c.bing.com pvhba-m2prod-maintenance.s3-ap-southeast-2.amazonaws.com applepay.cdn-apple.com *.abtasty.com *.adyen.com *.afterpay.com *.analytics.yahoo.com *.bazaarvoice.com *.calvinklein.com *.clarity.ms *.contentsquare.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google.com.au *.google.co.nz *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.imgix.net *.magefan.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.paypal.com *.pinterest.com *.pmnts-sandbox.io *.pmnts.io ads-engagement.presage.io *.teads.tv *.vimeo.com *.vimeocdn.com *.youtube.com *.zdassets.com *.zipmoney.com.au analytics.tiktok.com bat.bing.com bat.bing.net/action/0 blob: d3nocrch4qti4v.cloudfront.net data: df45ay5pw60dy.cloudfront.net duuytoqss3gu4.cloudfront.net ecomm-cdn.trurating.com *.quantserve.com player.vimeo.com prreqcroab.icu pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com pvhba-imgix-global-th-m2prod.s3.ap-southeast-2.amazonaws.com *.zendesk.com sandbox.zipmoney.com.au sc-static.net site-assets.afterpay.com static.afterpay.com static.zipmoney.com.au t.paypal.com tommyau.zendesk.com tr.snapchat.com v2assets.zopim.io wss://*.zopim.com wss://*.zendesk.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com zendesk-eu.my.sentry.io *.zip.co zip.co zipmoney.com.au ; connect-src 'self' mpc2-prod-27-is5qnl632q-uk.a.run.app *.conversionsapigateway.com *.abtasty.com *.adyen.com *.afterpay.com analytics-ipv6.tiktokw.us *.attraqt.io *.bazaarvoice.com *.braintree-api.com *.cardinalcommerce.com *.clearpay.co.uk *.contentsquare.net *.doubleclick.net *.evergage.com *.google-analytics.com *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.nr-data.net *.particularaudience.com *.paypal.com *.pinterest.com *.quantserve.com *.snapchat.com *.stockinstore.net *.teads.tv *.tiktok.com *.trurating.com *.yimg.com *.zendesk.com *.zip.co *.zipmoney.com.au bat.bing.com *.zdassets.com *.clarity.ms applepay.cdn-apple.com clarity.ms dmw2pzbenclyd.cloudfront.net d3mewz86hy02zo.cloudfront.net/merchants/global.json dpe0djwch8671.cloudfront.net/merchants/global.json *.google.co.nz google.com imgix-pvhba-m2prod.s3.ap-southeast-2.amazonaws.com js.afterpay.com js.sandbox.afterpay.com m1.openfpcdn.io/fingerprintjs pilot-payflowlink.paypal.com pixel.quantcount.com prreqcroab.icu pvh-brands.imgix.net pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com static.afterpay.com static.sandbox.afterpay.com stockinstore.net wss://*.zendesk.com wss://*.zopim.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com zip.co *.forter.com wss://cdn0.forter.com d2o5idwacg3gyw.cloudfront.net dz8rit8v72mig.cloudfront.net db7q4jg5rkhk8.cloudfront.net 1.1.1.1 d94qwxh6czci4.cloudfront.net dr6vcclmzwk74.cloudfront.net wtp.siteperformancetest.net d6wfl40rgh70w.cloudfront.net siteperformancetest.net d6rak4b14t5gp.cloudfront.net d3k4bt74u9esq1.cloudfront.net d1ezzflfzltk6e.cloudfront.net d3nocrch4qti4v.cloudfront.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d1yz9u4jf6oqub.cloudfront.net d3banl4fzuxsjl.cloudfront.net; 3
frame-ancestors 'self'; upgrade-insecure-requests; script-src 'self' 'nonce-64c7305345' 'unsafe-eval' https: 'strict-dynamic'; script-src-elem 'unsafe-inline' 'unsafe-eval' https: 'self'; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net; frame-src 'self' www.youtube.com iframe.dacast.com consentcdn.cookiebot.com www.googletagmanager.com www.google.com; object-src 'none' ; child-src 'self' data: *.adnxs.com www.googletagmanager.com; form-action 'self'; worker-src 'self' blob:; base-uri 'self' 3
frame-ancestors 'self' https://*.georgfischer.com; 3
frame-ancestors 'self' production-cms.ravensburger.bloomreach.cloud; 3
default-src 'self';script-src 'self' blob: https://www.google-analytics.com/ https://prep-edit.senedd.wales/ https://senedd.wales https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://cdn.jsdelivr.net 'sha256-qTS4cC+BnlabE/doSj+MPbjtJWVdVNtQah7AzuFfjbE=' 'sha256-h4tI5yM0TF6GI9CZe5uWnJX7WqXL1kpLAJ13Idyytts=' 'sha256-byyDoONdqE08AIFI6uBk/n8GJDNnu4o8VE6qf+NETJs=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-r3mDNAbdsnbtcqGzAwDXN/1Ln5hKyg8GDZlm46+kpKg=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-IZgGOToFausimoy1Ehqf2azcfWd5NrdyLunVfExDBbE=' 'sha256-NGxJAeRnkyrA2OBRtnqvyQRY28RBBbWXd+45iwUuOUU=' 'sha256-F/cu6HUELqMYhkB6TZFkoZoPLA7wPQ+ImBdqTVxZPUc=' 'sha256-OH++59VDvU6yN74Q2UuMkDjXzMZbZYGxaTP1SrqUqJs=' 'unsafe-eval' 'unsafe-inline';style-src 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@duetds/date-picker@1.1.0/dist/duet/themes/default.css 'unsafe-inline';child-src https://www.youtube.com/ https://www.google.com/;connect-src 'self' https://www.google-analytics.com https://prep-edit.senedd.wales/ https://www.senedd.tv https://senedd.tv https://www.senedd.assembly.wales https://www.senedd.cynulliad.cymru https://apikeys.civiccomputing.com https://senedd.assembly.wales https://senedd.cynulliad.cymru https://player.senedd.tv https://busnes.senedd.cymru https://business.senedd.wales https://region1.google-analytics.com;font-src 'self' https://fonts.gstatic.com/ https://business.senedd.wales;img-src 'self'  https://* data:;object-src 'none';frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://umap.openstreetmap.fr https://openstreetmap.cymru https://www.ons.gov.uk https://player.senedd.tv https://w.soundcloud.com https://my.matterport.com https://embeds.audioboom.com https://player.vimeo.com https://business.senedd.wales https://busnes.senedd.cymru https://www.canva.com https://forms.office.com https://app.powerbi.com https://cy.ons.gov.uk https://instagram.com https://www.instagram.com 3
frame-ancestors 'self' https://wdgt.dathuis.nl; 3
object-src 'self' blob:; base-uri 'self'; report-uri https://cspappdirect.report-uri.com/r/d/csp/reportOnly; worker-src 'self' blob:; 3
base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; media-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 3
frame-ancestors flashpoint-intel.com *.flashpoint-intel.com flashpoint.io *.app.flashpoint.io fp.tools *.flashpoint.io *.echosec.net *.fp.tools automate.fp.tools autodemo.fp.tools *.platform.fpint.net *.cyberriskanalytics.com *.crft.app *.arcade.software *.okta.com *.calendly.com *.pendo.io *.googleapis.com *.wistia.net *.looker.com *.twitter.com *.platform.fpint.net *.saleshood.com; frame-src 'self' flashpoint-intel.com *.flashpoint-intel.com app.flashpoint.io *.app.flashpoint.io flashpoint.io *.app.flashpoint.io fp.tools *.flashpoint.io *.echosec.net *.fp.tools automate.fp.tools autodemo.fp.tools *.platform.fpint.net *.cyberriskanalytics.com *.crft.app *.arcade.software *.okta.com *.calendly.com *.pendo.io *.googleapis.com *.wistia.net *.looker.com *.twitter.com *.platform.fpint.net *.youtube.com youtube.com linkedin.com *.linkedin.com *.ashbyhq.com *.visualwebsiteoptimizer.com *.mutinycdn.com *.newrelic.com *.googletagmanager.com *.doubleclick.net *.google.com *.channeltivity.com *.saleshood.com app.qualified.com 3
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 3
default-src 'self' *.clarity.ms c.bing.com mediabank.valkenhorst.nl; child-src 'self' js.stripe.com p.travelsmarter.net valkexclusief-virtueletours.nl www.googletagmanager.com www.google.com google.com www.youtube.com www.visitzuidlimburg.nl zien360.nl link.zien360.nl zien360.online *.facebook.com; connect-src 'self' wss: data: api.widget.trengo.eu gkkmgz0bw7.execute-api.eu-central-1.amazonaws.com wss://ws-eu.pusher.com adservice.google.com www.google.com *.g.doubleclick.net *.facebook.com *.facebook.net *.googleapis.com *.hotjar.com *.hotjar.io *.sovendus.com *.adyen.com *.paypal.com *.klippa.com login.microsoftonline.com analytics.tiktok.com/api/ region1.google-analytics.com region1.analytics.google.com www.googletagmanager.com *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hojar.com *.google-analytics.com *.analytics.google.com pagead2.googlesyndication.com *.clarity.ms *.exponea.com api.exponea.com cdn.linkedin.oribi.io capture.duettoresearch.com www.visitzuidlimburg.nl *.bing.com bat.bing.net bat.bing.com px.ads.linkedin.com webchat.runnr.ai *.google.com/pagead/form-data/ google.com/pagead/form-data/ google.com/ccm/ mediabank.valkenhorst.nl https://selfservice.valkenhorst.nl/; img-src 'self' data: ads.creative-serving.com cdn.feedbackify.com gravatar.com onlinedialogue.s3-eu-west-1.amazonaws.com/valk s3.amazonaws.com/fby-form/ i.vimeocdn.com ta-client-assets.s3.amazonaws.com valkexclusief-virtueletours.nl video.jobpromo.nl *.google-analytics.com www.googletagmanager.com www.google.com *.analytics.google.com www.tripadvisor.com www.tripadvisor.de www.tripadvisor.nl aws-tiqets-cdn.imgix.net/images/content/ zien360.nl zien360.online cx.atdmt.com *.g.doubleclick.net *.facebook.com *.facebook.net *.gstatic.com *.google.ae *.google.al *.google.am *.google.at *.google.ba *.google.be *.google.bg *.google.by *.google.ca *.google.ch *.google.ci *.google.cl *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za google.com *.google.com *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.br *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.sl *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.gg *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.hu *.google.ie *.google.it *.google.im *.google.iq *.google.is *.google.je *.google.jo *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.ne *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sm *.google.sn *.google.sr *.google.st *.google.tn *.google.tm *.google.tt *.ggpht.com *.googleapis.com *.googletraveladservices.com *.fls.doubleclick.net ade.googlesyndication.com *.linkedin.com *.ytimg.com dashboard.umbraco.org our.umbraco.com mediabank.valkenhorst.nl imagebank.valkenhorst.nl *.adyen.com *.paypalobjects.com *.giphy.com trengo.s3.eu-central-1.amazonaws.com www.eenvacaturebij.nl/pixel/ www.visitzuidlimburg.nl script.hotjar.com t.paypal.com analytics.tiktok.com c.bing.com c.clarity.ms cdn.bfldr.com cdn.valkexclusief.com cdn-goproxy.brandfolder-svc.com dbr.dutchbicyclerental.nl cdn.linkedin.oribi.io *.brandfolder.com *.static.widget.trengo.eu *.bing.com bat.bing.net bat.bing.com webchat.runnr.ai go.tilia.app acc-go.tilia.app; frame-src 'self' js.stripe.com live.tourdash.com loyaltymanager.nl myalbum.com p.travelsmarter.net ts.ticketcounter.nl valkexclusief-virtueletours.nl web-widget.mobility.here.com widget.salonhub.nl widgets.vvvzeeland.nl www.googletagmanager.com s3.eu-west-3.amazonaws.com/omnivr.nl/ www.panowalks.com www.youtube.com www.eenvacaturebij.nl www.werkenbijavifauna.nl www.werkenbijvandervalkhoteltilburg.nl www.werkenbijvandervalkhotelutrecht.nl www.visitzuidlimburg.nl zien360.nl link.zien360.nl zien360.online *.facebook.com *.facebook.net *.hotjar.com *.googlesyndication.com google.com *.google.com *.salonized.com *.sovendus.com vimeo.com *.vimeo.com *.adyen.com *.paypal.com rtsp.me valkexclusief.typeform.com *.signicat.com *.fls.doubleclick.net *.g.doubleclick.net td.doubleclick.net vars.hotjar.com *.visa.com www.securesuite.co.uk www.rsa3dsauth.co.uk *.cardinalcommerce.com *.arcot.com *.americanexpress.com *.wlp-acs.com 3d-secure.pluscard.de acs.touch.tech *.rabobank.nl ps4acs.netcetera-payment.ch secure.dkb.de emv3ds-acs.nccc.com.tw *.3dsecure.no *.viseca.ch foriseu-vbv.mycardplace.com acs2.six-payment-services.com threedomainsecure.pekao24.pl acssbafrica.bankserv.co.za sas.redsys.es sas.mc.redsys.es acs1-3dsecure.cic.fr foriseu-vbv.mycardplace.com www.securesuite.net www.europabank.be www.ebonline.be www.centrum24.pl wirexeu-msc.mycardplace.com vkanalytics.net visa-secure-vdm.ing.de visa-secure-bxl.ing.de visasecure2.consorsbank.de visasecure2.comdirect.de visasecure.sparkassen-kreditkarten.de userapi2.danskebank.com sicher-bezahlen.sparkasse.at service.avengeradblocker.com ps4acs-mc-1.netcetera-payment.ch paiement2.secure.lcl.fr online.citadele.lv mycardsecure.com mc-id-check.firstdata.de mci.acs.sibs.pt mastercardidentitycheck.sparkassen-kreditkarten.de mastercard2.acs.cmbchina.com geschuetztkaufen2.commerzbank.de geschuetztkaufen1.commerzbank.de ecclients.btrl.ro clients.smartsecure.tsys.co.uk:446 channel-cards-html.lloydsbankinggroup.com cacs-v2.icard.com bps.itcardpaymentservice.pl authentication-acs.marqeta.com acs4.privatbank.ua acs2-3dsecure.targobank.de acs2-3dsecure.creditmutuel.fr acs2-3dsecure.cm-cic.com acs2-3dsecure.cic.fr acs2.swedbank.se acs2.sparebank1.no acs2.gpesecure.com acs2.edb.com acs2.3ds.modirum.com acs1-3dsecure.targobank.de acs1-3dsecure.creditmutuel.fr acs1-3dsecure.cm-cic.com acs1.swedbank.se acs1.sparebank1.no acs1.six-payment-services.com acs1.edb.com acs1.3ds.modirum.com acs.swedbank.se acs.six-payment-services.com acs.sibs.pt acs.mercurypaymentservices.it acs.edb.com acs.capitalone.com acs.airplus.com acs.3ds-hanseaticbank.de 3ds-secure.cardcomplete.com 3dspayment.paylife.at 3dspayment.easybank.at 3dsecure-vrp.de 3dsecure.zen.com 3dsecure.slsp.sk 3dsecure.psa.at 3dsecure.nexi.it 3dsecure.monext.fr 3dsecure.mbank.pl 3dsecure.mbank.cz 3ds-a.live.ext.prod.enfuce.com 3ds.vinea.es 3ds.sia.eu 3ds.rpc-raiffeisen.com 3ds.redsys.es 3ds.pkobp.pl 3ds.nexigroup.com *.six-group.com *.bunq.com 3ds-challenge.n26.com *.swisscard.ch *.standardbank.co.za identify.nordea.com *.brandfolder.com cdn.valkexclusief.com *.valkexclusief.nl staging.valk-to-go-shop.pages.dev shop.valk-togo.nl valkexclusief:; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com static.tacdn.com script.hotjar.com https://cdn.jsdelivr.net https://fonts.bunny.net https://use.typekit.net mediabank.valkenhorst.nl; media-src 'self' static.widget.trengo.eu video.jobpromo.nl mediabank.valkenhorst.nl *.brandfolder.com cdn.valkexclusief.com; style-src 'self' 'unsafe-inline' static.tacdn.com fonts.googleapis.com google.com *.google.com *.adyen.com https://fonts.bunny.net https://use.typekit.net mediabank.valkenhorst.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.widget.trengo.eu static.widget.trengo.eu stats.pusher.com/timeline/v4/jsonp/1 js.stripe.com s.ytimg.com marketplace.mobility.here.com player.vimeo.com static.tacdn.com s3.amazonaws.com/fby-form/ widget.salonhub.nl www.googletagmanager.com www.google-analytics.com www.tripadvisor.nl www.youtube.com snap.licdn.com *.facebook.net *.feedbackify.com *.g.doubleclick.net *.googleapis.com google.com *.google.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net *.gstatic.com *.hotjar.com *.klippa.com *.sovendus.com *.adyen.com *.paypal.com *.cdn-apple.com analytics.tiktok.com/i18n/pixel/ static.hotjar.com script.hotjar.com *.clarity.ms onlinedialogue.s3.amazonaws.com *.exponea.com capture.duettoresearch.com www.visitzuidlimburg.nl *.bing.com bat.bing.net bat.bing.com bat.bing-int.com webchat.runnr.ai mediabank.valkenhorst.nl; block-all-mixed-content; report-uri /Api/ContentSecurityPolicyApi/Report; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' https://speed.blix.com 3
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 3
default-src *; script-src * 'unsafe-eval' 'unsafe-inline' data: 'self'; style-src * 'unsafe-inline' 'self'; img-src * data:; font-src * data:; connect-src *; object-src *; frame-ancestors 'self' https://*.crawford.com https://crawford.com https://*.crawco.com https://crawco.com https://*.crawfordandcompany.com https://crawfordandcompany.com https://*.onelink-translations.com; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; report-uri https://bc18f182517eba201a0bfbb26a2a463a.report-uri.com/r/d/csp/wizard 3
font-src 'self' https://*.freenet.de https://use.typekit.net https://fonts.gstatic.com; img-src *; frame-ancestors 'self' https://*.freenet.de; object-src 'self'; base-uri 'none'; 3
frame-ancestors 'self' https://ecpmarketer.com 3
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com 'unsafe-inline' 'unsafe-eval' app.tuotempo.com https://unpkg.com https://tpc.googlesyndication.com *.clinicaalemana.cl *.omnitok.com https://esencial.omnitok.com esencial.omnitok.com edz87dzoqc.execute-api.us-east-1.amazonaws.com *.googleoptimize.com *.salesforceliveagent.com *.salesforce.com service.force.com *.force.com *.googletagmanager.com https://js.captcha-display.com https://js.datadome.co w.usabilla.com *.usabilla.com *.auth0.com alemana-poc.auth0.com cdn.auth0.com *.cloudfront.net static.zdassets.com v2.zopim.com *.fontawesome.com *.doubleclick.net *.adnxs.com *.mathtag.com *.googleadservices.com *.hotjar.com www.alemana.cl *.alemana.cl *.lfi.cl *.jquery.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://www.youtube.com/iframe_api *.google.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.contactshub.cl:* https://contactshub.cl:* contactshub.cl/sdk.js.php https://sdk.examedi.com:* cdnjs.cloudflare.com https://bat.bing.com *.clarity.ms https://q.clarity.ms/collect https://alemanaseguros1.my.site.com:*  https://orgalemana.my.site.com/ESWChatConveniosMiaw1745880680473/assets/js/bootstrap.min.js https://h.clarity.ms/ https://h.clarity.ms/collect https://orgalemana.my.site.com/ https://orgalemana.my.site.com/ESWChatConveniosMiaw1745880680473/assets/js/bootstrap.min.js web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js; style-src 'self' *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.aspnetcdn.com *.fontawesome.com *.google.com *.alemana.cl *.lfi.cl *.jquery.com use.fontawesome.com *.cloudfront.net *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://dec.azureedge.net tagmanager.google.com https://alemanaseguros1.my.site.com:*  https://orgalemana.my.site.com/ web-chat.nativechat.com https://cdn.insight.sitefinity.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.fontawesome.com * googleads.g.doubleclick.net *.google.cl *.alemana.cl stats.g.doubleclick.net *.google.com *.youtube.com www.google.com s3alemana.s3.amazonaws.com *.s3.amazonaws.com lfi.lfi.cl *.lfi.cl alemana.cl www.alemana.cl i.stack.imgur.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.google-analytics.com https://dec.azureedge.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.cloudfront.net web-chat.nativechat.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: c1.sfdcstatic.com d6tizftlrpuof.cloudfront.net *.hotjar.com v2.zopim.com *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com; frame-src 'self' portal.alemana.cl * *.clinicaalemana.cl *.lfi.cl *.alemana.cl https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io web-chat.nativechat.com; connect-src 'self' accounts.google.com *.google-analytics.com https://*.googleapis.com/ app.tuotempo.com www.google.com adservice.google.com solicat.calemanatemuco.cl *.clinicaalemana.cl portal-backend-dev.clinicaalemana.cl *.amazonaws.com c9a41d223g.execute-api.us-east-1.amazonaws.com somosesencial.cl www.somosesencial.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.force.com uat-chatservicepoc.cs214.force.com *.alemana.io gtw-prod.alemana.io gtw-dev.alemana.io https://analytics.google.com https://www.facebook.com https://www.googletagmanager.com https://cdn.ampproject.org wss://*.hotjar.com https://accounts.spotify.com https://api.spotify.com https://api-js.datadome.co api.usabilla.com *.cloudfunctions.net *.fontawesome.com *.auth0.com *.cloudfront.net *.alemana.cl wss://widget-mediator.zopim.com ekr.zdassets.com ws1.hotjar.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net www.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://*.dec.sitefinity.com *.mktoresp.com https://api.sbif.cl:* *.contactshub.cl:* wss://sofix6xmbk.execute-api.us-east-1.amazonaws.com https://q.clarity.ms/collect wss://sjm3jibuni.execute-api.us-east-1.amazonaws.com/prod https://alemanaseguros1.my.site.com:* https://alemanaseguros1.my.salesforce-scrt.com:* https://a.clarity.ms:* https://d.clarity.ms/* https://d.clarity.ms/collect wss://sjm3jibuni.execute-api.us-east-1.amazonaws.com/* https://orgalemana.my.salesforce-scrt.com/ https://y.clarity.ms/collect https://h.clarity.ms/ https://*.insight.sitefinity.com; media-src 'self' data: blob: *.cloudfront.net; child-src 'self' blob: www.clinicaalemanatemuco.cl *.clinicaalemana.cl *.mathtag.com *.hotjar.com *.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com web-chat.nativechat.com; frame-ancestors 'self' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com alemana.cl *.alemana.cl portal.alemana.cl somosesencial.cl www.somosesencial.cl https://www.somosesencial.cl/ 3
frame-ancestors 'self' https://www.hckrt.com/; 3
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google.com/ https://www.gstatic.com/ https://va.vercel-scripts.com/ https://player.vimeo.com/ https://widget.trustpilot.com/ https://vercel.live/ https://*.org.coveo.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://cdn.cookielaw.org/ https://*.youtube.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net/ https://ad.doubleclick.net/ https://ade.googlesyndication.com/ https://adservice.google.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://www.datadoghq-browser-agent.com https://*.crazyegg.com https://js.hsforms.net https://*.liveperson.net https://*.lpsnmedia.net https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com/ https://js.hscollectedforms.net https://js.hubspot.com https://*.qualtrics.com https://bat.bing.com https://static.hsappstatic.net https://ajax.googleapis.com https://*.hubspotusercontent-na1.net https://google.com https://recaptcha.net; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/ https://googletagmanager.com/ https://tagmanager.google.com/ https://*.crazyegg.com; img-src 'self' blob: data: https://*.sitecorecloud.io https://wst-p-001.sitecorecontenthub.cloud https://cdn.cookielaw.org http://*.googletagmanager.com/ https://*.gstatic.com/ https://*.google-analytics.com/ https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://ad.doubleclick.net/ https://googleads.g.doubleclick.net/ https://google.com/ https://ade.googlesyndication.com/ https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://px.ads.linkedin.com/ https://www.linkedin.com https://www.facebook.com/ https://*.crazyegg.com https://forms-na1.hsforms.com https://lpcdn.lpsnmedia.net https://teanabroad.org https://*.hsforms.com https://track.hubspot.com https://iad1.qualtrics.com https://siteintercept.qualtrics.com https://bat.bing.com/ https://connect.facebook.net; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com/ https://*.vimeo.com https://widget.trustpilot.com https://vercel.live/ https://*.youtube.com http://www.googletagmanager.com https://*.doubleclick.net https://www.facebook.com https://*.crazyegg.com https://viewer.mapme.com/ https://js.hsforms.net https://lpcdn.lpsnmedia.net https://va-s.c.liveperson.net https://www.instagram.com https://www.juicer.io https://lookerstudio.google.com/ https://outlook.office.com/ https://www.podbean.com https://*.qualtrics.com https://forms.hsforms.com https://google.com; connect-src 'self' https://*.sitecorecloud.io https://platform.cloud.coveo.com https://analytics.cloud.coveo.com https://*.org.coveo.com https://vimeo.com https://*.vimeo.com https://*.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com http://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://px.ads.linkedin.com https://www.facebook.com https://browser-intake-us3-datadoghq.com https://*.crazyegg.com https://api.zippopotam.us https://privacyportal.onetrust.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://img.youtube.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net https://*.qualtrics.com https://ad.doubleclick.net https://bat.bing.com/ https://accdn.lpsnmedia.net https://google.com https://maps.googleapis.com https://widget.trustpilot.com; object-src 'none'; media-src 'self' https://lpcdn.lpsnmedia.net; manifest-src 'self'; worker-src blob:; base-uri 'self'; form-action 'self' https://*.worldstrides.net https://*.worldstrides.com/ https://*.explorica.com/ https://*.explorica.ca/ https://portail.educatours.com/ https://www.facebook.com https://worldstrides.qualtrics.com https://forms.hsforms.com; frame-ancestors 'self' https://*.sitecorecloud.io/ ; upgrade-insecure-requests; block-all-mixed-content; report-uri /cspreports.xml; 3
default-src https://www.youtube-nocookie.com https://www.google.com/ https://storage.googleapis.com 'self'; connect-src wss://ws-eu.pusher.com wss://sage.kindly.ai https://ib.adnxs.com https://www.google.com https://f.clarity.ms https://www.clarity.ms https://consent.app.cookieinformation.com https://policy.app.cookieinformation.com https://adressesok.posten.no https://cdn.jsdelivr.net https://js.arcgis.com https://www.arcgis.com https://basemaps.arcgis.com https://cdn.arcgis.com https://static.arcgis.com https://utility.arcgis.com https://services.geodataonline.no https://vector.services.geodataonline.no https://geocode.arcgis.com https://stats.kaltura.com https://analytics.kaltura.com https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://px.ads.linkedin.com/wa/ https://posten-bring.force.com https://posten-bring.my.site.com https://posten-bring--crmfull.sandbox.my.site.com https://livestats.kaltura.com https://pagead2.googlesyndication.com https://klive.kaltura.com https://chat.kindlycdn.com https://bot.kindly.ai https://sage.kindly.ai https://ws-eu.pusher.com https://sockjs-eu.pusher.com https://storage.googleapis.com https://api.uxsignals.com https://widget.trustpilot.com https://api-us.mida.so 'self'; base-uri 'self'; form-action https://tracking.bring.com https://tracking.bring.dk https://tracking.bring.se https://sporing.bring.no https://sporing.posten.no https://tracking.qa.bring.com https://tracking.qa.bring.dk https://tracking.qa.bring.se https://sporing.qa.bring.no https://sporing.qa.posten.no wss://ws-eu.pusher.com wss://sage.kindly.ai 'self'; script-src https://f.clarity.ms https://www.clarity.ms https://unpkg.com https://cdnapisec.kaltura.com https://cdnapi.kaltura.com https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://siteimproveanalytics.com https://acdn.adnxs.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://ssl.google-analytics.com https://policy.app.cookieinformation.com https://cloud.2.bring.com https://connect.facebook.net https://assets.strossle.com https://ib.adnxs.com https://snap.licdn.com https://www.bring.se https://www.bring.dk https://www.bring.nl https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://cct.google https://js.arcgis.com https://ws.geonorge.no https://geocode.arcgis.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://player.vimeo.com https://posten-bring.force.com https://posten-bring.my.site.com https://posten-bring--crmfull.sandbox.my.site.com https://widget.trustpilot.com https://www.youtube.com https://chat.kindlycdn.com https://widget.uxsignals.com https://cdn.mida.so 'unsafe-inline' 'unsafe-eval' 'self'; frame-src https://www.google.com https://www.googletagmanager.com https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://www.gstatic.com https://player.vimeo.com/ https://www.youtube-nocookie.com https://form.typeform.com https://policy.app.cookieinformation.com https://widget.trustpilot.com https://td.doubleclick.net https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://www.youtube.com; object-src 'none'; img-src * data: blob:; style-src 'unsafe-inline' * ; font-src * data; worker-src blob:; media-src blob: https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://www.kaltura.com https://storage.googleapis.com 3
frame-ancestors 'self'; default-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: img07.en25.com unpkg.com ajax.googleapis.com www.comparably.com cdn.jsdelivr.net www.buzzsprout.com cdn.dxpr.com *.googletagmanager.com www.gstatic.com cdn.lightwidget.com cdn.cookielaw.org static.hotjar.com script.hotjar.com script.crazyegg.com geolocation.onetrust.com static.cloudflareinsights.com *.google-analytics.com iframely.shorthand.com analytics.shorthand.com stats.g.doubleclick.net ajax.cloudflare.com cdnjs.cloudflare.com www.youtube.com youtube.com maps.googleapis.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com fonts.googleapis.com cdn.dxpr.com cdn.jsdelivr.net; img-src 'self' data: *.eloqua.com reedexhibitions.com www.rxglobal.com rxglobal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net www.google.com www.google.co.uk www.google.co.jp data.shorthand.com iframely.shorthand.com maps.googleapis.com cdnjs.cloudflare.com img.youtube.com cdn.dxpr.com cdn.cookielaw.org maps.gstatic.com; frame-src www.google.com regist.reedexpo.co.jp www.comparably.com flo.uri.sh www.buzzsprout.com cdn.lightwidget.com vars.hotjar.com youtube.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com iframely.shorthand.com rx.bnurl.com drive.google.com; object-src 'self' data:; connect-src 'self' blob: rxglobal.com rxglobal.at cdn.jsdelivr.net cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com google-analytics.com *.google-analytics.com analytics.google.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net gateway.shorthand.com www.gstatic.com stats.g.doubleclick.net data.shorthand.com in.hotjar.com rx.bnurl.com api.segment.io cdn.dxpr.com maps.googleapis.com *.crazyegg.com; base-uri 'none'; worker-src blob: 3
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:  https://*.googleapis.com; worker-src 'self' blob:; 3
default-src 'self' *.isitesoftware.com *.digitaldisplays.io digitaldisplays.io *.gov *.schoolnutritionandfitness.com schoolnutritionandfitness.com http://district.schoolnutritionandfitness.com onlineordering-images.s3.amazonaws.com digitaldisplays-media.s3.amazonaws.com d36ka9bgcta1yj.cloudfront.net cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gstatic.com *.googleapis.com www.google-analytics.com *.google.com *.amazonaws.com *.twitter.com cdn.syndication.twimg.com *.youtube.com connect.facebook.net *.facebook.com *.instagram.com *.vimeo.com *.payaconnect.com frontierchildnutrition.com *.myschoolmenuboards.com myschoolmenuboards.com translate.google.com unpkg.com 'unsafe-inline' 'unsafe-eval' data:; img-src * data: blob: about:; report-uri https://cgc5aq2c40.execute-api.us-west-2.amazonaws.com/dev/csp-violation-report; 3
default-src data: 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' *; 3
img-src 'self' data: *;script-src 'self' 'unsafe-inline' *.sharethis.com *.igodigital.com *.jsdelivr.net *.cloudflare.com *.youtube.com *.outbrain.com *.clarity.ms 520002707.collect.igodigital.com amplify.outbrain.com snap.licdn.com *.equifax.com img.en25.com googleads.g.doubleclick.net static.hotjar.com static.cloudflareinsights.com www.google.com *.convertexperiments.com *.facebook.net script.hotjar.com bat.bing.com www.gstatic.com *.jquery.com *.googletagmanager.com *.googleapis.com *.bootstrapcdn.com www.google-analytics.com c.supert.ag; frame-src 'self' view.ceros.com *.sharethis.com *.igodigital.com *.google.com https://www.googletagmanager.com https://www.youtube.com https://youtube.com;style-src 'self' 'unsafe-inline' *.sharethis.com *.igodigital.com *.cloudflare.com hello.myfonts.net maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.cloudflare.com;connect-src 'self' *.conversionsapigateway.com mpc-prod-15-s6uit34pua-uw.a.run.app *.crwdcntrl.net *.sharethis.com *.googleadservices.com *.igodigital.com *.bing.com *.doubleclick.net *.clarity.ms *.outbrain.com *.linkedin.com analytics.google.com browser-intake-datadoghq.com s1125511624.t.eloqua.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io www.googletagmanager.com www.google.com www.google-analytics.com cdn.jsdelivr.net;worker-src 'self' www.google.com blob:;default-src 'self' *.igodigital.com maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com www.youtube.com *.google-analytics.com;object-src 'none';report-to csp-endpoint;form-action 'self' s1125511624.t.eloqua.com; 3
"frame-ancestors 'none'" 3
default-src 'self' https://*.wistia.com https://*.wistia.net; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.googletagmanager.com *.fontawesome.com use.fontawesome.com https://unpkg.com/ *.stripe.com *.adroll.com script.crazyegg.com googleads.g.doubleclick.net *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com www.google-analytics.com snap.licdn.com ws.zoominfo.com *.ifebp.org js.zi-scripts.com tags.clickagy.com cdn.informz.net *.facebook.com *.facebook.net *.googleadservices.com bat.bing.com *.clarity.ms browser.sentry-cdn.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.sentry-cdn.com/ https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com https://unpkg.com/ 'unsafe-inline' blob: https://fast.wistia.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com placeimg.com picsum.photos *.picsum.photos i0.wp.com i2.wp.com *.analytics.google.com *.google-analytics.com *.adroll.com stats.g.doubleclick.net *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com www.google.com *.congress.gov *.linkedin.com *.doubleclick.net https://x.bidswitch.net https://ml314.com https://pixel.tapad.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://us-u.openx.net https://sync.outbrain.com https://image2.pubmatic.com https://sync.taboola.com https://eb2.3lift.com https://ib.adnxs.com https://match.adsrvr.org pixel.tapad.com https://secure.adnxs.com https://idsync.rlcdn.com https://dpm.demdex.net *.facebook.com *.facebook.net *.ifebp.org bat.bing.com https://*.wistia.com https://*.wistia.net https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com use.fontawesome.com https://*.wistia.com; frame-src 'self' https://www.youtube.com *.soundcloud.com *.smartsheet.com *.stripe.com *.ifebp.org *.vimeo.com hemsync.clickagy.com https://www.googletagmanager.com https://www.google.com *.doubleclick.net *.facebook.com *.facebook.net *.adroll.com https://fast.wistia.com https://fast.wistia.net; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.fontawesome.com https://blog.ifebp.org analytics.google.com *.google-analytics.com https://cebs.ifebp.org stats.g.doubleclick.net *.crazyegg.com *.linkedin.com *.adroll.com *.ifebp.org aorta.clickagy.com hemsync.clickagy.com https://www.google.com https://js.zi-scripts.com *.zoominfo.com *.informz.net *.facebook.com *.facebook.net https://ipapi.co *.clarity.ms https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://www.youtube.com https://*.wistia.com https://*.wistia.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob:; plugin-types 'self' 3
object-src 'none'; base-uri 'self'; frame-ancestors 'self' 3
frame-ancestors 'self' https://storyblok.com https://*.storyblok.com 3
frame-ancestors 'self' https://tbohotels.com https://*.tbohotels.com https://tboholidays.com https://*.tboholidays.com; 3
default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src * data: image/svg+xml; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; media-src 'self' data: 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' sc-static.net *.licdn.com *.tiktok.com *.libanswers.com *.civiccomputing.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com unpkg.com *.typekit.net *.mkt.dynamics.com *.cookiebot.com *.facebook.net *.linkedin.com *.facebook.com *.snapchat.com *.wpml.org *.cloudfront.net *.azureedge.net *.dynamics.com www.atu.ie *.pubble.io cdn.prospectus.plus *.amplifyapp.com *.google.ie *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: frontend.zestydev.com *.civiccomputing.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com unpkg.com *.typekit.net *.mkt.dynamics.com *.cookiebot.com *.facebook.net *.tiktok.com *.linkedin.com *.facebook.com *.snapchat.com *.wpml.org *.cloudfront.net *.azureedge.net *.dynamics.com www.atu.ie *.pubble.io *.libanswers.com cdn.prospectus.plus *.amplifyapp.com *.google.ie *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: *.w.org *.facebook.com *.snapchat.com img.rawpixel.com blob: *.youtube.com www.itsligo.ie *.civiccomputing.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com unpkg.com *.typekit.net *.mkt.dynamics.com *.cookiebot.com *.facebook.net *.tiktok.com *.linkedin.com *.wpml.org *.cloudfront.net *.azureedge.net *.dynamics.com www.atu.ie *.pubble.io *.libanswers.com cdn.prospectus.plus *.amplifyapp.com *.google.ie secure.gravatar.com www.gravatar.com stats.g.doubleclick.net data: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' *.google-analytics.com *.linkedin.com *.snapchat.com *.cookiebot.com analytics.tiktok.com yoast.com region1.google-analytics.com *.facebook.com ws: *.wpml.org *.dynamics.com *.azureedge.net s.w.org www.pubble.io *.pubble.io api.redirect.li *.civiccomputing.com *.libanswers.com *.google.com *.google.ie *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: *.civiccomputing.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com unpkg.com *.typekit.net *.mkt.dynamics.com *.cookiebot.com *.facebook.net *.tiktok.com *.linkedin.com *.facebook.com *.snapchat.com *.wpml.org *.cloudfront.net *.azureedge.net *.dynamics.com www.atu.ie *.pubble.io *.libanswers.com cdn.prospectus.plus *.amplifyapp.com *.google.ie data: fonts.gstatic.com fonts.googleapis.com; media-src 'self' *.wikimedia.org *.civiccomputing.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com unpkg.com *.typekit.net *.mkt.dynamics.com *.cookiebot.com *.facebook.net *.tiktok.com *.linkedin.com *.facebook.com *.snapchat.com *.wpml.org *.cloudfront.net *.azureedge.net *.dynamics.com www.atu.ie *.pubble.io *.libanswers.com cdn.prospectus.plus *.amplifyapp.com *.google.ie; frame-src 'self' *.mkt.dynamics.com *.cookiebot.com *.issuu.com blob: forms.office.com *.snapchat.com *.facebook.com login.microsoftonline.com youtu.be *.arcgis.com atlantictu.libcal.com atlantictu.libanswers.com *.heanet.ie *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; 3
'self'.model-t.cc.commerce.ondemand.com:443 *.ynk.cl:443 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /log-report-uri/enforce 3
frame-ancestors 'self' *.arcgis.com *.esri.com learn.esri.ca 3
: default-src 'self'; 3
frame-ancestors 'self' pro.leparking.ch pro.dasparking.de pro.leparking.fr pro.theparking-cars.co.uk pro.theparking.ca pro.theparking-cars.com pro.leparking.be bresil.leparking.fr pro.nl.leparking.be pro.fr.theparking.ca roextpro.ads4all.fr atextpro.ads4all.fr bgextpro.ads4All.fr czextpro.ads4all.fr eeextpro.ads4all.fr grextpro.ads4all.fr hrextpro.ads4all.fr huextpro.ads4all.fr ltextpro.ads4all.fr luextpro.ads4all.fr lvextpro.ads4all.fr siextpro.ads4all.fr skextpro.ads4all.fr pro.de.leparking.ch keextpro.ads4all.fr pro.el-parking.es pro.oparking.pt pro.theparking.eu pro.el-parking.pe pro.leparking.ma pro.ilparking.it; 3
frame-ancestors 'self' https://ibexa.vonovia.de 3
default-src 'self' *.amazonaws.com;media-src 'self' *.amazonaws.com data: *.ace.teliacompany.com *.zdassets.com;script-src * 'unsafe-inline' 'unsafe-eval';img-src * data:;style-src 'self' 'unsafe-inline' *.teliacompany.com *.google.com *.humany.net *.googleapis.com *.gstatic.com *.amazonaws.com;connect-src 'self' *.google-analytics.com *.linkedin.com *.zendesk.com wss://*.zendesk.com *.zdassets.com *.googletagmanager.com *.amazonaws.com *.humany.net *.google.com *.google.se *.resursbank.se *.resursbank.no *.resursbank.dk *.resursbank.fi *.resurs.com *.integration.resurs.com *.doubleclick.net *.googleapis.com *.amplitude.com *.teliacompany.net *.resurs.loc *.ellos.resursbank.24hr.se wss://*.resurs.se wss://*.resurs.fi wss://*.resurs.dk wss://*.resurs.no *.hotjar.io *.hotjar.com wss://*.hotjar.com wss://*.hotjar.io widget.datablocks.se *.taboola.com *.bing.com *.bing.net *.mfn.se *.googlesyndication.com cdn.cookielaw.org *.onetrust.com *.elastic-cloud.com;form-action 'self';frame-ancestors 'self';frame-src 'self' *.youtube.com player.vimeo.com *.google.com *.teliacompany.com resurs.onfluid.dk *.doubleclick.net *.office365.com *.googletagmanager.com *.resursbank.se *.resursbank.no *.resursbank.dk *.resursbank.fi;child-src 'self';font-src * data:;object-src 'self';manifest-src 'self' 'unsafe-inline' data:;upgrade-insecure-requests 3
default-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ads/user-lists/ https://www.google.hu/ads/user-lists/ https://tpc.googlesyndication.com/safeframe/ https://www.youtube.com/embed/ https://server.infinety.hu/ https://*.safeframe.googlesyndication.com/safeframe/ ;                                     img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.hu/ads/ https://csi.gstatic.com/ https://maps.googleapis.com/maps/ https://googleapis.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ blob: 'self' https://ad.adverticum.net/banners/ https://ssl.google-analytics.com/ https://www.facebook.com/tr/ https://ap.lijit.com/ https://u.btserve.com/ https://ad-delivery.net/ https://www.facebook.com/ data: https://www.w3.org/2000/svg/ https://dmp.adform.net/dmp/profile/ https://x.bidswitch.net/ https://ad-delivery.net/px.gif https://tpc.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/ https://pagead2.googlesyndication.com/ blob: 'self' https://cm.g.doubleclick.net/ https://d5p.de17a.com/ https://sync.clickonometrics.pl/ https://ib.adnxs.com/ https://mq.wp.pl/ https://s1.adform.net/ https://adx.adform.net/ https://u.btserve.com/ data: https://www.w3.org/2000/svg/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://www.google.com/pagead/ https://optimize.google.com/ https://nemzeticegtar.hu/files/ https://www.nemzeticegtar.hu/files/  https://www.google.co.uk/ https://nctteszt.opten.hu/ https://admin.nemzeticegtar.hu/ https://i.imgur.com/ https://widget.molin.ai/ https://www.googletagmanager.com https://fonts.gstatic.com https://ceginfo.hu/assets/images/ ;                                     style-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.googleapis.com/ https://ad.adverticum.net/banners/ https://static.hotjar.com/ https://optimize.google.com/ ;                                     font-src 'self' https://fonts.gstatic.com/stats/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://themes.googleusercontent.com/static/fonts/lato/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://optimize.google.com/ https://cdnjs.cloudflare.com/ajax/libs/ ;                                     script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/ https://maps.google.com/ https://maps.googleapis.com/ https://googleapis.com/ https://ad.adverticum.net/g3.js https://ls.hit.gemius.pl/ https://hu.hit.gemius.pl/xgemius.js https://www.googletagmanager.com https://ad.adverticum.net/g3.js https://www.googletagmanager.com/ https://static.hotjar.com/ https://optimize.google.com/ https://connect.facebook.net/en_US/fbevents.js https://unpkg.com/@dotlottie/player-component@latest/dist/dotlottie-player.mjs blob: 'self';                                     connect-src 'self' https://settings.luckyorange.net/ https://track.adform.net/ wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ https://ad.adverticum.net/ https://fastlane.rubiconproject.com/a/api/fastlane.json https://adx.adform.net/adx/ https://securepubads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://*.hotjar.com/ wss://*.hotjar.com/ https://vc.hotjar.io/ https://pagead2.googlesyndication.com/ https://script.4dex.io/adagio.js https://ice.360yield.com/ https://prg.smartadserver.com/ https://*.criteo.com/ https://www.facebook.com/tr/ https://www.google-analytics.com/ https://static.hotjar.com/ https://content.hotjar.io/ https://region1.google-analytics.com/ https://*.doubleverify.com/ https://region1.analytics.google.com/ https://maps.googleapis.com/ wss://molin.ai/ https://eu.posthog.com/ https://assets5.lottiefiles.com/ https://pheu.molin.ai/ https://lottie.host/18ceabf4-51c0-410e-8bce-1e1ee2924c57/gb9fKyPMO2.json https://widget.molin.ai/ https://cmp.inmobi.com/ https://api.cmp.inmobi.com/ https://ep1.adtrafficquality.google/getconfig/ ;                                     frame-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://www.google.hu/ads/user-lists/ https://maps.googleapis.com/ https://googleapis.com/ https://tpc.googlesyndication.com/ https://ls.hit.gemius.pl/ https://www.youtube.com/embed/ https://occsz.e-cegjegyzek.hu/ https://server.infinety.hu/ https://vars.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://*.safeframe.googlesyndication.com/ https://*.doubleverify.com/ https://*.rubiconproject.com/ https://*.criteo.com/ https://www.google.com/maps/ https://optimize.google.com/ https://securepubads.g.doubleclick.net/ https://ep2.adtrafficquality.google/ ;                                     worker-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://bid.g.doubleclick.net/ https://www.google.hu/ads/user-lists/ https://ls.hit.gemius.pl/ https://ad.adverticum.net/external/ https://ad.adverticum.net/banners/ https://occsz.e-cegjegyzek.hu/ https://www.youtube.com/embed/ https://www.facebook.com/tr/ https://static.hotjar.com/ https://sparbanner.kolrus.cloud/ ;                                     media-src https://sparbanner.kolrus.cloud/ https://static.hotjar.com/ https://server.infinety.hu/ https://molin.ai/ ; 3
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; base-uri 'self'; form-action 'self' https://iface.core-networks.de; frame-ancestors 'none'; block-all-mixed-content 3
upgrade-insecure-requests; default-src 'self' https://*.screeb.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googletagmanager.com/ disqus.com *.disqus.com *.disquscdn.com https://js.hs-scripts.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com https://gist.github.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hsforms.net https://forms.hsforms.com/ https://js.hs-analytics.net https://app.getbeamer.com/js/ https://realtime.getbeamer.com/ https://apis.google.com https://*.screeb.app nominatim.openstreetmap.org http://cdn.matomo.cloud/opendatasoft.matomo.cloud/matomo.js http://cdn.mxpnl.com/ ; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://github.githubassets.com/ *.disquscdn.com https://fonts.googleapis.com https://app.getbeamer.com/styles/ ; img-src * data: blob:; font-src * data:; media-src 'self' https://eu.ftp.huwise.com/odsacademy/ https://eu.ftp.opendatasoft.com/odsacademy/ ; connect-src 'self' *.huwise.com *.opendatasoft.com *.disqus.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.algolia.net api.jawg.io tile.jawg.io https://graph.microsoft.com/ https://backend.getbeamer.com/ wss://realtime.getbeamer.com https://static.getbeamer.com/favico.js https://stats.g.doubleclick.net https://t.hs-growth-metrics.com https://*.screeb.app wss://*.screeb.app https://opendatasoft.matomo.cloud/matomo.php https://api-js.mixpanel.com/ ; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.google.com/recaptcha/ https://accounts.google.com https://docs.google.com https://*.screeb.app *.huwise.com *.opendatasoft.com disqus.com https://app.hubspot.com https://forms.hsforms.com https://app.getbeamer.com https://opendatasoft-trial.com data.opendatasoft.com/ www.youtube.com/embed/ www.youtube-nocookie.com/embed/ www.dailymotion.com/embed/video/ player.vimeo.com/video/ www.veed.io/embed/ app.powerbi.com/ app.powerbigov.us/ app.high.powerbigov.us/ app.mil.powerbigov.us/ public.tableau.com/views/ arcgis.com/apps/View/ docs.google.com/forms/ forms.office.com/ www.google.com/maps/d/embed www.google.com/maps/embed www.arcgis.com/home/webscene/viewer.html www.arcgis.com/home/webmap/viewer.html www.arcgis.com/apps/dashboards/ www.arcgis.com/apps/Embed/ app.streamfizz.live/embed/ player.streamfizz.live/embed/ www.facebook.com/plugins/page.php experience.arcgis.com/experience/; 3
script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self' 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net *.googleadservices.com *.iqm.com *.cookielaw.org *.onetrust.com *.vimeo.com tags.srv.stackadapt.com resources.forvis.com resources.forvismazars.us *.googletagmanager.com *.knowledgeowl.com *.wistia.com *.bugherd.com *.jquery.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.facebook.net *.youtube.com *.twitter.com *.marketo.net *.eloqua.com *.tableau.com *.jsdelivr.net *.flourish.studio acsbapp.com snap.licdn.com *.linkedin.com *.storylane.io js.monitor.azure.com; style-src 'self' 'unsafe-inline' tags.srv.stackadapt.com resources.forvis.com resources.forvismazars.us *.knowledgeowl.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.twimg.com *.typekit.net *.fontawesome.com; font-src * data:; img-src * data:; media-src 'self' data: blob: *.wistia.com; frame-src 'self' resources.forvis.com resources.forvismazars.us *.libsyn.com *.bkd.com *.yumpu.com *.brightcove.net *.knowledgeowl.com *.twitter.com *.youtube.com *.vimeo.com vimeo.com *.soundcloud.com *.bugherd.com *.google.com *.wistia.com *.wistia.net *.facebook.com *.tableau.com *.googletagmanager.com flo.uri.sh *.cookielaw.org cdn.cookielaw.org *.onetrust.com snap.licdn.com *.linkedin.com *.doubleclick.net *.podbean.com *.storylane.io; child-src 'self' resources.forvis.com resources.forvismazars.us *.libsyn.com *.bkd.com *.yumpu.com *.brightcove.net *.knowledgeowl.com *.twitter.com *.youtube.com *.vimeo.com vimeo.com *.soundcloud.com *.bugherd.com *.google.com *.wistia.com *.wistia.net *.facebook.com *.tableau.com *.googletagmanager.com flo.uri.sh *.cookielaw.org cdn.cookielaw.org *.onetrust.com snap.licdn.com *.linkedin.com *.doubleclick.net *.podbean.com; connect-src 'self' *.google.com google.com *.googleadservices.com *.g.doubleclick.net *.cookielaw.org cdn.cookielaw.org *.onetrust.com tags.srv.stackadapt.com *.google-analytics.com *.google.com *.litix.io *.wistia.com *.bugsnag.com *.pusher.com ws-mt1.pusher.com *.bugherd.com *.googleapis.com *.mktoresp.com 932-bac-700.mktoutil.com acsbapp.com *.acsbapp.com snap.licdn.com *.linkedin.com *.in.applicationinsights.azure.com js.monitor.azure.com; 3
default-src 'self' https://unpkg.com/ https://*.unpkg.com/ https://*.revtrax.com https://irxcm.com/ https://*.pg.com/ https://*.azureedge.net/ https://*.promosvcs.com/ https://*.doubleclick.net/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://*.goskope.com/ https://*.cpnscdn.com/ https://*.ctfassets.net/ https://*.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.com/ https://*.pgsvc.com/ https://*.adsrvr.org/ https://*.google-analytics.com/ https://*.cloudinary.com/ https://*.tiktok.com/ https://*.rpxnow.com/ https://*.googleapis.com/ https://*.cloudfront.net/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://*.segment.com/ https://*.tapad.com/ https://xxredda.s3.amazonaws.com/ https://*.incentives.gcp.pgcloud.com/ https://*.crazyegg.com https://*.rbi-umbrella.com/ blob:; font-src 'self' https://*.gstatic.com/ data: *.abtasty.com; img-src * 'self' https://*.ctfassets.net/ https://*.cpnscdn.com/ https://*.incentives.gcp.pgcloud.com/ blob: data: https: *.abtasty.com; script-src 'strict-dynamic' 'nonce-UCZHR29vZEV2ZXJ5ZGF5Q1NQU2VjdXJpdHk=' 'unsafe-inline' 'unsafe-eval' 'self' https://*.unpkg.com/ https://*.revtrax.com/ https://*.pg.com/ https://*.azureedge.net/ https://*.promosvcs.com/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://*.goskope.com/ https://*.onetrust.com/ https://*.tiktok.com/ https://*.ipify.org/ https://*.instagram.com/ https://*.moatads.com/ https://*.pghub.io/ https://*.tp88trk.com/ https://*.cookielaw.org/ https://*.crazyegg.com/ https://*.pepperjam.com/ https://*.facebook.net/ https://*.gstatic.com/ https://*.google.com/ https://*.lytics.io/ https://*.youtube.com/ https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.cloudfront.net/ https://*.segment.com/ https://*.adsrvr.org/ https://*.doubleclick.net/ https://*.cognigy.ai/ https://*.pypestream.com/ https://*.launchdarkly.com/ https://*.incentives.gcp.pgcloud.com/ blob: *.abtasty.com; style-src 'self' 'unsafe-inline' https://*.lytics.io/ https://*.googleapis.com/ https://*.incentives.gcp.pgcloud.com/ https://*.crazyegg.com *.abtasty.com; frame-src 'self' https://p192942-amj-madetosave-stage-dwahece3dnbwfuf0.centralus-01.azurewebsites.net/ https://*.centralus-01.azurewebsites.net/cvs https://*.centralus-01.azurewebsites.net/dollar-general https://*.centralus-01.azurewebsites.net/instacart https://*.centralus-01.azurewebsites.net/price-chopper https://*.centralus-01.azurewebsites.net/shop-rite https://*.centralus-01.azurewebsites.net/walgreens https://irxcm.com/ https://*.rbi-umbrella.com/ https://*.pinterest.com/ https://*.quotient.com/ https://*.googletagmanager.com/ https://*.revtrax.com/ https://*.ltimindtree.com/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://p192918-pgge-amj-rebate.azurewebsites.net https://p192934-olay-stage.azurewebsites.net/ https://*.onetrust.com/ https://*.ipify.org/ https://*.adsrvr.org/ https://*.lightning.force.com/ https://*.salesforce-sites.com/ https://*.tapad.com/ https://*.pepperjamnetwork.com/ https://*.pg.promosvcs.com/ https://*.facebook.com/ https://*.doubleclick.net/ https://*.coupons.com/ https://*.smartsource.com/ https://*.segmanta.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.zscaler.net/ https://*.crazyegg.com/ https://*.incentives.gcp.pgcloud.com/ https://*.pypestream.com/ https://*.static.lightning.force.com https://xxredda.s3.amazonaws.com/ https://p192918-pgge-amj-rebate-stage.azurewebsites.net/ https://*.azurewebsites.net.rproxy.goskope.com/ https://*.pggoodeveryday.com https://*.pg.com/ https://*.jebbit.com https://*.pghub.io/ *.abtasty.com https://safe.menlosecurity.com/ https://*.menlosecurity.com/ https://analytics.pgbrandsaver.com https://*.pgbrandsaver.com https://192956-pgbs-holiday-stage-hbcfdvc2e0arardn.centralus-01.azurewebsites.net https://r192956.pg.promosvcs.com/ https://r192958-nfl-stage-hgabhvaxgafye5aw.centralus-01.azurewebsites.net https://r192958-nfl-stage-hgabhvaxgafye5aw.centralus-01.azurewebsites.net/walgreens https://r192958.pg.promosvcs.com/ https://r192958.pg.promosvcs.com/walgreens; object-src 'self'; connect-src 'self' https://*.bing.com/ https://bat.bing.com/p/conversions/c/i https://*.rudderstack.com https://cdn.rudderlabs.com https://*.pinterest.com/ https://*.pg.com/ https://*.revtrax.com/ https://*.irxcm.com/ https://*.google-analytics.com/ https://*.visualstudio.com/ https://*.azureedge.net/ https://*.doubleclick.net/ https://*.pg-campaigns.com/ https://*.launchdarkly.com/ https://*.pypestream.com/ wss://*.cognigy.ai/ https://*.onetrust.com/ https://*.ipify.org/ https://*.instagram.com/ https://*.coupon.pg.com/ https://*.zscaler.net/ https://*.contentful.com/ https://*.moatads.com/ https://*.cpnscdn.com/ https://*.ctfassets.net/ https://*.yahoo.com/ https://*.shophermedia.net/ https://*.pghub.io/ https://*.tp88trk.com/ https://*.pepperjam.com/ https://*.facebook.com/ https://*.onetrust.io/ https://*.crazyegg.com/ https://*.cookielaw.org/ https://*.youtube.com/ https://*.rubiconproject.com/ https://*.pg.com/ https://*.adsrvr.org/ https://*.gstatic.com/ https://*.amazon-adsystem.com/ https://*.lytics.io/ https://*.segment.io/ https://*.segment.com/ https://*.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.com/ https://*.pgsvc.com/ https://*.doubleclick.net/ https://*.cloudinary.com/ https://*.tiktok.com/ https://*.rpxnow.com/ https://*.cloudfront.net/ https://*.tapad.com/ https://*.google.com/ https://*.google.co.in/ https://xxredda.s3.amazonaws.com/ https://*.incentives.gcp.pgcloud.com/ https://*.addrexx10.com/ https://*.gcp.pgcloud.com https://*.reddit.com https://www.redditstatic.com https://*.tiktokw.us https://*.bing-int.com https://*.pgbrandsaver.com *.abtasty.com *.outbrain.com; frame-ancestors 'self' https://*.centralus-01.azurewebsites.net/ https://*.centralus-01.azurewebsites.net/cvs https://*.centralus-01.azurewebsites.net/dollar-general https://*.centralus-01.azurewebsites.net/instacart https://*.centralus-01.azurewebsites.net/price-chopper https://*.centralus-01.azurewebsites.net/shop-rite https://*.centralus-01.azurewebsites.net/walgreens https://p192942-amj-madetosave-stage-dwahece3dnbwfuf0.centralus-01.azurewebsites.net/ https://p192918-pgge-amj-rebate-stage.azurewebsites.net/ https://*.pg.promosvcs.com/ https://192956-pgbs-holiday-stage-hbcfdvc2e0arardn.centralus-01.azurewebsites.net https://r192956.pg.promosvcs.com/ https://r192958-nfl-stage-hgabhvaxgafye5aw.centralus-01.azurewebsites.net https://r192958-nfl-stage-hgabhvaxgafye5aw.centralus-01.azurewebsites.net/walgreens https://r192958.pg.promosvcs.com/ https://r192958.pg.promosvcs.com/walgreens 3
default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.telebalance.tv *.my-probance.one *.privacy-center.org *.cloudflareinsights.com *.criteo.com *.googlesyndication.com *.snapchat.com *.r66net.net *.amazon-adsystem.com *.paa-reporting-advertising.amazon https://sc-static.net *.adform.net https://rules.quantcount.com https://secure.quantserve.com/ https://js.adsrvr.org https://stage-data.hipay.com https://mpsnare.iesnare.com https://libs.hipay.com https://mpsnare.iesnare.com/time.mp3 wss://mpsnare.iesnare.com/star https://mpsnare.iesnare.com/star https://rules.quantcount.com/ https://secure.quantserve.com/ https://js.adsrvr.org https://cdn.sticky.io https://mpsnare.iesnare.com https://libs.hipay.com https://mpsnare.iesnare.com/time https://marketing.hachette-partworks.com https://cdn.wishpond.net/connect.js https://u.videostep.com https://analytics.tiktok.com https://www.clarity.ms https://static.r66net.com https://k.r66net.com https://ks.invibes.com https://www.paypalobjects.com https://tag.aticdn.net https://cdn3.actito.com/legacy/actito-goal/goal.js https://www.awin1.com/ https://www.dwin1.com/ https://www.paypal.com https://geolocation.onetrust.com/ https://fevoki.wejekihota.com https://apis.google.com https://cdn.cookielaw.org https://www.googletagmanager.com https://connect.facebook.net https://ws1.postescanada-canadapost.ca https://cdnjs.cloudflare.com https://cdn.doofinder.com https://cdn.hachette-collections.com https://www.google-analytics.com https://www.google.com https://script.hotjar.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://autroliner.com https://cilkonlay.com https://bat.bing.com https://s.pinimg.com https://sp.analytics.yahoo.com https://s.yimg.com https://www.redditstatic.com https://www3.actito.com https://widget.trustpilot.com https://invitejs.trustpilot.com; style-src 'self' 'unsafe-inline' https://libs.hipay.com/ https://www.hachette-collections.com/ https://www.googletagmanager.com https://fonts.googleapis.com https://ws1.postescanada-canadapost.ca https://cdn.hachette-collections.com https://hachettepartworks.com https://www.hachettecollections.com; img-src 'self' data: https://engagedata.go2cloud.org https://tracking.acba.pl *.privacy-center.org *.invibes.com *.b26net.com *.snapchat.com *.r66net.net *.amazon-adsystem.com *.paa-reporting-advertising.amazon https://sc-static.net *.google.pl https://adservice.google.com *.googlesyndication.com https://ad.doubleclick.net https://pixel.quantserve.com *.bing.com *.xiti.com *.clarity.ms https://fonts.gstatic.com https://www.paypalobjects.com https://analytics.tiktok.com https://s.videostep.com https://ks.b26net.com https://ks.invibes.com https://tbs.tradedoubler.com https://tbl.tradedoubler.com https://t.paypal.com https://www.hachette-collections.com https://cdn.cookielaw.org https://www.google.co.il https://www.facebook.com https://ws1.postescanada-canadapost.ca https://hachettepartworks.com https://www.hachettecollections.com https://cdn.hachette-collections.com https://bat.bing.com https://www.google.be https://www.google.com https://www.gstatic.com https://www.google.fr https://www.google-analytics.com https://www.google.ca https://autroliner.com https://www.googletagmanager.com https://www.google.ch https://ct.pinterest.com https://www.google.de https://www.google.co.uk https://www.google.lu https://www.google.it https://www.google.pt https://www.google.co.ma https://scontent-cdg2-1.cdninstagram.com https://alb.reddit.com https://googleads.g.doubleclick.net https://www.google.dk https://scontent-cdt1-1.cdninstagram.com https://info.hachette-collections.com https://www.google.gr https://www.google.tn; font-src 'self' https://www.hachette-collections.com/ https://fonts.gstatic.com https://cdn.hachette-collections.com https://static3.avast.com; media-src 'self' data: https://mpsnare.iesnare.com/ https://cdn.hachette-collections.com https://www.hachette-collections.com https://workbench-www.hachette-collections.com https://hachettepartworks.com https://www.hachettecollections.com; connect-src 'self' *.tiktokw.us *.criteo.com *.privacy-center.org *.trustpilot.com *.googletagmanager.com https://www.hachette-collections.com https://analytics-ipv6.tiktokw.us https://privacyportal-de.onetrust.com *.googleadservices.com *.snapchat.com *.r66net.net *.r66net.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon https://sc-static.net *.kolekcja-poezja.pl *.yottacapi.pl *.google.pl https://data.hipay.com/checkout-data wss://mpsnare.iesnare.com/star *.doubleclick.net *.googlesyndication.com *.redditstatic.com *.reddit.com https://adservice.google.com https://pixel.quantcount.com https://google.com https://secure-gateway.hipay-tpp.com https://hachettepartworks.sticky.io https://marketing.hachette-partworks.com *.xiti.com *.google.fr *.analytics.google.com https://content.hotjar.io *.google-analytics.com wss://*.hotjar.com *.hotjar.com *.clarity.ms *.invibes.com/ https://analytics.tiktok.com https://region1.google-analytics.com https://geolocation.onetrust.com https://www.sandbox.paypal.com https://www.paypal.com https://privacyportal-eu.onetrust.com https://privacyportal-fr.onetrust.com https://1637314617.rsc.cdn77.org https://cdn.cookielaw.org https://stage-secure2-vault.hipay-tpp.com https://ws1.postescanada-canadapost.ca https://eu1-search.doofinder.com https://secure2-vault.hipay-tpp.com https://bat.bing.com https://in.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://ct.pinterest.com https://s.yimg.com https://vc.hotjar.io https://www.facebook.com; frame-src 'self' *.criteo.com *.snapchat.com *.saferpay.com *.psp-solutions.com *.googletagmanager.com *.doubleclick.net https://td.doubleclick.net https://ad.doubleclick.net https://cdn.sticky.io https://cdn.wishpond.net/ https://libs.hipay.com https://www.paypalobjects.com/ https://www.facebook.com/ https://tbs.tradedoubler.com/ https://www.pinterest.fr/ https://www.pinterest.com/ https://www.sandbox.paypal.com https://www.paypal.com https://checkout.slimpay.net https://checkout.preprod.slimpay.com https://accounts.google.com https://www.youtube.com *.moneris.com *.sticky.io https://w.soundcloud.com https://vars.hotjar.com https://bid.g.doubleclick.net https://aax-eu.amazon-adsystem.com https://widget.trustpilot.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri /report.php 3
default-src 'self'; script-src 'self'; 3
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com; frame-ancestors 'self'; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com  https://googleads.g.doubleclick.net; upgrade-insecure-requests; 3
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: ; img-src * data: ; connect-src * ; worker-src blob: ; frame-ancestors https://secure.quia.com https://secure.quia.backboneintegration.ixl.dev:9301 https://secure.quia.alpha.ixl.dev:9301 https://secure.quia.rsmarketingbuypage.ixl.dev:9301 https://www.quia.cap:12301 https://www.quia.cap:65201 https://www.quia.n:22401 https://secure.quia.s:19501 https://www.quia.t:12001 ; 3
frame-ancestors 'self' *.alineops.com; 3
frame-ancestors 'self'; form-action 'self'; base-uri 'self'; object-src 'none'; 3
connect-src 'self' https://legal.dev.myptv.com https://api.privacy-center.org https://region1.google-analytics.com https://px.ads.linkedin.com https://legal.staging.myptv.com https://legal.myptv.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://api.myptv.com https://login.myptv.com https://login.staging.myptv.com https://gateway.myptv.com https://analytics.google.com https://collector.leadinfo.net https://api.leadinfo.com https://www.google.de https://www.google.it https://www.google.fr https://www.google.at https://www.google.nl https://www.google.es https://www.google.com https://www.google.com.au https://www.google.ru https://bat.bing.com https://*.omappapi.com https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://o.clarity.ms https://api.allbound.eu https://cdn.socket.io https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: https://curie-static.myptv.com https://fonts.gstatic.com https://fonts.chatbotbuilder.net; img-src 'self' blob: data: https://www.ptvgroup.com https://px.ads.linkedin.com https://s1398155824.t.eloqua.com https://blog.ptvlogistics.com https://gateway.myptv.com https://www.google.de https://www.google.it https://www.google.fr https://www.google.at https://www.google.nl https://www.google.es https://www.google.com https://www.google.com.au https://www.google.ru https://www.google.co.in https://www.google.sk https://www.google.lv https://widgets.kununu.com https://assets.kununu.com https://trck.ptvlogistics.com https://*.omappapi.com https://forms-eu1.hsforms.com https://ptvgroup.allbound.eu https://ptvlogistics.allbound.eu https://dlvkyia8i4zmz.cloudfront.net https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://sdk.privacy-center.org https://*.omappapi.com https://widget.manychat.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://sdk.privacy-center.org https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://img03.en25.com https://googleads.g.doubleclick.net https://cdn.leadinfo.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://bat.bing.com https://cdn.jsdelivr.net https://get.smart-data-systems.com https://img.en25.com https://*.omappapi.com https://widget.manychat.com https://js-eu1.hsforms.net https://www.clarity.ms https://www.youtube.com https://ab-eu-prod-partner-locator.s3-eu-central-1.amazonaws.com https://herrmann24.chatbotbuilder.net https://cdn.socket.io cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.omappapi.com https://fonts.googleapis.com https://fonts.chatbotbuilder.net https://herrmann24.chatbotbuilder.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self'; frame-ancestors * 3
frame-ancestors 'self' https://rewards.theexcellencecollection.com https://tecloyalty.c5.stage.livecms.site; 3
frame-ancestors https://p-backoffice.b2c.gebr-heinemann.com/ 3
style-src 'self' 'unsafe-inline' *.eunetic.com *.eunetic.com *.consentmanager.net *.tinymce.com *.tiny.cloud *.googleapis.com *.gstatic.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://chat.copexa.net https://chat.webwide.de https://chat.eunetic.com https://googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.googletagmanager.com; script-src *.eunetic.com 'self' 'unsafe-inline' *.eunetic.com *.tinymce.com *.tiny.cloud *.googleapis.com *.hotjar.com *.hotjar.io https://onstats.de https://www.callexa.com https://cdn.ckeditor.com https://js.stripe.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://chat.copexa.net https://chat.webwide.de https://chat.eunetic.com *.google.com https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.consentmanager.net *.acsbapp.com; object-src 'self'; img-src 'self' *.eunetic.com *.consentmanager.net *.tinymce.com *.tiny.cloud *.googleapis.com cdn.ckeditor.com chat.copexa.net www.callexa.com onstats.de *.freepik.com pay.webwide.net https://googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://googleads.g.doubleclick.net https://www.google.com https://google.com data: blob:; connect-src 'self' *.eunetic.com *.tinymce.com *.tiny.cloud *.googleapis.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com https://onstats.de https://www.callexa.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de *.consentmanager.net *.acsbapp.com; worker-src 'self' blob:; font-src 'self' *.eunetic.com *.consentmanager.net *.tinymce.com *.tiny.cloud *.gstatic.com data: 3
img-src 'self' data: https: *.yandex.ru *.google-analytics.com *.facebook.com *.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdnjs.cloudflare.com *.yandex.ru *.yandex.com *.google.com *.google-analytics.com *.googlesyndication.com *.googleadservices.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.discord.com *.discord.gg t.me *.telegram.org *.doubleclick.net *.mail.ru analytics.tiktok.com *.tiktok.com *.tiktokw.us; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.googleapis.com maxcdn.bootstrapcdn.com; connect-src 'self' *.yandex.ru *.yandex.com *.betatransfer.io *.cryptocloud.plus *.freekassa.com *.morune.com *.wata.pro *.stripe.com *.monobank.ua send.monobank.ua api.monobank.ua *.lckco.com lckco.com qr.lckco.com *.discord.com *.discord.gg t.me *.telegram.org *.google-analytics.com analytics.google.com www.google.com *.google.com *.googleadservices.com *.googlesyndication.com *.facebook.com *.facebook.net *.doubleclick.net analytics.tiktok.com *.tiktok.com *.tiktokw.us checkout.overpay.io *.overpay.io engine-sandbox.pay.tech *.pay.tech engine.pay.tech *.paycart.click paycart.click engine.avepay.com *.avepay.com avepay.com *.conversionsapigateway.com *.us-central1.run.app *.run.app; font-src 'self' data: *.gstatic.com fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src 'self' *.yandex.ru mc.yandex.ru mc.yandex.com *.google.com *.youtube.com www.youtube.com *.betatransfer.io *.cryptocloud.plus pay.freekassa.com *.morune.com *.wata.pro *.lckco.com qr.lckco.com discord.com *.discord.com *.discord.gg t.me *.telegram.org *.googletagmanager.com *.doubleclick.net td.doubleclick.net checkout.overpay.io *.overpay.io engine-sandbox.pay.tech *.pay.tech engine.pay.tech *.paycart.click paycart.click engine.avepay.com *.avepay.com avepay.com *.freekassa.com payment.kassa.ai pay.fk.money *.antilopay.com gate.antilopay.com severpay.io *.severpay.io; frame-ancestors 'none'; default-src 'self' https:; form-action 'self' *.betatransfer.io *.cryptocloud.plus *.freekassa.com *.morune.com *.wata.pro *.stripe.com *.monobank.ua send.monobank.ua api.monobank.ua *.lckco.com lckco.com qr.lckco.com mwisand.com qr.mwisand.com resjoydc.com qr.resjoydc.com discord.com *.discord.com discord.gg *.discord.gg t.me *.telegram.org *.paypal.com paypal.com api-m.paypal.com api-m.sandbox.paypal.com brondurnet.com checkout.overpay.io *.overpay.io engine-sandbox.pay.tech *.pay.tech engine.pay.tech *.paycart.click paycart.click engine.avepay.com *.avepay.com avepay.com pay.paysafe.biz payment.kassa.ai pay.fk.money *.antilopay.com gate.antilopay.com *.severpay.io itemservice.net ai55.link bestpayment.link *.paymentlnk.com *.paymentsafe.online *.securepayworld.me ptradepay.com; base-uri 'self'; upgrade-insecure-requests 3
frame-ancestors 'self' mopinion.com app.mopinion.com 3
frame-ancestors 'self' shopmetrics.com *.shopmetrics.com gigspot.com *.gigspot.com *.velocity.online; object-src 'self'; 3
default-src 'self' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://www.googletagmanager.com https://www.youtube.com https://*.youtube.com http://youtu.be https://www.google.com https://fonts.gstatic.com https://twitter.com https://*.twitter.com https://platform-lookaside.fbsbx.com https://streamable.com https://player.vimeo.com https://player.twitch.tv https://gfycat.com https://discordapp.com https://discord.com https://cdn.iframe.ly https://www.google-analytics.com https://stats.g.doubleclick.net https://if-cdn.com https://*.hotjar.com https://vc.hotjar.io/ wss://*.hotjar.com https://gleam.io https://not-ga.dlcompare.services; style-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.jsdelivr.net https://connect.facebook.net https://platform.twitter.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.gleam.io https://*.gleamjs.io/ https://*.google.com https://not-ga.dlcompare.services https://static.cloudflareinsights.com; img-src 'self' data: https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.akamai.steamstatic.com https://steamcdn-a.akamaihd.net https://cdn.staticaly.com https://graph.facebook.com https://*.twitter.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://i.imgur.com https://if-cdn.com https://www.google-analytics.com https://platform-lookaside.fbsbx.com https://www.google.com https://*.fbcdn.net https://*.hotjar.com https://*.gleam.io https://flagcdn.com https://cdn.discordapp.com https://discord.com https://www.googletagmanager.com; frame-ancestors 'self' 3
default-src https: 'unsafe-eval' 'unsafe-inline' data: 'self' *.kiavi.com *.lh-qa.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hs-sites.com *.hsadspixel.net *.hsappstatic.net *.hscollectedforms.net *.hscta.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubapi.com *.hubspot.com *.hubspot.net *.hubspotfeedback.com *.hubspotusercontent20.net *.hubspotvideo.com *.usemessages.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adroll.com https://*.adsymptotic.com https://*.analytics.yahoo.com https://*.bing.com https://*.doubleclick.net https://*.facebook.com https://*.linkedin.com; object-src 'none';; upgrade-insecure-requests 3
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; media-src * data: blob:; font-src * data: blob:; connect-src *; frame-src *; object-src * 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: javascript: https://cdn.userway.org/ instagram.com https://public.tableau.com https://api.clientify.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app widget02.wolkvox.com d335luupugsy2.cloudfront.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net checkout.wompi.co *app.sitp.gov.co *.firebaseio.com *.aldeamo.com *.bootstrapcdn.com *.cloudflare.com https://chat1-cls27.i6.inconcertcc.com https://webchat-cls27.i6.inconcertcc.com *.facebook.net *.fontawesome.com https://mas-spn.inconcertcc.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.hippochat.io *.hotjar.com *.jquery.com *.jsdelivr.net *.livechatinc.com *.snapengage.com *.twimg.com *.twitter.com *.uniquindio.edu.co unpkg.com *.ytimg.com *.youtube.com *.zendesk.com ; img-src 'self' blob: data: javascript: https://c.tile.openstreetmap.org/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://www.google.com.co/ https://cdn.userway.org/ *.aldeamo.com *.amazonaws.com *.bluemessaging.net *.cool especiales.presidencia.gov.co *.facebook.com fuguchat.s3.ap-south-1.amazonaws.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com *.hippochat.io *.hotjar.com *.livechatinc.com sedeelectronica.com.co sellodeexcelencia.gov.co *.snapengage.com s-static.ak.facebook.com stats.g.doubleclick.net synersis.co:8442 smartlink.cool *.twimg.com *.twitter.com *.uniquindio.edu.co vozme.com *.youtube.com *.zendesk.com ; style-src 'self' 'unsafe-inline' https://cdn.userway.org/ https://apps.clientify.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net *.aldeamo.com *.bootstrapcdn.com govco.sedeelectronica.com.co ton.twimg.com *.cali.gov.co https://mas-spn.inconcertcc.com https://cdn.jsdelivr.net  *.cloudflare.com *.fontawesome.com *.hippochat.io *.hotjar.com *.jquery.com *.nexura.com *.gstatic.com *.google.com *.googleapis.com sedeelectronica.com.co *.twitter.com *.uniquindio.edu.co *.zendesk.com ; font-src 'self' data: *.cali.gov.co https://cdn.userway.org/ https://mas-spn.inconcertcc.com govco.sedeelectronica.com.co sedeelectronica.com.co *.fontawesome.com *.hotjar.com *.bootstrapcdn.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.nexura.com sedeelectronica.com.co *.uniquindio.edu.co ; object-src 'self' data: ; frame-ancestors 'self' *.nexura.com *.uniquindio.edu.co ; media-src 'self' blob: https://c11.radioboss.fm:18054/stream  *.radioboss.fm:18054/stream  *.uniquindio.edu.co vozme.com smartlink.cool *.smartlink.cool ; 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; img-src * blob: data:; font-src * data:; worker-src * blob:; child-src * blob: gap:; media-src * blob: 3
object-src data: 'unsafe-eval' 3
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.hetlmedia.com https://securepubads.g.doubleclick.net https://www.googletagservices.com https://prebid.adnxs.com https://ow.pubmatic.com https://*.pubmatic.com https://*.rubiconproject.com https://*.smartadserver.com https://*.sharethrough.com https://*.stpd.cloud https://*.lijit.com https://*.sovrn.com https://cdn.id5-sync.com https://*.media.net https://*.minutemedia.com https:; connect-src 'self' https: wss: https://securepubads.g.doubleclick.net https://www.googletagservices.com https://prebid.adnxs.com https://ow.pubmatic.com https://*.pubmatic.com https://*.rubiconproject.com https://*.smartadserver.com https://*.sharethrough.com https://*.stpd.cloud https://*.lijit.com https://*.sovrn.com https://cdn.id5-sync.com https://*.media.net https://*.minutemedia.com; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src 'self' https: blob:; media-src 'self' https: blob:; worker-src 'self' blob:; manifest-src 'self'; 3
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: https://f86a65dca19a.edge.sdk.awswaf.com; connect-src https: wss:; font-src https: data:; 3
frame-ancestors 'self' https://* http://* 3
frame-ancestors https://*.wfscorp.com 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 3
img-src *  https: data:; object-src 'none'; frame-ancestors 'self' https://app.contentful.com  3
default-src https: data: 'unsafe-eval' 'unsafe-inline' 3
script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net *.facebook.com static.cloudflareinsights.com www.gstatic.com e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com *.ibb.co.com *.facebook.com www.googletagmanager.com e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.jsdelivr.net e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;form-action 'self' *.facebook.com;frame-src static.goolec.com www.youtube.com youtube.com *.facebook.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com *.facebook.com e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;media-src e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';frame-ancestors 'self';object-src 'none' 3
connect-src 'self' *.luigisbox.com *.google.com *.google.cz *.google.sk *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.googlesyndication.com skoda-dily-db3 *.doubleclick.net *.mail-komplet.cz *.groovehq.com *.europa.eu *.deepl.com *.jquery.com *.heureka.cz *.heureka.sk *.facebook.net *.jquery.com 3
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https: maps.googleapis.com ekr.zdassets.com zendesk.com *.zendesk.com; style-src 'self' 'unsafe-inline' https: maps.googleapis.com ekr.zdassets.com zendesk.com *.zendesk.com; img-src 'self' data: https: maps.googleapis.com ekr.zdassets.com zendesk.com *.zendesk.com; font-src 'self' data: https: maps.googleapis.com ekr.zdassets.com zendesk.com *.zendesk.com; frame-src 'self' https: maps.googleapis.com ekr.zdassets.com zendesk.com *.zendesk.com; 3
frame-ancestors 'self' *.hotmart.com hotmart.com *.hotmart.host *.klickpages.com.br sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br http://aporasal.net https://aporasal.net http://adf.ly https://adf.ly 3
frame-ancestors 'self' https://app.contentful.com https://jeu.lactel.fr https://pp-jeu.lactel.fr; 3
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://munchkin.marketo.net https://835-LYB-953.mktoweb.com https://cdn.auth0.com https://7052064.fs1.hubspotusercontent-na1.net https://www2.canton.network https://*.brighttalk.com https://*.hsappstatic.net https://unpkg.com https://*.osano.com https://*.digitalasset.com https://*.simpleanalyticscdn.com https://cdnjs.cloudflare.com https://recaptcha.net https://*.googlesyndication.com https://*.ampproject.org https://bing.net https://bat.bing.com https://gist.github.com/da-blog/ https://*.fontawesome.com https://*.ads-twitter.com https://d20519brkbo4nz.cloudfront.net https://*.twitter.com https://*.hscta.net https://*.hubspot.com https://*.hubspot.net https://*.googletagmanager.com https://js.hs-scripts.com https://*.hsforms.net  https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.jquery.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.linkedin.com https://*.hs-banner.com https://*.licdn.com https://*.googleadservices.com https://*.doubleclick.net https://*.hsadspixel.net https://*.greenhouse.io https://d10lpsik1i8c69.cloudfront.net https://*.gstatic.com https://7528304.fs1.hubspotusercontent-na1.net;style-src 'self' 'unsafe-inline' 'report-sample' https://835-LYB-953.mktoweb.com https://7052064.fs1.hubspotusercontent-na1.net  https://unpkg.com https://*.digitalasset.com https://*.googletagmanager.com https://github.githubassets.com/ https://*.googleapis.com https://cdnjs.cloudflare.com https://cdn2.hubspot.net https://*.hsappstatic.net https://d10lpsik1i8c69.cloudfront.net https://*.twitter.com;img-src 'self' data: https:;connect-src 'self' https://835-lyb-953.mktoresp.com https://835-lyb-953.mktoutil.com https://835-lyb-953.mktoweb.com https://*.googleadservices.com https://*.google.com https://forms.hsforms.com https://cdn.auth0.com https://canton-network-demos.us.auth0.com https://*.linkedin.com https://*.hscollectedforms.net https://*.osano.com https://*.oribi.io https://hubspot-forms-static-embed.s3.amazonaws.com https://*.simpleanalyticscdn.com https://*.twitter.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://*.hs-banner.com https://*.bing.com https://*.bing.net https://*.fontawesome.com https://pubsub.googleapis.com https://*.google.com https://*.hubspot.com https://cdn.contentful.com https://*.daml.com https://*.google-analytics.com https://*.sitesearch360.com https://*.hubapi.com https://*.hubspot.net https://p.adsymptotic.com https://*.daml.com https://daml.com wss://*.visitors.live https://*.digitalasset.com https://*.doubleclick.net https://*.ucweb.com;font-src 'self' data: https://2704830.fs1.hubspotusercontent-na1.net https://*.fontawesome.com https://*.digitalasset.com https://*.gstatic.com https://cdnjs.cloudflare.com https://*.hubspot.net;media-src https://d10lpsik1i8c69.cloudfront.net;frame-src 'self' https://835-LYB-953.mktoweb.com https://lu.ma https://www.linkedin.com https://player.simplecast.com/ https://play.hubspotvideo.com https://*.brighttalk.com https://*.canton.network https://streamyard.com/ https://*.digitalasset.com https://*.hubspot.com https://*.googletagmanager.com https://*.googlesyndication.com https://www.google.com https://digitalasset.zoom.us https://*.hsforms.com https://*.vimeo.com https://*.daml.com https://*.twitter.com https://*.doubleclick.net https://*.greenhouse.io https://fireside.fm https://player.fireside.fm https://*.youtube.com;manifest-src 'self';child-src 'self';worker-src 'self' blob:;object-src 'none';form-action 'self' 'unsafe-inline' https://forms.hsforms.com;frame-ancestors 'self' https://*.digitalasset.com;base-uri 'self' https://*.digitalasset.com;upgrade-insecure-requests;report-to csp-endpoint 3
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gammagroup.co *.leadinfo.net *.messengerpeople.com *.clarity.ms *.tailwindcss.com *.jsdelivr.net ipecs-engage-admin-prod-tpnjp2gz4q-ew.a.run.app rest.ably.io internet-up.ably-realtime.com answer.engage.cosoft.co.uk one1.ipecs-cloud.co.uk *.cosoft.co.uk *.sopro.io *.cookiebot.com *.yolawo.de *.teads.tv teads.tv *.adnxs.com *.fullstory.com *.zi-scripts.com gstatic.com www.gstatic.com sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com wpmudev.com *.metadata.io metadata.io *.6sc.co *.wpengine.com *.youtube.com *.vimeo.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hscta.net *.hs-analytics.net *.wistia.com *.wistia.net *.cloudfront.net *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.google.co.uk *.google.dk *.google.com *.googlesyndication.com  *.doubleclick.net *.hotjar.com *.facebook.net *.twitter.com *.twimg.com *.litix.io *.yoast.com yoast.com *.clicktale.net *.cloudflare.com *.helpforsmartphone.com *.usemessages.com *.licdn.com *.linkedin.com *.pardot.com *.gamma.co.uk *.luckyorange.net *.luckyorange.com *.qualified.com *.ampproject.org *.bing.com *.nitrocdn.com nitropack.io nitroscripts.com *.mutinycdn.com *.adroll.com *.zoominfo.com *.clickagy.com; connect-src 'self' 'unsafe-inline' *.leadinfo.com *.leadinfo.net *.messengerpeople.com *.sinch.com *.msgp.pl api.ipify.org ipecs-engage-admin-prod-tpnjp2gz4q-ew.a.run.app rest.ably.io internet-up.ably-realtime.com answer.engage.cosoft.co.uk one1.ipecs-cloud.co.uk *.clickagy.com *.clarity.ms *.tailwindcss.com *.bing.com *.bing.net facebook.com *.sopro.io *.googlesyndication.com *.cookiebot.com *.metadata.io metadata.io *.yolawo.de *.teads.tv teads.tv *.zi-scripts.com google.com noembed.com *.plyr.io *.linkedin.com *.sleeknote.com cdnjs.cloudflare.com fonts.googleapis.com images.sleeknote.com sleeknotestaticcontent.sleeknote.com sleeknotecustomerscripts.sleeknote.com wpmudev.com *.6sc.co *.fullstory.com *.mutinycdn.com *.mutinyhq.io *.wpengine.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.wistia.com *.wistia.net *.akamaihd.net *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.google.com *.google.co.uk *.google.fi *.doubleclick.net *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.net *.litix.io *.yoast.com yoast.com ws.zoominfo.com wss://*.luckyorange.net wss://*.luckyorange.com *.luckyorange.net *.pardot.com *.luckyorange.com wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ *.visitors.live *.socket.io *.qualified.com wss://*.qualified.com *.twiliocdn.com *.twilio.com wss://*.twilio.com *.gamma.co.uk *.apps.gamma.co.uk *.ampproject.org wss://*.visitors.live *.adnxs.com *.nitrocdn.com *.getnitropack.com nitropack.io nitroscripts.com; style-src 'self' 'unsafe-inline' data: sleeknotestaticcontent.sleeknote.com *.jsdelivr.net *.wpengine.com *.bootstrapcdn.com *.googleapis.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.gamma.co.uk *.twitter.com *.twimg.com *.qualified.com *.typekit.net *.nitrocdn.com; font-src 'self' data: fonts.gstatic.com sleeknotestaticcontent.sleeknote.com *.mutinycdn.com *.wpengine.com *.bootstrapcdn.com *.wistia.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.slideshare.net *.slidesharecdn.com *.qualified.com *.typekit.net *.gamma.co.uk *.wearegamma.co.uk *.nitrocdn.com *.adroll.com; frame-src 'self' blob: data: 'unsafe-inline' clarity.microsoft.com *.googletagmanager.com *.statuspage.io *.gammagroup.co *.office.com *.circleloop.com *.cookiebot.com *.yolawo.de *.teads.tv *.maptive.com *.linkedin.com *.wpengine.com *.hsforms.com *.pardot.com *.hsforms.net *.vimeo.com *.wistia.com *.wistia.net *.gamma.co.uk *.hotjar.com *.litix.io *.doubleclick.net *.facebook.net *.yoast.com yoast.com *.cloudfront.net *.flife.de *.investis.com *.three.co.uk *.apnsettings.mobi *.twitter.com *.slideshare.net *.helpforsmartphone.com *.googlesyndication.com *.google.se *.google.com *.youtube.com *.hubspot.com *.qualified.com *.mobilethink.net *.instagram.com; child-src 'self' blob: 'unsafe-inline' *.mutinycdn.com *.wpengine.com *.wistia.com *.wistia.net *.gamma.co.uk *.hotjar.com *.litix.io *.doubleclick.net *.facebook.net *.yoast.com yoast.com *.cloudfront.net *.flife.de *.investis.com *.three.co.uk *.apnsettings.mobi *.slideshare.net *.qualified.com; media-src * blob: *.wpengine.com *.bing.net *.wistia.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.akamaihd.net *.qualified.com *.sleeknote *.nitrocdn.com; object-src 'self' *.cloudfront.net; img-src 'self' data: blob: 'unsafe-inline' *.cookiebot.com *.clarity.ms *.tailwindcss.com *.clickagy.com claritystatic.blob.core.windows.net *.youtube.com i.ytimg.com *.yolawo.de *.teads.tv teads.tv *.adxns.com *.edkt.io sleeknotestaticcontent.sleeknote.com analytics.sleeknote.com *.6sc.co *.mutinycdn.com *.wpengine.com *.wp.com *.yoast.com yoast.com *.cloudfront.net *.pardot.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.wistia.com *.wistia.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.google.com google.com *.google.co.uk *.google.se *.google.ae *.google.nl *.google.es *.google.ie *.google.lv *.googleapis.com *.wpmudev.org *.adroll.com *.doubleclick.net *.hotjar.com *.akamaihd.net *.rubiconproject.com *.advertising.com *.facebook.com *.twitter.com *.twimg.com *.casalemedia.com *.outbrain.net *.outbrain.com *.pubmatic.net *.pubmatic.com *.taboola.net *.taboola.com *.yahoo.com *.bidswitch.net *.openx.net *.adnxs.com *.digitru.st *.3lift.com *.adsymptotic.com *.rundsp.com *.bidr.io *.w55c.net *.adsrvr.org *.placelocal.com *.demdex.net *.nexac.com *.gravatar.com *.bing.com *.mathtag.com *.yume.com *.liadm.com *.exelator.com *.turn.com *.undertone.com *.tidaltv.com *.w.org *.everesttech.net *.pippio.com *.eyeviewads.com *.mxptint.net *.cardlytics.com *.ml314.com *.crwdcntrl.net *.simpli.fi *.addthis.com *.insightexpressai.com *.entitytag.co.uk *.rfihub.com *.adlucent.com qualified-production.s3.amazonaws.com *.qualified.com *.linkedin.com *.scatec.io *.nitrocdn.com *.nitropack.io *.getnitropack.com; 3
style-src * blob: 'unsafe-inline'; img-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; media-src * data: 'unsafe-inline'; connect-src * ws: wss:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 3
default-src 'self' https://*.ipc-computer.de https://*.ipc-computer.eu https://*.ipc-computer.fr https://*.ipc-computer.es https://*.sparepartworld.com https://*.clarity.ms https://*.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ipc-computer.de https://widgets.trustedshops.com https://www.google.com https://www.gstatic.com  https://*.mida.so https://www.googletagmanager.com https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://checkout.dibspayment.eu https://unpkg.com https://*.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://*.contentsquare.net https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://checkout.dibspayment.eu https://*.mida.so  https://*.googleapis.com https://www.googletagmanager.com https://*.ipc-computer.de https://*.amazonaws.com; img-src 'self' data: https://*.ipc-computer.de https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://userlike-cdn-operators.userlike.com https://*.ytimg.com https://img.youtube.com https://widgets.trustedshops.com https://www.paypalobjects.com https://*.paypal.com https://*.amazonaws.com https://userlike-cdn-umm.b-cdn.net  https://*.bpcontent.cloud https://*.contentsquare.net https://*.clarity.ms; media-src 'self' data:; font-src 'self' data: https://*.gstatic.com https://userlike-cdn-umm.b-cdn.net; connect-src 'self' https://*.ipc-computer.de https://*.mida.so  https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net https://*.etrusted.com https://api.userlike.com wss://umd.userlike.com https://*.trustedshops.com https://*.paypal.com https://checkout.dibspayment.eu https://vendorlist.consensu.org https://*.amazonaws.com https://userlike-cdn-umm.b-cdn.net  wss://*.botpress.cloud https://*.bpcontent.cloud https://*.contentsquare.net https://*.clarity.ms; object-src 'none'; frame-src 'self' https://*.ipc-computer.de https://*.paypal.com https://checkout.dibspayment.eu https://www.google.com https://www.youtube-nocookie.com; worker-src  'self' blob:; report-uri https://www.ipc-computer.de/csp-violation-log.php; 3
frame-ancestors https://matomo.druide.com; 3
base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://*.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.in.applicationinsights.azure.com https://*.svc.dynamics.com https://cdn.linkedin.oribi.io wss://*.hotjar.com https://content.hotjar.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://vc.hotjar.io wss://localhost:44398 https://px.ads.linkedin.com https://metrics.hotjar.io https://assets-gbr.mkt.dynamics.com https://public-gbr.mkt.dynamics.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net; default-src 'none'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self' https://*.worldpay.com; frame-ancestors 'self' https://ricardo.saleshood.com; frame-src 'self' https://*.cookiebot.com/ https://*.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://*.svc.dynamics.com https://player.vimeo.com https://irs.tools.investis.com https://otp.tools.investis.com https://calendly.com https://outlook.office365.com https://embed.mindstamp.com https://www.googletagmanager.com https://td.doubleclick.net https://experience.arcgis.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://*.doubleclick.net https://*.google.com https://www.google.co.uk https://*.svc.dynamics.com https://*.google-analytics.com https://i.vimeocdn.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://unpkg.com https://imgsct.cookiebot.com; media-src 'self' https://player.vimeo.com http://vod-progressive.akamaized.net https://vod-progressive.akamaized.net https://download-video.akamaized.net https://vod-progressive-ak.vimeocdn.com https://download-video-ak.vimeocdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://js.monitor.azure.com https://maps.googleapis.com https://mathjax.rstudio.com https://*.vimeo.com https://*.calendly.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://optimize.google.com; 3
img-src * blob: data:;font-src * 3
default-src 'self' *.visualwebsiteoptimizer.com app.vwo.com www.youtube.com www.youtube-nocookie.com *.gstatic.com *.google.com *.doubleclick.net *.google-analytics.com; script-src 'self' app.tolkie.nl cdn.tolkie.nl 'unsafe-inline' 'unsafe-eval' blob: static.hsappstatic.net feedback-eu1.hubapi.com feedback.hubapi.com *.hubspotfeedback.com *.hs-scripts.com uwzorgonline.nl *.hubspot.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hsadspixel.net *.hs-analytics.net js.hscta.net js-eu1.hscta.net static.hsappstatic.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.usemessages.com *.hs-banner.com *.doubleclick.net *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.googleoptimize.com *.googletagmanager.com *.zoho.eu *.maillist-manage.eu maillist-manage.eu cdn.pushcrew.com; style-src * 'unsafe-inline' app.tolkie.nl cdn.tolkie.nl uwzorgonline.nl *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com cdn2.hubspot.net *.googletagmanager.com fonts.googleapis.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; frame-src  app.tolkie.nl cdn.tolkie.nl app-eu1.hubspot.com *.hsforms.net *.hsforms.com *.hs-banner.com *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com *.hubspot.net play.hubspotvideo.com play-eu1.hubspotvideo.com youtube.com www.youtube.com *.google.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com; connect-src 'self' api.tolkie.nl https://app.tolkie.nl https://cdn.tolkie.nl *.hubapi.com *.hscollectedforms.net *.hsforms.com js.hscta.net js-eu1.hscta.net *.hubspot.com *.doubleclick.net *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com region1.google-analytics.com *.google.com; img-src 'self' app.tolkie.nl cdn.tolkie.nl uwzorgonline.nl *.hsforms.net *.hsforms.com js.hscta.net js-eu1.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com *.googletagmanager.com app.vwo.com useruploads.vwo.io cdn.pushcrew.com api.media.atlassian.com uwzorgonline.atlassian.net data: *.uwzorgonline.nl uwzorgonline.nl *.gravatar.com *.google-analytics.com; font-src 'self' data: app.tolkie.nl cdn.tolkie.nl *.gstatic.com fonts.googleapis.com; object-src 'none'; frame-ancestors 'self' *.visualwebsiteoptimizer.com app.vwo.com; child-src *.hsforms.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com; worker-src 'self' blob: 3
default-src 'self';     script-src 'self' 'unsafe-inline' 'unsafe-eval'       https://cdn-cookieyes.com       https://www.googletagmanager.com       https://www.google-analytics.com       https://googleads.g.doubleclick.net;     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;     font-src 'self' https://fonts.gstatic.com data:;     img-src 'self' https://zisson.com https://www.zisson.com data:       https://www.google.com       https://www.google.fi       https://www.googleadservices.com       https://googleads.g.doubleclick.net       https://cdn-cookieyes.com;     connect-src 'self'       https://www.google-analytics.com       https://region1.google-analytics.com       https://dc.services.visualstudio.com       https://log.cookieyes.com       https://cdn-cookieyes.com       https://www.google.com;     frame-src 'self'       https://form.socialboards.com       https://faq.socialboards.com       https://www.google.com       https://www.googletagmanager.com       https://www.youtube.com;     worker-src 'self' blob:;    3
default-src 'self' reserve.sandsresortsmacao.com;  worker-src 'self' blob:;   connect-src 'self' ad.doubleclick.net bat.bing.net insight.adsrvr.org ampcid.google.com.hk reserve.sandsresortsmacao.com assets.sandsresortsmacao.cn *.wistia.com *.google.com stats.g.doubleclick.net *.litix.io www.google-analytics.com bat.bing.com i.ctnsnet.com;   frame-src 'self' *.adsrvr.org *.doubleclick.net www.googletagmanager.com consentag.eu;   img-src 'self' ib.adnxs.com bat.bing.net data: *.sandsresortsmacao.cn www.google.com.hk www.google-analytics.com www.googletagmanager.com *.wistia.com *.doubleclick.net bat.bing.com *.tribalfusion.com www.facebook.com *.google.com fourier.alibaba.com hm.baidu.com sp.analytics.yahoo.com;   font-src 'self' data: assets.sandsresortsmacao.cn img.yzcdn.cn;   media-src 'self' assets.sandsresortsmacao.cn blob:;   style-src 'self' 'unsafe-inline' assets.sandsresortsmacao.cn;   script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tribalfusion.com *.ipinyou.com *.sentry-cdn.com assets.sandsresortsmacao.cn bat.bing.com bj.openstorage.cn cdn.ctnsnet.com cdnjs.cloudflare.com connect.facebook.net consentag.eu fast.wistia.com googleads.g.doubleclick.net js.adsrvr.org s.salecycle.com s.yimg.com tags.tiqcdn.cn tags.tiqcdn.com www.googletagmanager.com www.google-analytics.com g.alicdn.com cf.aliyun.com ynuf.aliapp.org *.tdum.alibaba.com www.googleadservices.com ampcid.google.com.hk hm.baidu.com fxgate.baidu.com js.queentm.com customs.affilired.com i.ctnsnet.com https://g.alicdn.com cf.aliyun.com ynuf.aliapp.org *.tdum.alibaba.com www.google.com.hk www.google.com sp.analytics.yahoo.com; 3
frame-src *; frame-ancestors *; 3
default-src blob: https: data: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 3
frame-ancestors 'self' https://www.einpresswire.com 3
media-src 'self'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.googleads.com *.googleadservices.com *.googletagservices.com https://sonichealthcareusa.us16.list-manage.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.aspnetcdn.com *.vimeocdn.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://hcaptcha.com https://js.hcaptcha.com *.surveymonkey.com *.googleoptimize.com *.cookiebot.com *.vimeo.com *.facebook.net https://acsbapp.com *.amazonaws.com *.jotfor.ms *.jotform.com *.sonichealthcare.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' *.googleapis.com *.sonichealthcare.com *.gstatic.com *.mailchimp.com *.jotfor.ms *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; connect-src data: 'self' *.acsbapp.com acsbapp.com *.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net https://cdn.acsbapp.com *.cookiebot.com *.onetrust.com; font-src 'self' data: *.googleapis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com https://cms-liquidstate-cloud.s3.amazonaws.com *.o3n.io *.google.com *.googletagmanager.com *.bing.com *.facebook.com *.linkedin.com *.cookiebot.com *.onetrust.com 'unsafe-inline'; frame-src 'self' https://forms.office.com *.google.com *.youtube.com https://www.zeemaps.com *.surveymonkey.com *.hcaptcha.com *.vimeo.com *.facebook.com *.sonichealthcareusa.com *.jotform.com *.jotfor.ms *.propath.com *.sonichealth.us *.cookiebot.com *.genially.com; object-src 'none'; 3
default-src 'self' 'unsafe-eval' https://cdn-as.readspeaker.com https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://www.naha.ae https://www.gstatic.com https://app-as.readspeaker.com wss://directline.botframework.com  https://comms.omnichannelengagementhub.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://mindrocketsinc.com https://tamm.abudhabi https://stage.tamm.abudhabi https://beta.tamm.abudhabi  https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-as.readspeaker.com https://cdn.userway.org https://www.googletagmanager.com https://cdn.jsdelivr.net  https://unpkg.com https://www.google-analytics.com https://tamm.abudhabi https://stage.tamm.abudhabi https://beta.tamm.abudhabi https://www.naha.ae https://naha.ae https://server.arcgisonline.com https://translate-pa.googleapis.com https://stackpath.bootstrapcdn.com https://api.abudhabi.ae https://cloud.api.abudhabi.ae http://w3.org  https://httpbin.org https://directline.botframework.com  https://www.google.com https://es.adpolice.gov.ae https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com https://mindrocketsinc.com https://player.vimeo.com https://www.tamm.abudhabi https://stage.tamm.abudhabi https://beta.tamm.abudhabi https://www.naha.ae https://naha.ae https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://sandboxadmin.prioticket.com https://static.ads-twitter.com https://snap.licdn.com https://googleads.g.doubleclick.net https://oc-cdn-ocuae-uae.azureedge.net https://cdn.jsdelivr.net oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://*.screenmeet.com https://edge.screenmeet.com wss://*.screenmeet.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.scrn.mt https://tamm-chatbot-prod.azurewebsites.net https://connect.facebook.net https://analytics.tiktok.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://cdn-as.readspeaker.com https://cdn.userway.org https://cdn.jsdelivr.net https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://static.tamm.abudhabi https://app-as.readspeaker.com https://mindrocketsapis.com https://www.gstatic.com https://mindrocketsinc.com https://js.arcgis.com https://translate.google.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://cdn-as.readspeaker.com https://cdn.userway.org https://maiyar.qcc.gov.ae https://schdmngr.tamm.abudhabi https://myland.dmt.gov.ae https://recaptcha.net  https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://www.youtube.com https://www.youtube-nocookie.com https://www.instagram.com https://www.google.com https://es.adpolice.gov.ae https://directline.botframework.com  https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://app-as.readspeaker.com https://mindrocketsinc.com https://player.vimeo.com https://comms.omnichannelengagementhub.com  https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com; font-src 'self' https://cdn1.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://www.naha.ae https://naha.ae https://static.tamm.abudhabi https://www.tamm.abudhabi/nicabudhabi https://adda-chatbot-prod.azurewebsites.net https://fonts.gstatic.com data: *;  worker-src 'self' https://www.tamm.abudhabi https://stage.tamm.abudhabi https://beta.tamm.abudhabi https://www.naha.ae https://naha.ae https://static.tamm.abudhabi https://www.tamm.abudhabi/nicabudhabi blob:; connect-src 'self' wss://pub-csm-plce-01-t.trouter.skype.com wss://pub-csm-plce-02-t.trouter.skype.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com https://beta.adgpg.gov.ae https://www.beta.adgpg.gov.ae https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com wss://trouter-azsc-euno-0-a.trouter.skype.com https://trouter-azsc-euno-0-b.trouter.skype.com https://adda-chatbot-r2-prod.azurewebsites.net https://*.omnichannelengagementhub.com https://ProdCRM-APIM.tammcrm.abudhabi.ae/ wss://trouter-azsc-ukwe-0-b.trouter.skype.com wss://trouter-azsc-ukwe-0-a.trouter.skype.com wss://trouter-azsc-euno-0-b.trouter.skype.com wss://trouter-azsc-asse-0-b.trouter.skype.com wss://trouter-azsc-asse-0-a.trouter.skype.com https://adda-bot-preprod.azurewebsites.net/api https://PreprodCRM-APIM.tammcrm.abudhabi.ae https://*.communication.azure.com https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.skype.com/* https://*.trouter.skype.com https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://cdn.botframework.com/botframework-webchat https://ocsdk-prod.azureedge.net8 https://*.service.signalr.net https://ecs.office.com https://browser.pipe.aria.microsoft.com https://oc-cdn-ocprod.azureedge.net/livechatwidget https://cdn.botframework.com/botframework-webchat wss://trouter2-azsc-sece-8-a.trouter.teams.microsoft.com wss://trouter2-azsc-euno-4-b.trouter.teams.microsoft.com wss://trouter2-azsc-euwe-2-a.trouter.teams.microsoft.com https:; 3
report-uri /_csp;default-src 'self';media-src 'self' https://cdn.shopify.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://fonts.soundestlink.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.mailerlite.com https://*.typekit.net/ https://*.cookiehub.net https://*.cookiehub.com https://*.cookiehub.eu https://cookiehub.net https://storage.tellq.io;font-src 'self' https://*.gstatic.com https://*.typekit.net/ data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.soundestlink.com;img-src 'self' data: http: https: blob:;script-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://snap.licdn.com/ https://*.facebook.net https://*.typekit.net/ https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://*.omnisend.com https://*.google.com https://*.omnisendlink.com https://*.soundestlink.com https://*.cookiebot.com https://*.mailerlite.com https://*.newrelic.com https://*.nr-data.net https://omnisnippet1.com https://cookiehub.net https://*.cookiehub.eu https://skaiciuokles.inbank.lt https://*.eskimi.com https://*.lupasearch.com https://*.googlesyndication.com https://web-sdk.smartlook.com https://*.contentsquare.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' 'unsafe-inline';script-src-elem 'self' https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://snap.licdn.com/ https://*.facebook.net https://*.typekit.net/ https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://*.omnisend.com https://*.google.com https://*.omnisendlink.com https://*.soundestlink.com https://*.cookiebot.com https://*.mailerlite.com https://*.newrelic.com https://*.nr-data.net https://omnisnippet1.com https://cookiehub.net https://*.cookiehub.eu https://skaiciuokles.inbank.lt https://*.eskimi.com https://*.lupasearch.com https://*.googlesyndication.com https://web-sdk.smartlook.com https://*.contentsquare.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' 'unsafe-inline';frame-src 'self' https://*.cookiebot.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.doubleclick.net https://led-labs.eu https://*.livechatinc.com https://www.facebook.com www.youtube.com https://*.google.com https://*.googletagmanager.com http://*.vimeo.com https://*.mailerlite.com https://subscribepage.com https://omniform1.com https://lemona.reeco.info/ https://www.marketing.patona.de/;frame-ancestors 'none';connect-src 'self' https://*.lupasearch.com https://www.googletagmanager.com https://*.google-analytics.com https://*.google.com https://google.com https://*.doubleclick.net https://*.facebook.net https://*.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://multi-api-v3.tellq.io https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://p.osent.me https://*.omnisendlink.com https://*.soundestlink.com https://*.cookiebot.com https://*.nr-data.net https://*.sentry.io/ https://*.cookiehub.net https://live.tellq.io:* wss://live.tellq.io:* wss://chat.tellq.io:* https://skaiciuokles.inbank.lt https://*.eskimi.com https://cdn.linkedin.oribi.io https://*.googlesyndication.com https://*.ads.linkedin.com https://*.contentsquare.net https://omnisnippet1.com https://*.eu.smartlook.cloud https://*.smartlook.cloud 3
default-src https: data: 'unsafe-inline' 3
frame-ancestors 'self' *.altafiber.com *.hawaiiantel.com 3
frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at 3
frame-ancestors 'self'; script-src 'self' cdn.rudderlabs.com js.stripe.com/v3 3
base-uri 'self'; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://snap.licdn.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.googleanalytics.com 'sha256-MX1ZFIBa5L93HBj8qZRBUa/eXPmsVLWRIi36CdDab3g=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-hW1V3UvI+swwT3wQpebXLpXi/7Q9VUws5NlJTNxM/Tg=' https://connect.facebook.net 'sha256-w9PUUFBTg7mA9KBjVbANsTN5WPOnJRei9DT8Qk2i/Jw=' https://www.flexmail.eu 'sha256-usdx8IxlpnzmYMAcVSSGsgPlT53z1pk04Zvh5xyOIQg=' https://bat.bing.com https://r.bing.com 'sha256-9EfSE/pxhsIRQAZ9nHpzZGKeEticJtki6BUxpyJY/VQ=' https://cdn.zapier.com 'sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk=' https://www.googleadservices.com https://www.google.com https://*.leadinfo.net 'sha256-FXWsZZqcOYsq1NVBThmi3kxKhOetuth7XXym/Ocr0y8=' https://*.refiner.io https://*.googletagmanager.com https://www.googleoptimize.com https://*.iubenda.com pagead2.googlesyndication.com www.googletagmanager.com https://uxwizz.combell.com https://eu.acsbapp.com 'sha256-VLHntiKvzCtmGdA8NQ279URJ1kx7r/qtSLs6ptjnTgY=' 'sha256-haSm1wLMkQLcIeHWY8P5LzrIczokmC3DKYFCl5cNz1g=' 'sha256-6XMixD8SYYh9u6pJSJrkzNCR3Ug4RG5i6DdRnuagT4A=' 'sha256-Fc+Hyj53YD8y3U7K7LY2Zqz2UPytCm0OQLHMxJROPz8=' https://assets.calendly.com 'sha256-9jtpGsNKjE0YTyvebG9dMAiOjUTf88YzA4J/5QzB+HM=' 'sha256-FRhK+p7JfEgtSuulA5OcZRYkyLl8c5Acp9JVj+FVIZk=' https://l.getsitecontrol.com http://uxwizz.combell.com http://cdn.iubenda.com https://cdn.hub-prod.team.blue 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-soHj2nJiSISIchYvRpy+YNvaclRxDg8yfOdje4DV1V0=' 'sha256-BLA8fh9YQ/QaKI4r6ichHcqBEuA0P8M8GMKTBccWvQ4=' 'sha256-UCgT4o3W1j0Jb+5Dmp/EiW82gsiCzYrnessD2ygF+yg=' 'sha256-egpbluqkD8NT0bY3bWy7raM9tRIMkfUWboq0Y8KqsFk='; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com *.bing.com https://cdn.zapier.com https://www.googletagmanager.com https://cdn.iubenda.com; object-src 'none'; form-action 'self'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io data: www.slant.co; connect-src 'self' https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com https://cdn.flxml.eu https://*.sentry.io *.bing.com wss://*.bing.com https://zapier.com https://*.zapier.com https://stats.g.doubleclick.net adservice.google.com https://www.google.com https://cdn.linkedin.oribi.io https://*.leadinfo.net https://*.leadinfo.com https://*.refiner.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.iubenda.com pagead2.googlesyndication.com px.ads.linkedin.com www.google.com googleads.g.doubleclick.net https://uxwizz.combell.com https://eu-cdn.acsbapp.com https://eu.acsbapp.com https://l.getsitecontrol.com http://uxwizz.combell.com; img-src 'self' data: https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com https://www.google.be https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://px.ads.linkedin.com https://www.linkedin.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.facebook.com https://cdn.flxml.eu *.bing.com *.microsoft.com https://zapier.com https://zapier-images.imgix.net https://www.google.de https://www.google.nl adservice.google.com https://www.google.co.uk https://www.google.lu https://www.google.co.in https://www.google.es https://www.google.ch https://www.google.it https://www.google.ca https://*.google-analytics.com https://*.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net https://uxwizz.combell.com https://tracker.metricool.com https://*.leadinfo.net http://uxwizz.combell.com; frame-src 'self' https://www.google.com/recaptcha/ https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.slideshare.net https://youtube.com https://www.youtube.com https://www.googletagmanager.com sdx.microsoft.com https://return.flexmail.eu https://*.refiner.io http://open.spotify.com/ https://*.iubenda.com/ googleads.g.doubleclick.net tpc.googlesyndication.com td.doubleclick.net https://calendly.com https://cdn.hub-prod.team.blue; report-uri https://flxml-www.endpoint.csper.io; report-to csper; 3
frame-ancestors 'self' *.bluecatnetworks.com bluecat.pathfactory.com bluecat.lookbookhq.com; 3
default-src 'self' data: ;   connect-src 'self' https: wss: ;   font-src 'self' chrome-extension: data: https: ;   img-src 'self' data: blob: android-webview-video-poster: about: https: ;   frame-src 'self' https: ;   script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: ;   style-src 'self' 'unsafe-inline' https: ;   style-src-elem 'self' 'unsafe-inline' https: ;   style-src-attr 'self' 'unsafe-inline' https: ;   worker-src 'self' 'unsafe-inline' https: blob: ;   frame-ancestors 'self' https://*.magnews.it https://*.magnews.com;   upgrade-insecure-requests;   block-all-mixed-content;   report-uri https://cspr-it.mag-news.it/ 3
style-src fonts.googleapis.com https://cdn1.cobornsinc.com https://tags.srv.stackadapt.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' 'unsafe-inline'; connect-src https://ka-f.fontawesome.com 'self' https://beta-shop.hornbachers.com https://analytics.google.com https://www.google-analytics.com https://hornbachers-whitelabel.instacart.com https://api.renderseo.com https://api.renderseo.com:8443 https://www.google.com https://stats.g.doubleclick.net https://ct.pinterest.com https://shop-hornbachers.com https://dc.services.visualstudio.com https://beta-shop.coborns.com https://beta-shop.cashwise.com https://shop.coborns.com https://shop.cashwise.com https://shop.hornbachers.com https://beta-shop.andysliquor.com https://shop.andysliquor.com https://beta-shop.shopmarketplacefoods.com https://shop.shopmarketplacefoods.com https://insight.adsrvr.org https://tags.srv.stackadapt.com https://js.monitor.azure.com https://dboktu48tbzl9.cloudfront.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com; img-src https://cdn1.cobornsinc.com https://www.hornbachers.com https://*.cloudfront.net https://bat.bing.com https://www.pages01.net https://instacart.com https://www.facebook.com https://www.instacart.com https://*.instacart.com	 https://www.google.com https://*.instacart.com https://insight.adsrvr.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data:; font-src https://fonts.gstatic.com https://ka-f.fontawesome.com; script-src https://kit.fontawesome.com/219cac2c34.js https://knowledgetags.yextapis.com 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://dboktu48tbzl9.cloudfront.net https://cdnjs.cloudflare.com https://s.pinimg.com/ct/core.js https://googleads.g.doubleclick.net https://www.sc.pages01.net https://analytics.google.com https://api.renderseo.com https://s.pinimg.com https://js.monitor.azure.com https://secure.wufoo.com https://static.wufoo.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://bat.bing.com https://js.adsrvr.org/up_loader.1.1.0.js https://tags.srv.stackadapt.com https://ct.pinterest.com https://js.adsrvr.org https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; frame-src 'self' *.google.com https://maps.app.goo.gl https://www.youtube.com https://td.doubleclick.net https://insight.adsrvr.org https://hornbachers.wufoo.com https://www.googletagmanager.com https://coborns.wufoo.com https://ct.pinterest.com; default-src 'self'; media-src 'self' 3
referrer no-referrer 3
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 3
frame-ancestors 'self' weleda.sabio.de 3
style-src * 'unsafe-inline'; font-src * data:; img-src * data:; worker-src 'self' blob:; frame-src https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com https://www.gstatic.com; frame-ancestors https://create.netlify.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https: http: data:; style-src 'self' 'unsafe-inline' * https: http: data:; img-src * data: blob:; font-src * data:; connect-src * wss: ws:; media-src * data: blob:; object-src *; child-src *; frame-src *; worker-src * blob:; manifest-src *; 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-src *; connect-src * 3
default-src 'self' https://download.teamviewer.com/ https://dl.teamviewer.com/ https://cdn.cookielaw.org/ https://reportsession.teamviewer.com; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://code.jquery.com data:; script-src data: 'unsafe-inline' 'self' https://code.jquery.com; object-src 'self'; style-src 'unsafe-inline' 'self' https://code.jquery.com; img-src 'self' https://code.jquery.com; frame-src 'self' *.teamviewer.com teamviewer8: tvassign1: tvsqcustomer1: tvcustomqs: intent: 3
frame-ancestors *; report-uri /report-csp-violation 3
frame-ancestors 'self' ballerup.dk www.hedenstederhverv.dk www.vejenerhverv.dk; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yukiworks.nl https://*.yukiworks.be https://*.yukiworks.com https://apis.google.com https://*.googleapis.com https://ssl.google-analytics.com https://cdn4.mxpnl.com http://fast.appcues.com https://*.freshworks.com https://js.mollie.com/v1/mollie.js https://*.freshchat.com https://cdn.jsdelivr.net/npm/redoc/bundles/redoc.standalone.js https://cdn.wootric.com/wootric-sdk.js https://*.wootric.eu https://*.chathive.app https://cdn-visma-app-switcher-faatcndaebg3hqhu.z01.azurefd.net/webcomponents/index.js https://*.securelogin.nu https://uptime.betterstack.com/widgets/announcement.js;      frame-ancestors 'self' https://*.yukiworks.nl https://*.yukiworks.be https://*.yukiworks.es https://*.yukiworks.com; img-src 'self' https: data: http:; 3
frame-ancestors self *.fanpla.jp; 3
frame-ancestors 'self' https://assets.braintreegateway.com https://*.braintreegateway.com https://*.braintree-api.com https://www.paypal.com https://*.paypal.com https://www.paypalobjects.com https://*.paypalobjects.com 3
default-src 'self' wikiforge.xyz wikigrid.com static.wikiforge.net *.your.wf *.wikigrid.com;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' static.wikiforge.net wikiforge.xyz wikigrid.com *.your.wf *.wikigrid.com *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com apis.google.com platform.twitter.com ajax.cloudflare.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net cdn.syndication.twimg.com openlayers.org www.gstatic.cn hcaptcha.com *.hcaptcha.com bandcamp.com flo.uri.sh challenges.cloudflare.com pagead2.googlesyndication.com ep2.adtrafficquality.google fundingchoicesmessages.google.com www.googletagmanager.com;  style-src 'self' data: 'unsafe-inline' static.wikiforge.net wikiforge.xyz wikigrid.com *.your.wf *.wikigrid.com *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com use.typekit.net;  img-src blob: 'self' data: static.wikiforge.net backend.wikiforge.xyz wikiforge.xyz wikigrid.com *.your.wf *.wikigrid.com upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com *.fbcdn.net i.ytimg.com *.imgbb.com simgbb.com *.simgbb.com ibb.co *.ibb.co *.postimages.org postimgs.org *.postimgs.org postimg.cc *.postimg.cc *.rbxcdn.com cms-imgp.jw-cdn.org hosted.weblate.org pagead2.googlesyndication.com ep1.adtrafficquality.google;  font-src 'self' data: static.wikiforge.net wikiforge.xyz wikigrid.com *.your.wf *.wikigrid.com fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org use.typekit.net;  media-src 'self' blob: static.wikiforge.net wikiforge.xyz wikigrid.com *.your.wf *.wikigrid.com upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com apis.google.com bandcamp.com;  frame-src 'self' static.wikiforge.net wikiforge.xyz wikigrid.com *.your.wf *.wikigrid.com www.google.com docs.google.com apis.google.com calendar.google.com drive.google.com web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com lucid.app scratch.mit.edu hcaptcha.com *.hcaptcha.com bandcamp.com challenges.cloudflare.com googleads.g.doubleclick.net ep2.adtrafficquality.google;  connect-src 'self' blob: static.wikiforge.net wikiforge.xyz wikigrid.com *.your.wf *.wikigrid.com www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com 1.1.1.1 translate.googleapis.com games.roblox.com economy.roblox.com ep1.adtrafficquality.google pagead2.googlesyndication.com fundingchoicesmessages.google.com www.google-analytics.com; 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 3
default-src 'self' https://*.nanelo.com https://nanelo.com; style-src 'unsafe-inline' 'self' https://*.nanelo.com https://nanelo.com; img-src 'self' data: https:; object-src 'none'; script-src 'sha256-H/qD7Jl4/ZhYpH00aG9fel4uuqcGhnJ6mSFRqB7jn1I=' 'self' 3
frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com merkur-online.de *.merkur-online.de immoverkauf24.de *.immoverkauf24.de; report-uri /include/cspreport.asp 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.fenster.com *.fensterversand.com *.fensterversand.at *.fensterversand.ch *.fenetre24.com *.fenetre24.be *.finestre.com *.ventanas.es *.windows24.com *.haustueren.de *.neuffer.de *.neuffer-payment.com *.k8s.nng-stage.de *.nng-prod.de *.amazonaws.com *.cloudfront.net *.cloudflare.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar   *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg   *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw   *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl   *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de   *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es   *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh   *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr   *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is   *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg   *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt   *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml   *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz   *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu   *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl   *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw   *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl   *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th   *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz   *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi   *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.googlecode.com *.googletagmanager.com *.gstatic.com *.adtrafficquality.google syndicatedsearch.goog *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.googleusercontent.com *.doubleclick.net *.usd.de *.ogone.com *.sofort.com *.billpay.de *.paypal.de *.paypal.com *.paypalobjects.com *.pay1.de *.klarnacdn.net *.klarna.com *.klarnaevt.com *.klarnaservices.com *.attributy.com *.spoteffects.net unpkg.com *.matomo.cloud *.etrusted.com *.trustedshops.com *.trustpilot.com *.bootstrapcdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.jquery.com *.typeform.com *.facebook.net *.facebook.com s7.addthis.com thdoan.github.io *.geschuetzteinkaufen.commerzbank.de *.hotjar.com:* wss://*.hotjar.com *.hotjarconsent.com *.hotjar.io *.mouseflow.com *.bing.com *.bing.net *.mozilla.org *.jsdelivr.net *.trackjs.com *.consensu.org *.consentmanager.net *.taboola.com cdn.datatables.net *.criteo.com *.criteo.net *.twiago.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.teads.tv *.3lift.com *.yahoo.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.demdex.net *.krxd.net *.emxdgt.com *.solutenetwork.com *.ubembed.com *.1rx.io *.adsensecustomsearchads.com *.openai.com *.dwin1.com *.awin1.com *.roeyecdn.com *.roeye.com *.sciencebehindecommerce.com *.wepowerconnections.com *.kameleoon.com *.kameleoon.io *.experimentation.dev *.kameleoon.eu *.kameleoon.net *.zendesk.com wss://*.zendesk.com *.sentry.io *.smooch.io wss://*.smooch.io *.twilio.com wss://*.twilio.com *.zdassets.com *.zdusercontent.com; 3
child-src 'self'; connect-src 'self' https://*.247software.com https://*.algolia.net https://*.algolianet.com https://*.mcc.org.au https://*.mcg.org.au https://*.optimizely.com https://*.roller.app https://accdn.lpsnmedia.net https://analytics.tiktok.com https://api.experianaperture.io https://api.nuget.optimizely.com https://api.segment.io https://au.247software.com https://auappview.247software.com https://ause1.idp.liveperson.net https://cdn.jsdelivr.net https://cdn.segment.com https://cg.optimizely.com https://dc.services.visualstudio.com https://esp-eu.aptrinsic.com https://graph.microsoft.com https://js.monitor.azure.com https://js.userflow.com https://login.microsoftonline.com https://maps.googleapis.com https://mcc.org.au https://mccwebb2cprod.b2clogin.com https://mcg.org.au https://mcgautest.b2clogin.com https://ngp-uat-api.cardms.com.au https://optimizely-public-design-assets.s3.amazonaws.com https://prod.mcc.org.au https://prod.mcg.org.au https://region1.google-analytics.com https://snap.licdn.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://www.mcc.org.au https://www.mcg.org.au wss://*.liveperson.net wss://65b0f9981a016.streamlock.net wss://e.userflow.com; default-src 'self' https://*.mcc.org.au https://*.mcg.org.au; font-src 'self' blob: data: https://*.247software.com https://*.cloudfront.net https://*.mcc.org.au https://*.mcg.org.au https://*.roller.app https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://mcc.org.au https://mcg.org.au https://prod.mcc.org.au https://prod.mcg.org.au https://r2cdn.perplexity.ai https://use.typekit.net https://www.gstatic.com https://www.mcc.org.au https://www.mcg.org.au; frame-src 'self' https://*.flipsnack.com https://*.googletagmanager.com https://*.jotform.com https://*.liveperson.net https://*.mcc.org.au https://*.mcg.org.au https://*.roller.app https://ause1.idp.liveperson.net https://cg.optimizely.com https://cite360.tours https://kuula.co https://login.mcc.org.au https://login.microsoftonline.com https://login.optimizely.com https://lpcdn.lpsnmedia.net https://mcc.jotform.com https://mcc.org.au https://mccwebb2cprod.b2clogin.com https://mcg.org.au https://mcgautest.b2clogin.com https://player.flipsnack.com https://prod.mcc.org.au https://prod.mcg.org.au https://www.facebook.com https://www.flipsnack.com https://www.google.com https://www.mcc.org.au https://www.mcg.org.au https://www.recaptcha.net https://www.youtube.com; img-src 'self' blob: data: https://*.cloudfront.net https://*.facebook.com https://*.googleapis.com https://*.lpsnmedia.net https://*.mcc.org.au https://*.mcg.org.au https://*.roller.app https://common.optimizely.com https://connect.facebook.net https://i.ytimg.com https://maps.gstatic.com https://mcc.org.au https://mccmcg.luminary.space https://mcg.org.au https://optimizely-public-design-assets.s3.amazonaws.com https://prod.mcc.org.au https://prod.mcg.org.au https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.co.id https://www.google.co.nz https://www.google.com https://www.google.com.au https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mcc.org.au https://www.mcg.org.au; script-src-elem 'self' 'unsafe-inline' https://*.liveperson.net https://*.optimizely.com https://*.roller.app https://accdn.lpsnmedia.net https://ajax.googleapis.com https://analytics.tiktok.com https://auappview.247software.com https://ause1.v.liveperson.net https://cdn.jsdelivr.net https://cdn.quilljs.com https://cdn.rollerdigital.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js.createsend1.com https://js.monitor.azure.com https://js.userflow.com https://lpcdn.lpsnmedia.net https://lptag.liveperson.net https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://mcc.jotform.com https://mcc.org.au https://mccmobileapp.z26.web.core.windows.net https://mcg.org.au https://prod.mcc.org.au https://prod.mcg.org.au https://script.crazyegg.com https://snap.licdn.com https://static.hotjar.com https://unpkg.com https://web-sdk-eu.aptrinsic.com https://webrtchacks.github.io https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.mcc.org.au https://www.mcg.org.au https://www.recaptcha.net; script-src 'self' 'unsafe-eval' 'wasm-unsafe-eval' https://*.mcc.org.au https://*.mcg.org.au https://*.optimizely.com https://*.roller.app https://cdn.rollerdigital.com https://js.monitor.azure.com https://maps.googleapis.com https://mcc.org.au https://mcg.org.au https://prod.mcc.org.au https://prod.mcg.org.au https://snap.licdn.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.mcc.org.au https://www.mcg.org.au https://www.recaptcha.net; style-src-elem 'self' 'unsafe-inline' https://*.247software.com https://*.roller.app https://cdn.jsdelivr.net https://cdn.materialdesignicons.com https://cdn.quilljs.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://mcc.org.au https://mcg.org.au https://p.typekit.net https://prod.mcc.org.au https://prod.mcg.org.au https://use.typekit.net https://web-sdk-eu.aptrinsic.com https://www.gstatic.com https://www.mcc.org.au https://www.mcg.org.au; style-src 'self' blob: https://*.cloudfront.net https://*.materialdesignicons.com https://*.mcc.org.au https://*.mcg.org.au https://*.roller.app https://fonts.googleapis.com https://fonts.gstatic.com https://mcc.org.au https://mcg.org.au https://p.typekit.net https://prod.mcc.org.au https://prod.mcg.org.au https://use.typekit.net https://www.gstatic.com https://www.mcc.org.au https://www.mcg.org.au; media-src https://*.lpsnmedia.net https://*.mcc.org.au https://*.mcg.org.au https://www.mcc.org.au; worker-src blob:; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-to stott-security-endpoint; 3
default-src https: *.crazyegg.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com js.zi-scripts.com ws-assets.zoominfo.com *.6sc.co *.6sense.com; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob *.crazyegg.com *.6sc.co *.6sense.com; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss: *.crazyegg.com *.6sc.co *.6sense.com; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ https://dialpad.allbound.com/ https://app.contentful.com 3
object-src 'self'; frame-ancestors 'self' 3
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self';font-src 'self';connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';prefetch-src 'self';worker-src 'self'; 3
frame-ancestors 'self' *.swoogo.com 3
default-src 'self';                    script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' * ;                   style-src 'self' https://* 'unsafe-inline' ;                    img-src 'self' data: https://*;                    font-src 'self' data: https://*;                    connect-src 'self' https://*;                   frame-src 'self' https://*; 3
frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.ergocarbon.com *.ergo-reiseversicherung.de *.dkv.com; 3
default-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-eval' https://analytics.ajla.net 'unsafe-inline' *.livechatinc.com *.tawk.to https://bam.nr-data.net https://translate-pa.googleapis.com/*; style-src 'self' blob: https: 'unsafe-inline'; report-uri https://sentry.io/api/1424323/security/?sentry_key=41c76badf8dd42cf9c908ee883619619 3
frame-ancestors 'self' chromacam.me personifyinc.com 3
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' 3
form-action 'self',frame-ancestors 'self' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.twitter.com assets.juicer.io cdns.eu1.gigya.com cdn.cookielaw.org cdn.knightlab.com code.jquery.com connect.facebook.net geolocation.onetrust.com munchkin.marketo.net optanon.blob.core.windows.net snap.licdn.com static.ads-twitter.com www.buzzsprout.com *.googletagmanager.com www.google.com *.googleadservices.com www.gstatic.com www.youtube.com *.analytics.google.com *.google-analytics.com *.googleapis.com 505-xng-882.mktoweb.com 636-tke-312.mktoweb.com webapp-qa.np.six-group.com webapp-nonprod.np.six-group.com *.googlesyndication.com *.linkedin.com fonts.googleapis.com info.six-group.com info.finanzmuseum.ch info.ebill.ch accounts.eu1.gigya.com adservice.google.com ad.doubleclick.net cookies-data.onetrust.io graph.facebook.com info-sandbox.six-group.com privacyportal-ch.onetrust.com *.g.doubleclick.net www.juicer.io 505-xng-882.mktoresp.com 636-tke-312.mktoresp.com 505-xng-882.mktoutil.com 636-tke-312.mktoutil.com www.six-structured-products.com *.google.com *.google.ad *.google.at *.google.com.au *.google.be *.google.ca *.google.ch *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.com.hk *.google.ie *.google.im *.google.is *.google.it *.google.co.jp *.google.li *.google.lu *.google.nl *.google.no *.google.pt *.google.se *.google.com.sg *.google.sm *.google.co.uk  www.schweizeraktien.net webapp-preprod.np.six-group.com webapp.api.six-group.com pagead2.googlesyndication.com www.googleadservices.com fonts.gstatic.com data: cdnapisec.kaltura.com googleads.g.doubleclick.net player.vimeo.com *.transistor.fm www.facebook.com www.federli.ch *.google.com www.youtube-nocookie.com *.fls.doubleclick.net anchor.fm podcasters.spotify.com tpc.googlesyndication.com; img-src https: data: ad.doubleclick.net ade.googlesyndication.com adservice.google.com www.googletagmanager.com; 3
frame-ancestors 'self' http://porrtogo.staffbase.com https://porrtogo.staffbase.com http://staffbase.com capacitor://porrtogo.staffbase.com capacitor://staffbase.com localhost:* 3
default-src 'self' 'unsafe-inline' 'unsafe-hashes' * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' * ; connect-src 'self' * ; img-src 'self' data: * ; style-src 'self' *  'unsafe-inline' ; 3
frame-ancestors https://viega.showpad.biz; 3
style-src 'self' blob: 'unsafe-inline' *.my.site.com pg-lex.my.site.com pg-lex-train.my.site.com *.maze.co *.google.com *.gstatic.com *.abtasty.com *.crazyegg.com *.googleapis.com *.satisfait-ou-rembourse-braun.fr *.offre-promotionnelle.fr *.salesforce-sites.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.googleanalytics.com *.pg.com *.bazaarvoice.com *.force.com *.pricespider.com *.lytics.io *.mapbox.com *.akamaihd.net feed.pghub.io ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.my.site.com pg-lex.my.site.com pg-lex-train.my.site.com api.gcp.pgcloud.com *.rudderlabs.com *.pinterest.com s.pinimg.com static.affilae.com grafana-alloy.rum.gcp.pgcloud.com de-grafana-agent-prod.pg.com de-grafana-agent-dev.pg.com unpkg.com *.maze.co *.abtasty.com *.googleoptimize.com  *.crazyegg.com *.googleanalytics.com *.impactcdn.com *.crwdcntrl.net *.googleadservices.com *.pg.com *.offre-promotionnelle.fr *.satisfait-ou-rembourse-braun.fr *.salesforce-sites.com *.salesforce.com *.my.salesforce.com *.criteo.com *.adform.net *.outbrain.com *.pypestream.com *.serving-sys.com *.tiktok.com *.youtube.com *.braun.com *.googletagmanager.com *.dynatrace.com dynatrace.com *.ads-twitter.com *.salesforceliveagent.com google.com gstatic.com *.gstatic.com *.google.com *.abtasty.com *.pypestream.eu *.force.com *.salesfoce.com *.cookielaw.org *.google-analytics.com *.facebook.net *.pricespider.com *.segment.com *.lytics.io *.jebbit.com pghub.io *.doubleclick.net *.crazyegg.com *.googleapis.com *.zeotap.com *.adsrvr.org *.iesnare.com *.ipify.org *.bazaarvoice.com *.moatads.com *.mapbox.com *.akamaihd.net feed.pghub.io ; font-src 'self' *.maze.co *.gstatic.com *.googleapis.com *.gstatic.com *.pg.com *.windows.net fonts.gstatic.com maxcdn.bootstrapcdn.com res.cloudinary.com data: feed.pghub.io ; img-src * 'self' data: https: blob: *.maze.co *.google.com *.abtasty.com *.amazonaws.com *.crazyegg.com *.pricespider.com *.ctfassets.net ; default-src 'self' data: wss: *.my.site.com *.pgmodernweb.com pg-lex.my.site.com pg-lex-train.my.site.com *.my.salesforce-scrt.com pg-lex.my.salesforce-scrt.com pg-lex-train.my.salesforce-scrt.com grafana-alloy.rum.gcp.pgcloud.com api.gcp.pgcloud.com *.rudderstack.com *.rudderlabs.com *.pinterest.com www.jeu-ete-braun.com lb.affilae.com *.maze.co *.twitch.tv *.sjv.io *.azureedge.net *.flashtalking.com www.cashback-silkepil-et-accessoires.fr *.sor-braun.fr *.lightyearapi.com *.crazyegg.com *.google.com *.abtasty.com *.crwdcntrl.net *.youtube-nocookie.com youtube-nocookie.com pg-lex--dev.sandbox.my.salesforce-sites.com *.offre-promotionnelle.fr *.satisfait-ou-rembourse-braun.fr *.salesforce-sites.com *.analytics.google.com *.braun-concours-jenifer.fr *.concours-braun.fr *.offre-promotionnelle.fr *.pg.com *.criteo.com *.serving-sys.com *.serving-sys.com *.tiktok.com *.cashback-braun.fr *.cashbackipls2.fr *.cashbackshaverss2.fr *.satisfaitourembourse-braun.fr *.digital-promo.de *.dynatrace.com *.azure-api.net *.braun-ics.com *.braun.com *.braun.de *.youtube.com *.force.com *.doubleclick.net *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.adsrvr.org *.tapad.com *.segment.io *.segment.com *.lytics.io *.crazyegg.com *.googleapis.com *.zeotap.com *.facebook.com *.doubleclick.net *.jebbit.com *.windows.net geolocation-db.com *.onetrust.com *.iesnare.com *.bazaarvoice.com *.moatads.com *.mapbox.com *.pricespider.com *.akamaihd.net *.pg.com *.algolia.net *.contentful.com *.ctfassets.net feed.pghub.io 3
default-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com web.delighted.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.tile.openstreetmap.org maps.gstatic.com *.googleapis.com blog.ui.com *.svc.ui.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: wss: www.youtube.com *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org d2yyd1h5u9mauk.cloudfront.net sp-dir.uwn.com; frame-ancestors 'self'; frame-src 'self' www.youtube.com 3
default-src 'self'; media-src *.purechatcdn.com;font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval' *.purechat.com *.purechatcdn.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com  *.hcaptcha.com *.googleapis.com; connect-src 'self' *.purechat.com *.purechatcdn.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com  *.hcaptcha.com *.googleapis.com stats.g.doubleclick.net bat.bing.com *.clarity.ms *.ispringsolutions.com; style-src * 'unsafe-inline'; frame-src 'self' www.google.com *.youtube.com *.youtube-nocookie.com *.hcaptcha.com *.jobscore.com *.umbraco.com; 3
connect-src 'self' wss: ws: consentcdn.cookiebot.eu consent.cookiebot.com urkwvzhzpc.execute-api.eu-west-1.amazonaws.com *.doubleclick.net *.googlesyndication.com *.klaviyo.com *.klarnacdn.net *.cookiebot.com *.termly.io cloudflareinsights.com *.facebook.com *.dojo.tech *.salesfire.co.uk *.onlinesizing.bike *.tawk.to cdn-cookieyes.com *.cookieyes.com *.klaviyo.com *.appspot-preview.com *.bing.com *.clarity.ms *.fontawesome.com *.google-analytics.com *.google.com *.google.co.uk *.googleapis.com *.googletagmanager.com *.hotjar.com *.iubenda.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.luckyorange.net *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.smartlook.cloud *.visitors.live api.getaddress.io bat.bing.com content.hotjar.io eu.klarnaevt.com js.klarna.com live.smartmetrics.co.uk manager.eu.smartlook.cloud maps.googleapis.com metrics.hotjar.io na.klarnaevt.com stats.g.doubleclick.net vc.hotjar.io www.google.se centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com *.googleadservices.com *.google.com; default-src 'self' *.klaviyo.com  *.dojo.tech *.salesfire.co.uk *.googleapis.com *.trustpilot.com; font-src 'self' *.klaviyo.com *.dojo.tech  *.pushsales.app *.tawk.to *.salesfire.co.uk *.klaviyo.com fonts.gstatic.com *.cloudflare.com *.fontawesome.com *.typekit.net x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consent.cookiebot.com; form-action 'self' *.list-manage.com translate.googleapis.com pay.realexpayments.com *.klaviyo.com *.dojo.tech *.facebook.com *.paypal.com *.sagepay.com *.worldpay.com eu-library.klarnaservices.com gateway.cardstream.com live.opayo.eu.elavon.com mdepayments.epdq.co.uk test.opayo.eu.elavon.com js.stripe.com *.sandbox.paypal.com *.paypal.com *.accounts.google.com; frame-ancestors 'self'; frame-src *.cookiebot.eu *.outfindo.com youtu.be *.klaviyo.com hubtiger.com  app.bikerentalmanager.com connect.garmin.com widgets.sociablekit.com *.paypalobjects.com www.googletagmanager.com bikesizing.cube.eu www.paypal.com bookings.hubtiger.com challenges.cloudflare.com *.onlinesizing.bike consentcdn.cookiebot.com *.termly.io *.doubleclick.net *.facebook.com *.google.com *.google.co.uk *.greencommuteinitiative.uk greencommuteinitiative.uk *.instagram.com *.paymentsense.cloud *.sharethis.com *.strava.com *.trustpilot.com *.vimeo.com *.youtube-nocookie.com *.youtube.com www.komoot.com cdn.salesfire.co.uk jejames.checkfront.co.uk js.klarna.com td.doubleclick.net www.cyclescheme.co.uk osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com js.stripe.com forms.office.com ridewithgps.com platform.twitter.com *.webgains.com *.recaptcha.net *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; img-src 'self' 'unsafe-inline' data: https: *.klaviyo.com *.dojo.tech *.google-analytics.com *.googletagmanager.com *.gravatar.com 0.gravatar.com l.sharethis.com www.gravatar.com www.specialized.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; style-src 'self' 'unsafe-inline' *.google.com www.google.com *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io  *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com; style-src-elem 'self' 'unsafe-inline' *.google.com www.google.com *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io  *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com; report-to csp-endpoint; 3
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors *; font-src *; img-src * data:; connect-src * data:; 3
frame-ancestors 'self' https://app.medifox-therapie.de https://mfdan-production.medifoxdan.de 3
default-src 'self'; script-src 'report-sample' 'self'  https://contentkit.t-mobile.com https://hu.us4.list-manage.com/ https://www.youtube.com/iframe_api 'unsafe-inline'; base-uri 'self'; style-src 'report-sample' 'self' 'unsafe-inline'; img-src 'self' data: blob: https://contentkit.t-mobile.com https://t-mobile.scene7.com https://cdn.shopify.com https://images.prismic.io https://cbbhbarr.api.sanity.io https://cdn.sanity.io https://images.unsplash.com; connect-src 'self' https://*.mapbox.com/ https://*.t-mobile.com https://dev-checkout.humane.com https://carry-checkout.humane.com https://checkout.humane.com https://webapi.dev.humane.cloud https://webapi.carry.humane.cloud https://webapi.prod.humane.cloud https://support.humane.com https://cbbhbarr.api.sanity.io wss://cbbhbarr.api.sanity.io https://images.unsplash.com https://*.myshopify.com https://boards-api.greenhouse.io; manifest-src 'self'; font-src 'self' https://assets.vercel.com https://hp-iq.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com/ https://beta.hp-iq.com https://dev.hp-iq.com https://carry.hp-iq.com https://hp-iq.com; media-src 'self' https://humane-content.cdn.prismic.io https://prismic-io.s3.amazonaws.com/humane-content/ https://bgtyb5tggz7dcsgj.public.blob.vercel-storage.com; object-src 'none'; worker-src blob:; frame-ancestors 'self'; form-action 'self' 3
frame-ancestors 'self' https://bsp.hallmarkchannel.com https://xd.wayin.com https://open.spotify.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.origin.akamai.prod.serial-2.hallmark-channel.psdops.com https://*.akamaihd.net http://*.serial1.hallmark-channel.psdops.com https://ads.stickyadstv.com http://cms.verify.serial-2.hallmark-channel.psdops.com https://cms.prod.serial-2.hallmark-channel.psdops.com https://cms.hallmarkchannel.com http://hd.prod.hallmark-channel.psdops.com http://origin.akamai.prod.serial-2.hallmark-channel.psdops.com http://prod.serial-2.hallmark-channel.psdops.com http://verify.hallmark-channel.psdops.com http://verify.serial-2.hallmark-channel.psdops.com http://www.hallmarkchannel.com http://www.hallmarkfamily.com http://www.hallmarkmoviechannel.com https://asset.engagesciences.com http://www.hallmarkmystery.com https://*.adtrafficquality.google https://*.akstat.io https://*.analytics.edgekey.net https://*.googlesyndication.com https://*.go-mpulse.net https://*.uat.serial-2.hallmark-channel.psdops.com https://*.v.fwmrm.net https://ad.ipredictive.com https://i.ytimg.com https://googleads.g.doubleclick.net https://amp.akamaized.net https://bsp.hallmarkchannel.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.plyr.io https://connect.facebook.net https://crownmedia-vm.akamaized.net https://crownvideos.akamaized.net https://ep2.adtrafficquality.google https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://giftguide2024.si-hallmark.com https://hallmark-brightspot-lower.s3.amazonaws.com https://hallmark-channel-brightspot.s3.amazonaws.com https://hallmark.brightspotcdn.com https://googleads.g.doubleclick.net https://hcnews.crownmediaemail.com https://images.crownmediadev.com https://m.feiwei.tv https://master.d2zwwssdr9yxnk.amplifyapp.com https://mssl.fwmrm.net https://open.spotify.com https://pagead2.googlesyndication.com https://privacyportal.onetrust.com https://region1.google-analytics.com https://www.google-analytics.com https://s.adex2.fwmrm.net https://s.wayin.com https://sb.scorecardresearch.com https://b.scorecardresearch.com https://trial-eum-clientnsv4-s.akamaihd.net https://verify.serial-2.hallmark-channel.psdops.com https://web.hallmarkmoviechecklist.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.gravatar.com https://www.hallmarkchannel.com https://www.hallmarkfamily.com https://s1.fwmrm.net/ https://www.hallmarkmoviechannel.com https://www.hallmarkmystery.com https://www.youtube.com https://xd.wayin.com https://s.wayin.com https://a.wayin.com https://www.tiktok.com https://*.tiktokcdn.com https://*.tiktokcdn-us.com https://*.tiktok.com blob: data:; 3
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.culturaldistrict.org *.typeform.com *.googleapis.com *.googletagmanager.com https://static.formstack.com *.pittsburghsymphony.org *.citytheatrecompany.org https://cdnjs.cloudflare.com *.unpkg.com *.typekit.net *.gbox.me *.addressy.com; connect-src 'self' *.amazonaws.com *.tidio.co *.googlesyndication.com https://pct.formstack.com *.addressy.com https://trustarts.queue-it.net https://analytics.tiktok.com *.purechat.com https://adservice.google.com https://analytics.google.com *.postcodeanywhere.co.uk https://stats.g.doubleclick.net https://www.facebook.com *.google-analytics.com *.googleapis.com https://online.anyflip.com https://checkoutshopper-live-us.adyen.com/ *.typeform.com *.datadome.co *.captcha-delivery.com https://rum.browser-intake-datadoghq.com https: wss:; img-src cdnjs.cloudflare.com https: data:; font-src 'self' *.culturaldistrict.org https://fonts.gstatic.com *.tidiochat.com *.tidio.co *.formstack.com https://use.typekit.net; object-src 'none'; media-src 'self' *.tidiochat.com *.tidio.co *.culturaldistrict.org; frame-src 'self' *.googletagmanager.com *.approveforgood.com *.captcha-delivery.com *.applytojob.com *.doubleclick.net https://aa.trkn.us *.culturaldistrict.org *.formstack.com *.googlesyndication.com *.jotform.com *.pittsburghsymphony.org *.citytheatrecompany.org https://form.typeform.com *.youtube.com *.youtube-nocookie.com https://w.soundcloud.com *.issuu.com https://insight.adsrvr.org *.vimeo.com *.facebook.com *.google.com *.recaptcha.net https://online.anyflip.com *.albumizr.com https://checkoutshopper-live-us.adyen.com; frame-ancestors 'self'; worker-src blob:; 3
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' https:;    style-src 'self' 'unsafe-inline' https:;    img-src 'self' blob: data: https:;    media-src 'self' blob: data: https:;    font-src 'self' data: https:;    object-src 'none';    base-uri 'self';    form-action 'self' https:;    frame-src 'self' https:;    frame-ancestors 'none';    worker-src 'self' blob: https:;    upgrade-insecure-requests;    connect-src 'self' https: wss:; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; 3
base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-ofvxbmrl9-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com https://*.unbabel.com https://*.bablic.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com https://uploads.bablic.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 3
default-src 'self' *.mouseflow.com newsletter.abacus.ch fonts.googleapis.com; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net www.abacus.ch fonts.googleapis.com ; img-src 'self' www.googletagmanager.com www.linkedin.com *.googleapis.com www.googletagmanager.com/a px4.ads.linkedin.com www.google-analytics.com www.google.com www.google.ch maps.gstatic.com maps.google.com googleads.g.doubleclick.net px.ads.linkedin.com data:; connect-src 'self' cpl.iubenda.com idb.iubenda.com eu01.rec.mouseflow.com www.google.com googleads.g.doubleclick.net px.ads.linkedin.com o2.mouseflow.com region1.analytics.google.com region1.google-analytics.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com cdn.linkedin.oribi.io; font-src 'self' use.typekit.net fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.iubenda.com embeds.iubenda.com cdnjs.cloudflare.com www.abacus.ch api.mailxpert.ch snap.licdn.com cdn.mouseflow.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com newsletter.abacus.ch maps.googleapis.com maps.google.com googleads.g.doubleclick.net stats.g.doubleclick.net ajax.googleapis.com blob:; frame-src 'self' www.google.com www.googletagmanager.com newsletter.abacus.ch td.doubleclick.net app.livestorm.co; 3
default-src wss: https: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: blob:; font-src https: data:;img-src https: data:; 3
frame-ancestors "self" 3
default-src 'self'; object-src data:; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com cookiehub.net static.cookiehub.com plausible.io *.google.com *.gstatic.com isavia.atlassian.net *.infogram.com *.cookiebot.eu ucarecdn.com siteimproveanalytics.com *.facebook.net *.sojern.com *.doubleclick.net *.adnxs.com *.adsrvr.org *.klaviyo.com vercel.live *.hotjar.com *.mappedin.com 'unsafe-eval'; img-src 'self' data: blob: i.vimeocdn.com *.contentstack.com i.ytimg.com *.siteimproveanalytics.io *.usercentrics.eu *.facebook.com *.google.com *.google.is *.googletagmanager.com *.mappedin.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cookiehub.net static.cookiehub.com p.typekit.net *.mappedin.com; font-src 'self' fonts.gstatic.com use.typekit.net d1p5cqqchvbqmy.cloudfront.net *.mappedin.com; frame-src www.youtube-nocookie.com www.youtube.com player.vimeo.com *.google.com *.contentstack.com isavia.atlassian.net *.infogram.com consentcdn.cookiebot.eu *.doubleclick.net maps.kefairport.is maps.kefairport.com app.taktikal.is www.googletagmanager.com vercel.live w.soundcloud.com; media-src 'self' *.contentstack.com *.youtube.com; worker-src 'self' blob:; child-src 'self' blob:; connect-src 'self' ws: wss: data: vimeo.com plausible.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com ds.cookiehub.net cookiehub.net *.botpoison.com *.contentstack.com api.worldweatheronline.com submit-form.com *.uploadcare.com *.cookiebot.eu *.doubleclick.net *.google.com *.sojern.com *.facebook.com *.hotjar.com *.hotjar.io *.google.is *.mappedin.com; 3
default-src * data: 'unsafe-inline' 'unsafe-eval'; 3
default-src 'self'; img-src 'self' https: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; frame-ancestors 'self' ; 3
frame-ancestors 'self' *.betssongroupaffiliates.com 3
object-src 'none'; script-src * 'unsafe-eval' 'unsafe-inline' blob: data:; base-uri 'self' 3
default-src 'self' data: blob: https://b2b-cms.globalconnect.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://b2b-cms.globalconnect.net https://*.globalconnect.dk https://globalconnect.dk https://*.globalconnect.fi https://*.globalconnect.no https://*.globalconnect.de https://globalconnect.de https://*.globalconnect.se https://globalconnect.se https://globalconnectcarrier.com  https://*.globalconnectcarrier.com https://globalconnectgroup.com https://*.globalconnectgroup.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://mktdplp102cdn.azureedge.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apps.mypurecloud.de/ https://*.tryg.dk/ https://sleeknotecustomerscripts.sleeknote.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://*.sleeknote.com/ https://sc.lfeeder.com/ https://globalconnect-2.mynewsdesk.com/ https://assets.calendly.com/ https://globalconnect-se.mynewsdesk.com/ https://globalconnect-com.mynewsdesk.com/ https://cdn.jobylon.com/ https://static-eu.jobylon.com/; style-src 'unsafe-inline' 'self' data: blob: https://b2b-cms.globalconnect.net; img-src 'self' data: blob: https://b2b-cms.globalconnect.net https://imgsct.cookiebot.com https://secure.gravatar.com/ https://*.tryg.dk/ https://*.sleeknote.com/; font-src 'self' data: blob: https://fonts.gstatic.com/ https://*.tryg.dk/ https://www.mynewsdesk.com/ https://sleeknotestaticcontent.sleeknote.com/; connect-src 'self' data: https://b2b-cms.globalconnect.net https://globalconnectcarrier.com https://*.globalconnectcarrier.com https://globalconnectgroup.com https://*.globalconnectgroup.com https://*.globalconnect.no https://*.globalconnect.dk https://globalconnect.dk https://*.globalconnect.fi https://*.globalconnect.de https://globalconnect.de https://*.globalconnect.se https://globalconnect.se https://consentcdn.cookiebot.com/ https://region1.google-analytics.com/ https://yoast.com/ https://*.dynamics.com/ https://api.mypurecloud.de/ https://apps.mypurecloud.de/ https://api-cdn.mypurecloud.de/ https://*.googlesyndication.com/ https://*.tryg.dk/ https://*.tryg.com/ https://*.sleeknote.com/ https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/; frame-src 'self' data: blob: https://b2b-cms.globalconnect.net https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://*.dynamics.com/ https://apps.mypurecloud.de https://www.googletagmanager.com/ https://player.vimeo.com/ https://network-map.globalconnect.net/ https://globalconnect-2.mynewsdesk.com/ https://calendly.com/ https://globalconnect-se.mynewsdesk.com/ https://globalconnect-com.mynewsdesk.com/ https://cdn.jobylon.com/ https://*.sleeknote.com/; media-src 'self' data: blob: https://b2b-cms.globalconnect.net; form-action 'self' https://b2b-cms.globalconnect.net; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https: wss: ws:; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src 'self' https:; frame-ancestors 'self' https:; object-src 'none'; media-src 'self' https:; manifest-src 'self'; worker-src 'self'; child-src 'self' https:; base-uri 'self'; form-action 'self' https:; upgrade-insecure-requests; block-all-mixed-content; 3
upgrade-insecure-requests; default-src 'self' *.crazyegg.com blob:; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.google.com *.googleadservices.com *.google.nl *.doubleclick.net stats.g.doubleclick.net use.typekit.net cdn.cookielaw.org cdn.openwidget.com ga.jspm.io public.flourish.studio cdn.propensity.com analytics.propensity-abm.com tags.srv.stackadapt.com wisepops.net activity.wisepops.com snap.licdn.com *.ads.linkedin.com ds.digital-science.com siteintercept.qualtrics.com *.qualtrics.com *.marker.io *.amazonaws.com *.onetrust.com *.googlesyndication.com *.crazyegg.com *.wistia.net *.wistia.com *.litix.io browser.sentry-cdn.com; script-src 'self' blob: 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.google.nl *.doubleclick.net *.youtube.com www.youtube.com youtube.com s.ytimg.com use.typekit.net cdn.cookielaw.org cdn.openwidget.com api.openwidget.com ga.jspm.io public.flourish.studio *.crazyegg.com cdn.propensity.com tags.srv.stackadapt.com wisepops.net snap.licdn.com ds.digital-science.com siteintercept.qualtrics.com *.qualtrics.com *.marker.io ds.symplectic.co.uk *.ads.linkedin.com *.heeet.io *.pardot.com qvdt3feo.com *.wistia.net *.wistia.com browser.sentry-cdn.com platform.twitter.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdn.cookielaw.org cdn.openwidget.com tags.srv.stackadapt.com *.crazyegg.com fonts.googleapis.com; img-src 'self' data: *.digital-science.com *.ificlaims.com *.symplectic.co.uk cdn.cookielaw.org *.wpenginepowered.com public.flourish.studio *.google.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.google.co.uk *.google.cn *.google.com.hk *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.pl *.google.ca *.google.com.br *.google.com.mx *.google.com.au *.google.co.jp *.google.co.in *.google.com.sg *.google.com.tw *.google.co.za *.google.ae *.doubleclick.net *.ads.linkedin.com *.ytimg.com *.wistia.net *.wistia.com *.crazyegg.com user-images.crazyeggcdn.com; font-src 'self' data: use.typekit.net *.wistia.net *.wistia.com fonts.gstatic.com; media-src 'self' blob: *.wistia.net *.wistia.com; frame-src 'self' *.youtube.com *.vimeo.com ds.digital-science.com cdn.openwidget.com flo.uri.sh *.googletagmanager.com *.wistia.net *.wistia.com *.marker.io widgets.figshare.com go.demo.pardot.com platform.twitter.com ds.symplectic.co.uk *.crazyegg.com; base-uri 'self'; 3
default-src * https: blob: data: wss: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.101datacenter.net https://*.101domain.com https://chat.livecustomer.com https://my.101domain.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com https://secure.campaigner.com https://connect.facebook.net https://*.googleapis.com https://*.facebook.com https://*.llnwd.net https://*.doubleclick.net https://*.infusionsoft.com https://*.google.bg https://d3pkntwtp2ukl5.cloudfront.net https://*.livechatinc.com https://*.googleusercontent.com https://*.gstatic.com https://*.linkedin.com https://*.bing.com https://*.infusionsoft.app https://*.adsymptotic.com https://*.truste.com https://*.comodo.com https://*.trust-provider.com https://*.101d.dev https://*.101s.dev https://*.ytimg.com https://*.clarity.ms https://*.videodelivery.net https://cdn.livechat-files.com https://cdn.linkedin.oribi.io https://*.licdn.com https://*.cloudflareinsights.com https://api.rss2json.com https://*.pingdom.net data: 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: blob:; img-src * blob: data:; style-src 'self' 'unsafe-inline' * data: blob:; font-src 'self' data: blob: *; frame-src * data: blob:; frame-ancestors *; connect-src * data:; object-src 'none'; 3
default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 3
frame-ancestors *.nha.nl *.nha.be *.nhad.de *.buddywise.nl 3
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.paymentiq.io/; 3
frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests 3
frame-ancestors 'self' https://www.youtube.com https://youtube.com; 3
base-uri 'self'; default-src 'self' *.airdolomiti.it *.airdolomiti.eu *.airdolomiti.de https://www.google.it https://www.google.de https://*.google.com https://*.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://dynamic.criteo.com https://consent.cookiebot.com https://*.criteo.com https://*.doubleclick.net  https://*.h-care.eu https://consentcdn.cookiebot.com www.google-analytics.com unpkg.com https://*.googlesyndication.com https://www.google.com https://*.elmobot.eu analytics.tiktok.com https://bat.bing.com https://www.clarity.ms ; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://api.airdolomiti.it https://applogs.sdch.develondigital.com  https://*.geocode.earth https://consentcdn.cookiebot.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.clarity.ms https://engagent.h-care.eu https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com wss://engagent.h-care.eu https://www.google.com https://pagead2.googlesyndication.com https://*.privacylab.it https://*.elmobot.eu https://*.airdolomiti.it https://*.airdolomiti.eu https://*.airdolomiti.de https://ad.doubleclick.net https://analytics.tiktok.com https://measurement-api.criteo.com https://bat.bing.net https://bat.bing.com https://analytics-ipv6.tiktokw.us https://c.clarity.ms https://gum.criteo.com https://sync.1rx.io https://www.googleadservice.com ; font-src data: 'self' https://fonts.gstatic.com https://engagent.h-care.eu ; frame-src  'self' https://www.google.com https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://consentcdn.cookiebot.com https://www.facebook.com https://*.doubleclick.net https://gum.criteo.com https://static.criteo.net https://tpc.googlesyndication.com https://apps.joinsherpa.io https://engagent.h-care.eu https://widget.spreaker.com https://td.doubleclick.net https://*.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://fledge.criteo.com https://fledge.eu.criteo.com https://youtube.com ; style-src  'self' 'unsafe-inline' https://fonts.googleapis.com https://engagent.h-care.eu ; form-action https://*.airdolomiti.it https://*.airdolomiti.de https://*.airdolomiti.eu https://book.en.amadeus.com https://www.facebook.com ; object-src  engagent.h-care.eu; img-src 'self' data: https://*.airdolomiti.it https://*.airdolomiti.de https://*.airdolomiti.eu https://www.google-analytics.com https://www.facebook.com www.google.com https://analytics.google.com https://www.google.de https://googleads.g.doubleclick.net https://www.google.it https://engagent.h-care.eu https://cm.g.doubleclick.net https://sync.outbrain.com https://criteo-sync.teads.tv https://ups.analytics.yahoo.com https://cm.adform.net https://gum.criteo.com https://criteo-partners.tremorhub.com https://sync-criteo.ads.yieldmo.com https://imgsct.cookiebot.com https://*.privacylab.it https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://ad.360yield.com https://ad.doubleclick.net https://ad.yieldlab.net https://contextual.media.net https://eb2.3lift.com https://exchange.mediavine.com https://id5-sync.com https://jadserve.postrelease.com https://pixel.rubiconproject.com https://r.casalemedia.com https://simage2.pubmatic.com https://sync-t1.taboola.com https://sync.1rx.io https://www.googletagmanager.com https://x.bidswitch.net https://bat.bing.com https://ad.doubleclick.net https://rtb-csync.smartadserver.com https://www.googleadservice.com https://c.clarity.ms 3
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src * data:; img-src * data:; style-src * data: 'unsafe-inline'; font-src * data:; frame-src * data:; 3
policy 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 3
frame-ancestors 'self' https://cms.vistry.co.uk/ *.vistry.co.uk 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ; frame-ancestors 'self' 3
default-src 'self' data: ; child-src 'self' blob: ; img-src * data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.mollie.com https://remote.captcha.com https://hcaptcha.com https://*.hcaptcha.com blob: ; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com ; base-uri 'none' ; font-src 'self' data: ; form-action 'self' https://*.mollie.com ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com blob: ; frame-ancestors 'self' ; connect-src 'self' https://xmpp.contactoffice.com https://hcaptcha.com https://*.hcaptcha.com https://blockchain.info https://api.coinlayer.com https://api.friendlycaptcha.com ; 3
default-src 'self' data:;font-src 'self' data: fonts.gstatic.com;connect-src 'self' localhost *.doubleclick.net *.clarity.ms *.fg.cz *.google-analytics.com *.analytics.google.com www.google.com requestor.bezpecnostnicentrum.cz maps.googleapis.com translate.googleapis.com translate-pa.googleapis.com *.facebook.com *.googlesyndication.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.clarity.ms www.youtube.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googletagmanager.com *.clarity.ms www.youtube.com recaptcha.net *.fg.cz www.google.com www.gstatic.com *.google-analytics.com requestor.bezpecnostnicentrum.cz maps.googleapis.com translate.google.com translate.googleapis.com translate-pa.googleapis.com connect.facebook.net;form-action 'self' *.facebook.com *.facebook.net;frame-src 'self' *.doubleclick.net www.youtube.com www.youtube-nocookie.com recaptcha.net www.google.com www.googletagmanager.com requestor.bezpecnostnicentrum.cz online.fliphtml5.com;worker-src 'self' blob: www.youtube.com *.doubleclick.net;frame-ancestors 'self' localhost test-edee-jablotron.fg.cz edee.jablotron.com;img-src 'self' data: blob: *.fg.cz *.doubleclick.net *.clarity.ms *.youtube.com *.ytimg.com *.openstreetmap.org *.google.cn *.google.com *.google.cz http://www.google.com maps.gstatic.com maps.googleapis.com fonts.gstatic.com www.gstatic.com translate.googleapis.com *.bing.com *.googletagmanager.com *.facebook.com mapsresources-pa.googleapis.com;style-src 'self' 'unsafe-inline' requestor.bezpecnostnicentrum.cz fonts.googleapis.com www.gstatic.com *.googletagmanager.com;object-src self;media-src 'self' *.fg.cz edee.jablotron.com 3
default-src https: wss: blob: data: 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com account.psplugin.com commondatastorage.googleapis.com omni.teleperformance.se static.hotjar.com bat.bing.com track.adform.net *.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net test-allentetest.lekane.net allente.lekane.net tango-churn.viasat.dk *.vo.msecnd.net assets.adobedtm.com dl.episerver.net canaldigital.d3.sc.omtrdc.net fast.canaldigital.demdex.net dpm.demdex.net cm.everesttech.net cd-static.telenorcdn.net canaldigital.demdex.net a4560576362315776.cdn.optimizely.com a4560576362315776.cdn-pci.optimizely.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com; frame-ancestors 'self' www.elkjop.no elkjop.no www.power.no power.no logon.canaldigital.com ssotest.api-canaldigital.com ssostage.api-canaldigital.com localhost app.optimizely.com; 3
frame-src 'self' https://www.googletagmanager.com https://*.youtube.com http://*.youtube.com https://*.google.com https://www.facebook.com https://*.gov.bd https://*.*.gov.bd http://*.gov.bd http://*.*.gov.bd; 3
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; font-src 'self' data: https://*.gstatic.com/ https://fonts.googleapis.com/; img-src * data:; media-src 'self';object-src 'none'; base-uri 'self';frame-ancestors 'self' https://www.jobs-im-allgaeu.de;form-action 'self' https://*.tq-group.com https://*.facebook.com; 3
script-src 'self'; 3
default-src 'self' www.clickvieweducation.com *.www.clickvieweducation.com www.clickview.net *.www.clickview.net *.clickviewapp.com clickv.ie *.clickv.ie *.clickview.com.au *.clickview.net; img-src * blob: data:; style-src 'self' www.clickvieweducation.com *.www.clickvieweducation.com 'unsafe-inline'; connect-src 'self' *; script-src 'self' www.clickvieweducation.com *.www.clickvieweducation.com www.clickview.net *.www.clickview.net *.clickviewapp.com clickv.ie *.clickv.ie *.clickview.com.au *.clickview.net www.google.com www.google-analytics.com www.googleadservices.com www.gstatic.com *.googleapis.com www.googletagmanager.com stats.g.doubleclick.net vercel.live *.vercel.live www.instagram.com *.clarity.ms 'unsafe-eval' 'unsafe-inline'; media-src 'self' *.www.clickvieweducation.com static.clickvieweducation.com www.clickview.net *.www.clickview.net *.clickviewapp.com clickv.ie *.clickv.ie *.clickview.com.au *.clickview.net; frame-src 'self' www.clickvieweducation.com *.www.clickvieweducation.com www.clickview.net *.www.clickview.net *.clickviewapp.com clickv.ie *.clickv.ie *.clickview.com.au *.clickview.net vercel.live *.vercel.live www.instagram.com correlation.edgate.com www.youtube.com calendly.com player.vimeo.com; font-src 'self' fonts.gstatic.com; 3
default-src 'self';  worker-src 'self' blob:;  script-src 'self' 'unsafe-eval' 'unsafe-inline'     https://sdk.token.logpay.de     https://maps.googleapis.com     blob:     https://www.jsctool.com     https://jsctool.com     https://*.optimizely.com     https://secure.pay1.de     https://www.img-bahn.de     https://cms.static-bahn.de     https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com     https://*.bahn.de     https://*.bahn.com     https://app.crossengage.io     https://ucm-eu.verint-cdn.com     https://*.go-mpulse.net;  connect-src 'self'     https://maps.googleapis.com     https://mapsresources-pa.googleapis.com     https://www.gstatic.com     data:     blob:     https://p11.techlab-cdn.com     https://www.jsctool.com     https://jsctool.com     https://assets.static-bahn.de     https://dmp.adform.net     https://siteintercept.qualtrics.com     https://logx.optimizely.com     https://*.optimizely.com     https://collect.tealiumiq.com     https://trk-api.crossengage.io     https://accounts.bahn.de     https://ucm-eu.verint-cdn.com     https://hoover-eu.verint-api.com     https://*.akstat.io     https://*.go-mpulse.net     wss://hoover-eu.verint-api.com     https://kiana.services-bahn.de;  frame-src 'self'     https://s-bahn-hh.specials-bahn.de/     https://cms.static-bahn.de     https://secure.pay1.de     https://dbpayment.dbv.service.deutschebahn.com     https://payment.dbv.service.deutschebahn.com     https://*.bahn.de     https://www.abo-bahn.de     https://db.novafind.eu     https://transport.novafind.eu     https://a791773171.cdn.optimizely.com/     https://s-bahn-muenchen-live.de     https://assets1-eur.mkt.dynamics.com     https://assets-eur.mkt.dynamics.com     https://accounts.bahn.de     https://db-bordgastronomie.de     https://ersatzkarte-dbregiobusnord.de     https://analytics.geops.de     https://*.sbahnm.geops.de     https://fipo.deutschebahn.com     https://regioforce.my.salesforce-sites.com     https://www.jugendticket-nds.de     https://a1.adform.net     https://dbstreckenagent.de     https://www.dbstreckenagent.de     https://tour.services-bahn.de;  frame-ancestors 'self';  style-src 'self'     https://ucm-eu.verint-cdn.com     https://fonts.googleapis.com     https://www.jsctool.com     https://jsctool.com     'unsafe-inline';  font-src 'self' data: https://fonts.gstatic.com;  img-src 'self'     https://*.static-bahn.de     https://maps.googleapis.com     https://mapsresources-pa.googleapis.com     https://maps.gstatic.com     https://www.awin1.com     https://partner-bahn.de     https://cm.g.doubleclick.net     https://fcmatch.google.com     https://fcmatch.youtube.com     https://dmp.adform.net     https://cdn.optimizely.com     https://*.qualtrics.com     https://assets.static-bahn.de     https://*.bahn.de     https://assets-ri.extranet.deutschebahn.com     https://cms.static-bahn.de     https://*.akstat.io     data:;  media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 3
report-to default; 3
frame-ancestors 'self' https://atoms.dev https://canary.atoms.dev https://canary2.atoms.dev https://mgx.dev  https://canary.mgx.dev 3
default-src 'self'; script-src 'unsafe-inline'  'unsafe-eval'  'self' *.bizzdesign.com pi.pardot.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com *.googleadservices.com www.youtube.com bizzdesign.chilipiper.com *.alfabetcloud.com cdn-cookieyes.com *.bing.com *.licdn.com *.oktopost.com js.zi-scripts.com tag.aticdn.net www.redditstatic.com a.quora.com bizzdesign.chilipiper.com fast.wistia.net api.ipify.org moderate.cleantalk.org fd.cleantalk.org dywrfp5ctng3l.cloudfront.net blob: ; object-src 'self' *.bizzdesign.com; style-src 'unsafe-inline' 'self' *.bizzdesign.com cdn.jsdelivr.net dywrfp5ctng3l.cloudfront.net; img-src data: 'self' *.bizzdesign.com *.bing.com cdn-cookieyes.com *.linkedin.com *.bing.com cdn-cookieyes.com www.googletagmanager.com *.google.com *.google.fr *.google.be *.google.de *.google.nl *.google.co.uk *.google.es q.quora.com alb.reddit.com bizzdesign.chilipiper.com stats.g.doubleclick.net; media-src data: 'self' *.bizzdesign.com; frame-src 'self' td.doubleclick.net www.googletagmanager.com www.youtube.com *.bizzdesign.com bizzdesign.chilipiper.com splunk-prod.alfabetcloud.com fast.wistia.net www.google.com/; frame-ancestors 'self' *.bizzdesign.com; child-src 'self' *.bizzdesign.com ; font-src 'self' *.bizzdesign.com fonts.gstatic.com; connect-src 'self' *.bizzdesign.com px.ads.linkedin.com *.clarity.ms bat.bing.net js.zi-scripts.com google.com  *.google.com  ws.zoominfo.com bat.bing.com www.google-analytics.com *.doubleclick.net scout.salesloft.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.hotjar.io wss://ws.hotjar.com *.cookieyes.com cdn-cookieyes.com gjzbjmh.pa-cd.com pixel-config.reddit.com www.redditstatic.com cdn.jsdelivr.net bizzdesign.chilipiper.com pipedream.wistia.com fast.wistia.net fd.cleantalk.org bizzdesign.pinpointhq.com; report-uri /policies/privacy-policy; upgrade-insecure-requests 3
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' data: blob: *;font-src 'self' data: *;connect-src 'self' *;media-src 'self' blob: *;frame-ancestors 'self' *.paragonrels.com *.sigmacomputing.com *.bkfsconnect.com *.bkfstest.com;frame-src *;worker-src 'self' blob: *;object-src 'self' *;manifest-src 'self' *;form-action 'self' https://*.theice.com https://*.intcx.net https://*.ice.com;upgrade-insecure-requests;base-uri 'self';script-src-attr 'none' 3
default-src https: 'unsafe-inline' 'unsafe-eval' mczbf.com kdukvh.com emjcd.com cj.dotomi.com members.cj.com googletagmanager.com google.com google.cz seznam.cz wss: websocket-visitors.smartsupp.com rec.smartlook.com googletagmanager.com heureka.cz imedia.cz data: 3
policy-definition 3
frame-ancestors self; report-uri /cspvr 3
frame-ancestors 'self'; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://sdk.dcmn.io https://www.facebook.com https://sibautomation.com https://ad4m.at https://hal9000.redintelligence.net https://*.ad-srv.net https://googleanalytics.com https://google-analytics.com https://googleoptimize.com https://*.googletagmanager.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://widget.trustpilot.com https://*.studentbeans.com https://ct.pinterest.com https://*.cdn.optimizely.com https://just-russel.campaign.playable.com https://*.doubleclick.net https://*.clarity.ms https://*.justrussel.com https://*.justrussel.nl https://*.justrussel.be https://*.justrussel.de https://*.justrussel.fr 3
default-src https: http: wss: 'self' data: 'unsafe-inline' blob:; 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' hs-scripts.com *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.youtube.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflare.com; connect-src 'self' *.hubapi.com js.hscta.net *.hubspot.com *.hscollectedforms.net *.hsforms.com *.google-analytics.com; img-src 'self' data: js.hscta.net no-cache.hubspot.com *.hubspot.com cdn2.hubspot.net *.hsforms.net *.hsforms.com *.gravatar.com; style-src 'self' 'unsafe-inline' *.hubspot.net *.hsforms.net *.googleapis.com; font-src 'self' data: *.gstatic.com; worker-src 'self' blob:; media-src 'self'; frame-src 'self' *.hubspot.com *.hsforms.net *.youtube.com *.google.com; 3
frame-ancestors 'self' https://indodanafinance.co.id https://quickpay.indodanafinance.co.id https://www.indodana.id https://www.indodanafinance.co.id 3
default-src 'self'; base-uri 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://s.yimg.jp/ https://connect.facebook.net/ https://*.yahoo.co.jp/ https://maps.googleapis.com/ https://*.mul-pay.jp/ https://*.google.com https://global.localizecdn.com/ https://use.typekit.net/ https://cdnjs.cloudflare.com https://cdn.auth0.com https://ads.twitter.com https://imasdk.googleapis.com https://pagead2.googlesyndication.com https://static.ads-twitter.com https://s0.2mdn.net https://www.googletagservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net/; connect-src * data: blob: 'unsafe-inline'; frame-src https://*.google.com/ https://bid.g.doubleclick.net/ https://www.googletagmanager.com/ https://*.facebook.com/ https://www.youtube.com/ https://td.doubleclick.net/ https://imasdk.googleapis.com/; media-src * data: blob:; worker-src * data: blob: 3
default-src https:; connect-src https:; font-src https: data:; frame-src https: com.amazon.mobile.shopping.web:; img-src http: https: data: blob:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: 3
frame-ancestors 'self' https://*.ariba.com https://*.in8suite.com https://*.extforms.netsuite.com  https://*.jm.com https://*.na.jm.com:44300 https://solutions.sciquest.com https://*.na.jm.com:50001 3
upgrade-insecure-requests;         frame-ancestors 'self' https://*.schaeffler.com; img-src 'self' https://maps.googleapis.com         https://maps.gstatic.com https://cdn.cookielaw.org https://www.schaeffler.com         https://*.schaeffler-cdn.com https://*.linkedin.com https://www.facebook.com         https://www.google-analytics.com https://www.google.com https://www.google.de         https://www.googletagmanager.com https://*.fbcdn.net https://*.twimg.com/         https://*.ytimg.com https://*.ggpht.com/ https://*.licdn.com         https://userlike-cdn-operators.userlike.com https://cdn.socialstudio.radian6.com          https://media-aftermarket.schaeffler.com https://eqs-cockpit.com  	https://sch-cor-website-cdn-stage.mishost.ch https://sch-cor-website-cdn-live.mishost.ch https://www.eqs.com  	https://*.doubleclick.net 	data: blob:; 3
default-src https: 'self' https://fpt-is.com https://cdn.fpt-is.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fpt-is.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/three@0.121.1/build/three.module.js https://cdn.jsdelivr.net/npm/three@0.121.1/examples/jsm/loaders/GLTFLoader.js https://cdn.jsdelivr.net/npm/three@0.121.1/examples/jsm/controls/OrbitControls.js https://www.google-analytics.com https://www.google.com https://connect.facebook.net https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fpt-is.com ; img-src 'self' 'unsafe-inline' https://cdn.fpt-is.com data: blob: https://secure.gravatar.com https://fpt-is.com https://www.google.com.vn https://www.facebook.com/ https://i.ytimg.com; object-src 'self' https://fpt-is.com; font-src 'self' data:; worker-src 'self' data: blob:; frame-ancestors 'self'; base-uri 'self' 3
default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.oni.nl; img-src 'self' data: https://*.oni.nl; connect-src 'self' https://*.oni.nl 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-5VrVgGfPbUH5IoPb+tGodpswZad/XDHQfqHeVD0LMG4=' 'sha256-GzLa6PHsoYb/mWiygVZf0eV6Eqf/Gtov1YL7cWejYeI=' 'sha256-WmkatJkEumwrWBnyR4oWCNOCCC4zfnMSDrWjiCT4P7U=' 'sha256-mzf3UtXbwYfnnKP3VEgtye3nTk0xcGXJLGjLmC4y7v4=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-L2Slc+hjgfPR0Q7PEHLXalHE5sLRtxFNIWREBDLnqVU=' 'sha256-HfnQNmJVmBeLeNyjla2aZlXUlQYKZqWl81TdBj5YxcM=' 'sha256-DC/xa4clqDG2m8xUL+0jWRNUk1Py6w2/90aDcF5n220=' 'sha256-2AfYz0WARuNiypO7Ti/gOzUUynrazrHlZWDm75zKnwA=' 'sha256-eDM06SboA/7JhtwlPW0fahLttVxSbkkCvx3cWVDwWOw=' 'sha256-RsfuaCLZoFFkVypUbGHicG8F4ZjyF3UjE/fDGhQkmA4=' 'sha256-Rbbp/+mQGdIJGIHEMRlHm3pa72/5+Okh/+N4saS4FUw=' https://www.gstatic.com https://www.google.com https://ajax.cloudflare.com https://www.googletagmanager.com https://cdn.cookielaw.org blob: *; script-src-attr 'unsafe-inline'; child-src 'self'; style-src 'unsafe-inline' *;frame-src 'self' https://job-boards.cdn.greenhouse.io https://job-boards.greenhouse.io https://boards.greenhouse.io  blob: *; img-src 'self' data: *; connect-src *; font-src data: *; media-src *; frame-ancestors https://author.bursonglobal.com https://www.bursonglobal.com 3
frame-ancestors 'self' *.zendesk.com; 3
frame-ancestors 'self' https://web.sorunapp.com/ 3
frame-ancestors 'none'; report-to default 3
frame-ancestors 'self' http://localhost:5173 http://localhost:3000 3
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 3
default-src 'none'; base-uri 'self' https://altoplan.de https://www.altoplan.de; child-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 3
script-src https: 'unsafe-eval' 'unsafe-inline' *.ngsapps.net *.intngsapps.net; worker-src blob: https: 'unsafe-eval' 'unsafe-inline' *.ngsapps.net *.intngsapps.net; 3
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: 3
\ 3
frame-src 'self' *.youtube.com static.addtoany.com td.doubleclick.net static.addtoany.com www.google.com sidebar.bugherd.com 18.134.245.132 *.issuu.com app.hubspot.com youtube.com *.hsforms.com issuu.com *.typeform.com *.googletagmanager.com; object-src 'none';base-uri 'self' 3
base-uri 'self'; default-src 'self'; img-src 'self' https://api.ingmarkets.com https://cdn.ingmarkets.nl www.googletagmanager.com matomo.ing.cloudops.it *.visualwebsiteoptimizer.com app.vwo.com data: www.ingwb.com abmfn.com ingsprinters01.wt-eu02.net fbc.wcfbc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com responder.wt-safetag.com matomo.ing.cloudops.it *.visualwebsiteoptimizer.com app.vwo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; connect-src ws: 'self' https://api.ingmarkets.com https://ingfm-quoteproxy.v-i.nl https://www.ingmarkets.nl matomo.ing.cloudops.it *.visualwebsiteoptimizer.com app.vwo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self'; frame-ancestors 'self'; frame-src 'self' www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; report-to https://vicompany.report-uri.com/r/d/csp/enforce; report-uri https://vicompany.report-uri.com/r/d/csp/enforce; worker-src blob: 'self'; upgrade-insecure-requests; 3
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data: blob:; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; media-src 'self' blob:; frame-src 'self'; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.solar.eu https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com https://solargroup.containers.piwik.pro https://cdn.richrelevance.com https://dev.visualwebsiteoptimizer.com https://googletagmanager.com https://connect.facebook.net https://bpb.opendns.com https://integration.richrelevance.com https://staging.richrelevance.com https://recs.richrelevance.com https://www.recaptcha.net https://www.gstatic.com https://web-sdk-eu.aptrinsic.com https://app.vwo.com https://snap.licdn.com https://dmcqaqmkk1tj3.cloudfront.net/solar.js; font-src 'self' data: cdn.solar.eu https://*.amazonaws.com https://*.cloudfront.net https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' cdn.solar.eu https://consentcdn.cookiebot.com https://go.pardot.com https://web-sdk-eu.aptrinsic.com https://app.vwo.com; worker-src * blob: 3
default-src * 'unsafe-eval' 'unsafe-inline' data: mediastream: blob: filesystem: mailto:; 3
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 3
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test *.snakeware.local 3
default-src * data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-ancestors 'self' http://localhost:4200 https://cloudplayer.green-solutions.com; 3
base-uri 'none'; default-src: 'none'; block-all-mixed-content 3
default-src 'self';img-src 'self' https://*.googleapis.com data: blob: https://*.googleapis.com https://eitb-images.mediapro.dev https://*.primeran.eus https://*.makusi.eus https://*.etbon.eus https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://www.google.es https://www.googletagmanager.com https://*.cookiebot.com https://euskalpmd.akamaized.net https://assets.adobedtm.com https://*.eitb.eus https://*.demdex.net https://*.2o7.net https://*.scorecardresearch.com https://*.everesttech.net https://*.sapcdm.cn https://*.gigya.com https://*.gaztea.eus https://*.orain.eus https://*.guau.eus https://*.etbplay.eus;frame-src *.doubleclick.net *.cookiebot.com *.sibbo.net *.googleapis.com *.demdex.net *.privacy-mgmt.com *.adobedc.net *.eitb.eus;frame-ancestors *.primeran.site *.guau.eus *.guau.info *.makusi.site *.makusi.eus *.primeran.eus *.etbon.eus *.eitb.eus *.gaztea.eus *.orain.eus cms-master-rsfudnb6sq-ew.a.run.app cms-eitb-rsfudnb6sq-ew.a.run.app *.demdex.net https://*.2o7.net https://*.scorecardresearch.com https://*.everesttech.net;object-src 'self';script-src 'self' 'unsafe-eval' https://www.googletagservices.com https://*.cookiebot.com https://*.sibbo.net https://cdnjs.cloudflare.com https://*.googleapis.com https://www.googletagmanager.com https://*.adobedtm.com https://*.demdex.net https://*.2o7.net https://*.scorecardresearch.com https://*.everesttech.net https://cdn.privacy-mgmt.com https://*.adobedc.net https://*.sapcdm.cn;script-src-elem 'self' 'strict-dynamic' 'nonce-pr1meran' https://www.googletagservices.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.googleapis.com https://www.googletagservices.com https://*.cookiebot.com https://*.sibbo.net https://cdnjs.cloudflare.com https://s0.2mdn.net https://pagead2.googlesyndication.com https://adservice.google.com https://*.adobedtm.com https://*.demdex.net;connect-src https://primeran.eus https://*.mediatailor.eu-central-1.amazonaws.com https://*.ott.tiivii.com https://*.mediapro-dev.com https://etbon.eus https://*.etbon.eus https://*.eitb.eus https://*.gaztea.eus https://*.orain.eus https://*.mediapro.dev https://*.gigya.com https://eitb.tt.omtrdc.net https://*.guau.eus https://*.fastly.net https://*.cloudfront.net https://*.cookiebot.com https://*.sibbo.net https://*.youborafds01.com https://*.primeran.site https://guau.info https://guau.eus https://makusi.site https://makusi.eus https://*.guau.info https://*.makusi.site https://*.makusi.eus https://*.primeran.eus https://*.makusi.eus https://*.primeran.eus https://csi.gstatic.com https://*.youboranqs01.com https://*.googleapis.com https://s3-static-qatar.s3.eu-central-1.amazonaws.com https://in.logs.betterstack.com https://*.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://*.eitb.eus https://euskalpmd.akamaized.net https://*.demdex.net https://*.2o7.net https://*.scorecardresearch.com https://*.everesttech.net https://cdn.privacy-mgmt.com https://*.adobedc.net https://*.betterstackdata.com;media-src 'self' blob: * blob:;base-uri 'self';font-src 'self' https: data:;form-action 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 3
font-src *.gstatic.com *.googleapis.com *.fontawesome.com fonts.googleapis.com static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ *.addthis.com *.facebook.com *.twitter.com *.multisafepay.com https://pay.google.com https://plumrocket.com td.doubleclick.net www.kiyoh.com googleads.g.doubleclick.net *.google.nl https://sst.pharmacy4pets.de https://sst.pharmacy4pets.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.addthisedge.com *.twitter.com *.sooqr.com *.spotlersearch.com *.multisafepay.com www.google.nl *.bing.net *.analytics.google.com *.pharmacy4petsdev.hypernode.io *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl pharmacy4pets.de pharmacy4pets.fr pharmacy4pets.es pharmacy4pets.com pharmacy4pets.nl *.kommunicate.io s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.avada.io *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com *.multisafepay.com https://pay.google.com *.hotjar.com bat.bing.com widget.freshworks.com *.freshdesk.com www.smartsuppchat.com widget-v3.smartsuppcdn.com www.clarity.ms sst.pharmacy4pets.fr *.pharmacy4petsdev.hypernode.io *.omappapi.com *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com google.com *.kommunicate.io 'report-sample' 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.adobedtm.com amcglobal.sc.omtrdc.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com *.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.commerce-payment-services.com *.cloudflare.com pay.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com apis.google.com *.googleadservices.com https://www.gstatic.com/recaptcha https://www.google.com/recaptcha *.google.com *.google.com/ https://maps.googleapis.com/maps/api/js *.instagram.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.magento-ds.com *.paypalobjects.com c.paypal.com *.paypal.com sandbox.paypal.com *.sandbox.paypal.com https://js.stripe.com/v3/ *.stripe.com *.link.com *.typekit.net use.typekit.net *.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.sooqr.com *.spotlersearch.com *.multisafepay.com widget-v3.smartsuppcdn.com widget.freshworks.com *.freshdesk.com static-tracking.klaviyo.com *.omappapi.com *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl www.googletagmanager.com *.kommunicate.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.kommunicate.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.sooqr.com *.spotlersearch.com *.multisafepay.com www.google.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io google-analytics.com *.google-analytics.com googleads.g.doubleclick.net bootstrap.smartsuppchat.com widget.freshworks.com *.freshdesk.com *.smartsuppcdn.com wss://websocket-visitors.smartsupp.com  *.googlesyndication.com *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl *.clarity.ms *.omappapi.com spotlersearchanalytics.com cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com google.com pay.google.com *.kommunicate.io *.bing.net wss://*.kommunicate.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.gstatic.com cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com unpkg.com script.crazyegg.com www.google.com; connect-src 'self' cdn.jsdelivr.net unpkg.com www.google.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net jobs.htcinc.com; img-src 'self' www.googletagmanager.com www.google.co.in secure.gravatar.com data: ; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com data: ; object-src 'self'; media-src 'self'; child-src 'self'; frame-src 'self' www.google.com www.recaptcha.net securityscorecard.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com; form-action 'self'; frame-ancestors 'self'; worker-src 'self' blob:; 3
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' data: blob: www.google.com www.google.com.br www.google-analytics.com i.ytimg.com www.brilhenaapsen.com.br dev.visualwebsiteoptimizer.com c.clarity.ms c.bing.com www.googletagmanager.com cdn.cookielaw.org i.vimeocdn.com i.vimeo.com f.vimeocdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.hotjar.com www.google-analytics.com www.googletagmanager.com code.jquery.com www.clarity.ms dev.visualwebsiteoptimizer.com cdn.cookielaw.org player.vimeo.com vimeo.com f.vimeocdn.com i.vimeocdn.com; frame-src 'self' www.youtube.com td.doubleclick.net player.vimeo.com vimeo.com; worker-src 'self' blob:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net analytics.google.com dev.visualwebsiteoptimizer.com e.clarity.ms x.clarity.ms cdn.cookielaw.org consent.cookielaw.org privacyportal-br.onetrust.com request.v1.privacyportal-br.onetrust.com geolocation.onetrust.com player.vimeo.com vimeo.com *.vimeo.com i.vimeocdn.com f.vimeocdn.com *.vimeocdn.com skyfire.vimeocdn.com; media-src 'self' blob: *.vimeocdn.com *.vimeo.com; 3
frame-ancestors 'self' https://app.agilitycms.com; 3
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://fonts.cdnfonts.com/s/85546/Satoshi-BlackItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Black.woff https://fonts.cdnfonts.com/s/85546/Satoshi-BoldItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Bold.woff https://fonts.cdnfonts.com/s/85546/Satoshi-MediumItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Medium.woff https://fonts.cdnfonts.com/s/85546/Satoshi-LightItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Light.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Italic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Regular.woff https://s3.amazonaws.com/trustspot-pr-widget/ https://trustspot-app-assets.s3.amazonaws.com *.yotpo.com *.googleapis.com https://*.klaviyo.com https://*.zmags.com https://*.getfastr.com https://cdn.reamaze.com https://fonts.cdnfonts.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.yotpo.com https://*.summitstands.com https://*.codebluescents.com https://*.knightandhale.com 'self' 'unsafe-inline'; frame-ancestors *.reamaze.com *.reamaze.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com www.xtento.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://*.adsrvr.org https://ct.pinterest.com https://*.knocdn.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.yotpo.com https://*.fls.doubleclick.net https://td.doubleclick.net https://*.wistia.net https://moultrie.locally.com https://cnc-api.zmags.com https://app.viralsweep.com https://ebsco.widen.net https://*.jotform.com https://*.zapier.com https://*.zapier.app https://*.quiq-api.com https://*.ravecapture.com https://*.genial.ly https://*.genially.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.gstatic.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://meetanshi.com/media/logo.png https://*.bing.com https://tracking.avantlink.com https://*.adsrvr.org https://*.knocdn.com https://www.facebook.com https://*.reddit.com https://*.redditstatic.com https://analytics.tiktok.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com media.sezzle.com https://app.ravecapture.com https://ravecapture-app-assets.s3.amazonaws.com https://trustspot-product-photos.imgix.net https://trustspot-experience-photos.imgix.net https://trustspot-logos.imgix.net *.pixriot.com *.storeimaging.com *.yotpo.com https://*.locally.com https://*.zmags.com https://*.getfastr.com https://arttrk.com https://*.clarity.ms https://*.doubleclick.net https://phosphor.utils.elfsightcdn.com https://*.moultriefeeders.com https://*.moultrie.com https://*.pradcocommerce.com https://*.summitstands.com https://*.codebluescents.com https://*.knightandhale.com https://*.maxxtuff.com https://*.texashunterproducts.com https://*.lurenet.com https://whiskerseeker.com https://*.whiskerseeker.com https://*.wingscapes.com https://*.simplepets.com https://anilogics.com https://*.anilogics.com https://embed.widencdn.net https://d3k81ch9hvuctc.cloudfront.net https://*.google.ca https://*.google.co.za https://*.google.fr https://*.google.co.uk https://*.google.co.in https://*.google.com.au https://maps.googleapis.com https://*.shgcdn.com https://storemapper-herokuapp-com.global.ssl.fastly.net https://i.imgur.com/5axkorT.jpg https://*.revenuehunt.com https://pradcooutdoorbrands.canto.com https://d3opzdukpbxlns.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.sharethis.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com https://services.nofraud.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://*.adsrvr.org https://*.avmws.com https://*.experticity.com https://*.bing.com https://*.byspotify.com https://ct.pinterest.com https://s.pinimg.com https://*.knocdn.com https://connect.facebook.net https://*.reddit.com https://*.redditstatic.com https://*.goquiq.com https://*.quiq-cdn.com https://*.quiq-api.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com https://cdn.getblueshift.com https://widget.sezzle.com https://app.ravecapture.com https://trustspot.io *.yotpo.com https://*.zmags.com https://cas.zma.gs https://*.addthis.com https://mpsnare.iesnare.com https://assets.armanet.us https://*.clarity.ms https://analytics.tiktok.com https://*.wistia.net https://*.hotjar.com https://*.newrelic.com https://form.jotform.com https://*.locally.com https://*.viralsweep.com https://*.getshogun.com https://*.shgcdn2.com https://static.elfsight.com https://elfsightcdn.com https://www.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://cdn.reamaze.com https://push.reamaze.com/assets/reamaze-push.js https://cdnjs.cloudflare.com/ajax/libs/pusher/7.0.1/pusher.min.js https://d2hrivdxn8ekm8.cloudfront.net/tag-manager/ https://d2hrivdxn8ekm8.cloudfront.net/tracker-latest.min.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://*.quiq-cdn.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com fonts.cdnfonts.com https://fonts.cdnfonts.com/css/satoshi https://app.ravecapture.com https://s3.amazonaws.com/trustspot-pr-widget/ *.yotpo.com *.googleapis.com https://cas.zma.gs https://*.zmags.com https://static-tracking.klaviyo.com https://*.getshogun.com https://*.shgcdn2.com https://cdn.reamaze.com 'self' 'unsafe-inline'; object-src https://www.youtube.com 'self' 'unsafe-inline'; media-src *.adobe.com https://mpsnare.iesnare.com data: https://cdn.reamaze.com https://*.shgcdn.com https://pradcooutdoorbrands.canto.com https://d3opzdukpbxlns.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://services.nofraud.com https://*.mmapiws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://*.spotify.com https://*.experticity.com https://*.bing.com https://*.knocdn.com https://*.knocommerce.com https://www.facebook.com https://*.reddit.com https://*.redditstatic.com https://analytics.tiktok.com https://*.quiq-api.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com https://api.getblueshift.com https://media.sezzle.com https://widget.sezzle.com https://app.ravecapture.com https://trustspot.io *.pixriot.com *.storeimaging.com *.yotpo.com https://www.locally.com https://google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://cas.zma.gs https://c.zmags.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com https://srv.armanet.us https://*.clarity.ms https://ct.pinterest.com https://bam.nr-data.net https://*.hotjar.io wss://ws.hotjar.com https://api-js.datadome.co https://*.elfsight.com https://www.storemapper.co https://api.keen.io/3.0/projects/510989052975163052000002/events/queries https://cdn.reamaze.com wss://ws.reamaze.com/app/ https://whisker-seeker-tackle.reamaze.io/ https://insight.adsrvr.org https://ad.doubleclick.net https://sentry.goquiq.com https://sourcemaps.quiq.sh 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://whisker-seeker-tackle.reamaze.io/ 'self' 'unsafe-inline'; report-uri https://c2377b7a62d7a797512c7707793b335c.report-uri.com/r/t/csp/enforce; report-to report-endpoint; 3
default-src https: 'unsafe-inline' 'unsafe-eval' data:; connect-src wss: https: 3
child-src 'self'  blob: https://embed.windy.com/ https://bid.g.doubleclick.net/ https://td.doubleclick.net https://www.youtube.com/ https://youtube.com/ https://www.google.com/ https://hostadmin.dev.bushelsites.com/  https://www.nass.usda.gov/ https://www.facebook.com/ https://bigriverresources.applicantpro.com/ https://weatherwidget.io/ https://bqci.us11.list-manage.com/ https://inetsgi.com/ https://www.typeform.com/ https://form.typeform.com/ https://use.fontawesome.com/ https://skyviewgldw.frontieraginc.com/ https://skyviewglds.frontieraginc.com/ https://calendar.google.com/ https://forms.office.com/  https://recruiting.paylocity.com/ https://platform.twitter.com https://syndication.twitter.com/ https://mesonet.org/ https://player.vimeo.com/ https://enterprisegrain.com/ https://www.buzzsprout.com/ http://m.mesonet.org/ https://weather.wsu.edu/ https://www.uswheat.org/ https://bushelstaging7.o.bushelsites.com/ https://twitter.com/ https://www.youtube-nocookie.com/ https://www.bruglermarketing.com/ https://www.ers.usda.gov/ https://droughtmonitor.unl.edu/ https://www.usgs.gov/ https://www.thedailyscoop.com/CustSite_5_20_2022 http://scoularview.com/ http://scoularview.com:443/ https://scoularkansas.com/ https://scoulariowa.com/ https://scoularandres.com/ https://www.scoularkansas.com/ https://scoularwaverly.com/ https://scoularvirginia.com/ https://intermountain.scoular.com/ https://montana.scoular.com/ https://idaho.scoular.com/ https://missouri.scoular.com/ https://utah.scoular.com/ https://canada.scoular.com http://scoularview.com  https://www.scoularview.com/  http://www.scoularview.com/ https://forecast.weather.gov/ https://www.windy.com/  https://widget.taggbox.com https://riceland.us15.list-manage.com/ https://app2.simpletexting.com/ https://mailchi.mp/ https://securepubads.g.doubleclick.net https://01a11ef3c27694652b46dcdcef7412f2.safeframe.googlesyndication.com/ https://tpc.googlesyndication.com https://www.cmegroup.com/ https://widget.tagembed.com/ https://embed.twitch.tv/ https://bushelstaging5.o.bushelsites.com/ ;                            font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ https://hostadmin.dev.bushelsites.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://use.typekit.net/ https://use.fontawesome.com/ ;                               img-src * data: blob: https://hostadmin.dev.bushelsites.com/ ;                           object-src 'self' https://hostadmin.dev.bushelsites.com/;                                                         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cp-docs.dtn.com/ https://content-packages.dtn.com/ https://js.hsforms.net/ https://www.recaptcha.net/ https://www.recaptcha.net/ https://downloads.mailchimp.com/ https://mc.us15.list-manage.com/ https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js https://cdnjs.cloudflare.com/ https://ajax.googleapis.com/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://code.jquery.com/ https://beefmarketcentral.com/ https://www.googletagmanager.com/ https://www.amcharts.com/ https://maps.google.com/ https://www.google.com/ https://platform.twitter.com/ https://maxcdn.bootstrapcdn.com/ http://portal.farmcentric.com/ https://pagead2.googlesyndication.com/ https://connect.facebook.net/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/ https://fccontent.wirelessag.com/ https://localhost:* http://localhost:* https://www.googletagservices.com/ https://weatherwidget.io/ https://hostadmin.dev.bushelsites.com/ https://kit.fontawesome.com/ https://app.jazz.co/ https://embed.typeform.com/ https://bqci.us11.list-manage.com/ https://content-services.dtn.com/ https://emagrain.agricharts.com/ https://www.buzzsprout.com/ https://securepubads.g.doubleclick.net/ https://scoularview.com/ https://static.ctctcdn.com https://www.christianity.com https://fast.wistia.com https://chimpstatic.com https://player.vimeo.com https://www.convergepay.com/ https://tpc.googlesyndication.com/ https://embed.twitch.tv/ https://www.buzzsprout.com/ https://pinnaclend.o.bushelsites.com/fccp-location-prototype-23532  https://www.weatherworld.com/ https://bushel-web-offers-prod-assets.cdn.bushelops.com/ ;                            style-src 'self' 'unsafe-inline'  https://use.typekit.net/ https://fonts.googleapis.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://maps.gstatic.com/ https://khms0.googleapis.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://embed.typeform.com/ https://localhost:* http://localhost:* https://use.fontawesome.com/ https://content-services.dtn.com/ https://hostAdmin.farmcentric.com https://downloads.mailchimp.com/ https://hostadmin.dev.bushelsites.com/ https://p.typekit.net/ ;                              frame-ancestors 'self' https://wnyenergy.com https://agp.o.bushelsites.com/ https://www.highlinegrain.com/ https://highlinegrain.com/ https://kayloragriservices.com/ https://kaylorag.flywheelsites.com/ https://conrefco.com/ https://hostadmin.farmcentric.com/ https://www.recaptcha.net/ https://www.recaptcha.net/ https://www.agp.com http://www.agp.com https://opnutritionfeed.com https://hostadmin.farmcentric.com/ https://www.facebook.com/ https://hostadmin.dev.bushelsites.com/ https://inetsgi.com/ https://scoulariowa.com/ https://enterprisegrain.com/ https://sidwellstrategies.o.bushelsites.com/ https://sidwellstrategies.com/ https://www.sidwellstrategies.com/ https://weskangrain.com/ https://weskangrain.com/ https://scoularview.com/ http://scoularview.com/ https://scoularkansas.com/ https://scoulariowa.com/ https://scoularandres.com/ https://www.scoularkansas.com/ https://scoularwaverly.com/ https://scoularvirginia.com/ https://intermountain.scoular.com/ https://montana.scoular.com/ https://idaho.scoular.com/ https://missouri.scoular.com/ https://utah.scoular.com/ https://canada.scoular.com https://www.scoularview.com/  http://www.scoularview.com/ https://profitpartner.unitedgrain.com/ ;              frame-src 'self'  https://sotw.agricharts.com/ https://dtn.michag.com/ https://form.123formbuilder.com/ https://agp.o.bushelsites.com/ https://www.highlinegrain.com/ https://highlinegrain.com/ https://www.agp.com http://www.agp.com https://agp.com/ http://agp.com/ https://openweathermap.org/ https://api.leadconnectorhq.com/ https://www.rainviewer.com/ https://feed.surfing-waves.com/ https://share.transistor.fm/ https://www.pinnaclend.com/ https://portal.bushelpowered.com/ https://widget.taggbox.com/ https://tpc.googlesyndication.com/ https://f49bcfcd84940dbb7e41a72a221c3acb.safeframe.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://www.googletagmanager.com/ https://form.jotform.com/ https://share.hsforms.com https://soysales.conrefco.com/ https://skyview.frontieraginc.com/ https://skyviewgldn.frontieraginc.com/ https://skyviewglde.frontieraginc.com/ https://forecast.weather.gov/ https://www.nass.usda.gov/ https://onedrive.live.com/ https://calendar.google.com/ https://www.google.com/ https://conrefco.com/ https://hostadmin.farmcentric.com/ https://weather.wsu.edu/ https://recruiting.paylocity.com/ https://forms.office.com/ https://www.forms.office.com/ https://mailchi.mp/ https://www.mailchi.mp/ https://app2.simpletexting.com/ https://riceland.us15.list-manage.com/ https://www.weatherlink.com/ https://skyviewgldw.frontieraginc.com/ https://skyviewglds.frontieraginc.com/  https://www.typeform.com/ https://enterprisegrain.com/ https://www.facebook.com/ https://player.vimeo.com/ https://embed.twitch.tv/ https://form.typeform.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://bushelstaging7.o.bushelsites.com/ https://www.youtube.com/  https://youtube.com/ https://platform.twitter.com/ https://embed.windy.com/ https://trioak.o.bushelsites.com/   https://www.agp.o.bushelsites.com https://www.agp.com http://www.agp.com https://www.recaptcha.net/ https://www.recaptcha.net/ https://bid.g.doubleclick.net/ https://td.doubleclick.net https://www.scoularview.com/ https://scoularview.com/ https://weatherwidget.io/ https://sidwellstrategies.o.bushelsites.com/ https://sidwellstrategies.com/ https://www.sidwellstrategies.com/ https://online.fliphtml5.com/ https://www.buzzsprout.com/ https://e.issuu.com/ https://www.uswheat.org/ https://jobs.appone.com https://apply.appone.com https://embed.theperfectplant.com/ https://fb.watch/ https://docs.google.com/ https://drive.google.com/ https://pinnaclend.o.bushelsites.com/ https://pinnaclend.com/ https://inetsgi.com/ https://weather.com/ https://maps.zoomradar.net/ https://api.wo-cloud.com/ https://radar.weather.gov/ https://explore.careerviewxr.com/ 3
frame-ancestors 'self'; object-src 'none'; base-uri 'self'; 3
default-src * 'self';     style-src * 'self' 'unsafe-inline' 'unsafe-hashes';     img-src * 'self' *.sec-xm41d.com *.w3.org data:;     script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'     *.gstatic.com     *.bootstrapcdn.com     *.googleapis.com     *.cloudflare.com     *.jsdelivr.net     *.jquery.com     *.googletagmanager.com     *.google-analytics.com     *.hotjar.com     *.sec-xm41d.com;     frame-ancestors 'self' X-Frame-Options: DENY 3
default-src https: 'unsafe-inline' 'unsafe-eval' data: wss: blob: 3
default-src 'self' data: https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net https://consentcdn.cookiebot.com https://consent.cookiebot.com http://localhost:* ws://localhost:*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://as.stock3.com https://track.adform.net https://s1.adform.net https://s2.adform.net https://code.createjs.com https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://feed.goldencross.de https://cdn.adspirit.de https://kerlundcie.adspirit.de https://ad.doubleclick.net https://s0.2mdn.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.googletagservices.com; connect-src https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net http://localhost:* ws://localhost:* https://track.adform.net https://googleads4.g.doubleclick.net https://pagead2.googlesyndication.com https://ade.googlesyndication.com; style-src 'unsafe-inline' 'self' https://is.stock3.com https://data.boerse-go.de https://api.stock3.com https://s1.adform.net https://s2.adform.net https://fonts.googleapis.com; frame-src https://account.stock3.com 'self' https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://tradematch.sgmarkets.com https://open.spotify.com https://embed.podcasts.apple.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://c1.adform.net https://cdn.adspirit.de https://s0.2mdn.net https://tpc.googlesyndication.com https://c.bannerflow.net; img-src 'self' https: data: blob: *.googleusercontent.com http://localhost:* ws://localhost:*; font-src 'self' https://fonts.gstatic.com 3
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sprinklr.com 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com https://*.fonts.net https://*.sprinklr.com content.securedvisit.com; script-src 'self' 'unsafe-inline'  'unsafe-eval'  *.tiktok.com https://ct.pinterest.com https://storage.cloud.kargo.com *.invocacdn.com pnapi.invoca.net *.invoca.net https://*.recaptcha.net  *.bridgestonetire.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.jquery.com *.twitter.com *.ads-twitter.com https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://login.dotomi.com/ https://www.youtube.com/ https://*.cloudfront.net/ https://*.incontact.com/ https://*.dialogtech.com/ https://*.sprinklr.com/ api.securedvisit.com content.securedvisit.com track.sv.rkdms.com sv.firestonetire.com sv.bridgestonetire.com https://live.rezync.com ; img-src * data: blob: ; connect-src * ; frame-src 'self' api.securedvisit.com ; font-src 'self' https://*.fonts.net https://*.bridgestoneresources.com data:; media-src 'self' https://assets.bridgestonetire.com 3
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://web.cmp.usercentrics.eu https://customer.cludo.com https://d21oefkcnoen8i.cloudfront.net https://s2.adform.net https://track.adform.net https://connect.facebook.net https://api.eu1.exponea.com *.mouseflow.com https://bat.bing.com *.taboola.com;    style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://d21oefkcnoen8i.cloudfront.net;    img-src 'self' blob: data: https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/ccm/collect https://majestic-cat-b9dd160e07.media.strapiapp.com https://tranquil-memory-872d2ee12f.media.strapiapp.com https://thoughtful-car-05deee9d00.media.strapiapp.com https://complete-harmony-41d693229b.media.strapiapp.com https://picsum.photos https://cmxsapnc.cloudimg.io https://app.usercentrics.eu https://customer.cludo.com https://image-transformer-api.tjek.com https://www.facebook.com https://connect.facebook.net https://uct.service.usercentrics.eu *.mouseflow.com bat.bing.com https://google.com https://www.google.dk https://www.google.se https://www.google.de https://www.google.co.uk https://www.google.pl https://www.google.nl *.doubleclick.net;    font-src 'self' *.mouseflow.com *.googlesyndication.com;    connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com *.google.com *.doubleclick.net *.googleadservices.com https://www.googletagmanager.com https://www.google.com/ccm/collect https://google.com https://google.dk https://google.se https://google.de https://google.co.uk https://google.pl https://google.nl https://v1.api.service.cmp.usercentrics.eu https://majestic-cat-b9dd160e07.media.strapiapp.com https://tranquil-memory-872d2ee12f.media.strapiapp.com https://thoughtful-car-05deee9d00.media.strapiapp.com https://complete-harmony-41d693229b.media.strapiapp.com https://customer.cludo.com https://api.cludo.com https://d21oefkcnoen8i.cloudfront.net https://squid-api.tjek.com https://wolf-api.tjek.com https://graphql.usercentrics.eu *.exponea.com https://consent-api.service.consent.usercentrics.eu https://pagead2.googlesyndication.com https://www.facebook.com *.mouseflow.com bat.bing.com bat.bing.net *.taboola.com https://ads.realizeperformance.com;    frame-src https://www.youtube.com https://web.cmp.usercentrics.eu https://sclrouteplanner.azurewebsites.net https://www.googletagmanager.com *.mouseflow.com pa.taboola.com;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'self' http://complete-harmony-41d693229b.strapiapp.com https://majestic-cat-b9dd160e07.strapiapp.com https://tranquil-memory-872d2ee12f.strapiapp.com https://thoughtful-car-05deee9d00.strapiapp.com;    upgrade-insecure-requests; 3
default-src * data: mediastream: blob: wss: 'unsafe-inline'; upgrade-insecure-requests; frame-ancestors 'none' 3
default-src 'self'; base-uri 'self'; font-src 'self'  https://*.abnamro.nl/; frame-src 'self' https://*.abnamro.com/  https://aanmeld-pagina.nl https://abnamrobeleggen.marketxs.com https://www.abnamro.com https://abnamrolease.com https://lease.eccapp-d-rg.azure.nl.eu.abnamro.com https://www.abnamromarkets.nl https://www.abnamro.nl https://abnamro.slgnt.eu https://www.advieskeuze.nl https://alfam.acc.beyondwl.yellowtail.it https://anchor.fm https://aov2.abnamro.nl https://embeds.audioboom.com https://autoverzekering.abnamro.nl https://*.awin1.com https://abnamro-basishypotheek.at.aahhg.nl https://abnamro-basishypotheek.nl https://batretail.abnamro.marketxs.com https://wlb.benergy.nl https://www.bethmannbank.de https://beursinfo.abnamro.nl https://sandbox-extra.aab-bitlibre.nl https://accept-extra.aab-bitlibre.nl https://widgets.bnr.nl https://widget.civey.com https://sdk.companywebcast.com https://deltaloyd2.info.nl/aav https://demo.abnamro.nl https://doorpakken.abnamro.nl https://doorpakken.guideplatform.net https://*.doubleclick.net https://emailservice.abnamro.nl https://energyshopabnamrov2-test-endpoint-bvcsf3hngdaabqh4.z01.azurefd.net https://www-et1.abnamro.nl https://events.abnamro.nl https://abn-expats.azurewebsite.net https://abn-expat-acc-server1.development.yellowtail.nl https://expat.acc.abnamro.yellowtail.it https://expat.dev.abnamro.yellowtail.it https://expat.prd.abnamro.yellowtail.it https://export.abnamromarkets.nl https://extra.abnamro.nl https://financieelinzicht.abnamro.nl https://abn-test.finfiles.nl https://fundscreener.finfiles.nl https://fondsen.abnamro.nl https://fondsenprivate.abnamro.nl https://www.google.com https://www.googleadservices.com https://*.googletagmanager.com https://www.gripoprisicos.nl https://www.gripoprisicos.nl/nrs https://hypotheken.abnamro.nl https://hypotheken-et.abnamro.nl https://www.iac-abnamronl.mdgms.com https://www.iac.abnamronl.show.mdgms.com https://www.investtech.com https://identity.invitedesk.com https://klantenvertellen.nl https://leasecalculator.abnamro.nl https://lifestylecalculator.com https://staging.lifestylecalculator.com https://localfocuswidgets.net https://localfocus2.appspot.com https://mee.mail.abnamro.com https://media.abnamro.com https://customer.morningstareurope.com https://lt.morningstar.com https://nieuwvan.abnamro.nl https://www.neuflizeobc.fr https://new10.com https://nieuwsbrieven.abnamro.nl https://nieuwsbrieven.abnamroprivatebanking.be ockto: https://onlineinvestor.abnamro.marketxs.com https://omny.fm/ https://www.pcngmadvisory.abnamroprivatebanking.com https://pensioencheck.azurewebsite.net https://abn-pensioencheck-acc.server1.development.yellowtail.nl https://pensioencheck.acc.abnamro.yellowtail.it https://abn-pensioencheck-dev-server1.development.yellowtail.nl https://pensioencheck.prd.abnamro.yellowtail.it https://app.powerbi.com https://www.abnamroprivatebanking.be https://quadia.webtvframework.com https://abnamrobank.qualtrics.com https://relaunch.abnamromarkets.nl https://risicoscan.abnamro.nl https://service.abnamro.nl https://service-et.abnamro.nl https://services.abnamro.nl https://services-et.abnamro.nl https://abn-amro.simplecast.com https://player.simplecast.com https://slimwonen.abnamro.nl https://w.soundcloud.com https://speciaal.abnamro.nl https://*.spotify.com https://app.springcast.fm https://abn-ecommerce-webapp.prod.subaio.com https://tarievenvergelijker.abnamro.marketxs.com https://technische-analyse.abnamro.nl https://treasury.abnamro.nl https://treasurykoersen.abnamro.nl https://www.abnamro-treasury.marketxs.com https://turbo.abnamro.nl https://portal.uilabs.de https://player.vimeo.com https://platform.vixyvideo.com https://rekentools.webbridge.nl https://www.youtube.com https://www.youtu.be https://zoeken.abnamro.nl app.optimizely.com  https://a5171550442225664.cdn.optimizely.com https://a5171550442225664.cdn-pci.optimizely.com; frame-ancestors 'self'  https://*.abnamro.nl/ app.optimizely.com; img-src 'self' data: https:  https://*.doubleclick.net https://*.tealiumiq.com https://*.google-analytics.com https://*.analytics.google.com *.omtrdc.net https://*.awin1.com https://*.facebook.com https://*.linkedin.com https://app.optimizely.com https://cdn.optimizely.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'  https://*.abnamro.nl/ *.tiqcdn.com https://*.tealiumiq.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.linkedin.com https://*.qualtrics.com https://*.facebook.net https://*.dwin1.com https://*.licdn.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.cookielaw.org/ https://*.cookie-cdn.cookiepro.com https://privacyportal-eu.onetrust.com; style-src 'self' 'unsafe-inline'  https://*.abnamro.nl/; connect-src 'self'  https://westeurope-5.in.applicationinsights.azure.com *.omtrdc.net https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.qualtrics.com *.tiqcdn.com https://*.tealiumiq.com https://dpm.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.linkedin.com https://abnamro.pandosearch.com https://js.monitor.azure.com/  https://logx.optimizely.com https://*.optimizely.com https://*.cookielaw.org/ https://*.cookie-cdn.cookiepro.com https://privacyportal-eu.onetrust.com; media-src 'self'  https://*.abnamro.com/ https://*.sitecorecontenthub.cloud 3
frame-ancestors 'self' https://storecake.io https://staging.storecake.io https://webcake.biz https://staging.webcake.biz https://webcake.io; img-src 'self' https://*.pancake.vn https://img.youtube.com https://lh3.googleusercontent.com https://www.facebook.com https://www.google.com https://www.google.com.vn https://platform-lookaside.fbsbx.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://fonts.gstatic.com https://www.pngrepo.com https://*.mgid.com https://mgid.com https://www.googleadservices.com https://imgur.com https://log.adtimaserver.vn https://contineljs.com https://amcdn.vn https://lg1.logging.admicro.vn data: blob: 3
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*; object-src 'self' data: blob: https://*; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 'self' https:; frame-src 'self' https: blob: data:; style-src * 'unsafe-inline'; 3
frame-ancestors 'self' *.storedemo.vn *.storedemo.vn *.botcake.io *.pancake.vn *.storecake.net 3
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; frame-ancestors 'self'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://deviceid.notolytix.com https://*.userguiding.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://apis.google.com https://omg.toptex.fr https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google.com https://ajax.cloudflare.com/ https://www.gstatic.com https://ipinfo.io https://cdn.jsdelivr.net https://*.lyra.com https://static.cloudflareinsights.com https://tag.toptex.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.lyra.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://px4.ads.linkedin.com https://*.privacy-center.org https://*.lyra.com https://www.googletagmanager.com https://www.facebook.com https://px.ads.linkedin.com https://www.google.com https://cdn.toptex.com https://tag.toptex.com https://region1.analytics.google.com https://www.google.fr https://stats.g.doubleclick.net https://www.toptex.fr https://*.toptex.com https://pagead2.googlesyndication.com https://files.europeancatalog.fr https://files.toptex.fr https://blog.toptex.com; connect-src 'self' https://*.privacy-center.org https://*.toptex.com wss://ws.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.userguiding.com https://px.ads.linkedin.com https://www.google.com https://insights.algolia.io https://ipinfo.io https://api.privacy-center.org https://pagead2.googlesyndication.com https://*.algolia.net; frame-src 'self' https://public.traceforgood.com https://vimeo.com https://www.youtube.com https://tag.toptex.com https://www.googletagmanager.com https://www.google.com https://api.lyra.com https://player.vimeo.com https://ns.europeancatalog.com https://www.europeancatalog.com https://challenges.cloudflare.com; object-src 'self' www.toptex.com; base-uri 'self'; form-action 'self' https://secure.lyra.com; upgrade-insecure-requests; worker-src 'self' blob:; 3
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dlswbr.baidu.com *.map.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com www.gov.cn zfwzgl.www.gov.cn *.powereasy.net; object-src 'self' 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://prismic.io/prismic-toolbar/4.1.1/toolbar.js https://js.hsforms.net https://static.cdn.prismic.io https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://www.recaptcha.net https://www.gstatic.com https://js.zi-scripts.com/zi-tag.js https://prismic.io https://www.google.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://static.cdn.prismic.io https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://www.recaptcha.net https://www.gstatic.com https://www.google.com https://js.hsforms.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://images.prismic.io https://prismic-io.s3.amazonaws.com https://forms-na1.hubspot.com https://forms-na1.hsforms.com https://i.ytimg.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google.co.in https://*.google.com https://www.google.nl https://www.google.pt; frame-src 'self' https://www.youtube.com https://forms.hsforms.com https://www.youtube-nocookie.com https://aa-holding-corp-conv-website.prismic.io https://www.recaptcha.net https://td.doubleclick.net https://www.google.com; connect-src 'self' https://forms.hsforms.com https://forms-na1.hubspot.com https://aa-holding-corp-conv-website.cdn.prismic.io https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://www.googletagmanager.com https://www.google.co.in https://www.google.com; child-src 'self' https://www.google.com https://www.recaptcha.net https://recaptcha.google.com; worker-src 'self' blob:; 3
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 3
default-src 'none'; script-src 'self' 'unsafe-inline' https://www.jindalsteel.com https://docs.jindalsteel.in https://www.googletagmanager.com https://esg.churchgatepartners.com; style-src 'self' 'unsafe-inline' https://docs.jindalsteel.in https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' https://docs.jindalsteel.in data:; font-src 'self' https://fonts.googleapis.com https://docs.jindalsteel.in https://docs.jindalsteel.in https://fonts.gstatic.com; media-src 'self' https://docs.jindalsteel.in; connect-src 'self' https://www.jindalsteel.com https://api.jindalsteelpower.com https://www.google-analytics.com; frame-src 'self' https://cmapis.cmots.com https://esg.churchgatepartners.com https://www.youtube.com; 3
default-src 'self' profiauto.pl profiauto.de profiauto.co.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at  *.cookie-script.com ssl.silnet.pl www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.com *.facebook.net *.onesignal.com onesignal.com *.googleapis.com cdnjs.cloudflare.com cdn.ampproject.org cdn.datatables.net; style-src 'self' 'unsafe-inline' profiauto.pl profiauto.de profiauto.co.at fonts.googleapis.com ssl.silnet.pl onesignal.com cdnjs.cloudflare.com *.tagmanager.google.com tagmanager.google.com motoflota.pl cdn.datatables.net *.bootstrapcdn.com; img-src 'self' data: *.ggpht.com *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at silnet.pl ssl.silnet.pl cdn.datatables.net *.doubleclick.net www.google-analytics.com *.google.com *.google.pl *.facebook.com *.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.openstreetmap.org *.gravatar.com motoflota.pl; media-src 'self' profiauto.pl profiauto.de profiauto.co.at; font-src 'self' profiauto.pl profiauto.de profiauto.co.at fonts.gstatic.com *.bootstrapcdn.com; frame-src 'self' profiauto.pl profiauto.de profiauto.co.at *.google.com google.com *.facebook.com onesignal.com *.youtube.com linkedin.com *.linkedin.com kalkulator.raty.aliorbank.pl; connect-src 'self' *.googleapis.com googleapis.com *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at onesignal.com *.google-analytics.com *.doubleclick.net *.google.com *.google.pl *.facebook.com 3
frame-ancestors 'self' https://jacksonprofessional.com https://jacksontools.com 3
frame-ancestors 'self' https://s1-eu.ariba.com/ 3
default-src http: https: 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self' http://www.podcastics.com; img-src data: http: https: 'self' ; media-src blob: data: http: https: 'self'; 3
upgrade-insecure-requests; script-src ‘self’; form-action ‘self’; frame-ancestors ‘self’; SameSite=Strict 3
frame-src 'self' consentcdn.cookiebot.com                    gvb-quiz.vercel.app                    www.facebook.com                    gvb.demdex.net                    www.youtube.com                    www.tiktok.com                    *.google.com                    newassets.hcaptcha.com                    form.typeform.com                    typeform.com                    www.typeform.com                    bid.g.doubleclick.net                    activitymap.adobe.com                    vars.hotjar.com                    gvb.ch                    gvb-privatversicherungen.ch                    hausinfo.ch                    wetteralarm.ch                    alarmemeteo.ch                    allarmemeteo.ch                    *.doubleclick.net                    *.demdex.net                    outlook.office365.com                    moneypark.ch                    embed.eventfrog.ch                    dev-webgis.gvb.ch                    webgis.gvb.ch                    www.googletagmanager.com                    calendly.com                    propertyowners.digitalpath.pt                    https://www.propertyowner.ch                    feedback.echonovum.com                    login.dev.gvb.ch                    login.test.gvb.ch                    login.gvb.ch                    *.wetteralarm.ch                    www.myky.ch                    mailto:                    tel:                    js-eu1.hsforms.net                    ;   child-src blob:;   object-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval'                    gvb-quiz.vercel.app                    gvbdev.b-cdn.net                    gvbtest.b-cdn.net                    gvb.b-cdn.net                    gvba.b-cdn.net                    consent.cookiebot.com                    consentcdn.cookiebot.com                    hcaptcha.com                    newassets.hcaptcha.com                    js.hcaptcha.com                    plugins.flockler.com                    dpm.demdex.net                    www.googletagmanager.com                    www.facebook.com                    connect.facebook.net                    googleads.g.doubleclick.net                    www.googleadservices.com                    www.google-analytics.com                    embed.typeform.com                    activitymap.adobe.com                    www.youtube.com                    www.tiktok.com                    www.googleoptimize.com                    static.hotjar.com                    script.hotjar.com                    *.google.com                    snap.licdn.com                    *.fusedeck.net                    *.demdex.net                    cm.everesttech.net                    assets.adobedtm.com                    moneypark.ch                    static.elfsight.com                    universe-static.elfsightcdn.com                    elfsightcdn.com/platform.js                    embed.eventfrog.ch                    assets.calendly.com                    gvb.imgix.net                    code.createjs.com                    *.adform.net                    cdnjs.cloudflare.com                    bat.bing.com                    www.myky.ch                    widget.wetteralarm.ch                    widgets.gekomene.cyon.site                    *.hsadspixel.net                    *.hs-analytics.net                    *.hubapi.com                    js.hscta.net                    js-eu1.hscta.net                    *.hubspot.com                    *.hs-sites.com                    *.hs-sites-eu1.com                    static.hsappstatic.net                    *.usemessages.com                    *.hs-banner.com                    *.hubspotusercontent.net                    *.hubspot.net                    play.hubspotvideo.com                    play-eu1.hubspotvideo.com                    cdn2.hubspot.net                    *.hscollectedforms.net                    *.hsleadflows.net                    *.hsforms.net                    *.hsforms.com                    *.hs-scripts.com                    *.hubspotfeedback.com                    feedback.hubapi.com                    feedback-eu1.hubapi.com                    hubs.ly                    hubspotpagebuilder.com                    survey.hsforms.com                    share.hsforms.com                    js.hscollectedforms.net                    bf06.eu1.hubspotemail.net                    *.eu1.hubspotemail.net                    https://d30tvz04.eu1.hubspotlinks.com                    *.eu1.hubspotlinks.com                    optin.eu1.hubspotemail.net                    transactional.eu1.hubspotemail.net                    'unsafe-inline';  frame-ancestors 'self'                    wetterhuette.ch ; 3
default-src 'self'; img-src 'self';script-src 'self' 'sha256-J+Y4l+yfxXd4cYzH9LhXUSHSb7zZu2bgddfCumVZJMo=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self' 'sha256-OU0LTytxyR8kjQ+DRjRCDKhUAKEeH7rb0D5nBWOzRlQ=' 3
frame-ancestors self http://localhost:8080 https://beta.centralapp.com https://business-dev.centralapp.com/ https://business.centralapp.com/ 3
default-src https: data: 'unsafe-inline' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://*.google-analytics.com https://www.googleanalytics.com https://www.google.com/recaptcha/ https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://connect.facebook.com https://connect.facebook.net https://bat.bing.com https://js.stripe.com https://*.googletagmanager.com/ https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://beacon-v2.helpscout.net/ https://api.mapbox.com/ https://js.sentry-cdn.com https://browser.sentry-cdn.com https://o4507096105549824.ingest.de.sentry.io https://widget.trustpilot.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com; img-src 'self' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.babysits.com https://*.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://bat.bing.com https://www.facebook.com https://www.facebook.net https://ade.googlesyndication.com https://pagead2.googlesyndication.com/ https://*.g.doubleclick.net https://*.googleusercontent.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com data: blob: ; connect-src 'self' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.babysits.com https://events.babysits.com https://events.staging.babysits.net https://events.babysits.com.development.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com/ https://*.g.doubleclick.net https://www.googleadservices.com/ https://www.facebook.com https://api.stripe.com https://maps.babysits.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://bam.nr-data.net https://bam-cell.nr-data.net wss://*.pusher.com https://o4507096105549824.ingest.de.sentry.io https://cdn.liveness.rekognition.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com wss://streaming-rekognition.eu-west-1.amazonaws.com/start-face-liveness-session-websocket https://unpkg.com/@rive-app/ https://cdn.jsdelivr.net/npm/@rive-app/ https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com; frame-src 'self' bytedance: sslocal: https://www.google.com https://td.doubleclick.net/ https://*.googletagmanager.com https://bid.g.doubleclick.net https://www.facebook.com https://js.stripe.com https://hooks.stripe.com https://www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net https://widget.trustpilot.com; worker-src blob: ; child-src blob: ; font-src https://cdn.babysits.com https://maxcdn.bootstrapcdn.com/font-awesome/; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com; 3
default-src 'self' data: wss: 'unsafe-eval' 'unsafe-inline' blob: *.applicationinsights.azure.com *.applicationinsights.microsoft.com *.azure.com *.braintreegateway.com *.braintree-api.com *.doubleclick.net *.ewaypayments.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.com.au *.googleapis.com *.googletagmanager.com *.gstatic.com *.instagram.com *.jotform.com *.movingstory.com.au *.paypal.com *.report-uri.com *.tiktok.com *.ttwstatic.com *.typekit.net *.youtube.com az416426.vo.msecnd.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com google.com js.monitor.azure.com unpkg.com payments.sandbox.braintree-api.com; object-src 'none'; img-src 'self' https: data:;upgrade-insecure-requests;report-uri 3
base-uri 'self'; form-action 'self'; 3
default-src 'self'; child-src 'self' blob: https://mc.yandex.ru; connect-src 'self' https://www.google.com https://region1.google-analytics.com https://privacy-cs.mail.ru https://pagead2.googlesyndication.com https://mc.yandex.ru https://consentcdn.cookiebot.com https://www.googleadservices.com https://www.google.it https://mc.yandex.com/ https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' https://rsms.me; frame-src 'self' https://www.googletagmanager.com https://consentcdn.cookiebot.com https://td.doubleclick.net https://cloud.infozambon.com https://www.youtube.com blob: https://mc.yandex.ru https://mc.yandex.com; img-src 'self' https://imgsct.cookiebot.com https://top-fwz1.mail.ru https://googleads.g.doubleclick.net data: https://www.google.com https://sp.analytics.yahoo.com https://www.google.it https://mc.yandex.ru https://mc.yandex.com https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-eval' https://mc.yandex.ru https://yastatic.net https://privacy-cs.mail.ru https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://consent.cookiebot.com https://www.google-analytics.com https://top-fwz1.mail.ru https://mc.yandex.ru https://yastatic.net https://pagead2.googlesyndication.com https://www.google.com https://connect.facebook.net https://consentcdn.cookiebot.com https://privacy-cs.mail.ru https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'report-sample' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com rsms.me; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://consent.cookiebot.com https://www.googleadservices.com fonts.googleapis.com https://cdnjs.cloudflare.com rsms.me; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 3
img-src * data: blob:; upgrade-insecure-requests; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: 'self' data: cdn.honey.io www.mheducation.co.uk assets.merci-app.com at.alicdn.com cdn.scite.ai cdnjs.cloudflare.com fonts.bunny.net pouch-global-font-assets.s3.eu-central-1.amazonaws.com shopping.qantas.com www.mhprofessional.com *.wistia.com player.flipsnack.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.mheducation *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.mheducation *.weltpixel.com cdn.dnky.co *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.vidyard.com *.mheducation.com cloud.3dissue.net player.flipsnack.com *.cloudfront.net *.qualtrics.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.hsforms.net *.hsforms.com 'self' data: www.google.de adservice.google.com analytics.twitter.com app-sj01.marketo.com asia-s3-mhe-prod.s3.amazonaws.com cdn.honey.io cdn3.iconfinder.com co1.qualtrics.com covers.mhedu.com ecommerce.payulatam.com fonts.gstatic.com i.pinimg.com info.mheducation.com learn.mheducation.com log-papago.naver.com m.media-amazon.com mheducation-mea.github.io mhp-assets.s3.amazonaws.com px4.ads.linkedin.com region1.google-analytics.com simplesharebuttons.com siteintercept.qualtrics.com spain-s3-mhe-prod.s3.amazonaws.com t.co translate.google.com www-mheducation-ca.ezpminer.urmc.rochester.edu www.accessengineeringlibrary.com www.facebook.com *.google.co.uk www.linkedin.com www.mheducation.ca www.mheducation.com www.mheducation.es asia-s3-mhe-prod.s3-eu-west-1.amazonaws.com asia-s3-mhe-prod.s3.eu-west-1.amazonaws.com canada.p.ctidigital.com cdn.vidyard.com connect.facebook.net image.flaticon.com ir-in.amazon-adsystem.com latam-s3-mhe-prod.s3.eu-west-1.amazonaws.com login.dotomi.com media.msg.dotomi.com mhp-assets.s3.eu-west-1.amazonaws.com play.vidyard.com region1.analytics.google.com static.thenounproject.com ws-in.amazon-adsystem.com ad.doubleclick.net betterresearch.com canada.pre-prod.ctidigital.com ssl.google-analytics.com www.mheducation.co.in www.mhprofessional.com cdn.cookielaw.org cloud.3dissue.net fast.wistia.com player.flipsnack.com *.cloudfront.net *.qualtrics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.hsforms.net *.hsforms.com https://www.googletagmanager.com tagmanager.google.com unpkg.com analytics.tiktok.com connect.facebook.net munchkin.marketo.net script.hotjar.com static.hotjar.com tools.luckyorange.com ucads-cdn.ucweb.com app-sj01.marketo.com gateway.zscalerone.net info.mheducation.com learn.mheducation.com nd3n4.m70vee7.com play.vidyard.com siteintercept.qualtrics.com static.ads-twitter.com code.jquery.com sleeknotecustomerscripts.sleeknote.com wsc2e.ez05w7r.com iframely.net www.google.com 4ddons.com 7896543.s3.amazonaws.com cdnjs.cloudflare.com ssl.google-analytics.com www.ili.ir www.mhprofessional.com www.pagespeed-mod.com cdn.cookielaw.org app-sjqe.marketo.com *.siteintercept.qualtrics.com *.payulatam.com *.cloudflare.com fast.wistia.com player.flipsnack.com *.cloudfront.net *.qualtrics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.gstatic.com tagmanager.google.com app-sj01.marketo.com cdn.honey.io info.mheducation.com learn.mheducation.com fonts.bunny.net www.mhprofessional.com fast.wistia.com player.flipsnack.com *.cloudfront.net 'self' 'unsafe-inline'; object-src info.mheducation.com player.flipsnack.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com asia-s3-mhe-prod.s3-eu-west-1.amazonaws.com content.studysync.com mhp-assets.s3.amazonaws.com spain-s3-mhe-prod.s3.amazonaws.com asia-s3-mhe-prod.s3.eu-west-1.amazonaws.com cloud.3dissue.net/14552/14572/14643/88645/index.html fast.wistia.com player.flipsnack.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.facebook.net *.payulatam.com 128-sjw-347.mktoresp.com 128-sjw-347.mktoutil.com 303-fkf-702.mktoresp.com 303-fkf-702.mktoutil.com ad.doubleclick.net adservice.google.com api-preview.luckyorange.com centinelapi.cardinalcommerce.com csmetrics.hotjar.com geolocation.onetrust.com gjtrack.ucweb.com kg668dbov0.execute-api.us-east-1.amazonaws.com metrics.hotjar.io play.vidyard.com plugin.ucads.ucweb.com privacyportal.onetrust.com pubsub.googleapis.com region1.analytics.google.com settings.luckyorange.com siteintercept.qualtrics.com translate.googleapis.com vc.hotjar.io wedata.net ws2.hotjar.com www.facebook.com www.google.ad www.google.ae www.google.at www.google.be www.google.ca www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.co.th www.google.co.uk www.google.co.za www.google.co.zw www.google.com www.google.com.ar www.google.com.au www.google.com.bh www.google.com.co www.google.com.do www.google.com.ec www.google.com.fj www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tr www.google.cz www.google.de www.google.es www.google.gr www.google.hn www.google.hr www.google.it www.google.nl www.google.ru www.google.se analytics.tiktok.com cdn.linkedin.oribi.io content.hotjar.io realtime.luckyorange.com writer.cardinalcommerce.com ws.hotjar.com ws25.hotjar.com www.google.com.eg www.google.com.tw www.google.ie www.google.ro subwayblaze.com www.mhprofessional.com cdn.cookielaw.org wss://ws.hotjar.com *.wistia.com player.flipsnack.com *.cloudfront.net *.qualtrics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com play.vidyard.com player.flipsnack.com *.wistia.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com https://static.cloudflareinsights.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://koi-3qnn21dgy0.marketingautomation.services https://koi-3rakn81cwk.marketingautomation.services https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://maps.googleapis.com https://player.vimeo.com https://scripts.clarity.ms https://www.clarity.ms https://snap.licdn.com https://tags.srv.stackadapt.com https://tags.srv.stackadapt.com/events.js https://googleads.g.doubleclick.net https://www.google-analytics.com https://pi.pardot.com https://cdn.voiceflow.com https://content.ewp.readytech.io https://content.wfs.readytech.io https://gj.readytech.io https://wcsecure.weblink.com.au; script-src-elem 'self' 'unsafe-inline' https://kit.fontawesome.com https://static.cloudflareinsights.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://koi-3qnn21dgy0.marketingautomation.services https://koi-3rakn81cwk.marketingautomation.services https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://maps.googleapis.com https://player.vimeo.com https://scripts.clarity.ms https://www.clarity.ms https://snap.licdn.com https://tags.srv.stackadapt.com https://tags.srv.stackadapt.com/events.js https://googleads.g.doubleclick.net https://www.google-analytics.com https://pi.pardot.com https://cdn.voiceflow.com https://content.ewp.readytech.io https://content.wfs.readytech.io https://gj.readytech.io https://wcsecure.weblink.com.au; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://www.gstatic.com https://tags.srv.stackadapt.com https://cdn.voiceflow.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.voiceflow.com; connect-src 'self' https://tags.srv.stackadapt.com https://www.google.com https://www.google.com.au https://www.google.com.vn https://maps.googleapis.com https://q.clarity.ms https://v.clarity.ms https://o.clarity.ms https://*.clarity.ms https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google-analytics.com https://translate.googleapis.com https://www.googletagmanager.com https://general-runtime.voiceflow.com https://www.googleadservices.com; img-src 'self' data: https: https://tags.srv.stackadapt.com; frame-src 'self' https://player.vimeo.com https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://youtube.com https://app-3qnn21dgy0.marketingautomation.services https://content.ewp.test.readytech.io https://content.ewp.readytech.io https://content.gj.test.readytech.io https://content.gj.readytech.io https://content.wfs.test.readytech.io https://content.wfs.readytech.io https://wcsecure.weblink.com.au https://www.podbean.com; report-uri /csp-report.php 3
upgrade-insecure-request 3
frame-ancestors 'none'; object-src 'none' 3
frame-ancestors 'self'; form-action 'self'; object-src 'none'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; media-src 'self'; form-action 'self' https://www.server-team1.de https://www.server-team3.de; child-src 'self' https://www.google.com https://www.server-team1.de https://www.server-team3.de; frame-ancestors 'self'; connect-src 'self' https://api.imgur.com; report-uri 'self'; report-to 'self'; 3
report-to csp-report-endpoint; report-uri /logger/info/csp-report; frame-ancestors *; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: 3
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: *; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src * data: blob:; frame-src * blob: data:; object-src * blob:; base-uri 'self'; form-action 'self' https://centinelapi.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://www.facebook.com https://3dsacs.placetopay.com https://geo.cardinalcommerce.com https://authentication.cardinalcommerce.com; media-src * blob:; frame-ancestors 'self'; 3
default-src 'unsafe-inline' 'unsafe-eval' https: data:; 3
script-src http: https: 'unsafe-eval' 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.googletagmanager.com *.zendesk.com wss://*.zendesk.com *.zopim.com wss://*.zopim.com *.cfjump.com *.pinterest.com; style-src 'self' blob: https: 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.zendesk.com; img-src data: http: https: *.zopim.io *.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self'; connect-src 'self' http: https: *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com wss://ws.hotjar.com; font-src 'self' data: fonts.gstatic.com foursixty.com *.zendesk.com; frame-src assets.braintreegateway.com *.google.com *.googletagmanager.com *.youtube.com *.youtu.be *.vimeo.com foursixty.com *.zendesk.com *.paypal.com *.doubleclick.net *.criteo.com *.pinterest.com *.facebook.com; 3
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: filesystem: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src 'self' 'unsafe-eval' 'unsafe-inline';          script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.guardiancapital.com *.googleapis.com *.vimeo.com      *.google-analytics.com *.googletagmanager.com *.jquery.com *.cloudflare.com *.jsdelivr.net         *.pardot.com *.datatables.net *.highcharts.com *.doubleclick.net cdn-cookieyes.com *.cookieyes.com;          connect-src 'self' *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.jquery.com          *.cloudflare.com *.jsdelivr.net *.pardot.com *.datatables.net *.doubleclick.net cdn-cookieyes.com *.cookieyes.com *.googlesyndication.com *.guardiancapital.com;          img-src 'self' https://* blob: data:;          style-src 'self' 'unsafe-inline' *.jquery.com *.jsdelivr.net *.pardot.com *.cloudflare.com         *.datatables.net;          style-src-elem 'self' 'unsafe-inline' *.jquery.com *.jsdelivr.net *.cloudflare.com *.googleapis.com         *.pardot.com *.datatables.net;          font-src 'self' https://* blob: data:;          frame-src 'self' https://* blob: data:;          media-src 'self' https://* blob: data:;          object-src 'self' https://* blob: data:;          worker-src 'self' https://* blob: data:;          frame-ancestors 'self' http://*.vimeo.com; 3
default-src 'self' 'unsafe-inline' https://our.umbraco.com https://marketplace.umbraco.com https://www.betalingsservice.dk https://www.xn--leverandrservice-sxb.dk https://www.lsmps.dk https://xn--leverandrservice-sxb.dk https://www.osmps.dk https://www.informationsservice.dk https://www.registreringsnumre.dk https://www.efaktura.no https://www.avtalegiro.no https://partner.mastercardpaymentservices.com https://www.mastercardpaymentservices.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api-itera-eu.nd.nudatasecurity.com https://cdn.cookielaw.org https://www.betalingsservice.dk https://www.xn--leverandrservice-sxb.dk https://www.lsmps.dk https://xn--leverandrservice-sxb.dk https://www.osmps.dk https://www.informationsservice.dk https://www.registreringsnumre.dk https://www.efaktura.no https://www.avtalegiro.no https://partner.mastercardpaymentservices.com https://www.mastercardpaymentservices.com; style-src 'self' 'unsafe-inline' https://www.betalingsservice.dk https://www.xn--leverandrservice-sxb.dk https://www.lsmps.dk https://www.xn--overfrselsservice-40b.dk https://www.osmps.dk https://www.informationsservice.dk https://www.registreringsnumre.dk https://www.efaktura.no https://www.avtalegiro.no https://partner.mastercardpaymentservices.com https://www.mastercardpaymentservices.com; connect-src 'self' https://dpm.demdex.net https://privacyportal.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.betalingsservice.dk https://www.xn--leverandrservice-sxb.dk https://www.lsmps.dk https://www.xn--overfrselsservice-40b.dk https://www.osmps.dk https://www.informationsservice.dk https://www.registreringsnumre.dk https://www.efaktura.no https://www.avtalegiro.no https://partner.mastercardpaymentservices.com https://www.mastercardpaymentservices.com; img-src 'self' data: blob: https://dashboard.umbraco.com https://api-itera-eu.nd.nudatasecurity.com https://cdn.cookielaw.org https://www.mastercard.us https://www.betalingsservice.dk https://www.xn--leverandrservice-sxb.dk https://www.lsmps.dk https://www.xn--overfrselsservice-40b.dk https://www.osmps.dk https://www.informationsservice.dk https://www.registreringsnumre.dk https://www.efaktura.no https://www.avtalegiro.no https://partner.mastercardpaymentservices.com https://www.mastercardpaymentservices.com; font-src 'self' data: https://www.betalingsservice.dk https://www.xn--leverandrservice-sxb.dk https://www.lsmps.dk https://www.xn--overfrselsservice-40b.dk https://www.osmps.dk https://www.informationsservice.dk https://www.registreringsnumre.dk https://www.efaktura.no https://www.avtalegiro.no https://partner.mastercardpaymentservices.com https://www.mastercardpaymentservices.com; worker-src blob:; frame-src 'self' https://marketplace.umbraco.com/ https://www.betalingsservice.dk https://www.lsmps.dk https://www.xn--overfrselsservice-40b.dk https://www.osmps.dk https://www.informationsservice.dk https://www.registreringsnumre.dk https://www.efaktura.no https://www.avtalegiro.no https://partner.mastercardpaymentservices.com https://www.mastercardpaymentservices.com; 3
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 3
script-src 'self' 'strict-dynamic' 'nonce-NjQ3MTc0' 'unsafe-inline' http: https:  ; object-src  https://www.youtube.com ; base-uri 'none' ; frame-ancestors 'self' ; form-action 'self' www.facebook.com ; 3
default-src 'unsafe-inline' 'self' *; script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self' *; style-src-elem 'unsafe-inline' 'self' *; font-src 'self' *; img-src 'self' data: * 3
default-src 'self'; style-src 'self' 'unsafe-inline' 3
require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport 3
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' ;  object-src 'none' ;  frame-ancestors 'self' ;  base-uri 'self' ;  img-src https: data: ; 3
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: https://www.googletagmanager.com *.bootstrapcdn.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.doubleclick.net *.googlesyndication.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.googleapis.com *.openstreetmap.org *.googlesyndication.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.googleadservices.com *.facebook.com trengo.s3.eu-central-1.amazonaws.com *.nespresso.com *.doubleclick.net *.cookielaw.org iprom.net *.iprom.net test.saferpay.com www.saferpay.com saferpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://widget-cdn.boxnow.hr *.googlesyndication.com *.googleadservices.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.facebook.net *.widget.trengo.eu map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org *.nespresso.com *.onesignal.com *.cookielaw.org cdn.gbqofs.com d16fk4ms6rqz1v.cloudfront.net d22xmn10vbouk4.cloudfront.net iprom.net *.iprom.net *.optimizely.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.widget.trengo.eu *.nespresso.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://widget-cdn.boxnow.hr *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.googlesyndication.com *.doubleclick.net *.facebook.com *.trengo.eu map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org *.cookielaw.org *.onetrust.com report.nestle.glassboxdigital.io iprom.net *.iprom.net *.optimizely.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' https: data: wss:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' 'unsafe-inline' https:; 3
frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 3
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com https://ads.adextrem.com https://code.jquery.com https://ajax.googleapis.com https://cdn.tailwindcss.com; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://ads.adextrem.com https://code.jquery.com https://ajax.googleapis.com https://cdn.tailwindcss.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://ads.adextrem.com https://www.google.com; frame-src https://www.google.com https://ads.adextrem.com; worker-src 'self'; object-src 'none'; base-uri 'self'; 3
default-src 'self'; connect-src *; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src * 3
default-src 'self' https: data: blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; frame-ancestors 'self'; 3
default-src blob: https: wss: 'unsafe-eval' 'unsafe-inline' 'self'; style-src https: 'unsafe-inline'; frame-ancestors https://*.facebook.com https://*.youtube.com https://*.twitter.com https://*.x.com https://*.hotjar.com https://*.marketica.com https://*.sharethis.com https://*.widergy.com https://*.amplifyapp.com https://*.botframework.com https://*.doubleclick.net 'self'; frame-src https://*.facebook.com https://*.youtube.com https://*.twitter.com https://*.x.com https://*.hotjar.com https://*.marketica.com https://*.sharethis.com https://*.widergy.com https://*.amplifyapp.com https://*.botframework.com https://*.google.com  https://*.doubleclick.net 'self'; object-src 'none'; font-src https: data:; img-src https: data:; 3
default-src 'self' https://videos.ctfassets.net/;            style-src 'self' 'unsafe-inline' *;            img-src * 'self' data: https: blob:;            script-src * data: blob: 'unsafe-inline' 'unsafe-eval';            connect-src * data: blob: 'unsafe-inline';            font-src * data: blob: 'unsafe-inline';            frame-src *; 3
default-src: https: 3
font-src fonts.gstatic.com use.typekit.net https://*.gopersonal.ai *.fontawesome.com *.bootstrapcdn.com data: *.gstatic.com 'self' data: *.moosend.com script.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.gopersonal.ai *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.dnky.co amc.demdex.net www.google.com youtube.com *.vnforapps.com h.online-metrix.net *.loginextsolutions.com widget.botlers.io somosngr.com.pe td.doubleclick.net PJCLAIM http://r1.dotdigital-pages.com http https email.papajohns.com.pe r1.ddlnk.net/signup.ashx  cdn-images-pj-admin-prod.s3.amazonaws.com *.getblue.io *.widget.scoopsxi.com delivery.yango.com https://delivery.yango.com/ *.webvisor.com metrika.yandex.ru 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://*.gopersonal.ai www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.designer-images.net maps.gstatic.com maps.googleapis.com accounts.google.com 'self' data: cdn.cookielaw.org google.com c.clarity.ms www.google.com.ar c.bing.com *.t.co *.twitter.com *.google.com.pe fonts.gstatic.com https://ad.soicos.com/ *.afilio.com.br *.getblue.io https://www.popeyes.com.pe/ https://www.papajohns.com.pe/ https://www.bembos.com.pe/ https://www.donbelisario.com.pe/ https://www.chinawok.com.pe/ https://bat.bing.com https://c.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://*.gopersonal.ai https://*.gstatic.com *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stat-track.com polyfill.io *.moosend.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com https://www.google.com *.gstatic.com https://maps.googleapis.com cdn.cookielaw.org cdn.onesignal.com *.hotjar.com widget.botlers.io onesignal.com *.vnforapps.com h.online-metrix.net *.cdn.stat-track.com https://www.clarity.ms/ *.tiktok.com *.ads-twitter.com http://r1.dotdigital-pages.com http://email.papajohns.com.pe email.papajohns.com.pe *.web.app *.afilio.com.br *.getblue.io https://static.targethaus.net/analytics.js https://237.logstracker.com/237.js  https://js.admediasales.com/ https://stalkoda.com/code/ https://cdn.tangoo.it/aud/clientjs/ptag.js?9198 https://bing.com https://bat.bing.com/bat.js https://bat.bing.com/p/action/343214966.js *.widget.scoopsxi.com/api/widget/ shop-cart.app https://static-cdn.trackier.com https://loopwidget.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.gopersonal.ai *.fontawesome.com *.moosend.com *.bootstrapcdn.com cdn.dnky.co *.googleapis.com *.gstatic.com *.googletagmanager.com *.cookielaw.org widget.botlers.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://*.gopersonal.ai https://*.goshops.ai https://*.googleapis.com https://*.gstatic.com *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stat-track.com *.m-pages.com *.m-operations.com maps.googleapis.com api.comapi.com bam.nr-data.net *.google-analytics.com *.cookielaw.org *.moosend.com region1.analytics.google.com *.hotjar.io oldenterprise.botlers.io vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.clarity.ms cors-anywhere.herokuapp.com www.google.com.ar geolocation.onetrust.com privacyportal.onetrust.com *.tiktok.com www.google.com https://lib-us-1.brilliantcollector.com *.customerscoops.app/ https://loopwidget.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: 3
frame-ancestors 'self' https://matomo.cibtp.fr 3
default-src 'none'; style-src-elem 'self' 'unsafe-inline' https:; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data:  https:; media-src 'self' https: data:; font-src 'self' data: https:; frame-ancestors https://cupra-admin.porsche-holding.com https://*.googletagmanager.com https://*.doubleclick.net; connect-src 'self' https: ws: wss: data:; frame-src 'self' https:; upgrade-insecure-requests 3
script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net *.facebook.com static.cloudflareinsights.com www.gstatic.com h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com *.ibb.co.com *.facebook.com www.googletagmanager.com h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.jsdelivr.net h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;form-action 'self' *.facebook.com;frame-src static.goolec.com www.youtube.com youtube.com *.facebook.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com *.facebook.com h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;media-src h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';frame-ancestors 'self';object-src 'none' 3
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; font-src 'self' https: data:; 3
script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net *.facebook.com static.cloudflareinsights.com www.gstatic.com f9a1b3c5d7e9f1g3h5i7j9k1l3m5n7o9p1q3r.speed-cdn.com swmo7mkzlg3nher6s82n5i2zi2.speed-cdn.com zhecgyj5b2o377ebbkvpe2zodk.speed-cdn.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com *.ibb.co.com *.facebook.com www.googletagmanager.com f9a1b3c5d7e9f1g3h5i7j9k1l3m5n7o9p1q3r.speed-cdn.com swmo7mkzlg3nher6s82n5i2zi2.speed-cdn.com zhecgyj5b2o377ebbkvpe2zodk.speed-cdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.jsdelivr.net f9a1b3c5d7e9f1g3h5i7j9k1l3m5n7o9p1q3r.speed-cdn.com swmo7mkzlg3nher6s82n5i2zi2.speed-cdn.com zhecgyj5b2o377ebbkvpe2zodk.speed-cdn.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com f9a1b3c5d7e9f1g3h5i7j9k1l3m5n7o9p1q3r.speed-cdn.com swmo7mkzlg3nher6s82n5i2zi2.speed-cdn.com zhecgyj5b2o377ebbkvpe2zodk.speed-cdn.com;form-action 'self' *.facebook.com;frame-src static.goolec.com www.youtube.com youtube.com *.facebook.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com *.facebook.com f9a1b3c5d7e9f1g3h5i7j9k1l3m5n7o9p1q3r.speed-cdn.com swmo7mkzlg3nher6s82n5i2zi2.speed-cdn.com zhecgyj5b2o377ebbkvpe2zodk.speed-cdn.com;media-src f9a1b3c5d7e9f1g3h5i7j9k1l3m5n7o9p1q3r.speed-cdn.com swmo7mkzlg3nher6s82n5i2zi2.speed-cdn.com zhecgyj5b2o377ebbkvpe2zodk.speed-cdn.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';frame-ancestors 'self';object-src 'none' 3
frame-ancestors 'self' *.lojabrf.com *.brf.force.com 3
img-src * 'self' data: https:; font-src * 'self' data: https:; media-src * 'self' data: https:; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.fonts-gstatic.com *.cloudflare.com  *.googletagmanager.com *.fontawesome.com *.gstatic.com *.jquery.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.datatables.net *.openstreetmap.org *.hotjar.com *.jsdelivr.net *.doubleclick.net gitcdn.github.io oss.maxcdn.com *.termly.io 3
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com sc-static.net *.kaltura.com *.google-analytics.com *.edgekey.net *.cloudflare.com  *.jsdelivr.net *.en25.com *.facebook.net *.licdn.com *.en25.com *.googletagmanager.com *.newrelic.com *.licdn.com  *.bing.com *.brighttalk.com *.axa-im.de *.siteimprove.net *.siteimprove.com *.cookielaw.org *.fullstory.com *.aticdn.net *.ceros.com *.ausha.co; object-src self; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.fontawesome.com *.axa-im.de; img-src https: data: https://www.axa-im.de; media-src https: data: blob:; frame-src self *.youtube-nocookie.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.brighttalk.com *.axa-im.de  *.siteimprove.net *.siteimprove.com *.ceros.com *.ausha.co; frame-ancestors self; child-src self blob:; font-src data: fonts.gstatic.com *.googleusercontent.com *.axa-im.com *.axa-im.co.uk *.kaltura.com *.axa-im.de ; connect-src *.axa-im.com *.axa-im.co.uk *.kaltura.com *.edgekey.net *.google-analytics.com *.google.com *.facebook.com *.braze.com *.axa-im.de  *.siteimprove.net *.siteimprove.com *.cookielaw.org *.fullstory.com *.g.doubleclick.net *.googlesyndication.com *.bing.com; report-uri /report-csp-violation 3
frame-ancestors 'self' premiumpartner.jti.de premiumpartner-qa.jti.de 3
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.googleapis.com *.gstatic.com *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.twitter.com *.googleapis.com *.reginox.nl sibautomation.com *.hotjar.com *.squeezely.tech *.youtu.be youtu.be *.youtu.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.alothemes.com *.magepow.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.reginox.nl *.bing.com *.google.com *.google.nl *.squeezely.tech *.facebook.com *.zdassets.com *.adscience.nl *.optinadserving.com *.googletagmanager.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.google.ie *.wiqhit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com jquery.sellxed.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.chimpstatic.com chimpstatic.com *.hotjar.com *.bing.com sibautomation.com *.opmnstr.com *.feedbackcompany.com *.doubleclick.net squeezely.tech *.facebook.net *.facebook.com *.zdassets.com *.adscience.nl *.optinadserving.com *.zopim.com *.googletagmanager.com *.youtu.be youtu.be *.youtu.com *.youtube.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.alothemes.com *.magepow.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.omappapi.com *.bootstrapcdn.com *.squeezely.tech *.googletagmanager.com *.houseofadsperiment.nl *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com *.facebook.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.wiqhit.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.omappapi.com *.doubleclick.net *.feedbackcompany.com *.sendinblue.com *.hotjar.com wss://*.hotjar.com *.squeezely.tech *.bootstrapcdn.com *.facebook.net *.zdassets.com *.zendesk.com *.adscience.nl *.zopim.com wss://*.zopim.com *.googleapis.com *.googletagmanager.com squeezely.tech *.youtu.be youtu.be *.youtu.com *.youtube.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.google-analytics.com *.wiqhit.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self'; img-src 'self' data:; 3
img-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com *.mzstatic.com; media-src 'self' blob: data: *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn; font-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com; connect-src blob: 'self' data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com wss://*.push.apple.com; frame-src 'self' blob: mailto: sms: tel: *.icloud.com *.apple.com *.icloud-sandbox.com *.icloud-content.com *.icloud-content.com.cn; frame-ancestors 'self' *.icloud.com *.apple.com; form-action 'self' *.icloud.com *.apple.com; child-src blob: 'self'; base-uri 'self' *.icloud.com *.cdn-apple.com; report-uri https://feedbackws.icloud.com/reportRaw 2
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 2
font-src 'self' www.mozilla.org; form-action 'self' https://abdri3ttkb.execute-api.us-east-2.amazonaws.com https://accounts.firefox.com/ https://basket.mozilla.org; frame-ancestors 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; base-uri 'none'; style-src 'self' 'unsafe-inline' cdn.transcend.io transcend-cdn.com www.mozilla.org; upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.transcend.io js.stripe.com s.ytimg.com tagmanager.google.com transcend-cdn.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; connect-src 'self' cdn.transcend.io https://abdri3ttkb.execute-api.us-east-2.amazonaws.com https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com telemetry.transcend.io telemetry.us.transcend.io transcend-cdn.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; object-src 'none'; default-src 'self' *.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; report-uri https://o1069899.ingest.us.sentry.io/api/6249535/security/?sentry_key=45ad5d426da7480081831c053ca02cac 2
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 2
frame-ancestors 'self' https://cms.w3.org/ https://cms-dev.w3.org/; upgrade-insecure-requests 2
default-src 'none'; script-src 'self' 'unsafe-inline' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net https://piwik.avm.de https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net; img-src 'self' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net https://piwik.avm.de data: ; font-src 'self' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net; connect-src 'self' https://sso.myfritz.net https://gateway.myfritz.net wss://gateway.myfritz.net https://piwik.avm.de; frame-src 'self' https://sso.myfritz.net https://www.google.com/recaptcha/; media-src 'none'; object-src 'none'; worker-src 'none'; manifest-src https://www.myfritz.net/static/manifest.json https://sso.myfritz.net/static/manifest.json; frame-ancestors https://sso.myfritz.net https://www.myfritz.net; form-action 'self' https://www.myfritz.net 2
default-src 'self'; img-src data: blob: *; script-src-elem 'self' assets.ubuntu.com www.google-analytics.com www.googletagmanager.com dev.visualwebsiteoptimizer.com www.youtube.com asciinema.org player.vimeo.com script.crazyegg.com w.usabilla.com munchkin.marketo.net serve.nrich.ai ml314.com scout-cdn.salesloft.com snippet.maze.co www.googleadservices.com js.zi-scripts.com *.g.doubleclick.net www.google.com www.gstatic.com *.googlesyndication.com js.stripe.com d3js.org www.brighttalk.com cdnjs.cloudflare.com static.ads-twitter.com *.cdn.digitaloceanspaces.com www.redditstatic.com snap.licdn.com connect.facebook.net jspm.dev cdn.livechatinc.com api.livechatinc.com secure.livechatinc.com www.tfaforms.com api.usabilla.com *.cloudfront.net cdn.jsdelivr.net *.g.doubleclick.net extend.vimeocdn.com tracking-api.g2.com 'unsafe-inline'; font-src 'self' assets.ubuntu.com cdn.livechatinc.com secure.livechatinc.com fonts.google.com; script-src 'self' blob: *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; connect-src 'self' *.googlesyndication.com www.google.com ubuntu.com analytics.google.com www.googletagmanager.com sentry.is.canonical.com www.google-analytics.com *.crazyegg.com scout.salesloft.com *.g.doubleclick.net js.zi-scripts.com *.mktoresp.com prompts.maze.co *.google-analytics.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com px.ads.linkedin.com ws.zoominfo.com youtube.com google.com fonts.google.com api.text.com raw.githubusercontent.com *.analytics.google.com *.g.doubleclick.net ad.doubleclick.net www.googleadservices.com www.facebook.com *.livechatinc.com *.text.com *.youtube.com *.google.com; frame-src 'self' *.doubleclick.net www.youtube.com/ asciinema.org player.vimeo.com js.stripe.com www.googletagmanager.com www.google.com www.brighttalk.com cdn.livechatinc.com secure.livechatinc.com cdn.livechat-static.com *.cloudfront.net app3.trueability.com app.trueability.com pay.stripe.com; style-src *.cloudfront.net cdn.jsdelivr.net 'self' *.livechatinc.com *.youtube.com *.google.com 'unsafe-inline'; media-src 'self' res.cloudinary.com cdn.livechatinc.com secure.livechatinc.com cdn.livechat-static.com images.zenhubusercontent.com assets.ubuntu.com *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com ubuntu.com; child-src api.livechatinc.com cdn.livechatinc.com secure.livechatinc.com youtube.com google.com fonts.google.com 'self' *.livechatinc.com *.youtube.com *.google.com blob:; object-src 'self' *.livechatinc.com *.youtube.com *.google.com; frame-ancestors https://edge-billing.stripe.com https://edge-connect.stripe.com https://edge-dashboard-admin.stripe.com https://edge-dashboard.stripe.com https://edge-docs.stripe.com https://edge-marketplace.stripe.com https://edge-support.stripe.com https://billing.stripe.com https://connect.stripe.com https://dashboard-admin.stripe.com https://dashboard.stripe.com https://docs.stripe.com https://edge-support-conversations.stripe.com https://edge.stripe.com https://marketplace.stripe.com https://stripe.com https://support-admin.corp.stripe.com https://support-conversations.stripe.com https://support.stripe.com; 2
style-src 'self' 'unsafe-inline' cdn.transcend.io transcend-cdn.com www.firefox.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.transcend.io s.ytimg.com tagmanager.google.com transcend-cdn.com www.firefox.com www.google-analytics.com www.googletagmanager.com www.youtube.com; object-src 'none'; font-src 'self' www.firefox.com; default-src 'self' www.firefox.com; base-uri 'none'; frame-src 'self' accounts.firefox.com www.google-analytics.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com; frame-ancestors 'none'; connect-src 'self' basket.mozilla.org cdn.transcend.io https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.ingest.us.sentry.io o1069899.sentry.io region1.google-analytics.com telemetry.transcend.io telemetry.us.transcend.io transcend-cdn.com www.firefox.com www.google-analytics.com www.googletagmanager.com; upgrade-insecure-requests; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.firefox.com www.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; img-src 'self' data: www.firefox.com www.google-analytics.com www.googletagmanager.com www.mozilla.org 2
frame-ancestors 'self' *.grammarly.com 2
frame-ancestors 'self'   https://partner.tp-link.com https://partner-test.tp-link.com https://www.tapo.com https://*.store.tapo.com https://store.omadanetworks.com https://*.store.tp-link.com https://clarity.microsoft.com https://*.shopifypreview.com https://*.shopify.com https://*.myshopify.com https://*.shopifyapps.com 2
default-src temu: *.temu.com *.kwcdn.com *.temucdn.com wss://*.temu.com *.paypal.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleusercontent.com www.googleadservices.com www.google.cn www.google.com.hk www.google.co.uk www.google.ca www.google.com.au www.google.co.nz google.com connect.facebook.net www.facebook.com appleid.cdn-apple.com socialplugin.facebook.net *.cash.app *.forter.com www.paypalobjects.com *.braintree-api.com *.braintreegateway.com cash-f.squarecdn.com api.squareup.com api.lab.amplitude.com *.paidy.com *.cardinalcommerce.com *.stripe.com d3nocrch4qti4v.cloudfront.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d2o5idwacg3gyw.cloudfront.net d3lqotgbn3npr.cloudfront.net d6rak4b14t5gp.cloudfront.net dlthst9q2beh8.cloudfront.net o160250.ingest.sentry.io *.pagoefectivo.pe wauth.teledit.com *.smartropay.co.kr *.mobilians.co.kr applepay.cdn-apple.com codigoqr.pagoefectivolatam.com identify.idscan.cloud blob: data: 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval'; report-uri /api/sec-csp/110000006/enforce 2
default-src https: 'unsafe-inline' data: blob:; frame-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; media-src https: 'unsafe-inline' data: blob:; img-src https: http: data: blob:; frame-ancestors https: 2
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:;media-src * blob:;img-src * data: 'unsafe-inline' blob:;font-src * data: 'unsafe-inline'; frame-ancestors *.staples.com *.staplesadvantage.com 2
frame-ancestors 'self' *.intranet *.uolinc.com; 2
report-uri https://mon.capcutapi.us/monitor_browser/collect/batch/security/?bid=cc_web_compliance&ev_type=csp&p=dQ8Gt5CJDptaV9zKWoMFsV&v=2&s=650&b=custom; report-to csp-endpoint; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.us.capcut.com *.adtrafficquality.google *.bing.com *.bing.net *.capcutapi.us *.capcutcdn-us.com *.capcutw.us *.clarity.ms *.doubleclick.net *.facebook.com *.facebook.net *.giphy.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.tiktokcdn-us.com *.tiktokv.us *.tiktokw.us *.ttcdn-us.com *.us.capcut.com appleid.cdn-apple.com dreamina.capcut.com ep2.adtrafficquality.google facebook.com google.com login-row.www.capcut.com www.capcut.com www.tiktok.com; connect-src 'self' blob: bytedance: data: http://localhost:* https://localhost:* wss://*.us.capcut.com *.adtrafficquality.google *.bing.com *.bing.net *.capcutapi.us *.capcutcdn-us.com *.capcutw.us *.clarity.ms *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.pipopay.com *.pipopayment.com *.pipopayment.us *.run.app *.tiktokcdn-us.com *.tiktokv.us *.tiktokw.us *.twitter.com *.us.capcut.com dreamina.capcut.com login-row.www.capcut.com www.capcut.com www.tiktok.com; frame-src 'self' bytedance: *.capcutw.us *.facebook.com *.google.com *.googletagmanager.com *.instagram.com *.x.com *.youtube.com capcut-yt.onelink.me dreamina.capcut.com ep2.adtrafficquality.google googleads.g.doubleclick.net media-evercloud.capcutapi.us td.doubleclick.net www.capcut.com www.tiktok.com; object-src 'none'; script-src 'inline-speculation-rules' 'report-sample' 'self' 'unsafe-eval' 'wasm-unsafe-eval' *.bing.com *.capcutcdn-us.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googlesyndication.com *.googletagmanager.com *.tiktokcdn-us.com appleid.cdn-apple.com ep2.adtrafficquality.google googleads.g.doubleclick.net scripts.clarity.ms www.clarity.ms www.gstatic.com; worker-src 'self'; base-uri 'none'; frame-ancestors 'self' bytedance: dreamina.capcut.com www.capcut.com www.pippit.ai 2
connect-src 'self' https://search.brave.com https://newsletter.brave.app https://analytics.brave.com; default-src 'none'; media-src 'self'; font-src 'self'; frame-ancestors 'self' https://ads.brave.com https://ads.bravesoftware.com; frame-src 'self' https://blocksurvey.io https://survey.brave.app https://contact.ads.brave.com https://html5-player.libsyn.com https://player.vimeo.com https://boards.greenhouse.io https://job-boards.greenhouse.io https://www.youtube-nocookie.com https://app.boostr.com/; img-src 'self' data: https://imgs.search.brave.com https://analytics.brave.com https://boards.greenhouse.io https://job-boards.greenhouse.io; script-src 'self' https://boards.greenhouse.io https://job-boards.greenhouse.io; style-src 'self' 'unsafe-inline'; object-src 'self'; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests; 2
frame-ancestors 'self' https://aws.amazon.com *.pathfactory.com *.lookbookhq.com *.newrelic.com 2
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com region1.analytics.google.com www.google.co.uk lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com region1.analytics.google.com www.google.co.uk www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-4id0G+gxlaptK7vV1M7gDA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com region1.analytics.google.com www.google.co.uk lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 2
default-src 'self' https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://ekr.zendesk.com wss://mixpanelsupport.zendesk.com https://framerusercontent.com https://mixpanel.com https://*.mixpanel.com https://thesignalprod.wpenginepowered.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://cdn.rollbar.com https://js.stripe.com https://*.zdassets.com https://*.zopim.com https://assets.zendesk.com https://www.google.com https://www.gstatic.com https://widget.kapa.ai https://www.youtube.com/embed/ https://connect.facebook.net https://apis.google.com https://accounts.google.com https://cdp.customer.io https://assets.customer.io https://customerioforms.com https://code.gist.build https://*.sendbird.com 'unsafe-eval' https://*.6sc.co https://static.addtoany.com https://*.adroll.com https://cdn-assets-prod.s3.amazonaws.com https://optimizely.s3.amazonaws.com https://*.bing.com https://cdn.bizible.com https://*.clarity.ms https://cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net dnf20ypvrc856.cloudfront.net https://*.doubleclick.net https://framer.com https://*.framer.com https://app.framerstatic.com https://framerusercontent.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.gstatic.cn https://*.gstatic.com https://*.g2crowd.com https://app.leandata.com https://cdn.leandata.com https://cdn1.leandata.com https://snap.licdn.com https://*.marketo.com https://*.marketo.net https://mixpanel.com https://*.mixpanel.com https://*.optimizely.com https://*.pinimg.com https://ct.pinterest.com https://*.qualified.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.net https://*.recaptcha.net https://www.redditstatic.com/ads/ https://js.sentry-cdn.com https://*.singular.net https://*.smartnews-ads.com https://*.trustarc.com https://*.ads-twitter.com https://*.typeform.com https://use.typekit.net https://mxpnlcms.wpengine.com https://s.yimg.jp https://*.youtube.com https://*.zoominfo.com; connect-src 'self' blob: data: wss://api.liveblocks.io https://api.liveblocks.io https://cdn.jsdelivr.net https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.sentry.io https://api.honeycomb.io https://api.rollbar.com https://api.sprig.com https://*.zdassets.com https://mixpanelsupport.zendesk.com https://*.zopim.com wss://*.zopim.com https://www.google.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://proxy.kapa.ai https://storage.googleapis.com https://*.facebook.com https://cdp.customer.io https://track.customer.io https://customerioforms.com https://*.api.gist.build https://*.cloud.gist.build https://*.sendbird.com https://*.amazonaws.com ws://*.sendbird.com https://*.doubleloop.app https://*.6sc.co https://*.adnxs.com https://cdn-assets-prod.s3.amazonaws.com https://*.bing.com https://*.bugsnag.com https://*.clarity.ms https://*.doubleclick.net https://framer.com https://*.framer.com https://app.framerstatic.com https://framerusercontent.com https://google.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://tracking-api.g2.com https://*.g2crowd.com https://app.leandata.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.mktoresp.com https://*.optimizely.com https://cdn.linkedin.oribi.io https://ct.pinterest.com https://*.qualified.com wss://*.qualified.com https://*.recaptcha.net https://*.reddit.com https://www.redditstatic.com/ads/ https://unpkg.com/@rive-app/canvas@1.2.4/rive.wasm https://unpkg.com/@rive-app/webgl2@2.27.5/rive.wasm https://public.rive.app https://*.singular.net https://*.smartnews-ads.com https://*.trustarc.com https://mxpnlcms.wpengine.com https://thesignalprod.wpenginepowered.com https://*.zoominfo.com; img-src 'self' blob: data: https://api.liveblocks.io https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.zdassets.com https://*.zopim.com https://v2uploads.zopim.io https://storage.googleapis.com https://*.facebook.com https://*.gravatar.com https://*.wp.com https://track.customer.io https://*.sendbird.com https://*.amazonaws.com ws://*.sendbird.com https://*.3lift.com https://*.33across.com https://*.6sc.co https://*.adnxs.com https://*.adroll.com https://*.bidswitch.net https://*.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://*.bugsnag.com https://ct.capterra.com https://*.casalemedia.com https://*.clarity.ms https://res.cloudinary.com https://*.crwdcntrl.net https://*.doubleclick.net https://*.exelator.com https://framerusercontent.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.googleusercontent.com https://*.imrworldwide.com https://cdn.leandata.com https://cdn1.leandata.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.openx.net https://*.optimizely.com https://sync.outbrain.com https://*.pubmatic.com https://*.qualified.com https://*.reddit.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://*.smartnews-ads.com https://pixel.sitescout.com/ https://sync.taboola.com https://*.trustarc.com https://*.truste.com https://*.turn.com/ https://t.co/ https://analytics.twitter.com https://beacon.walmart.com https://*.wpengine.com https://mxpnlcms.wpengine.com https://mxpnlcms.wpenginepowered.com https://thesignalprod.wpenginepowered.com https://*.analytics.yahoo.com https://*.ytimg.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://code.gist.build https://*.google.com https://fonts.googleapis.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://hello.myfonts.net https://*.qualified.com; font-src 'self' data: https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://framerusercontent.com https://*.gstatic.com https://cdn.leandata.com https://cdn1.leandata.com https://mixpanel.com https://*.mixpanel.com https://*.trustarc.com; frame-src 'self' https://cdn.mxpnl.com/static/ https://js.stripe.com https://www.google.com https://www.loom.com/embed/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com https://accounts.google.com https://code.gist.build https://renderer.gist.build https://static.addtoany.com https://*.bing.com dta8euw1l8gvs.cloudfront.net https://*.doubleclick.net https://framer.com https://*.framer.com https://*.google.com https://www.googletagmanager.com https://mixpanel.my.leandata.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://capture.navattic.com/ https://*.cdn.optimizely.com https://*.cdn-pci.optimizely.com https://ct.pinterest.com https://*.qualified.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://recaptcha.net https://*.recaptcha.net https://rive.app https://my.spline.design/ https://*.trustarc.com https://*.typeform.com; worker-src 'self' blob:; 2
frame-ancestors https://platform.theverge.com https://*.theverge.com https://platform.theverge.com https://*.theverge.com 'self' 2
default-src 'self' *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudinary.com *.cloudinary.com *.googletagmanager.com www.google-analytics.com *.google.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net stackpath.bootstrapcdn.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com *.6sc.co ml314.com tags.srv.stackadapt.com *.convertexperiments.com *.infinigrow.com cdn.debugbear.com cdn.cookielaw.org *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com tracking-api.g2.com; script-src-elem 'self' 'unsafe-inline' cloudinary.com *.cloudinary.com code.jquery.com cdn.jsdelivr.net cdn.cr-proxy.com stackpath.bootstrapcdn.com *.googletagmanager.com www.google-analytics.com *.google.com cdn.omniconvert.com unpkg.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com ml314.com *.6sc.co bat.bing.com static.ads-twitter.com www.clarity.ms tags.srv.stackadapt.com app.omniconvert.com web.omniconvert.com *.convertexperiments.com *.infinigrow.com ddzuuyx7zj81k.cloudfront.net dss6ntp5q2r0o.cloudfront.net cdnjs.cloudflare.com cdn.debugbear.com cdn.cookielaw.org *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com tracking-api.g2.com *.adroll.com app.convert.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com cdnjs.cloudflare.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com cdn.jsdelivr.net cdn.cookielaw.org *.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com *.typekit.net unpkg.com cdnjs.cloudflare.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com cdn.jsdelivr.net cdn.cookielaw.org; img-src 'self' data: cloudinary.com *.cloudinary.com *.google.com www.google-analytics.com pagead2.googlesyndication.com cm.g.doubleclick.net www.google.co.uk www.google.de www.google.hr www.google.co.il segments.company-target.com ps.eyeota.net googleads.g.doubleclick.net secure.gravatar.com match.adsrvr.org wec-assets.terminus.services wec-assets-api.terminus.services px.ads.linkedin.com *.google.ca *.facebook.com benchmark.1e100cdn.net *.cedexis-test.com cedexis.pc.cdn.bitgravity.com ptcfc.com ubiquity.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com media-akam.licdn.com *.citrix-itm-test.com ubiquity.cedexis.eu-west-1.prod.endpoints.ubiquity.aws.a2z.com direct.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com a-cedexis.msedge.net 20059b.ha.azioncdn.net *.cedexis.fastlylb.net test.cedexis.gamma.endpoints.ubiquity.aws.a2z.com *.cdnvideo.ru essl-cdxs.edgekey.net direct.cedexis.ap-northeast-1.prod.endpoints.ubiquity.aws.a2z.com *.endpoints.ubiquity.aws.a2z.com level3ssl.optimicdn.com img-cedexis.mncdn.com cedexis-ssl.cdn.warpcache.net linkedin.com *.adsymptotic.com *.google.com www.googleapis.com *.gstatic.com maps.googleapis.com *.citrix.com cldmo.mo.cloudinary.net *.googletagmanager.com *.fastcdn.co *.instapage.com px4.ads.linkedin.com alb.reddit.com *.crazyegg.com *.mozilla.org *.imagecon.com script.mocky.com b.6sc.co bat.bing.com t.co analytics.twitter.com *.clarity.ms *.convertexperiments.com *.bing.com cdn.cookielaw.org dimensions-art.cloudinary.net n902wcigxi.execute-api.us-east-1.amazonaws.com *.adroll.com p28416.itm.cloud.com p118600.itm.cloud.com ml314.com x.bidswitch.net pixel.tapad.com dsum-sec.casalemedia.com sync.outbrain.com idsync.rlcdn.com pixel.rubiconproject.com image2.pubmatic.com us-u.openx.net sync.taboola.com eb2.3lift.com ib.adnxs.com *.reson8.com secure.adnxs.com dpm.demdex.net i.liadm.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net bat.bing.com t.co analytics.twitter.com *.wp.com cdn.cookielaw.org; connect-src 'self' cloudinary.com *.cloudinary.com www.google-analytics.com pagead2.googlesyndication.com *.doubleclick.net api.lever.co api.cr-proxy.com *.mktoresp.com *.init.cedexis-radar.net *.cedexis.com *.facebook.com a-cedexis.msedge.net *.cedexis.fastlylb.net *.netlify.app *.instapage.com *.instapagemetrics.com *.crazyegg.com script.mocky.com mocky.com *.google.com secure.adnxs.com c.6sc.co ipv6.6sc.co *.clarity.ms bat.bing.com tags.srv.stackadapt.com app.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com logs.convertexperiments.com *.linkedin.com *.cookiebot.com *.infinigrow.com data.debugbear.com cdn.cookielaw.org epsilon.6sense.com *.6sc.co *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com ws.zoominfo.com tracking-api.g2.com n902wcigxi.execute-api.us-east-1.amazonaws.com *.algolia.net dss6ntp5q2r0o.cloudfront.net *.adroll.com cdn.jsdelivr.net; media-src 'self' cloudinary.com *.cloudinary.com blob:; worker-src 'self' blob:; frame-src stackblitz.com demo.arcade.software *.googletagmanager.com *.doubleclick.net *.productboard.com *.google.com jobs.lever.co app-ab12.marketo.com business.facebook.com consentcdn.cookiebot.com *.facebook.com *.cedexis-test.com cedexis.pc.cdn.bitgravity.com *.citrix-itm-test.com 20059b.ha.azioncdn.net essl-cdxs.edgekey.net *.cloudinary.com bid.g.doubleclick.net *.twitter.com cloudinary.com *.youtube.com *.driftt.com *.crazyegg.com *.wp.com p28416.itm.cloud.com p118600.itm.cloud.com app.convert.com; object-src 'none' 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https: 2
frame-ancestors 'self' https://cms.apnews.com/ 2
media-src *.netgear.com;img-src *.commercecloud.salesforce.com *.contentstack.io cdn.contentstack.io assets.contentstack.io placehold.co *.bazaarvoice.com *.google.com *.googletagmanager.com *.netgear.com *.facebook.com *.mobify-storefront.com *.crazyegg.com user-images.crazyeggcdn.com *.facebook.net *.pepperjam.com *.bing.com *.adsrvr.org *.criteo.com *.attn.tv *.amazon-adsystem.com *.paa-reporting-advertising.amazon rtb-csync.smartadserver.com x.bidswitch.net *.adnxs.com partner.mediawallahscript.com r.casalemedia.com ads.stickyadstv.com ad.360yield.com *.liadm.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com trends.revcontent.com *.rubiconproject.com sync-t1.taboola.com tapestry.tapad.com criteo-sync.teads.tv criteo-partners.tremorhub.com ade.clmbtech.com eb2.3lift.com sync.1rx.io dpm.demdex.net aa.agkn.com *.doubleclick.net *.tpmn.co.kr thrtle.com *.lijit.com *.simpli.fi *.openx.net *.pippio.com *.unrulymedia.com *.crwdcntrl.net ad.mrtnsvr.com *.imrworldwide.com *.yahoo.com *.rlcdn.com *.pubmatic.com *.bidr.io *.dmxleo.com *.dotomi.com *.ipredictive.com *.mathtag.com *.licdn.com *.linkedin.com *.datagrail.io *.adition.com *.stackadapt.com *.sportradarserving.com *.googlesyndication.com *.tribalfusion.com tg.socdm.com cs.adingo.jp *.chatanexpert.com fonts.gstatic.com user-sync.fwmrm.net *.optimizely.com *.gbqofs.com *.gbqofs.io *.powerstarsbuilding.com 'self' data:;script-src 'self' storage.googleapis.com cdn.jsdelivr.net apps.bazaarvoice.com *.api.bazaarvoice.com display.ugc.bazaarvoice.com cdn1-sandbox.affirm.com cdn1.sandbox.affirm.com cdn1.affirm.com maps.googleapis.com *.bazaarvoice.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.google.com *.gstatic.com unpkg.com *.crazyegg.com *.facebook.net *.pepperjam.com *.bing.com *.adsrvr.org *.criteo.com *.attn.tv *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.facebook.com *.salesforce.com *.salesforce-sites.com *.force.com *.salesforceliveagent.com *.linkedin.com *.datagrail.io *.adition.com *.rubiconproject.com *.chatanexpert.com *.sportradarserving.com *.googlesyndication.com geoip-js.com user-sync.fwmrm.net *.datadoghq.com *.datadoghq-browser-agent.com *.liadm.com *.hs-scripts.com *.optimizely.com *.downloads.netgear.com *.forethought.ai *.glassboxcdn.com *.gbqofs.com *.gbqofs.io *.powerstarsbuilding.com *.licdn.com *.doubleclick.net www.datadoghq-browser-agent.com www.google-analytics.com bat.bing.com bat.bing.com/p/insights snap.licdn.com *.hubspot.com *.hsanalytics.net *.hscollectedforms.net *.brighttalk.com *.youtube.com *.hs-analytics.net *.hs-banner.com https://runtime.commercecloud.com;connect-src api.cquotient.com *.c360a.salesforce.com *.contentstack.com *.cdn.contentstack.io cdn.contentstack.io assets.contentstack.io *.algolianet.com *.algolia.net insights.algolia.io *.bazaarvoice.com sandbox.affirm.com cdn-assets.affirm.com *.affirm.com affirm.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleadservices.com *.doubleclick.net *.a.run.app 'self' 'unsafe-eval' 'unsafe-inline' *.mobify-storefront.com *.crazyegg.com *.facebook.net *.pepperjam.com *.bing.com *.adsrvr.org *.criteo.com *.attn.tv *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.facebook.com *.attentivemobile.com rtb-csync.smartadserver.com x.bidswitch.net ib.adnxs.com partner.mediawallahscript.com r.casalemedia.com ads.stickyadstv.com ad.360yield.com *.liadm.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com trends.revcontent.com *.rubiconproject.com sync-t1.taboola.com tapestry.tapad.com criteo-sync.teads.tv criteo-partners.tremorhub.com ade.clmbtech.com eb2.3lift.com sync.1rx.io dpm.demdex.net aa.agkn.com *.linkedin.com *.datagrail.io *.sportradarserving.com *.googlesyndication.com *.tribalfusion.com *.netgear.com *.chatanexpert.com geoip-js.com *.datadoghq.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com www.datadoghq-browser-agent.com *.salesforce-sites.com *.optimizely.com *.forethought.ai *.gbqofs.com *.gbqofs.io *.powerstarsbuilding.com www.google-analytics.com tracking.crazyegg.com rp.liadm.com ara.paa-reporting-advertising.amazon ssl.chatanexpert.com bat.bing.com bat.bing.com/p/insights *.hubspot.com *.hsforms.com *.hscollectedforms.net *.hs-banner.com https://runtime.commercecloud.com;worker-src 'self' blob: *.salesforce.com *.mobify-storefront.com localhost:3000 *.netgear.com;frame-ancestors 'self' localhost:* *.contentstack.com *.optimizely.com *.netgear.com assets.contentstack.io https://runtime.commercecloud.com;frame-src *.netgear.com *.facebook.com *.affirm.com *.doubleclick.net *.googletagmanager.com *.a.run.app *.adsrvr.org *.criteo.com *.criteo.net *.paa-reporting-advertising.amazon *.attn.tv *.force.com *.salesforceliveagent.com *.datagrail.io *.youtube.com *.brighttalk.com *.hsforms.com *.chatanexpert.com *.optimizely.com *.downloads.netgear.com *.forethought.ai *.crazyegg.com assets.contentstack.io;style-src 'self' *.crazyegg.com *.chatanexpert.com 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net assets.contentstack.io;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests 2
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2
connect-src * 'self' *.garmin.com *.sentry.io https://static.garmincdn.com https://*.cloudinary.com https://www.gstatic.com https://*.doubleclick.net https://*.criteo.com https://*.linksynergy.com https://*.bing.com https://*.pinterest.com https://*.snapchat.com https://px.ads.linkedin.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.googlesyndication.com https://*.googlesyndication.com https://*.google.com https://akamai.tiqcdn.com https://*.akamaihd.net *.trustarc.com;script-src 'unsafe-inline' 'unsafe-eval' https://*.garmin.cn https://cdn.jsdelivr.net https://app.textrecruit.com 'self' *.garmin.com *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.realytics.io https://klear.com https://px.adentifi.com https://cdn-eu.realytics.net https://secure.adnxs.com https://p.teads.tv https://js.adsrvr.org https://tag.rmp.rakuten.com https://s.pinimg.com https://sc-static.net https://*.snapchat.com https://ct.pinterest.com https://snap.licdn.com https://px.ads.linkedin.com https://c.seznam.cz https://*.google-analytics.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://optimize.google.com https://members.cj.com static-pages.fe.garmin.com http://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com;img-src https://secure.adnxs.com https://www.facebook.com https://*.garmin.cn 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://res.garmin.com https://*.criteo.com https://*.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://rtb.adentifi.com https://*.teads.tv https://www.googletagmanager.com https://bat.bing.com https://*.yahoo.com https://sync.outbrain.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com *.akamaihd.net https://*.tealiumiq.com https://deploytealium.com https://pixel.mediaiqdigital.com;frame-src https://my.tealiumiq.com https://www.youtube-nocookie.com https://player.youku.com https://player.bilibili.com https://gum.criteo.com https://static.criteo.net https://assets.textrecruit.com *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://prefmgr-cookie.truste-svc.net https://*.googletagmanager.com https://*.doubleclick.net https://*.criteo.com https://insight.adsrvr.org https://*.snapchat.com https://ct.pinterest.com;frame-ancestors https://pilotweb.garmin.com;default-src 'self' *.garmin.com https://static.garmincdn.com;style-src 'self' 'unsafe-inline' *.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com;font-src 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com;object-src 'none';upgrade-insecure-requests;base-uri 'self';form-action 'self';script-src-attr 'none' 2
frame-ancestors 'self' v8.1c.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com; script-src 'self' 1c.ru *.1c.ru mc.yandex.ru www.google-analytics.com www.google.com www.gstatic.com api-maps.yandex.ru yastatic.net *.maps.yandex.net vk.com code.jquery.com yandex.st app.chaport.com app.chaport.ru appcdn.chaport.ru call.chatra.io cdn-ru.bitrix24.ru 1csoft.bitrix24.ru www.googletagmanager.com www.youtube.com smartcaptcha.yandexcloud.net 'unsafe-inline' 'unsafe-eval'; 2
default-src https: blob: ; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' ; img-src https: data: ; media-src blob: https: ; upgrade-insecure-requests; block-all-mixed-content;  connect-src https: wss://*.insurads.com wss://*.hotjar.com; 2
frame-ancestors 'self' https://as.com https://argentina.as.com https://chile.as.com https://colombia.as.com https://en.as.com https://mexico.as.com https://peru.as.com https://us.as.com https://apuestas.as.com 2
report-uri /csp;child-src 'self' 'self' blob:;connect-src *;default-src 'self';img-src 'self' data: blob: *.facebook.com https://wise.com https://gtm.wise.com https://sst.wise.com https://tw-avatar.s3.eu-central-1.amazonaws.com https://tw-test-avatar-storage.s3.eu-west-1.amazonaws.com https://*.doubleclick.net https://www.googleadservices.com https://alb.reddit.com https://*.yahoo.co.jp https://bat.bing.com https://cx.atdmt.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://d2dgj1jjqgsb96.cloudfront.net https://help.wise.com/ https://platform-lookaside.fbsbx.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://q.quora.com https://s3-eu-west-1.amazonaws.com https://t.co https://wise.desk.com https://widgets.wise.com https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://px.ads.linkedin.com https://www.linkedin.com https://aax-eu.amazon-adsystem.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.lu https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.dk https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lt https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me *.googleusercontent.com *.analytics.google.com http://wi.se https://wi.se https://collector-20079.tvsquared.com https://analytics.twitter.com https://tr.line.me https://c5.adalyser.com https://c0.adalyser.com https://i.sng.link https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://lux.speedcurve.com https://forms-eu1.hsforms.com/ https://analytics.google.com/g/s/collect;font-src 'self' data: https://fonts.gstatic.com https://widgets.wise.com/;object-src 'self';media-src 'self' 'self' data: https://wise.com/;manifest-src 'self' 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' https://wise.com https://sst.wise.com https://gtm.wise.com https://*.singular.net https://i.sng.link https://js-agent.newrelic.com https://bam.nr-data.net/ https://ajax.cloudflare.com bat.bing.com https://s.yimg.jp https://*.yahoo.co.jp a.quora.com static.hotjar.com https://script.hotjar.com/ https://collector-20079.tvsquared.com https://d.line-scdn.net www.google.co.uk www.google.com www.googletagmanager.com/ tagmanager.google.com/ https://storage.googleapis.com https://ajax.googleapis.com/ https://microapps.google.com https://microapps-prod-tt.sandbox.google.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com *.mxpnl.com https://cdn.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://bidr.io https://d2dgj1jjqgsb96.cloudfront.net https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://js.adsrvr.org https://c5.adalyser.com https://c0.adalyser.com https://c.amazon-adsystem.com https://js-eu1.hs-scripts.com https://js.appboycdn.com/web-sdk/5.9/braze.no-amd.min.js https://transferwise.com https://bidr.io https://cdn.speedcurve.com https://lux.speedcurve.com https://js-eu1.hsforms.net https://challenges.cloudflare.com https://www.youtube.com;style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com/;frame-ancestors 'self' https://wiseturkiye.com.tr https://microapps.google.com https://microapps-prod-tt.sandbox.google.com;frame-src youtube.com www.youtube.com www.youtube-nocookie.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://insight.adsrvr.org https://match.adsrvr.org https://wise.com https://gtm.wise.com https://transferwise.com https://wise.navattic.com https://js-eu1.hsforms.net https://forms-eu1.hsforms.com/ https://challenges.cloudflare.com;worker-src 'self' blob:;form-action 'self' https://forms-eu1.hsforms.com/;base-uri 'self';script-src-attr 'none';upgrade-insecure-requests 2
frame-ancestors 'self' *.lanacion.com.ar; 2
frame-ancestors 'self' http://localhost:* https://*.aftonbladet-cdn.se https://*.aftonbladet.dev https://*.aftonbladet.localhost https://*.aftonbladet.se https://*.apple-mapkit.com https://*.plan3.se https://*.plan3dev.se https://*.schibsted.media https://*.svd.se https://*.vg.no https://admarket.no https://admarket.schibsted.se https://schibsted.dredition.aptoma.no; manifest-src 'self' https://www.vg.no https://static.vg.no/; font-src 'self' data: https://cdn.aftenposten.no https://cdn.aftonbladet.se https://cdn.bt.no https://cdn.stream.schibsted.media https://core-header.schibsted.tech https://default.sacdn.no https://e24.no https://e24.vgc.no https://fonts.gstatic.com https://static.svd.se https://static.vg.no https://vgc.no https://www.aftenbladet.no https://www.aftenposten.no https://www.bt.no https://www.vg.no; upgrade-insecure-requests; object-src 'none'; 2
frame-ancestors https://currently.att.yahoo.com https://start.att.net https://test-start.att.net https://test-www.att.net https://www.att.net http://test-start.att.net http://test-ww.att.net; 2
frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; 2
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com ; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://*.vnexpress.net https://vnexpress.net 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tabor.ru http://tabor.ru *.tabor.ru tabor.ru m.tabor.ru http://m.tabor.ru https://m.tabor.ru http: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru https: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru ; img-src * 'self' blob: data:;connect-src * 'self' file: data: blob: filesystem:; frame-ancestors *.tabor.ru *.tabor.by *.tab33.com *.tabor.kz *.mintapp.org; 2
frame-ancestors https://*.prom.ua https://prom.ua 2
default-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net ; script-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net sdk.privacy-center.org browser-update.org connect.facebook.net *.google.com *.gstatic.com *.googlesyndication.com *.googletagmanager.com *.google-analytics.com unpkg.com/web-vitals/ *.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com *.twitter.com *.youtube.com 'unsafe-inline' 'unsafe-eval' blob: ; style-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.google.com *.googleapis.com *.typekit.net code.iconify.design 'unsafe-inline' data: ; img-src * data: blob: ; font-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.typekit.net fonts.gstatic.com fonts.googleapis.com ff.static.1001fonts.net db.onlinewebfonts.com data: ; connect-src 'self' boardgamearena.com *.boardgamearena.com:* wss://*.boardgamearena.com:* *.boardgamearena.net wss://*.boardgamearena.net:* api.privacy-center.org *.facebook.com *.google.com *.gstatic.com *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.paypal.com *.bga.li blob:; frame-src 'self' boardgamearena.com *.boardgamearena.com:* *.slideshare.net *.youtube.com *.youtube-nocookie.com *.dailymotion.com *.trictrac.tv *.trictrac.net melodice.org js.stripe.com *.paypal.com *.twitter.com *.facebook.com *.google.com td.doubleclick.net *.blueorangegames.eu; frame-ancestors 'self' boardgamearena.com ; base-uri 'none' ; 2
frame-ancestors https://www.livehindustan.com https://*.girnarsoft.com https://agent.botsdekho.com 2
frame-ancestors 'self'; script-src https://cfnimg.joyclub.de/ *.joyclub.de https://aa.joyclub.com/ https://edserver-ndev.joyclub.com/* https://maps.googleapis.com/ https://www.google.com/ https://www.googleadservices.com/ www.googletagmanager.com *.youtube.de *.youtube.com *.youtube.ch *.youtube.at *.youtube.be https://www.youtube-nocookie.com https://s.ytimg.com www.tenor.com *.giphy.com https://www.gstatic.com/ https://connect.facebook.net/ blob: https://googleads.g.doubleclick.net/ https://paygate.novalnet.de/v2/ https://cdn.novalnet.de/js/v3/ https://static.zdassets.com/ https://www.joyclub.de/cdn-cgi/ https://www.joyclub.com/cdn-cgi/ https://pagead2.googlesyndication.com/; upgrade-insecure-requests 2
default-src https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.intercom.io wss://*.intercom.io https://js.intercomcdn.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: tel: *.usercentrics.com https://vars.hotjar.com https://js.intercomcdn.com; worker-src 'self' blob: 2
base-uri 'self'; connect-src * blob: data: *.crazyegg.com ; default-src 'self' *.meetup.com *.dev.meetup.com:8001 www.sjwoe.com *.crazyegg.com blob: ; font-src * data:; frame-ancestors 'self'; frame-src *; img-src * data: blob: *.crazyegg.com ;media-src *.meetup.com *.dev.meetup.com:8001 https://secure.meetupstatic.com www.sjwoe.com *.sendbird.com https://sendbird-us-3.s3.amazonaws.com; script-src * 'unsafe-eval' 'unsafe-inline' *.crazyegg.com; style-src * 'unsafe-inline' *.crazyegg.com ; object-src 'none' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
frame-ancestors https://www.evernote.com https://evernote.com https://stage.evernote.com https://app.preprod3.evernote.com https://evernote.prismic.io/ 'self' 2
frame-ancestors 'self' https://*.adroll.com https://app.mutinyhq.com; 2
frame-ancestors 'self' https://*.sweb.ru https://webvisor.com  http://webvisor.com ; 2
frame-ancestors 'self' *.bbb.org 2
frame-ancestors https://*.orange.fr https://*.sosh.fr https://*.parnasse.fr https://*.soshcaraibe.fr https://*.sosh.re https://*.orange.re 2
frame-ancestors 'none'; default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.scip.es *.paypal.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.intellimize.co https://cdnjs.cloudflare.com https://d3e54v103j8qbb.cloudfront.net https://cdn.prod.website-files.com https://hubspotonwebflow.com https://www.googletagmanager.com https://a-cdn.anthropic.com https://connect.facebook.net https://www.youtube.com https://cdn.jsdelivr.net https://cdn.finsweet.com https://maps.googleapis.com https://js.hsforms.net https://player.vimeo.com; style-src 'self' 'unsafe-inline' https://cdn.prod.website-files.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://cdn.sanity.io https://www-cdn.anthropic.com https://cdn.prod.website-files.com https://img.youtube.com https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://forms-na1.hsforms.com; frame-src 'self' https://www.youtube-nocookie.com https://*.intellimizeio.com https://anthropic.swoogo.com https://*.hsforms.com https://*.hubspot.com; connect-src 'self' blob: https://cdn.intellimize.co https://api.intellimize.co https://log.intellimize.co https://cdn.sanity.io https://links.iterable.com https://a-cdn.anthropic.com https://a-api.anthropic.com https://www.facebook.com https://www.google-analytics.com https://cdn.prod.website-files.com https://hubspotonwebflow.com https://maps.googleapis.com https://vimeo.com https://www.googletagmanager.com https://code.claude.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com; media-src 'self' https://cdn.sanity.io; worker-src 'self' blob:; font-src 'self' data: https://cdn.prod.website-files.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; base-uri 'self' 2
frame-ancestors 'self' https://*.shopify.com https://*.myshopify.com 2
upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 2
default-src 'self' *.collegeboard.org; connect-src 'self' ws: *.collegeboard.org k625k2vrzvdo5g7ynbvtjejehi.appsync-api.us-east-1.amazonaws.com/graphql dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com/graphql cdn.cookielaw.org geolocation.onetrust.com lambda.us-east-1.amazonaws.com bam.nr-data.net cdn.aimtell.io cognito-identity.us-east-1.amazonaws.com sts.us-east-1.amazonaws.com www.google.com privacyportal.onetrust.com apform.secure.force.com cdnm3.cdnservice.space/start5.json code.jquery.com api.trongrid.io/wallet/getnodeinfo dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com dgtkl2ep7natjmkbefhxflglie.appsync-realtime-api.us-east-1.amazonaws.com analytics.aimtell.com sts.us-west-2.amazonaws.com cognito-identity.us-west-2.amazonaws.com d1ktxyteejjrbw.cloudfront.net full-apform.cs190.force.com yt3.ggpht.com collegeboard-full.my.salesforce.com i.ytimg.com cdn.ckeditor.com telemetry.wiris.net wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com *.appcues.net *.my.salesforce-sites.com ipapi.co 9frgh2i4b9.execute-api.us-east-1.amazonaws.com collegeboard--full.sandbox.my.salesforce-scrt.com collegeboard.my.salesforce-scrt.com signals.aimtell.com api.getambassador.com pagead2.googlesyndication.com *.googlevideo.com/videoplayback www.googleadservices.com google.com cs-chat.crmlms-prod.collegeboard.org; font-src 'self' *.collegeboard.org themes.googleusercontent.com fonts.gstatic.com data: moz-extension: use.fontawesome.com static3.avast.com at.alicdn.com cdn.loom.com/assets/fonts/ wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/output/chtml/fonts/woff-v2/; frame-src 'self' *.collegeboard.org service.force.com beacon.aimtell.com datacloudstat.com www.youtube.com ws-lmdc-app03.dhs.state.nj.us gateway.zscloud.net mozbar.moz.com *.id.opendns.com lsrelay-config-production.s3.amazonaws.com pg-sasscer-ckf04.pgcps.org static.deledao.com data: schools-blocked.s3-website-us-east-1.amazonaws.com calendly.com platform.twitter.com *.appcues.com credentialfinder.org apps.credentialengine.org *.webcasts.com td.doubleclick.net www.googletagmanager.com cb-zscaler-pages.s3.amazonaws.com us-east-1.quicksight.aws.amazon.com www.buzzsprout.com cdn.aimtell.com collegeboard--full.sandbox.my.site.com collegeboard.my.site.com; img-src 'self' *.collegeboard.org data: www.google.com googleads.g.doubleclick.net www.googletagmanager.com www.google.co.jp www.google.ca www.google.co www.google.jo translate.google.com d10lpsik1i8c69.cloudfront.net *.appcues.com res.cloudinary.com twemoji.maxcdn.com cdn.cookielaw.org signals.aimtell.com pagead2.googlesyndication.com www.googleadservices.com google.com img.youtube.com i.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.collegeboard.org cdnjs.cloudflare.com sdk.amazonaws.com cdn.cookielaw.org www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.youtube.com *.salesforceliveagent.com service.force.com ajax.cloudflare.com js-agent.newrelic.com bam.nr-data.net d10lpsik1i8c69.cloudfront.net s3.amazonaws.com/cdn.aimtell.com/ www.google.com static.lightning.force.com *.my.salesforce.com *.my.salesforce-sites.com apform.secure.force.com www.pagespeed-mod.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js assets.calendly.com platform.twitter.com *.appcues.com cb-zscaler-pages.s3.amazonaws.com www.buzzsprout.com cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/js.cookie.min.js collegeboard--full.sandbox.my.site.com collegeboard.my.site.com cdn.aimtell.com client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3.3.2/dist/fp.js pagead2.googlesyndication.com blue.mbsy.co https://athena.collegeboard.org/2.2.4/cbw-widgets.min.js https://atlas.collegeboard.org/apricot/prod/4.10.6/dx_profile.js https://atlas.collegeboard.org/apricot/prod/4.10.6/main.min.js https://bigfuture.collegeboard.org/widgets/v2/CollegeSearchAndSaveTypeahead.js https://cdn.jsdelivr.net/npm/html2canvas@1.3.2/dist/html2canvas.min.js https://cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/js.cookie.min.js https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/tex-mml-chtml.js https://github.com/mattfarina/farbtastic/blob/master/src/farbtastic.js; style-src 'self' 'unsafe-inline' *.collegeboard.org service.force.com translate.googleapis.com use.fontawesome.com apform.secure.force.com *.my.salesforce-sites.com d10lpsik1i8c69.cloudfront.net/css/reset.css fonts.googleapis.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com fonts.google.com collegeboard--full.sandbox.my.site.com collegeboard.my.site.com cdn.cookielaw.org https://atlas.collegeboard.org/apricot/prod/4.10.6/athena.min.css https://atlas.collegeboard.org/apricot/prod/4.10.6/dx_ckeditor.min.css https://atlas.collegeboard.org/apricot/prod/4.10.6/dx_profile.css https://atlas.collegeboard.org/apricot/prod/4.10.6/illustrations.css https://atlas.collegeboard.org/apricot/prod/4.10.6/main.min.css https://atlas.collegeboard.org/apricot/prod/4.6.1/org.css https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css; frame-ancestors 'self' credentialfinder.org; report-uri https://endpoint5.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV0RBARw3e7I1maofn0rkqtWoPBPNh0wBLdICmPwpVd0aV427YIAMoG3 2
style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com *.google.com cdn.ampproject.org; img-src * data: blob:; require-trusted-types-for 'script'; default-src 'self' *.gstatic.com storage.googleapis.com; object-src 'none'; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com *.cdn.ampproject.org; frame-src 'self' www.google.com *.youtube.com youtube.com accounts.google.com *.doubleclick.net apis.google.com optimize.google.com *.google.com *.cdn.ampproject.org https://www.gstatic.com/ https://www.youtube-nocookie.com/; connect-src 'self' cdn.ampproject.org *.google.com storage.googleapis.com https://services.google.com/fb/submissions/thekeywordtest/ https://services.google.com/fb/submissions/0a65d7733e1f11ea9701614fc033d30c/ *.gstatic.com gstatic.com *.cdn.ampproject.org *.doubleclick.net https://readaloud.googleapis.com/ *.google-analytics.com https://www.youtube.com/; base-uri 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' *.googleanalytics.com *.google-analytics.com *.youtube.com youtube.com optimize.google.com https://s.ytimg.com *.googletagmanager.com storage.googleapis.com *.googleapis.com *.google.com cdn.ampproject.org *.gstatic.com gstatic.com googleadservices.com *.googleadservices.com 'sha256-hdPneczWRi+c9LQVo+PzNzlNr9TacChC0CW0fiDBHkI=' 'sha256-DE/j4w1a1HDIXysWgFTrJCJK6JWEcHqScfyMr9zq9R4=' 'sha256-Ehy9lGqrTi8OqqWxX1HN6hKJT7iwwYMFJ+HLjpEobO0=' 'sha256-s/yvuH0ZHyO+7N8dM5CshPem4K1PknDExYN18xHq0LI=' 'sha256-MWQdkIAX5J//suH1t5P3PFFwFUiphY0PxD6VVzbBehQ=' 'sha256-587vJAV9t9k86IMQixmyKa7lbPaDhkGzrJsdngtoiAA=' 'sha256-nlbIOie3vmdUUZjQFDMa7iipxS6Qst8pPhTLjibMsRk=' 'sha256-+LJ+tgqOXIri3+D/uJC785tov3eXewv8x+Pkenx+3Z8=' 'sha256-PnD9J8UK8zpwVizQXkEtbZOvTiv9C/05Nn81NEwPBoQ=' 'sha256-LH1mE8uiAlSGs6/ejmL47sTk8G+/Hh6T1ydVxa0idaM=' 'sha256-GuPeLJgWIkkS7hCKcSc+mQs6jTN0D8QzfW624B4OMME=' 'sha256-CDqe41szG4ZmAxS54wSNKisRTrwu1wxcuRQv09PB3Nk=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-Q+8W9SyZ6wnayM05rLv0YuHooUH/nnzpE2XQZJ/ekjY=' 'sha256-1lOrojGb+aoV56bZpsODLpb+j+HHbONNEpX/YqVtiUU=' 'sha256-sAsQphoZozaLVFpcda3bvT5euqcGL4MqVnizAR+Xla4=' 'sha256-ZlqdbaXB1F4Evuv/nmY3QGBLFBbrfiNndyYxbgdQn7g=' 'sha256-OEwIbDcQTxJYhU2ONmKA0LutIDdkmge2c+9IPFv5vFE=' 'sha256-Iz9ZZz/rHQFiJs2bKOHSC82gR0WdD/37qrPCB65PCFg='; media-src 'self' data: *.gstatic.com storage.googleapis.com *.googlevideo.com 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.allrecipes.com; upgrade-insecure-requests; 2
frame-ancestors 'self'; upgrade-insecure-requests;form-action 'self' slashdot.org slashdot.us15.list-manage.com;fenced-frame-src https:; frame-src 'self' slashdot.org *.lijit.com btloader.com *.btloader.com *.btmessage.com http://*.pro-market.net *.crsspxl.com *.google.com *.googlesyndication.com *.safeframe.usercontent.goog *.doubleclick.net *.gstatic.com *.googleadservices.com *.adtrafficquality.google console.googletagservices.com *.amazon-adsystem.com challenges.cloudflare.com *.adnxs.com *.indexww.com *.rubiconproject.com *.pubmatic.com *.smartadserver.com *.tapad.com http://*.youtube.com http://*.youtube-nocookie.com player.twitch.tv slashdotmedia.com as.slashdot.org *.as.slashdot.org error-report.com *.error-report.com html-load.com *.html-load.com *.fb.html-load.com content-loader.com *.content-loader.com *.fb.content-loader.com css-load.com *.css-load.com 07c225f3.online *.07c225f3.online *.criteo.com *.openx.net *.pghub.io; object-src http://*.youtube.com;script-src 'self' slashdot.org *.slashdot.org slashdot.org *.slashdotmedia.com a.fsdn.com challenges.cloudflare.com *.lijit.com *.moatads.com *.adsafeprotected.com *.sharethrough.com *.2mdn.net *.adnxs.com *.bing.com *.script.ac *.ybp.yahoo.com *.adnxs-simple.com *.truste.com *.adrta.com pghub.io/js/pandg-sdk.js *.pubmatic.com ml314.com *.stack-sonar.com *.licdn.com translate.googleapis.com *.doubleclick.net *.googleadservices.com *.adtrafficquality.google translate.google.cn *.gstatic.cn *.google.com *.ampproject.org *.amazon-adsystem.com *.criteo.net *.creativecdn.com *.crwdcntrl.net *.uidapi.com *.im-apps.net *.euid.eu *.openxcdn.net *.id5-sync.com cdn.jsdelivr.net/gh/prebid/shared-id/ *.33across.com *.permutive.app *.consentmanager.net *.microsofttranslator.com *.gstatic.com *.googletagservices.com *.google-analytics.com *.googlesyndication.com *.cloudflareinsights.com d3tglifpd8whs6.cloudfront.net rpxnow.com btloader.com *.btmessage.com *.crsspxl.com http://*.pro-market.net *.4dex.io *.adnxs-simple.com *.s-onetag.com *.rubiconproject.com *.trustarc.com *.truste.com *.doubleverify.com *.tapad.com *.pghub.io pghub.io *.sharethru.com j.6sc.co as.slashdot.org *.as.slashdot.org html-load.com *.html-load.com *.fb.html-load.com content-loader.com *.content-loader.com *.fb.content-loader.com css-load.com *.css-load.com 07c225f3.online *.07c225f3.online cmp.inmobi.com *.inmobicdn.net blob: data: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' *.adobe.com; default-src blob: https: data: *.sprinklr.com wss://*.sprinklr.com *.liveperson.net wss://*.liveperson.net 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' *.cafe24.com *.cafe24shop.com *.hanpda.com *.wehost24.com 2
default-src https://*.peacocktv.com; form-action https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com https://*.qualtrics.com https://*.paypal.com; font-src 'self' data: https://*.peacocktv.com https://braze-images.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.peacocktv.com https://core.spreedly.com https://browser.sentry-cdn.com https://*.salesforceliveagent.com https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://*.optimizely.com https://nbcstreaming.sc.omtrdc.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://assets.adobedtm.com https://js.createsend1.com https://www.googletagmanager.com https://nbcuss.demdex.net https://jssdkcdns.mparticle.com https://www.google.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.google-analytics.com https://t.contentsquare.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://s0.ipstatp.com https://d.impactradius-event.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bat.bing.com https://*.onetrust.com https://s.yimg.com https://sp.analytics.yahoo.com https://*.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://s8t.teads.tv https://tr.snapchat.com https://www.paypal.com https://www.clarity.ms https://ct.pinterest.com https://*.qualtrics.com https://www.youtube.com https://content.zenimpact.io https://hub2.zenimpact.io https://insight-api-kgw.zenimpact.io https://cys26963.jscrambler.com https://d-code.liadm.com https://idx.liadm.com https://edge.fullstory.com https://rs.fullstory.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; connect-src 'self' localhost:* ws://localhost:* https://*.campaign.adobe.com https://*.peacocktv.com https://core.spreedly.com https://*.force.com https://*.salesforce.com https://*.my.salesforce.com https://*.salesforce-sites.com https://graph.facebook.com https://nbcuss.demdex.net https://*.mparticle.com https://createsend.com https://www.createsend.com https://www.facebook.com https://*.ott.sky.com https://sas-apm-prod.telemetry.nbcuott.com https://0d15692193ba43a8a9384fed500b3a1d.apm.us-east-1.aws.cloud.es.io https://sdk.iad-03.appboy.com https://sdk.iad-03.braze.com https://rest.iad-03.braze.com https://*.contentsquare.net https://*.optimizely.com https://ct.pinterest.com https://nbcstreaming.sc.omtrdc.net https://analytics.tiktok.com https://cdn.cookielaw.org https://*.onetrust.com https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr.snapchat.com https://www.google-analytics.com https://imp.i305175.net https://analytics.twitter.com https://dpm.demdex.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://*.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://*.paypal.com https://api.ipify.org https://www.redditstatic.com https://analytics.pangle-ads.com https://*.analytics.google.com https://stats.g.doubleclick.net https://tr6.snapchat.com https://*.clarity.ms https://*.qualtrics.com https://subscriber-incentives.pickaxe.ai https://content.zenimpact.io https://hub2.zenimpact.io https://idx.liadm.com https://rp.liadm.com https://rp4.liadm.com https://insight-api-kgw.zenimpact.io https://cys26963.jscrambler.com https://nbcu-ds-svr-side-tag-dev-001.ue.r.appspot.com https://edge.fullstory.com https://rs.fullstory.com https://browser-intake-datadoghq.com https://ara.paa-reporting-advertising.amazon https://www.google.com https://logx.optimizely.com https://*.optimizely.com https://*.ravelin.click; img-src 'self' data: localhost:* blob: https://peacocktv.com https://*.peacocktv.com https://t.co https://www.facebook.com https://nbcstreaming.sc.omtrdc.net https://www.google.com https://www.google.co.uk https://us-gmtdmp.mookie1.com https://www.google-analytics.com https://*.contentsquare.net https://stats.g.doubleclick.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://d.agkn.com https://s0.ipstatp.com https://alb.reddit.com https://ct.pinterest.com https://business.topbuzz.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://*.onetrust.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://roost.nbcuni.com https://*.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://a.teads.tv https://s8t.teads.tv https://www.paypalobjects.com https://*.scene7.com https://ad.doubleclick.net https://cm.everesttech.net https://*.qualtrics.com https://content.zenimpact.io https://hub2.zenimpact.io https://rp.liadm.com https://rp4.liadm.com https://cnv.event.prod.bidr.io https://rs.fullstory.com https://www.googletagmanager.com https://dpm.demdex.net https://cdn.optimizely.com https://braze-images.com; style-src 'self' 'unsafe-inline' https://*.peacocktv.com https://*.force.com https://*.salesforce-sites.com https://*.my.salesforce.com https://cdn.cookielaw.org https://*.onetrust.com https://content.zenimpact.io https://hub2.zenimpact.io; media-src 'self' data: blob: localhost:* https://peacocktv.com https://*.peacocktv.com https://roost.nbcuni.com https://content.zenimpact.io https://hub2.zenimpact.io; frame-src https://core.spreedly.com https://www.peacocktv.com/sas-3dsecure https://*.peacocktv.com https://nbcuss.demdex.net https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com https://*.fls.doubleclick.net https://td.doubleclick.net https://imp.i305175.net https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://peacockprincess22.creativezing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr6.snapchat.com https://pinterest.com http://ct.pinterest.com https://match.adsrvr.org https://*.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://www.youtube.com https://*.paypal.com https://*.optimizely.com https://*.qualtrics.com https://open.spotify.com https://content.zenimpact.io https://hub2.zenimpact.io https://www.googletagmanager.com https://a18154240447.cdn.optimizely.com https://a18154240447.cdn-pci.optimizely.com; block-all-mixed-content; upgrade-insecure-requests; 2
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' https: ;    style-src 'self' 'unsafe-inline' https://s-static.innovid.com https://fonts.googleapis.com https://www.lightboxcdn.com https://www.zeropartyforms.com;    img-src 'self' blob: data: https: ;    font-src 'self' data: https://fonts.gstatic.com;    connect-src 'self' wss: https: ;    media-src 'self' blob: data: https:;    object-src 'self' blob: data:;    base-uri 'self';    form-action 'self';    worker-src 'self' blob:;    frame-ancestors 'self' https://app.contentful.com https://www.google.com;    frame-src 'self' https: ;    ; 2
default-src 'self' 'unsafe-inline' data:;;script-src 'self' 'unsafe-eval' 'unsafe-inline' players.brightcove.net vjs.zencdn.net *.contentsquare.net app.contentsquare.com;;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' siteintercept.qualtrics.com zn1ozcgbmcuc4phgv-allaccor.siteintercept.qualtrics.com cdn.cookielaw.org www.googletagmanager.com players.brightcove.net js.hcaptcha.com  *.contentsquare.net;;style-src 'self' 'unsafe-inline' players.brightcove.net;;style-src-elem 'self' 'unsafe-inline';;img-src https: data: 'self' 'unsafe-inline' players.brightcove.net *.boltdns.net *.akamaihd.net *.contentsquare.net;;frame-src https://www.google.com https://charts.symex.be https://players.brightcove.net https://newassets.hcaptcha.com https://allaccor.qualtrics.com;;connect-src 'self' 'unsafe-inline' https://privacyportal-de.onetrust.com/ https://*.google-analytics.com https://cdn.cookielaw.org https://siteintercept.qualtrics.com https://rum-ingest.eu0.signalfx.com https://*.brightcovecdn.com https://manifest.prod.boltdns.net https://accor.symex.be https://*.algolia.net https://players.brightcove.net https://edge.api.brightcove.com *.contentsquare.net *.contentsquare.com;;media-src 'self' blob: *.brightcovecdn.com *.boltdns.net;;worker-src 'self' blob:;;child-src blob:; 2
frame-ancestors 'self' https://*.webflow.com https://webflow.com https://app.intellimize.com 2
frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com https://philipsigtdpv.com 2
default-src 'self' *.trafficjunky.com *.trafficjunky.net blob: ; script-src 'self' *.trafficjunky.com 'unsafe-inline' 'unsafe-eval' www.google.com www.googletagmanager.com *.gstatic.com *.pendo.io *.googleapis.com blob: unpkg.com connect.facebook.net snap.licdn.com cdn.debugbear.com *.anura.io *.redditstatic.com accounts.google.com www.googleapis.com static.trafficjunky.com ; connect-src 'self' *.trafficjunky.com mgpg2.probiller.com mgpg.stage.pbk8s.com www.facebook.com www.google.com maps.googleapis.com *.google-analytics.com *.googlesyndication.com *.linkedin.com *.pendo.io *.trafficjunky.net data.debugbear.com *.anura.io api.fpjs.io *.redditstatic.com pixel-config.reddit.com ads.reddit.com accounts.google.com www.googleapis.com ; img-src 'self' https: data: alb.reddit.com ; style-src 'self' *.trafficjunky.com 'unsafe-inline' *.googleapis.com *.pendo.io accounts.google.com ; font-src 'self' *.trafficjunky.com *.gstatic.com ; media-src 'self' https: ; frame-src 'self' *.trafficjunky.com *.trafficjunky.net static.trafficjunky.com www.google.com www.googletagmanager.com *.geekadm.net api.yoti.com www.youtube.com app.pendo.io accounts.google.com ; frame-ancestors none 2
upgrade-insecure-requests;frame-ancestors 'self' https://*.sueddeutsche.de https://*.jetzt.de https://*.szcms.de https://*.szdm.io; 2
frame-ancestors 'self' https://afiliados.locaweb.com.br 2
base-uri 'self' *.adform.net https://cdn.justpremium.com; font-src 'self' https: data: *.taboola.com; form-action 'self'; frame-ancestors *; img-src 'self' https: data: *.testfaz.net *.faz.net *.taboola.com; object-src 'self'; script-src-attr 'unsafe-inline'; style-src https: 'unsafe-inline' 'self' *.testfaz.net *.faz.net *.taboola.com; script-src 'unsafe-inline' 'unsafe-eval' https: *; upgrade-insecure-requests; connect-src *; default-src 'self' https:; frame-src *; media-src 'self' https: data:; worker-src * blob:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hm.baidu.com https://www.googletagmanager.com https://static.tenda.com.cn https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https://static.tenda.com.cn; font-src 'self' data:; connect-src 'self' https://hm.baidu.com http://120.26.46.230:8080 https://ipapi.co/json/ https://extreme-ip-lookup.com/ https://www.googletagmanager.com https://static.tenda.com.cn https://www.google-analytics.com; worker-src 'self' blob:; frame-src 'self' https://hm.baidu.com https://static.tenda.com.cn https://www.googletagmanager.com https://www.google-analytics.com; frame-ancestors 'self'; report-uri /csp-report-endpoint; 2
base-uri 'self'; connect-src 'self' https://api.github.com/repos/ https://api.github.com/search/issues https://gitlab.com/api/ https://analytics.python.org *.ethicalads.io https://api.pwnedpasswords.com https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/sre/mathmaps/ https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self'; form-action 'self' https://checkout.stripe.com https://billing.stripe.com; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://pypi-camo.freetls.fastly.net/ *.ethicalads.io ethicalads.blob.core.windows.net; script-src 'self' https://analytics.python.org *.ethicalads.io 'sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0=' https://cdn.jsdelivr.net/npm/mathjax@3.2.2/ 'sha256-1CldwzdEg2k1wTmf7s5RWVd7NMXI/7nxxjJM2C4DqII=' 'sha256-0POaN8stWYQxhzjKS+/eOfbbJ/u4YHO5ZagJvLpMypo='; style-src 'self' *.ethicalads.io 'sha256-2YHqZokjiizkHi1Zt+6ar0XJ0OeEy/egBnlm+MDMtrM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-JLEjeN9e5dGsz5475WyRaoA4eQOdNPxDIeUhclnJDCE=' 'sha256-mQyxHEuwZJqpxCw3SLmc4YOySNKXunyu2Oiz1r3/wAE=' 'sha256-OCf+kv5Asiwp++8PIevKBYSgnNLNUZvxAp4a7wMLuKA=' 'sha256-h5LOiLhk6wiJrGsG5ItM0KimwzWQH/yAcmoJDJL//bY=' 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.verywellhealth.com; upgrade-insecure-requests; 2
default-src https: data: blob: ws: wss: mailto: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://*.clickup.com 2
default-src 'none'; connect-src 'self' https://admin.hostpoint.ch https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.googleadservices.com https://google.com https://ad.doubleclick.net https://*.google.com https://*.google.ch https://*.google.at https://*.google.de https://*.google.fr https://*.google.it https://*.google.li https://*.googleapis.com https://*.gstatic.com https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://bat.bing.com https://*.clarity.ms https://hostpointag.recruitee.com https://analytics.twitter.com https://t.co; font-src 'self' https://fonts.gstatic.com https://*.hotjar.com; form-action 'self' https://admin.hostpoint.ch https://www.facebook.com; frame-ancestors 'self' https://www.jobs.ch; frame-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://maps.google.com https://www.google.com https://www.facebook.com; img-src 'self' data: https://banner.hostpoint.ch https://hostpoint-static.ch https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ch https://*.google.at https://*.google.de https://*.google.fr https://*.google.it https://*.google.li https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://google.com https://www.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://www.facebook.com https://*.hotjar.com https://*.ads.linkedin.com https://bat.bing.com https://analytics.twitter.com https://t.co; media-src 'self' https://hostpoint-static.ch; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://connect.facebook.net https://*.hotjar.com https://px.ads.linkedin.com https://snap.licdn.com https://www.linkedin.com https://sjs.bizographics.com https://bat.bing.com https://*.clarity.ms https://analytics.twitter.com https://static.ads-twitter.com https://twitter.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://*.hotjar.com; block-all-mixed-content; report-uri https://hostpoint.uriports.com/reports/report; report-to default; 2
frame-ancestors 'self' https://redis.io https://app.mutinyhq.com 2
default-src https:; child-src blob: https:; connect-src blob: https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src blob: https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 2
child-src 'unsafe-inline' 'self' *.directnic.net *.livechatinc.com *.livechat.s3.amazonaws.com *.livechat-files.com *.paypal.com *.google.com *.youtube.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.g.doubleclick.net *.braintree.com *.hcaptcha.com; frame-ancestors 'self' directnic.net; 2
frame-ancestors 'self'; frame-src 'self' https://www.googletagmanager.com https://sslcheck.securly.com https://cse.google.com https://js.hs-scripts.com https://s3.amazonaws.com https://sendy.securly.com https://www.youtube.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://boards.greenhouse.io https://js.driftt.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.google-analytics.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://player.vimeo.com https://js.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://td.doubleclick.net https://app.qualified.com https://ajax.googleapis.com https://job-boards.greenhouse.io https://js.qualified.com https://consent-pref.trustarc.com https://submit-irm.trustarc.com https://*.adtrafficquality.google https://fast.wistia.com https://fast.wistia.net; connect-src 'self' https://www.googletagmanager.com https://sslcheck.securly.com https://cse.google.com https://js.hs-scripts.com https://s3.amazonaws.com https://sendy.securly.com https://www.youtube.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://boards.greenhouse.io https://boards-api.greenhouse.io https://my.greenhouse.io https://js.driftt.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.google-analytics.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://player.vimeo.com https://js.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://td.doubleclick.net https://app.qualified.com https://ajax.googleapis.com https://job-boards.greenhouse.io https://js.qualified.com https://consent-pref.trustarc.com https://submit-irm.trustarc.com https://consent.trustarc.com https://pagead2.googlesyndication.com https://*.googlesyndication.com https://*.google.com https://*.adtrafficquality.google https://forms.hsforms.com https://*.s3.amazonaws.com https://ws2.qualified.com wss://ws2.qualified.com https://*.aptrinsic.com https://scout.salesloft.com https://*.wistia.com https://*.wistia.net https://*.litix.io https://*.algolia.net; 2
frame-ancestors 'self' *.shutterfly.com *.tinyprints.com *.onehippo.io *.bloomreach.cloud; 2
default-src 'none'; script-src 'self' cdn.robinhood.com cdn.pdst.fm/ping.min.js 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com ssl.google-analytics.com connect.facebook.net sc-static.net d.impactradius-event.com www.redditstatic.com analytics.tiktok.com boards.greenhouse.io bat.bing.com www.googleadservices.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ web-sdk-cdn.singular.net/singular-gtm-interface/latest/singular-gtm-interface.js web-sdk-cdn.singular.net/singular-sdk/latest/singular-sdk.js static.ads-twitter.com s.yimg.com *.usercentrics.eu snap.licdn.com collector-47804.us.tvsquared.com/tv2track.js js.stripe.com ; worker-src 'self' blob: ; frame-src www.google.com/recaptcha/ www.youtube.com/iframe_api/ www.youtube.com/embed/ www.googletagmanager.com boards.greenhouse.io tr6.snapchat.com tr.snapchat.com fcm.quick1fr.com js.stripe.com *.usercentrics.eu https://preview.widgets.ninetailed.io/ https://*.fls.doubleclick.net/ ; style-src 'self' 'unsafe-inline' cdn.robinhood.com tagmanager.google.com fonts.googleapis.com ; font-src 'self' cdn.robinhood.com js.stripe.com data: ; media-src 'self' cdn.robinhood.com *.usercentrics.eu videos.ctfassets.net/ilblxxee70tt/ videos.ctfassets.net/1hpl803w8xsv/ ; img-src 'self' images.robinhood.com px4.ads.linkedin.com cdn.robinhood.com www.google-analytics.com stats.g.doubleclick.net i.ytimg.com/vi/ images.ctfassets.net downloads.ctfassets.net www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com www.google.com www.googleadservices.com tr.snapchat.com tr6.snapchat.com bat.bing.com googleads.g.doubleclick.net ad.doubleclick.net pixel.pointmediatracker.com cnv.event.prod.bidr.io/log/cnv data: alb.reddit.com analytics.twitter.com t.co sp.analytics.yahoo.com *.usercentrics.eu cdn.blisspointmedia.com/assets/img/ px.ads.linkedin.com collector-47804.us.tvsquared.com/tv2track.php images.ctfassets.net/ilblxxee70tt/ images.ctfassets.net/1hpl803w8xsv/ https://lh7-us.googleusercontent.com https://lh7-rt.googleusercontent.com ; frame-ancestors 'self' https://app.contentful.com ; manifest-src 'self' cdn.robinhood.com ; connect-src 'self' robinhood.com *.robinhood.com *.x1creditcard.com *.apollo.rhinternal.net www.google-analytics.com stats.g.doubleclick.net bat.bing.com/actionp/ bat.bing.com/p/conversions/ us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink ssl.google-analytics.com analytics.google.com sentry.io o62437.ingest.sentry.io www.googletagmanager.com tagmanager.google.com www.google.com/ccm/collect www.google.com/gmp/conversion www.google.com/pagead/1p-conversion/ www.google.com/recaptcha/ www.googleadservices.com/pagead/conversion/ www.facebook.com/privacy_sandbox/topics/registration/ ad.doubleclick.net www.redditstatic.com/ads/conversions-config/v1/pixel/config/ pixel-config.reddit.com/pixels/ conversions-config.reddit.com/v1/pixel/ analytics.tiktok.com sdk-api-v1.singular.net/api/v1/event boards-api.greenhouse.io preview.contentful.com cdn.contentful.com experience.ninetailed.co s.yimg.com *.usercentrics.eu api.instagram.com/ px.ads.linkedin.com assets.ctfassets.net/ilblxxee70tt/ assets.ctfassets.net/1hpl803w8xsv/ https://ingest.insights.ninetailed.co js.stripe.com ; upgrade-insecure-requests; block-all-mixed-content; report-uri https://o62437.ingest.sentry.io/api/1336410/security/?sentry_key=dadc326d25814a55b5486cb04f439a29; base-uri 'self' 2
base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 2
connect-src 'self' *.adentifi.com *.adnxs.com *.adobeaemcloud.com *.agkn.com *.analytics.google.com *.awswaf.com *.azurefd.net *.bing.com *.buyatoyota.com *.cloudfunctions.net *.contentsquare.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.gstatic.com *.ipredictive.com *.lexus.com *.linkedin.com *.omtrdc.net *.rlcdn.com *.scene7.com *.teads.tv *.tomtom.com *.toyota.com *.toyotafinancial.com *.turn.com *.undertone.com *.yimg.com ads.scorecardresearch.com adserv.mobi alb.reddit.com api.iperceptions.com api.retargetly.com ara.paa-reporting-advertising.amazon at.alicdn.com bat.bing-int.com bat.bing.net browser-intake-datadoghq.com c.amazon-adsystem.com cdn.appdynamics.com cm.everesttech.net col.eum-appdynamics.com collection.decibelinsight.net conv-pix.adstk.io conversions-config.reddit.com ct.pinterest.com data: doh.cq0.co dpm.demdex.net dsp.tk0x1.com dsum-sec.casalemedia.com engagement-provider-preprod.iperceptions.com evnt.byspotify.com fonts.gstatic.com gdpr.loopme.com google.com i18n.contentsquare.com insight.adsrvr.org invite-preprod.iperceptions.com ips-invite.iperceptions.com jnn-pa.googleapis.com kcc0.com lciapi.ninthdecimal.com ldti.syndication.kbb.com lm.serving-sys.com login.microsoftonline.com manage-api.ensighten.com maps.googleapis.com maps.gstatic.com match.adsrvr.org nexus-test.ensighten.com nexus.ensighten.com noembed.com pagead2.googlesyndication.com peornia-comargers.icu pixall.esm1.net pixel-config.reddit.com pixel.admedia.com pixel.logtrackback.com pixel.quantserve.com pixel.sitescout.com pixels.spotify.com post.iperceptions.com privacy.ensighten.com pt.ispot.tv px.gumgum.com rum.hlx.page s-a.innovid.com s.amazon-adsystem.com s.pinimg.com sd.iperceptions.com secure-ds.serving-sys.com secure.insightexpressai.com simage2.pubmatic.com snap.licdn.com snapshot.carfax.com sp.analytics.yahoo.com sync-eu.connectad.io tagging-staging.shiftdigitalapps.io tagging.shiftdigitalapps.io tags.srv.stackadapt.com tags.w55c.net tapestry.tapad.com tcrp-stg.mmq.telematicsct.com tcrp.mmq.telematicsct.com tk0x1.com toyota.demdex.net toystortemplatingengprod.blob.core.windows.net toystortemplatingengqa.blob.core.windows.net tr.snapchat.com tr6.snapchat.com universal.iperceptions.com wss://*.toyota.com www.googleadservices.com www.googletagmanager.com www.pinterest.com www.redditstatic.com www.youtube.com x.bidswitch.net zen-dco.innovid.com zz.connextra.com; default-src 'self' *.toyota.com login.microsoftonline.com; font-src 'self' *.lexus.com *.linkedin.com *.toyota.com assets.alicdn.com at.alicdn.com data: fonts.googleapis.com fonts.gstatic.com login.microsoftonline.com manage.ensighten.com snap.licdn.com; frame-src 'self' *.adnxs.com *.bing.com *.contentsquare.net *.doubleclick.net *.ep-mimecast.snapchat.com *.facebook.com *.flashtalking.com *.google.com *.lexus.com *.teads.tv *.toyota.com bs.serving-sys.com col.eum-appdynamics.com collection-api.preprod.astutevoc.com ct.pinterest.com feedback.emplifi.io insight.adsrvr.org lciapi.ninthdecimal.com ldti.syndication.kbb.com login.microsoftonline.com m.youtube.com match.adsrvr.org pixall.esm1.net pixel.admedia.com pixel.rubiconproject.com rtb.adgrx.com rtr.innovid.com s.amazon-adsystem.com toyota-shopper-widget.zappy-ride.com toyota.demdex.net toyota.evlife.co tr.snapchat.com universal-preprod.iperceptions.com universal.iperceptions.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com; img-src 'self' *.adentifi.com *.adnxs.com *.adobeaemcloud.com *.agkn.com *.azurefd.net *.bing.com *.buyatoyota.com *.cloudfront.net *.contentsquare.net *.doubleclick.net *.facebook.com *.facebook.net *.flashtalking.com *.google.co.in *.google.com *.inventoryrsc.com *.ipredictive.com *.lexus.com *.linkedin.com *.rlcdn.com *.scene7.com *.setproductsetup.com *.taboola.com *.taboolasyndication.com *.teads.tv *.toyota.com *.tribalfusion.com *.turn.com *.tvsquared.com *.undertone.com *.vindicosuite.co *.yimg.com 1f2e7.v.fwmrm.net abs.twimg.com acuityplatform.com ade.googlesyndication.com ads.scorecardresearch.com ads.stickyadstv.com adserv.mobi adservice.google.co.uk adswizz.com ag.innovid.com alb.reddit.com analytics.twitter.com api.retargetly.com arttrk.com bat.bing.net bs.serving-sys.com campaignmanager.com cm.everesttech.net cognitivlabs.com col.eum-appdynamics.com conv-pix.adstk.io ct.pinterest.com data.privacy.ensighten.com data: dealer-content-management-dev.azurewebsites.net dealer-content-management.azurewebsites.net dev.day.com dpm.demdex.net dsp.tk0x1.com dsum-sec.casalemedia.com eb2.3lift.com engagetosell.com fonts.gstatic.com gep-tmna--ccmsit.sandbox.my.salesforce-scrt.com gep-tmna--ccmsit.sandbox.my.site.com gep-tmna--ccmstaging.sandbox.my.salesforce-scrt.com gep-tmna--suprasdev.sandbox.my.salesforce-scrt.com gep-tmna--suprasdev.sandbox.my.site.com gep-tmna--suprasqa.sandbox.my.salesforce-scrt.com gep-tmna--suprasqa.sandbox.my.site.com gep-tmna.my.salesforce-scrt.com gep-tmna.my.site.com hb.yahoo.net hitcount-preprod.iperceptions.com i.ytimg.com img.alicdn.com insight.adsrvr.org ips-img.iperceptions.com ips-invite.iperceptions.com jadserve.postrelease.com kargo.com kcc0.com lciapi.ninthdecimal.com ldti.syndication.kbb.com log.pinterest.com login.microsoftonline.com maps.googleapis.com maps.gstatic.com match.adsrvr.org match.prod.bidr.io media.sabio.us mpp.vindicosuite.com nexus-test.ensighten.com nodetracker.datawrkz.com odr.mookie1.com pagead2.googlesyndication.com pbs.twimg.com peornia-comargers.icu photosite.setoyota.com pippio.com pixall.esm1.net pixel-ssn.quantserve.com pixel-sync.sitescout.com pixel.logtrackback.com pixel.quantserve.com pixel.rubiconproject.com pixel.sitescout.com pixel.tapad.com portphotos.setoyota.com pr-bh.ybp.yahoo.com pt.ispot.tv px.gumgum.com rtb.adgrx.com rtr.innovid.com s-a.innovid.com s.amazon-adsystem.com sd.iperceptions.com secure-ds.serving-sys.com secure.insightexpressai.com simage2.pubmatic.com snap.licdn.com snapshot.carfax.com sp.analytics.yahoo.com static.carfax.com static.reportdelivery.production.aws.carfax.io stats.wordpress.com sync.crwdcntrl.net sync.search.spotxchange.com t.co t.mookie1.com tag.tapad.com tagging-staging.shiftdigitalapps.io tagging.shiftdigitalapps.io tags.bluekai.com tags.srv.stackadapt.com tags.w55c.net tapestry.tapad.com tk0x1.com tmsappqstorage01.blob.core.windows.net toyota.com toystortemplatingengprod.blob.core.windows.net toystortemplatingengqa.blob.core.windows.net trkn.us tubemogul.com twittercounter.com unrulymedia.com ups.analytics.yahoo.com us-u.openx.net www.google-analytics.com www.google.co.uk www.googleadservices.com www.googletagmanager.com www.gstatic.com www.pinterest.com www.youtube.com x.bidswitch.net yt3.ggpht.com zen-dco.innovid.com zz.connextra.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adnxs.com *.agkn.com *.awswaf.com *.azureedge.net *.azurefd.net *.bing.com *.buyatoyota.com *.cobrowse.oraclecloud.com *.contentsquare.com *.contentsquare.net *.doubleclick.net *.facebook.net *.force.com *.google.com *.lexus.com *.linkedin.com *.liveagentforsalesforce.com *.phenompeople.com *.rfihub.net *.rlcdn.com *.salesforceliveagent.com *.teads.tv *.tomtom.com *.toyota.com *.tribalfusion.com *.turn.com *.tvsquared.com *.yimg.com adserv.mobi api.retargetly.com assets.adobedtm.com assets.sitescdn.net bat.bing-int.com bs.serving-sys.com c.amazon-adsystem.com cdn.appdynamics.com cdn.decibelinsight.net cdn.pdst.fm cnv.event.prod.bidr.io consent.cookiebot.com cstatic.weborama.fr ct.pinterest.com ctcp.cybage.com dts.innovid.com ethn.io g.alicdn.com gep-tmna--ccmsit.sandbox.my.salesforce-scrt.com gep-tmna--ccmsit.sandbox.my.site.com gep-tmna--ccmstaging.sandbox.my.salesforce-scrt.com gep-tmna--suprasdev.sandbox.my.salesforce-scrt.com gep-tmna--suprasdev.sandbox.my.site.com gep-tmna--suprasqa.sandbox.my.salesforce-scrt.com gep-tmna--suprasqa.sandbox.my.site.com gep-tmna.my.salesforce-scrt.com gep-tmna.my.site.com global.toyota gnrcp.cybage.com i.loopme.me imgs.signifyd.com ips-invite.iperceptions.com js.adsrvr.org js.adstk.io ldti.syndication.kbb.com live.rezync.com login.microsoftonline.com maps.googleapis.com media.fraud.net nexus-test.ensighten.com nexus.ensighten.com onetag.tws.toyota.jp pagead2.googlesyndication.com peornia-comargers.icu pixel.admedia.com pixel.byspotify.com pixel.mathtag.com privacy.ensighten.com resources.digital-cloud.medallia.com rules.quantcount.com rum.hlx.page s-static.innovid.com s.pinimg.com s2.go-mpulse.net s7.addthis.com sc-static.net script.hotjar.com scripts.inmarkethub.com sd.iperceptions.com secure-ds.serving-sys.com secure.ethicspoint.com secure.quantserve.com snap.licdn.com snapshot.carfax.com static.ads-twitter.com static.hotjar.com tagging-staging.shiftdigitalapps.io tagging.shiftdigitalapps.io tags.bluekai.com tags.srv.stackadapt.com toyota.com toyotaeffect.com tr.snapchat.com universal-preprod.iperceptions.com universal.iperceptions.com universaldefinitionsdev.blob.core.windows.net us.connextra.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.toyota.ca www.toyota.mx www.toyotafinancial.com www.toyotaipsolutions.com www.toyotamobility.com www.youtube-nocookie.com www.youtube.com www1.toyotaoutfitters.com; style-src 'self' 'unsafe-inline' *.lexus.com *.tomtom.com *.toyota.com fonts.googleapis.com gep-tmna--ccmsit.sandbox.my.salesforce-scrt.com gep-tmna--ccmsit.sandbox.my.site.com gep-tmna--ccmstaging.sandbox.my.salesforce-scrt.com gep-tmna--suprasdev.sandbox.my.salesforce-scrt.com gep-tmna--suprasdev.sandbox.my.site.com gep-tmna--suprasqa.sandbox.my.salesforce-scrt.com gep-tmna--suprasqa.sandbox.my.site.com gep-tmna.my.salesforce-scrt.com gep-tmna.my.site.com manage-api.ensighten.com nexus-test.ensighten.com nexus.ensighten.com privacy.ensighten.com snapshot.carfax.com tags.srv.stackadapt.com www.gstatic.com www.youtube.com; child-src 'self' blob:; media-src 'self' *.doubleclick.net *.toyota.com dts.innovid.com m.youtube.com pdst.fm s-static.innovid.com www.googleadservices.com www.youtube-nocookie.com www.youtube.com; worker-src 'self' 'unsafe-inline' *.toyota.com blob: data:;upgrade-insecure-requests; report-uri https://prod.webservices.toyota.com/csp-report 2
frame-ancestors 'self' https://www.northpass.com https://gainsight.pathfactory.com https://content.gainsight.com 2
default-src 'self';object-src 'none';manifest-src 'none';media-src 'self' blob: https://channel.sas.com https://service.sas.com *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.sas.com assets.adobedtm.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com *.visualwebsiteoptimizer.com app.vwo.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.mrpfd.com d3js.org https://web.cvent.com *.boltdns.net players.brightcove.net *.brightcove.com *.akamaihd.net *.brightcovecdn.com vjs.zencdn.net;style-src 'self' data: 'unsafe-inline' https://cdn.developer.sas.com https://player.interactivity.brightcove.com players.brightcove.net https://fonts.googleapis.com https://script.crazyegg.com *.visualwebsiteoptimizer.com app.vwo.com;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com assets.adobedtm.com players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io;font-src 'self' data: https://www.sas.com https://cdn.developer.sas.com https://www.jmp.com https://fonts.gstatic.com https://player.interactivity.brightcove.com players.brightcove.net; connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com *.visualwebsiteoptimizer.com app.vwo.com;frame-src 'self' sas.navattic.com assets.adobedtm.com www.youtube.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com *.amuselabs.com amuselabs.com *.jmp.com *.outgrow.us *.service-now.com *.visualize-roi.com *.brightcove.com players.brightcove.net https://www.googletagmanager.com https://px.anteriad.com https://web.cvent.com https://event-guestside-app-pr50.cvent-production.cvent.cloud *.visualwebsiteoptimizer.com app.vwo.com;worker-src 'self' blob:;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wistia.net wistia.net *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io demandbase.com *.demandbase.com company-target.com *.company-target.com venafi.cloud *.venafi.cloud venafi.eu *.venafi.eu vimeo.com *.vimeo.com data: blob:; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.dish.com; 2
default-src 'self'; script-src 'self' 'report-sample' www.gstatic.com www.recaptcha.net fonts.googleapis.com 'nonce-vlcjDCGGepmlHzL/r2ABdg=='; style-src 'self' 'report-sample' https://fonts.googleapis.com 'nonce-vlcjDCGGepmlHzL/r2ABdg=='; object-src 'none'; base-uri 'self'; connect-src 'self' www.recaptcha.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' www.recaptcha.net; frame-ancestors 'none'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none' 2
frame-ancestors https://poshmark.lightning.force.com *.goshd.com *.goshd.ca *.poshmark.com; report-uri https://poshmark.report-uri.com/r/t/csp/enforce 2
frame-ancestors 'self' https://workforceexperience.hp.com https://wordpress.workforceexperience.hp.com https://test.ecosystems.us; 2
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com.cn https://smb.apple.com swdlp.apple.com www.apple.com.cn www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: apple.com *.apple.com *.apple.com.cn *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com *.apple.com.cn 2
default-src 'self' https: *.mercedes-benz.com *.mercedes-benz.de *.corpinter.net *.usercentrics.eu *.googletagmanager.com *.krxd.net *.day.com *.anythingabout.net *.system360gmbh.de *.mercedes-benz-classic.com *.speedcurve.com alltime-stars.com cdn.jsdelivr.net *.mb-lounge.com *.eventbase.com narando.com *.narando.com *.googleapis.com maxcdn.bootstrapcdn.com cdn.plyr.io *.youtube.com *.youtube-nocookie.com *.ytimg.com *.google-analytics.com *.google.com *.google.de *.doubleclick.net shop.nostalgic.de *.gstatic.com cdn.ampproject.org amp.azure.net *.windows.net cmsdata.net booking-widget.quandoo.de api.corpinter.net *.facebook.net *.facebook.com *.atdmt.com *.adobe.com www.kinoheld.de mb-prototypes.swhost.in *.go-mpulse.net *.akstat.io my.matterport.com snap.licdn.com *.ads.linkedin.com p.adsymptotic.com *.linkedin.oribi.io sjs.bizographics.com embed.gomexlive.com data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.mercedes-benz.com; 2
frame-ancestors 'self' *.cnbc.com *.ms.now 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.southernliving.com; upgrade-insecure-requests; 2
default-src 'self' ; style-src  https: 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://privacy-cs.mail.ru/static/ https://top-fwz1.mail.ru/ https://yastatic.net/ https://cdn.ckeditor.com/ https://morp.firstvds.ru/ https://vk.com/ https://www.youtube.com/ https://cse.google.com/ wss://*.chathost.ru/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.firstvds.ru/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://mc.yandex.com/ https://smartcaptcha.yandexcloud.net/ https://www.gstatic.com/ https://cdn.botfaqtor.ru/ 'unsafe-inline'; img-src * data: blob:; connect-src 'self' https://analytics.google.com/ https://stats.g.doubleclick.net/ https://api.carrottrack.app/ https://www.google-analytics.com/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://mc.yandex.ru/ wss://*.carrotquest.app/ https://mc.yandex.ru/ https://mc.yandex.com/ wss://*.chathost.ru/ https://*.chathost.ru/ https://*.botfaqtor.ru/ https://firstvds.live/status; frame-src 'self' https://mc.yandex.ru/ https://smartcaptcha.yandexcloud.net/ https://morp.firstvds.ru/ https://www.youtube.com/ https://www.google.com/ https://*.botfaqtor.ru/; font-src 'self' data: https://fonts.gstatic.com/ https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'none'; frame-ancestors 'self' https://metrika.yandex.ru/ http://webvisor.com; 2
default-src 'self'; img-src 'self' data:; script-src 'self' 'sha256-J/tux0AP4WAYsCxprPoE+2XJ+XNJ8Esd8nCF8o/diiw='; style-src 'self' 'unsafe-inline'; 2
frame-ancestors https://*.phoenix.razer.com https://www.razer.com; object-src 'none'; 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.ew.com; upgrade-insecure-requests; 2
frame-ancestors 'self' https://tpc.googlesyndication.com 2
default-src 'self' *.vidyard.com *.onetrust.com *.zi-scripts.com *.salesloft.com; frame-ancestors 'self'; form-action *; object-src 'none'; base-uri 'none'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src *; worker-src * blob:; frame-src * blob:; font-src * data:; media-src * blob:; 2
default-src 'self' fonts.googleapis.com *.gstatic.com data: 'unsafe-inline' 'unsafe-eval' blob: zenodo-broker.web.cern.ch zenodo-broker-qa.web.cern.ch maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ajax.googleapis.com webanalytics.web.cern.ch 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.eatingwell.com; upgrade-insecure-requests; 2
frame-ancestors 'self' *.everydayhealth.com *.infermedica.com *.ceros.com *.opinionstage.com *.doctor.com *.googleapis.com *.zdbb.net *.specless.tech *.specless.io *.totalbrain.com *.migraineagain.com *.epionhealth.com 2
default-src 'self' customer-cubrih08bflu3z2b.cloudflarestream.com pages.churnbuster.io ghbtns.com *.algolia.net help.ghost.io resources.ghost.io tutorials.ghost.io changelog.ghost.io t.firstpromoter.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn.jsdelivr.net https://cdn.firstpromoter.com proxy-assets.churnbuster.io https://static.ads-twitter.com embed.ghoststatus.org https://www.dubcdn.com/analytics/script.js ingest.promptwatch.com https://esm.sh https://vjs.zencdn.net https://analytics.ahrefs.com; style-src 'self' 'unsafe-inline' proxy-assets.churnbuster.io https://vjs.zencdn.net; font-src 'self' data: rsms.me/inter/font-files/; img-src 'self' 'unsafe-inline' data: supapjpiqdfzuaordcdx.supabase.co/storage/ analytics.twitter.com https://t.co https://dubassets.com https://*.cloudflarestream.com https://*.laravel.cloud; media-src 'self' blob: https://*.cloudflarestream.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com analytics.twitter.com https://ads-api.twitter.com/ t.firstpromoter.com https://api.dub.co/track/click ingest.promptwatch.com https://ingesteer.services-prod.nsvcs.net https://*.cloudflarestream.com https://analytics.ahrefs.com; worker-src 'self' blob:; frame-src 'self' https://app.netlify.com https://ghbtns.com https://pages.churnbuster.io; 2
upgrade-insecure-requests; default-src 'self' *.dominos.com *.dominos.pizza; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.dominos.com *.raygun.io tags.tiqcdn.com dpm.demdex.net cm.everesttech.net dominos.demdex.net www.gstatic.com/recaptcha/ *.launchdarkly.com *.akstat.io *.go-mpulse.net maps.googleapis.com applepay.cdn-apple.com *.speedcurve.com *.paypal.com *.paypalobjects.com *.braintreegateway.com *.maze.co www.googleadservices.com www.google.com www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.snapchat.com analytics.tiktok.com *.pinterest.com *.uidapi.com cdnssl.clicktale.net cdn.quantummetric.com bat.bing.com s.pinimg.com b-code.liadm.com js.adsrvr.org ink1001.com sc-static.net d34r8q7sht0t9k.cloudfront.net; style-src 'unsafe-inline' blob: 'self' *.dominos.com www.gstatic.com/recaptcha/ fonts.googleapis.com *.maze.co; img-src data: blob: 'self' *.dominos.com dominos.demdex.net dpm.demdex.net cm.everesttech.net *.gstatic.com *.google.com events.launchdarkly.com *.akstat.io maps.googleapis.com *.speedcurve.com *.paypal.com *.paypalobjects.com assets.braintreegateway.com *.maze.co www.googletagmanager.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.ispot.tv s.amazon-adsystem.com trkn.us tags.w55c.net analytics.tiktok.com *.pinterest.com kp-redirector.g.yp.com pixel.tapad.com sp.analytics.yahoo.com idsync.rlcdn.com rp.liadm.com bat.bing.com *.exacttarget.com verifi.pdscrb.com; connect-src 'self' *.dominos.com *.tealiumiq.com *.raygun.io dpm.demdex.net cm.everesttech.net dominos.demdex.net *.gstatic.com *.google.com google.com *.launchdarkly.com *.akstat.io *.go-mpulse.net *.raygun.com *.cybersource.com *.aciondemand.com maps.googleapis.com *.akamaihd.net *.speedcurve.com *.paypal.com *.paypalobjects.com *.braintreegateway.com *.braintree-api.com *.maze.co www.googletagmanager.com pagead2.googlesyndication.com www.googleadservices.com ad.doubleclick.net *.snapchat.com analytics.tiktok.com *.pinterest.com *.uidapi.com www.google-analytics.com analytics-ipv6.tiktokw.us rp.liadm.com insight.adsrvr.org *.apple.com ipv4.pdscrb.com; font-src data: 'self' *.dominos.com fonts.gstatic.com applepay.cdn-apple.com *.paypalobjects.com *.maze.co; frame-src data: blob: 'self' *.dominos.com *.raygun.io dpm.demdex.net cm.everesttech.net dominos.demdex.net *.gstatic.com *.google.com *.launchdarkly.com *.akstat.io *.go-mpulse.net maps.googleapis.com *.paypal.com *.braintreegateway.com applepay.cdn-apple.com *.maze.co www.googletagmanager.com *.doubleclick.net *.snapchat.com *.pinterest.com *.adsrvr.org *.youtube.com; child-src assets.braintreegateway.com *.paypal.com; frame-ancestors 'self'; report-uri https://report-to-api.raygun.com/reports-csp?apikey=bmTWyG6xBFSLGEHDhYpvjQ; report-to raygun; 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.marthastewart.com; upgrade-insecure-requests; 2
frame-ancestors 'self' zpfsmigration.zohostratus.com 2
default-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co *.audima.co vlibras.gov.br *.vlibras.gov.br https://static.ads-twitter.com https://edge.fullstory.com *.hotjar.io *.hotjar.com https://browser-intake-datadoghq.com *.tiktok.com https://cdnjs.cloudflare.com *.scorecardresearch.com s3.glbimg.com *.amplitude.com *.goadopt.io https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/vlibras-plugin.js secure.lomadee.com; img-src 'self' data: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.audima.co vlibras.gov.br *.vlibras.gov.br *.twitter.com https://secure.gravatar.com *.ytimg.com *.hotjar.com *.scorecardresearch.com *.krxd.net *.navdmp.com *.builder.io *.tiktok.com s3-sa-east-1.amazonaws.com/frame-image-br/bg.png gpixel.globo.com t.co https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg; object-src 'none'; style-src 'unsafe-inline' *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googleapis.com *.datadome.co *.hotjar.com; connect-src 'self' *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.googleapis.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co https://browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://apigw-commons-prd.ecsbr.net https://apigw-commons-hml.ecsbr.net *.audima.co vlibras.gov.br *.vlibras.gov.br wss://*.hotjar.com *.hotjar.io *.hotjar.com *.tiktok.com *.facebook.com *.creativecdn.com *.criteo.com pixel.globo.com *.amplitude.com *.goadopt.io https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/target/playerweb.json; frame-ancestors 'self' *.builder.io builder.io *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net; worker-src 'self' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.builder.io builder.io https://browser-intake-datadoghq.com 2
frame-ancestors 'self' http://*.dji.com https://*.dji.com 2
connect-src 'self' https://adservice.google.com global.ketchcdn.com *.calibermind.com *.ketchcdn.com *.ketchjs.com *.google.com *.g2crowd.com *.linkedin.com *.chilipiper.com cmstesting.salesloft.com https://munchkin.marketo.net https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location cdn.contentstack.io api.contentstack.io *.contentstack.io *.hotjar.com *.sequel.io *.salesloft.com *.adnxs.com unpkg.com *.hotjar.com *.hotjar.io *.6sc.co *.6sense.com *.marketlinc.com *.nr-data.net/ *.analytics.google.com *.marketo.com *.mktoresp.com *.doubleclick.net *.google-analytics.com/ *.googletagmanager.com/ *.pantheonsite.io/ *.cookielaw.org/ *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.litix.io *.netdna-ssl.com https://api.company-target.com/api/v2/ip.json https://api.brightfunnel.com/v1/sd https://api-iam.intercom.io/messenger/web/ping wss://nexus-websocket-a.intercom.io/ https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css https://analytics.google.com/g/collect https://cdn.linkedin.oribi.io/partner/5254305/domain/salesloft.com/token wss://wsp13.hotjar.com/api/v2/client/ws *.google.com *.googleoptimize.com *.hotjar.com *.introvoke.com *.mktoweb.com *.benchmarkseverywhere.com https://saasbenchmarks.ai/ https://live-salesloft-v2.pantheonsite.io/ https://test-salesloft-v2.pantheonsite.io/ https://images.contentstack.io https://slft-cons-preproduction.contentstackapps.com *.driftt.com *.drift.com wss://ws.hotjar.com/api/v2/client/ws; font-src 'self' data: https://fonts.gstatic.com *.netdna-ssl.com https://js.intercomcdn.com/fonts/ *.fontawesome.com *.wistia.com *.bootstrapcdn.com; frame-src 'self' *.doubleclick.net *.sequel.io *.vidyard.com *.youtube.com *.chilipiper.com *.salesloft.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net https://staticxx.facebook.com/ http://www2.salesloft.com *.greenhouse.io/ *.megaphone.fm *.google.com/ *.contentstack.io *.contentstack.com *.spotify.com *.twitter.com *.facebook.com *.driftt.com *.drift.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io *.googletagmanager.com; img-src 'self' https: data: blob: *.netdna-ssl.com https://ssl.gstatic.com/ *.vidyard.com; manifest-src 'self' blob:; media-src 'self' blob: *.driftt.com *.wistia.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com *.marketo.com *.netdna-ssl.com https://tagmanager.google.com/ https://fonts.googleapis.com/ *.salesloft.com *.bootstrapcdn.com *.google.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io/; worker-src blob: data: *.netdna-ssl.com *.contentstackapps.com localhost:3000 salesloft.com cmstesting.salesloft.com *.salesloft.com; base-uri 'none'; frame-ancestors 'self' *.contentstack.com; default-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline' http://pages.salesloft.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://tagmanager.google.com/ 'self'; 2
frame-ancestors https://hpsecurity.my.salesforce.com; 2
default-src 'self' data: blob: 'unsafe-eval' 'report-sample' 'unsafe-inline' *.adyen.com adyen.com *.afterpay-beta.com afterpay-beta.com *.afterpay.com afterpay.com *.algolia.io algolia.io *.bazaarvoice.com bazaarvoice.com *.cloudflare.com cloudflare.com *.contentful.com contentful.com *.cookielaw.org cookielaw.org *.cquotient.com cquotient.com *.ctfassets.net ctfassets.net *.edq.com edq.com *.flipp.com flipp.com *.flippback.com flippback.com *.flippenterprise.net flippenterprise.net *.google.com google.com *.googletagmanager.com googletagmanager.com *.granify.com granify.com *.googlevideo.com googlevideo.com *.gstatic.com gstatic.com *.janrain.com janrain.com *.kampyle.com kampyle.com *.kaptcha.com kaptcha.com *.legitscript.com legitscript.com *.medallia.com medallia.com *.onetrust.com onetrust.com *.optimizely.com optimizely.com *.ordergroove.com ordergroove.com *.paypal.com paypal.com *.paypalobjects.com paypalobjects.com *.petsmart-dev.com petsmart-dev.com *.petsmart-qa.com petsmart-qa.com *.petsmart.ca petsmart.ca *.petsmart.com petsmart.com *.petsmartassets.com petsmartassets.com *.petsmartusermedia.com petsmartusermedia.com *.petsmartusermedia-qa.com petsmartusermedia-qa.com *.qas.com qas.com *.salsify.com salsify.com *.salsify-ecdn.com salsify-ecdn.com *.scene7.com scene7.com *.sentry.io sentry.io *.squarecdn.com squarecdn.com *.syndigo.cloud syndigo.cloud *.syndigo.com syndigo.com *.usablenet.com usablenet.com *.usablenet.dev usablenet.dev *.udev1a.net udev1a.net *.vercel.app vercel.app *.webcollage.net webcollage.net *.windows.net windows.net *.wishabi.com wishabi.com *.youtube.com youtube.com *.ytimg.com ytimg.com *.33across.com 33across.com *.3lift.com 3lift.com *.ada.support ada.support *.adnxs.com adnxs.com *.adroll.com adroll.com *.adsrvr.org adsrvr.org *.adsymptotic.com adsymptotic.com *.advertising.com advertising.com *.agkn.com agkn.com app.link *.app.link *.barracuda.com barracuda.com *.bidswitch.net bidswitch.net *.bing.com bing.com bytedance: *.bluekai.com bluekai.com *.branch.io branch.io *.casalemedia.com casalemedia.com *.cloudfunctions.net cloudfunctions.net *.consensu.org consensu.org *.contentsquare.net contentsquare.net *.demdex.net  demdex.net  *.doubleclick.net doubleclick.net *.facebook.com facebook.com *.facebook.net facebook.net *.firebaseapp.com firebaseapp.com *.firebaseio.com firebaseio.com *.freespee.com freespee.com *.google-analytics.com google-analytics.com *.google.ca google.ca *.googleadservices.com googleadservices.com *.googleapis.com googleapis.com *.googlesyndication.com googlesyndication.com *.haujjd.net haujjd.net *.honey.io honey.io *.igodigital.com igodigital.com *.impactcdn.com impactcdn.com *.impactradius-event.com impactradius-event.com *.impct.site impct.site *.inmarkethub.com inmarkethub.com *.jsdelivr.net jsdelivr.net *.krxd.net krxd.net *.licdn.com licdn.com *.linkedin.com linkedin.com logs-01.loggly.com *.ojrq.net ojrq.net *.micpn.com micpn.com *.microad.jp microad.jp *.ml314.com ml314.com *.mountain.com mountain.com *.narrative.io narrative.io *.nextdoor.com nextdoor.com *.openx.net openx.net *.outbrain.com outbrain.com *.pinimg.com pinimg.com *.pinterdev.com pinterdev.com *.pinterest-anaheim.com pinterest-anaheim.com *.pinterest.com pinterest.com *.pinterest.okta.com pinterest.okta.com *.pubmatic.com pubmatic.com *.pusher.com pusher.com *.pxf.io pxf.io *.rakuten.com rakuten.com *.ravm.tv ravm.tv *.redditstatic.com redditstatic.com *.reddit.com reddit.com *.rlcdn.com rlcdn.com *.rubiconproject.com rubiconproject.com *.sc-static.net sc-static.net *.snap.com snap.com *.snapchat.com snapchat.com sslocal: *.taboola.com taboola.com *.tagmanager.google.com tagmanager.google.com *.tapad.com tapad.com *.tiktok.com tiktok.com *.tiktokw.us tiktokw.us *.treasuredata.com treasuredata.com *.uidapi.com uidapi.com *.upsellit.com upsellit.com *.web.app web.app *.xad.com xad.com *.yahoo.com yahoo.com *.yimg.com yimg.com; frame-ancestors 'none'; 2
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://www.youtube.com https://survey.g.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com;report-uri /us/_/ThinkWithGoogle/cspreport/allowlist;worker-src blob: 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bing.com https://*.remotepc.com https://*.remotedesktop.com https://media.twiliocdn.com https://cdn.weglot.com https://sdk.amazonaws.com https://static.idriveonlinebackup.com https://*.facebook.com https://*.google.com https://*.googleapis.com https://www.google-analytics.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://api.maxaccess.io https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://*.stripe.com https://cdnjs.cloudflare.com https://bat.bing.com https://www.googletagmanager.com https://www.clarity.ms https://hcaptcha.com https://*.hcaptcha.com; img-src https://* 'self' data: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.remotepc.com https://*.remotedesktop.com https://fonts.googleapis.com https://cdn.weglot.com https://ssl.google-analytics.com https://code.jquery.com https://hcaptcha.com https://*.hcaptcha.com https://catamphetamine.gitlab.io https://*.bootstrapcdn.com; font-src https://* data: ;object-src 'self' https://secure.livechatinc.com; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.bhg.com; upgrade-insecure-requests; 2
object-src 'none'; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' *.googleadservices.com app.purechat.com app-script.monsido.com connect.facebook.net cdnjs.cloudflare.com static.addtoany.com polyfill.io *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com cdn.jsdelivr.net *.hotjar.com *.gtranslate.net js.createsend1.com www.createsend.com *.blackbaudhosting.com *.googleapis.com *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js *.simpli.fi https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src * 'report-sample' 'unsafe-inline'; worker-src 'self'; base-uri 'self'; form-action 'self' www.createsend.com *.blackbaudhosting.com js.createsend1.com *.nla.gov.au *.payments.blackbaud.com; frame-ancestors 'self' 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.thomannmusic.com *.thomann.de app.storyblok.com connect.facebook.net analytics.tiktok.com cdn.brcdn.com *.adform.net www.google-analytics.com sc-static.net s.pinimg.com www.youtube.com challenges.cloudflare.com *.payments-amazon.com www.googleadservices.com userlike-cdn-umm.b-cdn.net bat.bing.com www.googletagmanager.com www.googletagservices.com tr.snapchat.com ct.pinterest.com js.appboycdn.com *.g.doubleclick.net widgets.trustedshops.com tpc.googlesyndication.com *.clarity.ms cdn.avo.app maps.googleapis.com pagead2.googlesyndication.com ep2.adtrafficquality.google; frame-src 'self' *.thomannmusic.com *.thomann.de *.g.doubleclick.net *.safeframe.googlesyndication.com challenges.cloudflare.com ct.pinterest.com td.doubleclick.net tpc.googlesyndication.com tr.snapchat.com www.facebook.com www.google.com www.youtube-nocookie.com www.googletagmanager.com ep2.adtrafficquality.google; frame-ancestors 'self' app.storyblok.com; object-src 'none' 2
default-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ipv6.6sc.co j.6sc.co secure.adnxs.com https://assets.adobedtm.com js.adsrvr.org *.amazon-adsystem.com analytics.bgalytics.com bat.bing.com cdn.bttrack.com https://www.clarity.ms cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com https://*.demdex.net googleads.g.doubleclick.net stats.g.doubleclick.net *.t.eloqua.com img.en25.com https://cm.everesttech.net *.evidon.com connect.facebook.net tracker.gaconnector.com www.google-analytics.com apis.google.com optimize.google.com tagmanager.google.com www.google.com www.googleadservices.com maps.googleapis.com *.googletagmanager.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com js.hs-analytics.net js.hs-scripts.com mpsnare.iesnare.com widget.intercom.io js.intercomcdn.com pnapi.invoca.net solutions.invocacdn.com snap.licdn.com munchkin.marketo.net *.mountain.com apps.mypurecloud.com nifegwy.neustar.biz h.online-metrix.net *.optimizely.com cdn.optimizely.com amplify.outbrain.com s.pinimg.com *.pixeltracker.co *.qualtrics.com rules.quantcount.com secure.quantserve.com cdn.ravenjs.com recaptcha.net www.redditstatic.com tags.tiqcdn.com play.vidyard.com *.walkme.com sp.analytics.yahoo.com s.yimg.com www.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com optimize.google.com tagmanager.google.com chart.googleapis.com fonts.googleapis.com heapanalytics.com *.qualtrics.com tags.srv.stackadapt.com; img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net b.6sc.co https://assets.adobedtm.com js.adsrvr.org p.adsymptotic.com data.adxcel-ec2.com mver.agkn.com s.amazon-adsystem.com apintego.com arttrk.com cx.atdmt.com *.bing.com bat.bing.com *.clarity.ms d3sbxpiag177w8.cloudfront.net dxkdvuv3hanyu.cloudfront.net res.cloudinary.com *.clover.com cloverstatic.com dev.cloverstatic.com www.google.co.uk www.google.co.in www.google.co.id www.google.com.pr www.google.com.br www.google.com.co images.contentful.com *.ctfassets.net https://*.demdex.net *.doubleclick.net *.g.doubleclick.net *.t.eloqua.com https://cm.everesttech.net *.evidon.com *.eyeota.net connect.facebook.net www.facebook.com *.ggpht.com *.google-analytics.com *.google.com *.analytics.google.com www.google.ca www.google.de www.google.ie www.google.com *.googleapis.com chart.googleapis.com maps.googleapis.com *.googletagmanager.com www.googletagmanager.com lh3.googleusercontent.com *.gstatic.com heapanalytics.com script.hotjar.com track.hubspot.com static.intercomassets.com *.intercomcdn.com js.intercomcdn.com uploads.intercomusercontent.com *.ads.linkedin.com www.linkedin.com *.omtrdc.net *.online-metrix.net *.optimizely.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io s.pinimg.com ct.pinterest.com *.qualtrics.com pixel.quantserve.com recaptcha.net alb.reddit.com www.redditstatic.com *.rfihub.com https://tags.srv.stackadapt.com cdn.vidyard.com play.vidyard.com *.vimeocdn.com *.walkme.com sp.analytics.yahoo.com s.yimg.com; font-src data: 'self' maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.clover.com cloverstatic.com dev.cloverstatic.com use.fontawesome.com fonts.gstatic.com heapanalytics.com script.hotjar.com *.intercomcdn.com js.intercomcdn.com *.qualtrics.com; connect-src 'self' 52.71.121.170 44.238.122.172 34.215.155.61 44.212.189.233 54.156.2.105 18.210.229.244 3.212.39.155 35.160.46.251 52.22.50.55 100.20.58.101 c.6sc.co ipv6.6sc.co 35.85.84.151 44.228.85.26 secure.adnxs.com https://assets.adobedtm.com collection.bgalytics.com bat.bing.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.clarity.ms https://a.clarity.ms *.clover.com wss://*.clover.com cloverstatic.com dev.cloverstatic.com *.contentful.com *.ctfassets.net *.datadoghq.com https://*.demdex.net *.g.doubleclick.net https://cm.everesttech.net *.evidon.com www.facebook.com oamportal.fdvs.com secure.geonames.org *.google-analytics.com www.google-analytics.com *.google.com analytics.google.com apis.google.com www.google.com maps.googleapis.com storage.googleapis.com *.googletagmanager.com *.greenhouse.io heapanalytics.com *.hotjar.com *.hotjar.io vc.hotjar.io wss://*.hotjar.com wss://ws4.hotjar.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com pnapi.invoca.net px.ads.linkedin.com *.mktoresp.com *.mktoutil.com *.tt.omtrdc.net h.online-metrix.net *.optimizely.com cdn.linkedin.oribi.io https://cdn.linkedin.oribi.io *.perka.com ct.pinterest.com *.pixeltracker.co *.qualtrics.com recaptcha.net *.reddit.com redditstatic.com www.redditstatic.com sentry.io *.sentry.io collection.sperse.io tags.srv.stackadapt.com api.thelevelup.com s.yimg.com; media-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com *.ctfassets.net commondatastorage.googleapis.com js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com h.online-metrix.net vd.vidoplay.com; child-src blob: intercom-sheets.com player.vimeo.com www.youtube.com; frame-src mailto: 'self' tel: *.adsrvr.org insight.adsrvr.org s.amazon-adsystem.com players.brightcove.net *.clover.com cloverstatic.com dev.cloverstatic.com sync-flow.codat.io https://*.demdex.net *.doubleclick.net *.fls.doubleclick.net bid.g.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com maps.googleapis.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.optimizely.com *.cdn.optimizely.com *.perka.com https://ct.pinterest.com *.qualtrics.com play.vidyard.com player.vimeo.com www.youtube.com *.ytimg.com; frame-ancestors *.clover.com cloverstatic.com dev.cloverstatic.com *.optimizely.com *.perka.com; 2
frame-ancestors 'self' https://next.brella.io 2
frame-ancestors 'self' *.telekurier.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; worker-src 'self' blob:; 2
frame-ancestors 'self' https://*.group.gca https://*.credit-agricole.fr https://*.banque-chalus.fr 2
frame-ancestors 'self' *.kameleoon.com *.services.local; base-uri 'self' *.pagesjaunes.fr; 2
frame-ancestors 'self' https://bluebelldigital.com/; report-to default 2
frame-ancestors 'self' *.dn.se *.retriever-info.com 2
frame-ancestors 'self' https://app.contentful.com https://retail-ipad-apps.vercel.app https://checkout.stripe.com; 2
frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.foodandwine.com; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.degruyterbrill.com; object-src 'self' www.googletagmanager.com; script-src 'nonce-SDErLoPYrGwkMgsDE+LATw==' 'strict-dynamic' 'self' 'wasm-unsafe-eval' dgbricks.foxycart.com cdnjs.cloudflare.com www.google-analytics.com connect.liblynx.com www.googletagmanager.com tag.manager.google.com mozilla.github.io cc.cdn.civiccomputing.com; base-uri 'none' 2
child-src blob:; connect-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://go.telia.se https://www.google.com https://www.google.se https://www.googletagmanager.com privacyportal-de.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net https://*.doubleclick.net https://*.giosg.com https://*.giosgusercontent.com wss://*.giosg.com static.customersaas.com teliase-259.qelpcare.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu *.decibelinsight.net *.decibel.com wss://*.decibelinsight.net https://www.google-analytics.com ssgtm.telia.se https://optimizely.teliacompany.com https://coverage.ddc.teliasonera.net https://glu2.han.telia.se https://glu2.ham.telia.se https://dialogflow.telia.se captive.apple.com connectivitycheck.gstatic.com https://go.telia.se https://*.adyen.com https://*.tf-b2c.com https://dialogflow.telia.se; default-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io; font-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu https://cdn.giosgusercontent.com data: https://*.adyen.com https://*.tf-b2c.com; frame-src https://coverage.ddc.teliasonera.net https://glu2.han.telia.se https://glu2.ham.telia.se ssgtm.telia.se https://*.doubleclick.net static.customersaas.com static-accept.customersaas.com https://*.giosg.com https://*.giosgusercontent.com *.kampyle.com *.medallia.eu *.ace.teliacompany.com telia.humany.net https://optimizely.teliacompany.com bankid: https://app.bankid.com https://*.adyen.com https://*.tf-b2c.com; img-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://dcosix8as1189.cloudfront.net https://*.giosgusercontent.com https://www.facebook.com/ d35v9wsdymy32b.cloudfront.net d3mwk3f7r8fv9u.cloudfront.net images.customersaas.com horizon-cms.s3.eu-central-1.amazonaws.com *.ace.teliacompany.com telia.humany.net https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net *.kampyle.com *.medallia.eu https://www.google-analytics.com https://www.google.com https://www.google.se https://www.googletagmanager.com https://optimizely.teliacompany.com https://webbshop.telia.se data: https://*.adyen.com https://*.tf-b2c.com; object-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io; report-uri /.api/csp-report/v1/report; script-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://go.telia.se https://www.google.com https://www.google.se https://cdn.cookielaw.org https://geolocation.onetrust.com https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net https://*.giosg.com https://*.giosgusercontent.com https://*.interactionbuilder.giosg.com https://connect.facebook.net static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu *.decibelinsight.net *.decibel.com wss://*.decibelinsight.net https://www.google-analytics.com https://www.googletagmanager.com ssgtm.telia.se blob: https://optimizely.teliacompany.com https://coverage.ddc.teliasonera.net https://glu2.han.telia.se https://glu2.ham.telia.se 'unsafe-inline' 'unsafe-eval' https://go.telia.se https://*.adyen.com https://*.tf-b2c.com; style-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://www.googletagmanager.com https://*.giosg.com https://*.giosgusercontent.com static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net 'unsafe-inline' https://*.adyen.com https://*.tf-b2c.com; worker-src blob: 2
frame-ancestors 'self' *.appfolio.com *.appfolioinc.com *.appfolioinvestmentmanagement.com *.folio-guard.com *.storyblok.com 2
connect-src 'self' https://chat.elster.de wss://chat.elster.de ; default-src 'self' ; font-src 'self' data: https://chat.elster.de ; form-action 'self' https://warteraum.elster.de ; frame-ancestors 'self' ; img-src 'self' https://chat.elster.de ; media-src 'self' https://download.elster.de ; object-src 'none' ; script-src 'self' https://chat.elster.de ; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-8iQ2C8eb3U8w2Ju2KXNjCyA/smg8byFgqNObcw1AX74=' 'sha256-YYGOQLmFupNssV6Yh7nuq54fYxTXHNrLhuEwg06WCkw=' 'sha256-uGLs916BWWd82O+HGlWvl29QI9Ql1zsRzxZP1/7F9xI=' https://chat.elster.de 2
frame-ancestors https://*.dev.local https://*.sunweb.nl https://*.sunweb.be; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 2
frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
base-uri 'none'; child-src 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://errors.stripe.com https://r.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://b.stripecdn.com https://js.stripe.com https://support-conversations.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com 'self'; manifest-src 'none'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; object-src 'none'; script-src https://b.stripecdn.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'sha256-tMuJ8c00j54yuxogrdIJeGhNVB350dc56i969XRz/Mc=' 'sha256-aEFSvCaVnb2wNwuO3IzA8J44RdTKt6vms9beA7BcCYg=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; worker-src https://b.stripecdn.com 'self'; upgrade-insecure-requests; report-uri https://q.stripe.com/csp-violation?q=eidD5q1RgEQIhATjomqeLUpEuMuviHn84TwR_ccVQZjyAcOjZo0UtHgP1ORDO9w%3D 2
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net www.trustradius.com use.typekit.net fonts.gstatic.com fast.wistia.com fast.wistia.net embed-cloudfront.wistia.com distillery.wistia.com pipedream.wistia.com dudodiprj2sv7.cloudfront.net cdn.cookielaw.org geolocation.onetrust.com api.lever.co *.algolia.net *.algolianet.com boards.greenhouse.io www.googletagmanager.com *.googlesyndication.com *.googleapis.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat googleads.g.doubleclick.net analytics.google.com www.google-analytics.com stats.g.doubleclick.net platform.twitter.com static.ads-twitter.com munchkin.marketo.net *.mktoutil.com tag.demandbase.com d20519brkbo4nz.cloudfront.net tag.clearbitscripts.com api-preview.luckyorange.com wss://realtime.luckyorange.com settings.luckyorange.com tools.luckyorange.com api.company-target.com 161-fbe-733.mktoresp.com app.clearbit.com reveal.clearbit.com x.clearbitjs.com wss://in.visitors.live in.visitors.live client-registry.mutinycdn.com px.ads.linkedin.com *.reddit.com cdn.rudderlabs.com api-v2.mutinyhq.io api.rudderlabs.com pdat.matterlytics.com segments.company-target.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com aorta.clickagy.com hemsync.clickagy.com *.6sc.co *.6sense.com secure.adnxs.com *.qualified.com wss://*.qualified.com embed.typeform.com api.typeform.com; style-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net www.trustradius.com use.typekit.net p.typekit.net fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com *.qualified.com embed.typeform.com; img-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net media.trustradius.com secure.gravatar.com fast.wistia.com embed-ssl.wistia.com cdn.cookielaw.org www.googletagmanager.com fonts.gstatic.com user-images.githubusercontent.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat t.co analytics.twitter.com id.rlcdn.com alb.reddit.com *.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com www.facebook.com *.6sc.co *.6sense.com *.qualified.com; frame-src mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net fast.wistia.net forms.mattermost.com capture.navattic.com *.productboard.com *.youtube.com job-boards.greenhouse.io s.company-target.com td.doubleclick.net *.facebook.com hemsync.clickagy.com *.googletagmanager.com *.qualified.com form.typeform.com; 2
default-src 'none'; img-src 'self' data: blob: https://www.goldmansachs.com https://*.trustarc.com https://*.truste.com https://googletagmanager.com https://www.googletagmanager.com https://www.google.com https://px.ads.linkedin.com https://gs.sc.omtrdc.net https://*.doubleclick.net https://*.parsely.com https://cdn.gs.com https://gateway.zscalerthree.net https://prod.forms.workflow.ep.site.gs.com *.gs.com:* https://public.flourish.studio https://gateway.zscaler.net https://adservice.google.com https://www.linkedin.com https://*.6sc.co https://www.facebook.com https://iad1.qualtrics.com https://siteintercept.qualtrics.com https://*.adobe.com https://*.omtrdc.net https://*.demdex.net https://*.tt.omtrdc.net https://*.adobedtm.com https://*.adobetag.com https://*.targetcdn.adobe.com https://*.adobedc.net https://*.experience.adobe.com https://*.adobe.io https://*.everesttech.net https://*.experiencecloud.adobe.com; style-src 'self' 'unsafe-inline' https://www.goldmansachs.com https://amp.akamaized.net https://cdn.gs.com *.gs.com:* https://public.flourish.studio https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.goldmansachs.com https://*.trustarc.com https://googletagmanager.com https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://bat.bing.com https://gs.sc.omtrdc.net https://*.doubleclick.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://*.parsely.com https://*.go-mpulse.net https://*.akstat.io https://amp.akamaized.net https://cdn.gs.com https://gateway.zscalerthree.net *.gs.com:* https://public.flourish.studio https://www.googleadservices.com https://*.6sc.co https://*.adobe.com https://*.omtrdc.net https://*.demdex.net https://*.tt.omtrdc.net https://*.adobedtm.com https://*.adobetag.com https://*.targetcdn.adobe.com https://*.adobedc.net https://*.experience.adobe.com https://*.adobe.io https://*.everesttech.net https://*.experiencecloud.adobe.com https://sdk.ceros.com; connect-src 'self' https://www.goldmansachs.com https://*.trustarc.com https://www.google.com https://px.ads.linkedin.com https://gs.sc.omtrdc.net https://*.doubleclick.net https://dpm.demdex.net https://siteintercept.qualtrics.com https://*.parsely.com https://*.go-mpulse.net https://*.akstat.io https://amp.akamaized.net https://cdn.gs.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io *.gs.com:* https://api.goldmansachs.wallst.com https://www.gsam.com/bin/gsam/servlets/EmailSubscriptionServlet https://public.flourish.studio https://adobedc.demdex.net https://adservice.google.com https://*.6sc.co https://*.akamaihd.net https://sdk.iad-07.braze.com https://*.adobe.com https://*.omtrdc.net https://*.demdex.net https://*.tt.omtrdc.net https://*.adobedtm.com https://*.adobetag.com https://*.targetcdn.adobe.com https://*.adobedc.net https://*.experience.adobe.com https://*.adobe.io https://*.everesttech.net https://*.experiencecloud.adobe.com; font-src 'self' data: https://www.goldmansachs.com https://*.trustarc.com https://amp.akamaized.net https://cdn.gs.com *.gs.com:* https://public.flourish.studio https://fonts.gstatic.com; frame-src 'self' mailto: https://www.goldmansachs.com https://*.trustarc.com https://www.googletagmanager.com https://*.doubleclick.net https://onegs.iad1.qualtrics.com https://d1pmpteesu3euy.cloudfront.net https://cdn.gs.com https://playlist.megaphone.fm https://gateway.zscalerthree.net *.gs.com:* https://goldmansachs.demdex.net https://gateway.zscaler.net https://consent-pref.trustarc.com https://flo.uri.sh; media-src 'self' data: blob: https://www.goldmansachs.com https://cdn.gs.com https://video.goldmansachs.com *.gs.com:*; frame-ancestors 'self' https://www.goldmansachs.com *.gs.com:* https://*.targetcdn.adobe.com https://*.experience.adobe.com https://*.adobe.io; 2
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de newsletter.land.nrw broschuerenservice.land.nrw *.flockler.com platform.twitter.com www.instagram.com *.twimg.com *.map.nrw map.nrw api.stage.bio about.stage.bio cdn.stage.bio dashboard.stage.bio;    style-src   'self' 'unsafe-inline' *.nrw.de *.flockler.com;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de;    worker-src  'self' *.nrw.de;    frame-src   'self' *.nrw.de app.sli.do newsletter.land.nrw broschuerenservice.land.nrw www.youtube.com platform.twitter.com www.instagram.com www.facebook.com www.youtube-nocookie.com media-api.flockler.com customer-wa9kwmpdbqn89osv.cloudflarestream.com;    object-src  'self';    connect-src 'self' newsletter.land.nrw *.nrw.de *.flockler.com api.stage.bio api.flockler.app socket.stage.bio wss://socket.stage.bio;    media-src *; upgrade-insecure-requests; 2
object-src 'none'; connect-src https://stats-stg.jiosaavn.com https://stats.jiosaavn.com https://qa-api.jiosaavn.com https://staging-api.jiosaavn.com https://api1.jiosaavn.com https://public.releases.juspay.in 'self' https://static-cdn.trackier.com wss://wsstaging.jiosaavn.com wss://ws.jiosaavn.com https://identitytoolkit.googleapis.com https://securepubads.g.doubleclick.net https://www.google-analytics.com https://hbopenbid.pubmatic.com https://www.google.com https://www.gstatic.com https://pagead2.googlesyndication.com *.pubmatic.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' *.juspay.in/ https://payments.juspay.in/ https://api.assets.juspay.in/ https://sandbox.assets.juspay.in/ https://js.stripe.com https://public.releases.juspay.in https://api.juspay.in https://sandbox.juspay.in tez://upi/pay phonepe://pay paytmmp://upi/pay paytmmp://pay credpay://upi/pay upi://pay upi://mandate paytmmp://mandate paytmmp://upi/mandate phonepe://mandate tez://upi/mandate *.googlesyndication.com *.safeframe.googlesyndication.com https://ads.pubmatic.com https://www.google.com data: tez: upi: paytmmp: phonepe: https://*.jiocoupons.in; worker-src 'none';manifest-src 'self'; 2
img-src 'self' https: data: cdn.paris.fr; frame-ancestors 'self' *; frame-src 'self' * 2
Strict-Transport-Security: max-age=31556952; includeSubDomains; preload 2
frame-ancestors 'self' ura.news ura.ru *.ura.news *.uranews.xyz *.uran.news momenty.org webvisor.com *.yandex.ru *.yandex.com *.yandex.by *.yandex.com.tr; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.datadoghq-browser-agent.com browser-http-intake.logs.datadoghq.com *.odd.blackspider.com:* *.dev-rd.websense.net:* *.websense.net:* *.mailcontrol.com:* *.forcepoint.net:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.walkme.com *.aptrinsic.com; style-src 'self' 'unsafe-inline' *.walkme.com *.aptrinsic.com fonts.googleapis.com; frame-src 'self' *.websense.com:* *.walkme.com s3.walkmeusercontent.com; font-src 'self' data: *.walkme.com fonts.gstatic.com; img-src 'self' data: *.walkme.com s3.walkmeusercontent.com d2qhvajt3imc89.cloudfront.net media-exp1.licdn.com *.forcepoint.com *.aptrinsic.com storage.googleapis.com *.websense.net *.mailcontrol.com *.forcepoint.net; connect-src 'self' *.walkme.com *.aptrinsic.com; worker-src 'self' blob: *.walkme.com; object-src 'self' *.walkme.com; frame-ancestors 'self' *.forcepointone.com:* *.forcepointone.eu:* *.forcepoint.io:*; 2
default-src 'self' https:; base-uri 'self'; form-action 'self' *.idc.com ; object-src 'none'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.idc.com *.wp.com assets.vidyard.com *.bing.com cdn.icomoon.io cdn.parsely.com parser.ly *.trustarc.com googleads.g.doubleclick.net js.driftt.com js.zi-scripts.com kit.fontawesome.com pagead2.googlesyndication.com *.hotjar.com *.zoominfo.com *.bugherd.com snap.licdn.com *.linkedin.com www.google.com www.googletagmanager.com www.gstatic.com yoast.com www.google-analytics.com stats.g.doubleclick.net connect.facebook.net munchkin.marketo.net cdn.6sense.com js.intercomcdn.com maze.co *.pendo.io cdn.jsdelivr.net cvent.com insight.adsrvr.org youtube.com youtube-nocookie.com snippet.maze.co *.clarity.ms j.6sc.co; style-src 'self' 'unsafe-inline' *.fontawesome.com *.idc.com *.wp.com *.vidyard.com cdn.icomoon.io js.driftt.com *.fontawesome.com *.typekit.net cdn.6sense.com js.intercomcdn.com static.pendo.io; img-src 'self' data: blob: *.idc.com *.wp.com *.bing.com *.trustarc.com googleads.g.doubleclick.net pagead2.googlesyndication.com p1.parsely.com parser.ly *.vidyard.com secure.gravatar.com *.linkedin.com www.google.com www.googletagmanager.com www.gstatic.com *.bugherd.com s.w.org cdn.6sense.com js.intercomcdn.com static.pendo.io *.clarity.ms *.6sc.co; font-src 'self' data: *.fontawesome.com *.idc.com *.wp.com cdn.icomoon.io *.typekit.net *.trustarc.com www.gstatic.com cdn.6sense.com js.intercomcdn.com static.pendo.io; connect-src 'self' *.idc.com *.fontawesome.com *.vidyard.com *.bing.com cdn.parsely.com parser.ly *.trustarc.com js.driftt.com js.zi-scripts.com pagead2.googlesyndication.com *.hotjar.com *.zoominfo.com wss://js.driftt.com *.linkedin.com www.google.com www.googletagmanager.com www.gstatic.com *.pusher.com *.bugsnag.com www.googleadservices.com *.bugherd.com googleads.g.doubleclick.net www.google-analytics.com stats.g.doubleclick.net *.clarity.ms connect.facebook.net munchkin.marketo.net *.6sc.co widget.intercom.io maze.co usabilla.com w.usabilla.com *.pendo.io cvent.com insight.adsrvr.org youtube.com *.google.com prompts.maze.co *.mktoresp.com *.adnxs.com; frame-src 'self' *.vidyard.com www.google.com www.googletagmanager.com widgets.wp.com wordpress.com *.trustarc.com *.bugherd.com *.idc.com *.driftt.com www.google-analytics.com stats.g.doubleclick.net *.clarity.ms connect.facebook.net munchkin.marketo.net *.zoominfo.com *.6sc.co widget.intercom.io static.userguiding.com usabilla.com w.usabilla.com youtube.com youtube-nocookie.com; child-src 'none'; frame-ancestors 'self' *.idc.com; media-src 'self' *.idc.com *.vidyard.com *.driftt.com; worker-src 'self' blob:; report-uri /wp-json/idc/v1/csp-report; report-to csp-endpoint 2
frame-ancestors 'self' https://minhaclaro.claro.com.br https://planos.claro.com.br https://minhaclaroescondida.claro.com.br https://www.clarocadastro.com.br https://clarocadastro.com.br; upgrade-insecure-requests; 2
default-src 'self' https://api-www.louvre.fr;base-uri 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'strict-dynamic' 'unsafe-inline' https://tag.aticdn.net https://www.youtube.com 'nonce-e4518a43-43f9-4123-9561-50a260e5e159';img-src 'self' data: https://api-www.louvre.fr https://i.ytimg.com https://i.vimeocdn.com;media-src 'self' https://api-www.louvre.fr https://*.ausha.co https://*.radiofrance-podcast.net;connect-src 'self' https://api-www.louvre.fr fxxslpn.pa-cd.com https://*.clarity.ms;frame-src https://www.youtube.com https://player.vimeo.com https://livemap.getwemap.com https://embed.radiofrance.fr/;frame-ancestors 'none';form-action 'self' https://api-www.louvre.fr;manifest-src 'self';font-src 'self' https://fonts.gstatic.com;object-src 'none';upgrade-insecure-requests 2
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://gebrauchtwagen.autobild.de https://vorschau.autobild.de https://interred.autobild.de 2
frame-ancestors check24.de *.check24.de 2
default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com marketing-forms-api.github.com experience.ninetailed.co edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com s88570519.t.eloqua.com/e/f2; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com octocaptcha.com play.vidyard.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com images.ctfassets.net/8aevphvgewt8/; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com videos.ctfassets.net/8aevphvgewt8/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' http://img.youtube.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://match.prod.bidr.io/cookie-sync/contanuity   https://tracking.contanuity.com/page-tracking/nrich_9655/ https://d-code.liadm.com/did-004v.min.js   https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js https://connect.facebook.net/   https://www.google-analytics.com/analytics.js https://tracking.contanuity.com/tag.js https://www.googletagmanager.com/   https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://x.clearbitjs.com/   https://googleads.g.doubleclick.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/   https://www.googleadservices.com/ https://cdn.dreamdata.cloud/ https://cdn.mouseflow.com/   https://static.hsappstatic.net/ *.nrich.ai https://cdnjs.cloudflare.com/ https://*.hs-analytics.net/   https://*.hubspot.com/ https://*.hubspot.net/ https://hubspot.net/ https://*.hs-banner.com/ https://io.clickguard.com/   http://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js   https://*.fs1.hubspotusercontent-na1.net/ https://js.usemessages.com/conversations-embed.js   https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js   https://*.hotjar.com/ https://tag.clearbitscripts.com/ https://tracking.g2crowd.com/ https://www.clarity.ms/   https://platform.linkedin.com/ https://platform.twitter.com/ https://www.gartner.com/   https://secure.smart-company-vision.com/ https://tag.clearbitscripts.com/ https://s3-us-west-2.amazonaws.com/   https://js.hubspotfeedback.com/ https://unpkg.com/swiper/swiper-bundle.min.js https://b-code.liadm.com/lc2.js   https://cdn.ampproject.org/ https://www.googletagmanager.com/gtm.js   https://secure.smart-company-vision.com/js/267476.js https://app-oss.byte-app.com/common/js/byteh5monitor.aio.min.js   https://js.hsadspixel.net/ https://apis.google.com/js/client.js https://dyv6f9ner1ir9.cloudfront.net/   https://www.google.com/pagead/ https://www.googleadservices.com/pagead   https://cdn.jsdelivr.net/npm/basiclightbox@5.0.4/dist/basicLightbox.min.js   https://scripts.clarity.ms/0.8.38/clarity.js   https://pulse.clickguard.com/s/accvTTkgXOEVo/astIQzln53nBG; worker-src 'self' blob:; object-src   'none'; report-uri   https://o1168991.ingest.sentry.io/api/6261364/security/?sentry_key=7d242ac12119401194fa3bf0fb45a4bf;; upgrade-insecure-requests 2
frame-ancestors https://huggingface.co/ https://*.static.hf.space/ 2
frame-ancestors 'self' https://*.sdsu.edu https://a.cms.omniupdate.com https://sdsu.instructure.com; 2
frame-ancestors 'self' https://dlink.com; 2
default-src 'self' https://*.pixelcut.app https://*.pixelcut.ai https://auth.prod.pixelcut.ai https://accounts.google.com/gsi/; img-src 'self' https: data: blob: gs: https://d33v4339jhl8k0.cloudfront.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com/gsi/style https://*.iubenda.com https://assets.churnkey.co; font-src 'self' 'unsafe-inline' https://*.pixelcut.app https://fonts.gstatic.com https://assets.churnkey.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://accounts.google.com/gsi/client https://*.googleapis.com https://googleads.g.doubleclick.net https://apis.google.com https://cdn-cookieyes.com https://*.cookieyes.com https://challenges.cloudflare.com/turnstile/v0/api.js https://www.dropbox.com/static/api/2/dropins.js https://connect.facebook.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://*.googletagmanager.com https://js.stripe.com/v3 https://js.stripe.com/v3/ https://assets.churnkey.co https://*.iubenda.com https://r.wdfl.co todesktop-internal://*; object-src 'self' blob:; media-src 'self' blob: https://beacon-v2.helpscout.net https://cdn3.pixelcut.app https://storage.googleapis.com/ https://*.pixelcut.app https://*.pixelcut.ai; frame-src 'self' https://accounts.google.com/gsi/ https://auth.prod.pixelcut.ai https://challenges.cloudflare.com/ https://content.googleapis.com/ https://docs.google.com/ https://accounts.google.com/ https://td.doubleclick.net/ https://www.googletagmanager.com https://www.facebook.com https://js.stripe.com/; connect-src 'self' file: data: blob: filesystem: ws: https://images.unsplash.com https://images.pexels.com https://*.pixelcut.app https://*.pixelcut.ai https://d3hb14vkzrxvla.cloudfront.net https://*.pixelcut.app https://accounts.google.com/gsi/ https://*.googleapis.com https://www.googleadservices.com https://*.sentry.io https://*.mixpanel.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://endpoint1.collection.us2.sumologic.com https://cdn-cookieyes.com https://*.cookieyes.com https://dl.dropboxusercontent.com/1/ https://apis.google.com/ https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.google.com https://stripe.com https://*.stripe.com https://api.churnkey.co https://fal.media https://*.fal.media https://content.pixelcut.ai https://content-staging.pixelcut.ai https://assets.pixelcut.ai https://assets.staging.pixelcut.app https://api.getrewardful.com https://api.statsig.com https://featuregates.org https://statsigapi.net https://events.statsigapi.net https://api.statsigcdn.com https://featureassets.org https://assetsconfigcdn.org https://prodregistryv2.org https://cloudflare-dns.com https://beyondwickedmapping.org; worker-src 'self' blob:; child-src 'self' blob:; frame-ancestors 'none' 2
frame-ancestors 'self' https://*.mdr.de https://www.360-grad-sachsen.de https://odstaticmdr-a.akamaihd.net https://www.brisant.de 2
worker-src 'self' blob: *.vix.tv *.vix.com; frame-ancestors SAMEORIGIN; 2
img-src 'self' data: 'unsafe-inline' https://prodoctorov.ru https://protabletky.ru https://medotvet.me https://*.google-analytics.com *.google-analytics.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru https://yandex.ru *.yandex.net https://*.yandex.net yandex.st https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz *.google.com  https://*.google.com  *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.gstatic.com *.gstatic.com vk.com https://*.vk.com *.youtube.com *.twitter.com https://*.twitter.com *.googlezip.net https://*.ggpht.com https://www.googletagmanager.com https://*.facebook.com https://*.google.ru https://*.mail.ru seal.websecurity.norton.com www.honcode.ch https://prodoctorov.ru blob:; frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr webvisor.com blob: https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; default-src 'self'; frame-src * metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr webvisor.com blob: https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; object-src 'self' *.googlesyndication.com https://*.googlesyndication.com; style-src 'self' 'unsafe-inline' https://prodoctorov.ru https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com yastatic.net yandex.st https://tagmanager.google.com https://app.medlock.ru; media-src 'self' *.yandex.net yandex.st yastatic.net *.yandex.ru blob:; worker-src 'self' blob:; font-src 'self' https://*.gstatic.com *.gstatic.com data: https://yastatic.net chrome-extension; connect-src 'self' wss://prodoctorov.ru wss://medotvet.me wss://mc.yandex.ru *.yandex.ru *.google-analytics.com https://*.yandex.ru https://yandex.ru https://mc.yandex.com https://mc.yandex.md ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://www.google.ru https://translate.googleapis.com yandex.st https://yandex.st yastatic.net https://fcm.googleapis.com https://stats.g.doubleclick.net https://sentry.medrocket.ru https://sentry.prodoctorov.com https://*.facebook.com https://prodoctorov.ru https://rate.prodoctorov.ru https://rate-metrics.prodoctorov.ru https://app.medtochka.ru wss://app.medtochka.ru https://r.prodoctorov.ru https://ymetrica1.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://prodoctorov.ru *.google.com https://www.google.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com www.google.com https://*.gstatic.com https://*.yandex.net https://yandex.ru https://*.yandex.ru *.yandex.ru *.gstatic.com https://clck.yandex.ru *.twitter.com https://*.twitter.com yandex.st https://yandex.st https://connect.ok.ru vk.com https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com https://googletagmanager.com https://yastatic.net yastatic.net https://connect.facebook.net seal.websecurity.norton.com dunsregistered.dnb.com https://yookassa.ru https://*.yoomoney.ru https://*.cloudtips.ru; report-uri https://prodoctorov.ru/cspreport/ 2
default-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com ; script-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com payanyway.ru https://pay.google.com https://pay.yandex.ru https://mc.yandex.ru https://yastatic.net https://cdn-ru.bitrix24.ru https://b24-eye5y3.bitrix24.ru 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru www.payanyway.ru *.payanyway.com https://b24-eye5y3.bitrix24.ru 'unsafe-inline'; img-src * data:; font-src 'self' data: *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com ; connect-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru sbp.payanyway.ru *.payanyway.com https://mc.yandex.ru https://qr.nspk.ru https://widget.cbrpay.ru https://b24-eye5y3.bitrix24.ru ; frame-src https: sberpay: sbolpay: qr.nspk.ru mc.yandex.ru ; child-src blob: https://mc.yandex.ru ; report-uri /cspreport.htm 2
frame-ancestors 'self' *.ncaa.com *.sdata-cloud.com *.ampproject.org; 2
default-src 'self' *.snai.it ws: wss: www.datocms-assets.com * *.google-analytics.com snai-pscp.mstchannel.com; connect-src 'self' *.snai.it ws: wss: www.datocms-assets.com acsbapp.com captainup.com registry.spid.gov.it api.livestreaming.imgarena.com widgets.sir.sportradar.com www.googletagmanager.com * *.geniussports.com *.llnwd.net *.typekit.net *.go-mpulse.net *.woosmap.com *.cookiebot.com *.dynatrace.com *.sportradar.com *.akstat.io *.googleapis.com *.akamaihd.net onetag-sys.com *.akamaized.net *.google-analytics.com *.applicationinsights.azure.com; script-src 'self' *.snai.it blob: acsbapp.com mpsnare.iesnare.com www.googletagmanager.com * *.typekit.net *.woosmap.com *.cookiebot.com *.dynatrace.com *.pokersnai.it *.rfihub.com *.rfihub.net www.snaiabilita.it skill-sn.gioconlineitalia.it b2b.betpoint.it snaiwpprod.game360.it game-launcher-lux.isoftbet.com login-it.casino.pokersnai.it captainup.com vetrina.gntn-pgd.it snai.live.giocaonline.casino www.gntn-pgd.it litlobby.grattaevinci.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.snai.it extstg1-login.ptstaging.eu acsbapp.com b2b.betpoint.it captainup.com www.snaiabilita.it mpsnare.iesnare.com skill-sn.gioconlineitalia.it widgets.sir.sportradar.com www.googletagmanager.com *.gntn-pgd.it * *.go-mpulse.net *.game360.it *.isoftbet.com *.woosmap.com *.betpoint.it snai-pscp.mstchannel.com *.cookiebot.com *.dynatrace.com *.pokersnai.it *.rfihub.net *.rfihub.com *.qa.gameaccount.com *.sisal.it *.googleapis.com lit.grattaevinci.com onetag-sys.com *.gioconlineitalia.it snai-pscp-staging.mstchannel.com *.giocaonline.casino snai.live.giocaonline.casino webapp.woosmap.com 'unsafe-inline'; style-src 'self' *.snai.it fonts.cdnfonts.com widgets.sir.sportradar.com * *.typekit.net *.googleapis.com 'unsafe-inline'; frame-src 'self' *.snai.it acquistionlinetest.poste.it *.safecharge.com *.sisal.it *.gntn-pgd.it * *.mstchannel.com *.cookiebot.com *.ptstaging.eu *.pokersnai.it *.jumio.ai *.rfihub.net *.rfihub.com snai-pscp-staging.mstchannel.com report.liveg24.com login-it.casino.pokersnai.it snai.betstream.betgenius.com www.snaigiochi.it vetrina.giocodellotto.it litlobby.grattaevinci.com cachedownload-poker.casino.pokersnai.it mobile.casino.pokersnai.it cachedownload.casino.pokersnai.it 'unsafe-inline'; media-src 'self' *.snai.it blob: data: mpsnare.iesnare.com api.livestreaming.imgarena.com * *.geniussports.com *.llnwd.net *.akstat.io *.akamaized.net; font-src 'self' *.snai.it data: fonts.cdnfonts.com * *.typekit.net *.gstatic.com *.googleapis.com login-it.casino.pokersnai.it; img-src 'self' *.snai.it blob: data: www.datocms-assets.com login-pza.techonlinecorp.com imgsct.cookiebot.com * *.woosmap.com *.gstatic.com *.amazonaws.com *.sportradar.com *.googleapis.com *.doubleclick.net *.google-analytics.com www.googletagmanager.com; form-action 'self' *.snai.it; base-uri 'self' *.snai.it; frame-ancestors 'self' *.snai.it *.gntn-pgd.it * *.snaitech.net; object-src 'self' *.snai.it blob: data: *; block-all-mixed-content; upgrade-insecure-requests; 2
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';script-src-attr 'unsafe-inline' 'unsafe-hashes';img-src * data:;media-src *;font-src 'self' https://fonts.gstatic.com https://x.klarnacdn.net data:;frame-ancestors 'self';object-src 'none';base-uri 'self';form-action 'self' https://cdn-net.com https://*.cdn-net.com https://*.qualtrics.com;style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;worker-src 'self' blob:; 2
frame-ancestors https://*.sanity.studio https://*.complex.com https://*.samsung-news.com 2
img-src * data:; font-src * data:;  connect-src * data:; media-src * data: blob:; object-src *; frame-ancestors 'self' https://advancedmd-hub.knowledgeowl.com https://static-100.advancedmd.com https://static-999.advancedmd.com; 2
frame-ancestors 'self' *.sunrise.ch; frame-src https: mailto:; report-uri https://www.sunrise.ch/csp-collector 2
default-src 'self' * data: https: blob:; object-src 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src * 'self' blob:; img-src * 'self' data: https: blob:; style-src * 'self' 'unsafe-inline'; font-src * data:; frame-src * 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'  data: https://*.jnj.com https://*.brightspotcdn.com https://*.jnj.psdops.com https://*.brightspot.cloud https://*.s3.amazonaws.com https://*.gstatic.com  https://snap.licdn.com https://vjs.zencdn.net https://cdn.jsdelivr.net https://*.brightspotcdn.com https://cdn.plyr.io  https://*.youtube.com https://*.facebook.com https://*.twitter.com https://*.linkedin.com  https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com  https://*.google.co.in https://*.google-analytics.com http://*.facebook.net https://*.facebook.net  https://*.doubleclick.net https://static.ads-twitter.com  https://app.bowencraggs.com https://t.co https://p.adsymptotic.com  https://*.brightcove.com https://*.brightcovecdn.com http://*.brightcove.net https://*.brightcove.net  https://manifest.prod.boltdns.net https://*.akamaihd.net http://*.arcgisonline.com  https://cdn.linkedin.oribi.io https://cdn.cookielaw.org https://*.onetrust.com https://*.googlesyndication.com  https://perfectsense.atlassian.net https://trinitymedia.ai https://*.trinitymedia.ai  https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.kameleoon.io https://*.kameleoon.com  https://*.contextweb.com https://beacon.deepintent.com https://thrtle.com https://datawrapper.dwcdn.net https://www.datawrapper.de   blob: https://cdn.ampproject.org https://*.clarity.ms https://*.boltdns.net  https://www.google.de https://*.adobedtm.com https://*.taboola.com https://*.yimg.jp  https://*.smartnews-ads.com https://*.line-scdn.net https://*.yahoo.co.jp https://*.line.me  https://*.jnj.com.cn https://*.ytimg.com https://*.google-analytics.com https://*.bing.com   https://*.jsdelivr.net;   frame-ancestors https://cms2.jnj.com https://www.jnj.com  https://cms.jnj-qa.lower.jnj.brightspot.cloud https://cms.jnj-uat.lower.jnj.brightspot.cloud; 2
default-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.ytimg.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.fbcdn.net/ https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io https://*.voomly.com/ https://*.sdk.awswaf.com https://*.token.awswaf.com https://*.maptiler.com https://storage.googleapis.com https://*.mux.com https://www.gstatic.com https://*.hyros.com https://*.hyr.so https://*.stream-io-video.com https://*.stream-io-api.com wss://*.stream-io-video.com wss://*.stream-io-api.com https://unpkg.com/@stream-io/ https://*.stream-io-cdn.com/ maps.googleapis.com places.googleapis.com; font-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.ytimg.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.fbcdn.net/ https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io https://*.voomly.com/ https://*.sdk.awswaf.com https://*.token.awswaf.com https://*.maptiler.com https://storage.googleapis.com https://*.mux.com https://www.gstatic.com https://*.hyros.com https://*.hyr.so https://*.stream-io-video.com https://*.stream-io-api.com wss://*.stream-io-video.com wss://*.stream-io-api.com https://unpkg.com/@stream-io/ https://*.stream-io-cdn.com/ maps.googleapis.com places.googleapis.com 'self' data:; media-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.ytimg.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.fbcdn.net/ https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io https://*.voomly.com/ https://*.sdk.awswaf.com https://*.token.awswaf.com https://*.maptiler.com https://storage.googleapis.com https://*.mux.com https://www.gstatic.com https://*.hyros.com https://*.hyr.so https://*.stream-io-video.com https://*.stream-io-api.com wss://*.stream-io-video.com wss://*.stream-io-api.com https://unpkg.com/@stream-io/ https://*.stream-io-cdn.com/ maps.googleapis.com places.googleapis.com 'self' data:; img-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.ytimg.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.fbcdn.net/ https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io https://*.voomly.com/ https://*.sdk.awswaf.com https://*.token.awswaf.com https://*.maptiler.com https://storage.googleapis.com https://*.mux.com https://www.gstatic.com https://*.hyros.com https://*.hyr.so https://*.stream-io-video.com https://*.stream-io-api.com wss://*.stream-io-video.com wss://*.stream-io-api.com https://unpkg.com/@stream-io/ https://*.stream-io-cdn.com/ maps.googleapis.com places.googleapis.com https: data:; script-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.ytimg.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.fbcdn.net/ https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io https://*.voomly.com/ https://*.sdk.awswaf.com https://*.token.awswaf.com https://*.maptiler.com https://storage.googleapis.com https://*.mux.com https://www.gstatic.com https://*.hyros.com https://*.hyr.so https://*.stream-io-video.com https://*.stream-io-api.com wss://*.stream-io-video.com wss://*.stream-io-api.com https://unpkg.com/@stream-io/ https://*.stream-io-cdn.com/ maps.googleapis.com places.googleapis.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.ytimg.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.fbcdn.net/ https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io https://*.voomly.com/ https://*.sdk.awswaf.com https://*.token.awswaf.com https://*.maptiler.com https://storage.googleapis.com https://*.mux.com https://www.gstatic.com https://*.hyros.com https://*.hyr.so https://*.stream-io-video.com https://*.stream-io-api.com wss://*.stream-io-video.com wss://*.stream-io-api.com https://unpkg.com/@stream-io/ https://*.stream-io-cdn.com/ maps.googleapis.com places.googleapis.com 'unsafe-inline'; connect-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.ytimg.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.fbcdn.net/ https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io https://*.voomly.com/ https://*.sdk.awswaf.com https://*.token.awswaf.com https://*.maptiler.com https://storage.googleapis.com https://*.mux.com https://www.gstatic.com https://*.hyros.com https://*.hyr.so https://*.stream-io-video.com https://*.stream-io-api.com wss://*.stream-io-video.com wss://*.stream-io-api.com https://unpkg.com/@stream-io/ https://*.stream-io-cdn.com/ maps.googleapis.com places.googleapis.com data: wss://*.skool.com ws://localhost:3000/_next/webpack-hmr https://o4505174093594624.ingest.sentry.io 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; frame-ancestors 'self' audioplayer.pe; 2
frame-ancestors 'self' fozzy.com *.fozzy.com; 2
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.afr.com *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' *.criipto.id  cdnjs.cloudflare.com *.maxcdn.com ajax.googleapis.com maxcdn.bootstrapcdn.com *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; ;frame-ancestors 'self' *.webhosting.dk webhosting.dk ajax.googleapis.com *.facebook.com *.facebook.net googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; img-src https://* data:; frame-src 'self' 'unsafe-inline' ajax.googleapis.com  *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com doubleclick.net *.doubleclick.net *.googleadservices.com googleadservices.com; 2
frame-ancestors 'self'  *.ampproject.org *.zdbb.net 2
default-src 'self' https://cdn.finnair.com https://pay.finnair.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.finnair.com *.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://bat.bing.com https://*.akamaihd.net https://*.go-mpulse.net https://*.quantummetric.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://connect.facebook.net https://www.dwin1.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://snap.licdn.com https://finnair.my.salesforce-sites.com https://finnair.my.site.com https://*.my.salesforce-scrt.com https://*.hotjar.com https://*.ads-twitter.com https://cdn.jsdelivr.net/npm/tesseract.js@v5.0.4/ https://cdn.jsdelivr.net/npm/tesseract.js-core@v5.0.0/ https://xsell.expedia.com; style-src 'self' 'unsafe-inline' *.finnair.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.reactandshare.com https://finnair.my.salesforce-sites.com https://finnair.my.site.com https://*.my.salesforce-scrt.com; img-src 'self' data: *.finnair.com *.google-analytics.com https://*.ytimg.com https://*.akamaihd.net https://*.akstat.io https://www.googletagmanager.com https://maps.googleapis.com https://*.gstatic.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it https://pagead2.googlesyndication.com *.doubleclick.net https://www.googleadservices.com https://*.analytics.google.com https://www.facebook.com https://www.awin1.com https://www.dwin1.com https://cdn.smartvel.com https://bat.bing.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://analytics.twitter.com https://t.co https://script.hotjar.com https://play-lh.googleusercontent.com https://ade.googlesyndication.com https://cms-scdn.airtime.geemedia.com; manifest-src 'self' https://cdn.finnair.com; font-src 'self' data: https://cdn.finnair.com https://maps.googleapis.com https://*.gstatic.com https://cdn.smartvel.com https://cdn-qa.smartvel.com https://*.reactandshare.com https://script.hotjar.com; connect-src 'self' *.finnair.com https://sentry.io https://*.sentry.io https://*.akamaihd.net https://*.akstat.io https://c.go-mpulse.net https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://search-api.swiftype.com https://finnair-app.quantummetric.com *.google-analytics.com https://pagead2.googlesyndication.com https://www.googleadservices.com *.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it https://www.facebook.com https://green.am.apps.avarko.com https://*.aurinkomatkat.fi https://api.smartvel.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://finnair-app-search.ent.eu-central-1.aws.cloud.es.io https://*.reactandshare.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://*.analytics.twitter.com https://finnair.my.salesforce-sites.com https://finnair.my.site.com https://*.my.salesforce-scrt.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.safetravel.amadeus.com https://wasm.oho.prd.icm.aero; child-src 'self' https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://www.facebook.com https://staticxx.facebook.com blob:; frame-src 'self' https://sst.finnair.com https://*.force.com https://*.salesforce.com https://*.my.site.com https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://api-dev.finnair.com https://api-test.finnair.com https://api-preprod.finnair.com https://3530909.fls.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://finnair.eu.qualtrics.com https://www.facebook.com https://*.points.com https://13389050.fls.doubleclick.net https://vars.hotjar.com https://product-router.cartrawler.com https://*.hotels.finnair.com; worker-src 'self' https://finnair.3dseatmapvr.com blob:; sandbox allow-popups allow-forms allow-scripts allow-same-origin allow-modals allow-popups-to-escape-sandbox allow-top-navigation allow-downloads; frame-ancestors 'self'; object-src 'none'; media-src https://finnair.3dseatmapvr.com https://cdn.finnair.com; 2
object-src 'none', frame-ancestors https://www.facebook.com 2
block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' bugcrowd.com; 2
frame-ancestors 'self';media-src 'self' js.intercomcdn.com; connect-src 'self' https://cdn.cookielaw.org api-iam.intercom.io nexus-websocket-a.intercom.io api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com *.clarity.ms stats.g.doubleclick.net;default-src 'self';frame-src 'self' intercom-sheets.com; script-src 'self' *.intercomcdn.com *.heapanalytics.com www.googletagmanager.com cdn.cookielaw.org platform.twitter.com www.clarity.ms www.google-analytics.com static.ads-twitter.com widget.intercom.io 'unsafe-inline';style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com;img-src 'self' *.intercomcdn.com fonts.gstatic.com fast.fonts.net heapanalytics.com cdn.cookielaw.org c.clarity.ms t.co analytics.twitter.com c.bing.com www.google.com www.google.com.np https://www.googletagmanager.com static.intercomassets.com data:;object-src 'none';base-uri 'self';form-action 'self';upgrade-insecure-requests 2
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com teams.cloud.microsoft *.skype.com 2
default-src 'self' 'unsafe-inline'; script-src creatives.al-adtech.com telegram.org px.adhigh.net cdn.uxfeedback.ru cloud.ru content.cloud.ru cdn.cloud.ru mtm.sbercloud.tech facecast.net qoopler.ru *.mindbox.ru *.jivo.ru ad.adriver.ru dmp.sbermarketing.ru www.googleanalytics.com www.google-analytics.com www.googleoptimize.com www.googletagmanager.com www.googleadservices.com mc.yandex.ru api-maps.yandex.ru connect.facebook.net top-fwz1.mail.ru api.ipify.org vk.com vkvideo.ru googleads.g.doubleclick.net yastatic.net *.cdnvideo.ru st.top100.ru www.youtube.com optimize.google.com abt.s3.yandex.net www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' data: blob:; img-src ssp.al-adtech.com px.adhigh.net *.ops.beeline.ru *.jivo.ru *.uxfeedback.ru tech.rtb.mts.ru *.hc.sbercloud.ru *.hc.cloud.ru optimize.google.com i.ytimg.com mc.yandex.ru *.api-maps.yandex.ru cdn.cloud.ru cdn.sbercloud.ru cloud.ru www.google.com www.google.ru vk.com vkvideo.ru www.google-analytics.com www.facebook.com www.googletagmanager.com content.cloud.ru google-analytics.bi.owox.com kraken.rambler.ru top-fwz1.mail.ru ad.adriver.ru *.mindbox.ru data:; connect-src ai-agents.api.cloud.ru telegram.org marketplace.cloud.ru id.cloud.ru console.cloud.ru widget-api.uxfeedback.ru *.jivo.ru *.mindbox.ru uaas.yandex.ru *.api-maps.yandex.ru api-maps.yandex.ru *.maps.yandex.net dmp.sbermarketing.ru mlspace.aicloud.sbercloud.ru cloud.ru api.cloud.ru mtm.sbercloud.tech www.facebook.com www.google-analytics.com mc.yandex.ru top-fwz1.mail.ru stats.g.doubleclick.net vk.com vkvideo.ru kraken-mdt.rambler.ru kraken.rambler.ru sentry.sbercloud.tech analytics.google.com wss://*.jivo.ru blob:; frame-src console.cloud.ru yandex.ru facecast.net vk.com vkvideo.ru px.adhigh.net rutube.ru content.adriver.ru optimize.google.com w.soundcloud.com readymag.website readymag.com www.facebook.com www.youtube.com mc.yandex.ru www.google.com recaptcha.google.com blob:; media-src cdn.cloud.ru cdn-video.cloud.ru cloud.ru *.jivo.ru; style-src cloud.ru optimize.google.com *.jivo.ru fonts.googleapis.com 'unsafe-inline'; font-src cloud.ru fonts.gstatic.com data:; worker-src blob:; child-src mc.yandex.ru blob:; style-src-elem 'unsafe-inline' cloud.ru cdn.uxfeedback.ru *.jivo.ru *.mindbox.ru; 2
base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.cmh-1.pipedriveassets.com cdn.segment.com cdn-segment.pipedrive.com *.pipedrive.com *.pipedriveassets.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com snippet.growsumo.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com www.gstatic.cn connect.facebook.net *.hotjar.com *.outbrain.com www.redditstatic.com www.youtube.com play.vidyard.com *.doubleclick.net *.taboola.com app.livestorm.co www.googleadservices.com static.ads-twitter.com https://*.browser-intake-datadoghq.com www-cms.pipedriveassets.com bat.bing.com *.quora.com js.grsm.io analytics.tiktok.com c.amazon-adsystem.com www.recaptcha.net recaptcha.net js.adsrvr.org secure.adnxs.com acdn.adnxs.com vitals.vercel-insights.com *.contentsquare.net app.contentsquare.com https://rs.eu1.fullstory.com https://static.xingcdn.com s.dpmsrv.com ib.adnxs.com a.dpmsrv.com d34r8q7sht0t9k.cloudfront.net scripts.rubiconredirect.com launcher.1mind.com pixel.rubiconredirect.com *.amplitude.com https://p.teads.tv a.omappapi.com googleadservices.com tpc.googlesyndication.com analytics.twitter.com storage.googleapis.com; style-src 'self' 'unsafe-inline' cdn.cmh-1.pipedriveassets.com *.amplitude.com fonts.googleapis.com www.googletagmanager.com www-cms.pipedriveassets.com a.omappapi.com; frame-src cdn.cmh-1.pipedriveassets.com *.cdn.optimizely.com *.cdn-pci.optimizely.com www.facebook.com www.youtube.com www.youtube-nocookie.com www.google.com www.googletagmanager.com play.vidyard.com *.doubleclick.net app.livestorm.co tpc.googlesyndication.com airtable.com webforms.pipedrive.com s.amazon-adsystem.com www.recaptcha.net recaptcha.net *.adsrvr.org pipedrive.1mind.com pipedrive-sandbox.1mind.com https://p.teads.tv https://fledge.teads.tv *.hotjar.com; img-src 'self' data: https://*; object-src 'none'; worker-src 'self' blob:;; report-uri https://www.pipedrive.com/api/csp-reports 2
upgrade-insecure-requests; frame-ancestors 'self' https://explore.sugarcrm.com *.demo.sugarcrm.eu *.demo.sugarcrm.com *.sugarondemand.com *.service.sugarcrm.com *.service.sugarcrm.eu *.sugarapps.com *.msqa.sugarcrm.com *.training.sugarcrm.com; 2
frame-ancestors 'self' https://webhare.utwente.nl https://portal-test.utsp.utwente.nl 2
frame-ancestors 'self' https://fizy.com https://play.fizy.com; 2
frame-ancestors 'self' *.sf.intra.laposte.fr *.labanquepostale.fr file://* ; 2
default-src https://www.myherbalife.com/71_EVsM-fxqZqHDvaIwt30YTn4s/7LD9NpfhVmSQXQ/W3QcSzUB/fmw/YfWd4SggB  * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' p11.techlab-cdn.com; 2
default-src *.nic.ch *.nic.li *.switch.ch; style-src 'unsafe-inline' *.nic.ch *.nic.li *.switch.ch; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nic.ch *.nic.li *.switch.ch; img-src data: *.nic.ch *.nic.li *.switch.ch; object-src 'none'; form-action 'self' *.nic.ch *.nic.li *.switch.ch *.eduid.ch export.highcharts.com; font-src data: *.nic.ch *.nic.li *.switch.ch; frame-ancestors *.nic.ch *.nic.li *.switch.ch; frame-src * 2
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.googleapis.com *.gstatic.com *.googleusercontent.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://recaptcha.net https://cdn.cookielaw.org  blob:; object-src https:; style-src 'unsafe-inline' https:; img-src 'self' https: *.keepeek-dev.com *.keepeek.com https://cdn.cookielaw.org mediaassets.airbus.com data:; media-src 'self' https: *.keepeek-dev.com *.keepeek.com blob:; frame-src 'self' https: https://www.youtube.com/embed/ https://youtu.be https://www.google.com/maps/ *.keepeek-dev.com *.keepeek.com https://airbus2024eutfm.q4web.com; child-src blob: https://airbus2024eutfm.q4web.com; font-src https: data:; connect-src https: wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' blob: commercial.cdn.aws.placeit.net commercial-staging.cdn.aws.placeit.net;    base-uri 'self' *.plasmic.app;    connect-src 'self' 'unsafe-inline' blob: *.googleapis.com *.googleadservices.com *.algolia.io *.algolia.net *.algolianet.com *.amazonaws.com *.bing.com *.braintree-api.com *.braintreegateway.com *.envato-staging.com *.envato.com *.envato.market *.envato.test *.facebook.com *.g.doubleclick.net *.doubleclick.net *.google-analytics.com *.analytics.google.com *.google.com google.com *.hotjar.com *.hotjar.io *.ip-api.com *.maxmind.com *.nr-data.net *.olark.com *.pinterest.com *.placeit.net *.recurly.com *.segment.io *.thenounproject.com *.uservoice.com code.jquery.com httpbin.org smart-templates.us nice.staging.placeit.net *.instagram.com *.pinpiaa.com wss://*.hotjar.com *.tiktok.com *.amplitude.com *.kaptcha.com wss://*.pusher.com *.paypal.com *.cookiebot.com *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.placeitcode.net *.browser-intake-datadoghq.com browser-intake-datadoghq.com placeit.net *.plasmic.app sentry.io *.posthog.com *.plasmic.app;    font-src 'self' data: *.amazonaws.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.gstatic.com *.olark.com *.placeit.net *.quadpay.com *.zscalerone.net github.com use.typekit.net *.hotjar.com *.placeitcode.net placeit.net *.plasmic.app;    frame-src 'self' *.braintreegateway.com *.doubleclick.net *.envato.market *.facebook.com *.freshdesk.com *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.hotjar.com *.kaptcha.com *.olark.com *.paypal.com *.recurly.com *.twitter.com *.uservoice.com *.youtube.com *.youtube-nocookie.com cdn.wishpond.net *.pinterest.com gateway.zscalerone.net localhost:* *.googleapis.com *.instagram.com *.google.com google.com *.placeit.net *.accounts.google.com *.cookiebot.com *.placeitcode.net placeit.net *.stripe.com *.plasmic.app ;    frame-ancestors 'none';    media-src 'self' data: blob: *.olark.com *.placeit.net *.zscalerone.net ssl.gstatic.com *.amazonaws.com *.cloudfront.net *.placeitcode.net placeit.net *.mozilla.net *.plasmic.app;    img-src 'self' blob: data: https: http: ;    script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: js.recurly.com js.braintreegateway.com *.algolia.net *.algolianet.com *.amazonaws.com *.bing.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com google.com *.googleapis.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.gstatic.com *.hotjar.com *.impactradius-event.com *.jsdelivr.net *.linkedin.com *.newrelic.com *.nr-data.net *.olark.com *.paypal.com *.pinimg.com *.placeit.net *.segment.com *.twitter.com *.uservoice.com *.youtube.com cdn.wishpond.net unpkg.com *.upscope.io *.clarity.ms *.tiktok.com *.amplitude.com *.kaptcha.com *.cookiebot.com *.jsdelivr.net placeit.net *.placeitcode.net *.plasmic.app *.stripe.com *.plasmic.app;    style-src 'self' 'unsafe-inline' *.olark.com *.googleapis.com *.olark.com *.amazonaws.com *.bootstrapcdn.com *.cloudflare.com *.placeit.net *.zscalerone.net fast.fonts.net *.typekit.net *.cloudfront.net *.google.com google.com *.jsdelivr.net *.placeitcode.net placeit.net *.plasmic.app *.plasmic.app;    form-action 'self' javascript: localhost:* *.twitter.com *.pinterest.com *.facebook.com *.envato-staging.com *.envato.com *.placeit.net *.placeitcode.net placeit.net *.plasmic.app; 2
frame-ancestors 'self' https://*.myshopify.com https://*.mybigcommerce.com; 2
object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https: blob:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data: 2
default-src 'self'  blob:  data:  https:  https://*.assets.schwarz  https://*.doubleclick.net  https://*.discoverfy.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://*.youtube-nocookie.com  https://cdn.cookielaw.org  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com  data:  https://csp.cre.lidl-shop.com; frame-src https://*.doubleclick.net  https://*.discoverfy.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://*.youtube-nocookie.com  https://cdn.aplazame.com/  https://checkout.aplazame.com/  https://consentcdn.cookiebot.com/  https://creativecdn.com  https://*.creativecdn.com  https://form.lidl.com/  https://forms-prod.enc-test.de/  https://gum.criteo.com  https://sorteo.esdelidl.es  https://static.criteo.net  https://www.google.com  https://www.youtube.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com  https://www.googletagmanager.com  https://fledge.eu.criteo.com  https://*.adsrvr.org; img-src 'self'  data:  https:  https://*.assets.schwarz  https://*.doubleclick.net  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://cdn.cookielaw.org  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com  data:; object-src https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.leaflets.schwarz  https://*.livebuy.io  https://*.tradedoubler.com  data:; script-src 'self'  'unsafe-eval'  'unsafe-inline'  blob:  https:  https://*.doubleclick.net  https://*.discoverfy.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://ajax.googleapis.com  https://c.searchhub.io  https://cdn.cookielaw.org  https://creativecdn.com  https://*.creativecdn.com  https://recommendations.lidl-shop.com  https://www.googletagmanager.com  https://www.youtube.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com  https://*.adsrvr.org  data:; style-src 'self'  'unsafe-inline'  https:  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.medallia.eu  https://*.tradedoubler.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com; frame-ancestors 'self'  https://*.lidl.com  https://*.lidl.es  https://*.livebuy.io  https://beeem.co; report-uri https://csp.cre.lidl-shop.com/csp/report; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://j.6sc.co https://scripts.clarity.ms https://ssl.pstatic.net https://bat.bing.com https://bat.bing.net https://cta-service-cms2.hubspot.com https://a.quora.com https://api.fraud0.com https://wcs.naver.net https://cdn.segment.com https://js.hubspot.com https://static.hsappstatic.net https://48752163.fs1.hubspotusercontent-na1.net https://monitor.tapper.ai https://link.edgepilot.com https://www.onelink-edge.com https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://region1.analytics.google.com https://*.mktoutil.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://*.criteo.com https://public.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com/launcher.js https://bat.bing.com https://www.youtube.com https://www.clarity.ms https://cdnjs.cloudflare.com https://test.salesforce.com https://webto.salesforce.com https://tracker.adreadyclick.com https://code.jquery.com https://kit.fontawesome.com https://survey.alchemer.com https://www.surveygizmo.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://*.go-mpulse.net https://*.rfihub.net https://cdn.boomtrain.com https://secure.adnxs.com https://acdn.adnxs.com https://*.kaltura.com https://live.rezync.com https://www.googleadservices.com https://analytics.tiktok.com https://bs.serving-sys.com https://secure-ds.serving-sys.com  https://sc-static.net https://snap.licdn.com https://*.optimix.cn https://munchkin.marketo.net https://cdn.resonate.com https://libjs.s4mdsp.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://google.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://www.googletagmanager.com https://*.ets.org https://assets.adobedtm.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://888-oul-143.mktoweb.com https://js.hsforms.net https://js-eu1.hsforms.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://www.surveygizmo.com https://fonts.googleapis.com https://*.ets.org https://maxcdn.bootstrapcdn.com https://assets.adobedtm.com https://ka-f.fontawesome.com https://888-oul-143.mktoweb.com; font-src 'self' data: https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://ka-p.fontawesome.com https://google.com https://googleads.g.doubleclick.net https://www.surveygizmo.com https://*.kaltura.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://ka-f.fontawesome.com https://*.kaltura.com; connect-src 'self' https://*.6sc.co https://faro-collector-prod-us-east-2.grafana.net https://cdn.jsdelivr.net https://wcs.naver.com https://cdn.segment.com https://api.segment.io https://protect.tapper.ai https://cta-service-cms2.hubspot.com https://forms-eu1.hsforms.com https://www.onelink-edge.com https://www.googleadservices.com https://region1.google-analytics.com https://region1.analytics.google.com https://analytics-ipv6.tiktokw.us https://api.fraud0.com https://bat.bing.com https://*.tt.omtrdc.net https://www.gstatic.com https://www.google.com https://www.google.co.in https://pagead2.googlesyndication.com https://*.google-analytics.com https://analytics.pangle-ads.com https://*.mktoutil.com https://ib.adnxs.com https://google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://tr.snapchat.com https://kit.fontawesome.com https://test.salesforce.com https://webto.salesforce.com https://www.livelook.com/cobrowse/auth https://www.livelook.com https://*.clarity.ms/ https://ka-p.fontawesome.com https://pixelconnector.adready.com https://*.kaltura.com https://*.akamaihd.net https://*.rfihub.net https://*.akstat.io https://*.go-mpulse.net https://people.api.boomtrain.com https://events.api.boomtrain.com https://www.facebook.com https://analytics.tiktok.com https://lm.serving-sys.com https://secure-ds.serving-sys.com https://tr-shadow.snapchat.com https://cdn.linkedin.oribi.io https://analytics.google.com https://stats.g.doubleclick.net https://709-zco-379.mktoresp.com https://www.google-analytics.com https://ssl.google-analytics.com https://ds.reson8.com https://forms.hscollectedforms.net https://*.ets.org https://ets-app-privacy.my.onetrust.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://ka-f.fontawesome.com https://cdn.cookielaw.org https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms-na1.hubspot.com wss://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; frame-ancestors https://oets-tst.ets.org https://oets-stg.ets.org https://oets.ets.org https://toeflibt-cn-dev.ets.org https://toeflibt-cn-test.ets.org https://toeflibt-cn-stg.ets.org https://toeflibt-cn.ets.org https://toeflibt.ets.org https://toeflibt-dev.ets.org https://toeflibt-test.ets.org https://toeflibt-stg.ets.org https://v2-dev.ereg.ets.org https://v2-tst.ereg.ets.org https://v2-uat.ereg.ets.org https://v2.ereg.ets.org; frame-src 'self' https://js.hsforms.net https://js-eu1.hsforms.net https://forms-eu1.hsforms.com https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.livelook.com/ https://td.doubleclick.net/ https://static.criteo.net https://*.criteo.com https://www.googletagmanager.com https://public.cobrowse.oraclecloud.com https://s.amazon-adsystem.com https://*.kaltura.com https://*.fls.doubleclick.net https://*.rfihub.com https://www.facebook.com https://*.snapchat.com https://e03.optimix.cn https://www.google-analytics.com https://ssl.google-analytics.com https://888-oul-143.mktoweb.com https://www.youtube.com https://*.ets.org https://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com https://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com https://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com https://forms.hsforms.com; media-src 'self' blob: data: https://*.ets.org https://*.kaltura.com https://public.cobrowse.oraclecloud.com https://google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com ; img-src 'self' data: https: https://www.surveygizmo.com https://i.ytimg.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://aax-eu.amazon-adsystem.com https://bx01.optimix.cn https://cm.g.doubleclick.net https://e03.optimix.cn https://forms.hsforms.com https://track.hubspot.com https://google.com https://googleads.g.doubleclick.net https://www.facebook.com https://px.ads.linkedin.com https://cfvod.kaltura.com https://maps.gstatic.com https://cdn.cookielaw.org https://objectstorage.us-ashburn-1.oraclecloud.com https://*.akstat.io; worker-src blob: https:; 2
default-src 'self' https://*.rhrz.uni-bonn.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://uni-bonn.de https://www.uni-bonn.de https://*.rhrz.uni-bonn.de https://*.hrz.uni-bonn.de https://www.youtube.com https://s.ytimg.com https://apis.google.com https://ajax.googleapis.com https://pjdcqgnb0lmk.statuspage.io https://*.siteimprove.com; img-src 'self' data: https://uni-bonn.de https://www.uni-bonn.de https://*.uni-bonn.de https://*.rhrz.uni-bonn.de https://i.ytimg.com https://*.googleapis.com https://*.vimeocdn.com https://*.youtube.com https://*.siteimprove.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://*.siteimprove.com data:; object-src 'self' blob:; frame-src 'self' https://*.uni-bonn.de:* https://*.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://content-youtube.googleapis.com https://content.googleapis.com https://pjdcqgnb0lmk.statuspage.io https://www.podcaster.de mailto://*; frame-ancestors 'self' https://*.uni-bonn.de; connect-src 'self' https://uni-bonn.de https://www.uni-bonn.de https://apis.google.com https://webstat.hrz.uni-bonn.de https://cms-proxy.uni-bonn.de 2
frame-ancestors 'self' https://app.contentstack.com https://eu-app.contentstack.com http://localhost:5173 https://preview-share-ui.contentstack.com https://*.contentstackapps.com 2
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self' https://*.mobilexpress.com.tr; form-action 'self' https://*.mobilexpress.com.tr; object-src 'none'; 2
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ;  style-src 'self' data: 'unsafe-inline' https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com;  img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://*.googletagmanager.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ;  font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ;  connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com wss://ws-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ;  media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://storage.googleapis.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com https://directory-live.cb.dev https://directory-v3-live.cb.dev https://*.live.mmwebc.dev https://cbxyz.com ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://saas-onboarding.incodesmile.com https://smartpay.coinsmart.com https://crypto-payments.net https://secure.paygarden.com ;  manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ;  report-uri https://report-uri.mmcdn.com/r/t/csp/enforce; 2
frame-ancestors 'self' *.wsgc.com carectruiprd.wsgc.com oms.wsgc.com carectruiprd-dr.wsgc.com oms-dr.wsgc.com trn1-wcc.wsgc.com trn1-sterling.wsgc.com trn1-ccui.wsgc.com 2
frame-ancestors https://*.toast.com https://*.dooray.com https://dooray.com 2
frame-ancestors 'self' *.dimelochat.com *.engagement.dimelo.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ajax.aspnetcdn.com https://consent.cookiebot.com https://visualisation.polimapper.co.uk https://consentcdn.cookiebot.com https://www.youtube.com https://app.five9.eu https://*.cloudfront.net https://connect.facebook.net https://sc-static.net https://*.redditstatic.com https://static.ads-twitter.com https://js.adsrvr.org https://*.snapchat.com https://settings.luckyorange.net https://*.luckyorange.net https://cdn.luckyorange.com;object-src 'none';style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;img-src 'self' data: https://www.googletagmanager.com https://*.googlesyndication.com https://img.youtube.com https://imgsct.cookiebot.com https://2673654.fls.doubleclick.net https://*.twitter.com https://t.co https://*.doubleclick.net https://*.reddit.net https://*.reddit.com https://adservice.google.com;frame-src 'self' https://*.snapchat.com https://insight.adsrvr.org https://www.youtube.com https://consentcdn.cookiebot.com https://2673654.fls.doubleclick.net https://ad.doubleclick.net https://visualisation.polimapper.co.uk https://td.doubleclick.net https://img.youtube.com https://app.five9.eu https://match.adsrvr.org https://app.sli.do https://auth.slido.com https://app.powerbi.com;font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://maxcdn.bootstrapcdn.com;connect-src 'self' https://*.snapchat.com https://settings.luckyorange.net https://*.luckyorange.net https://cdn.luckyorange.com https://upload.luckyorange.net wss://*.luckyorange.net https://*.reddit.com https://*.redditstatic.com https://*.googleapis.com https://*.google-analytics.com https://ad.doubleclick.net https://*.doubleclick.net https://insight.adsrvr.org https://match.adsrvr.org https://consentcdn.cookiebot.com 2
default-src 'self' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in *.youtube.com data:;connect-src 'self' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in *.youtube.com *.ux4g.gov.in data:;script-src 'self' 'unsafe-eval' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in *.ux4g.gov.in;style-src 'self' 'unsafe-inline' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in *.ux4g.gov.in;object-src 'self' data:;frame-src 'self' docs.google.com *.youtube.com *.youtube-nocookie.com *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in *.ux4g.gov.in app.powerbi.com  data:;frame-ancestors 'self' docs.google.com *.youtube.com *.youtube-nocookie.com *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in app.powerbi.com data:; 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: yoti: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com global.frcapi.com *.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.mmcdn.com *.agego.com www.youtube.com info.pornorama.com www.tjk-njk.com *.yoti.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.acdn5165543.com *.aacdn.net martted.com *.opoxv.com *.analvids.com tour1.analvids.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.mmcdn.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us storage.agego.com *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net xenoly7.com miraco7.com clariva5.com miraex6.com go2fridayroll.com solvix8.com linktoliraspin.com clyoro7.com volexa5.com dynara3.com veltor2.com *.trackingtraffo.com trackingtraffo.com *.nowsrv.com betoholictrack.net refpa2518.com refpa3665.com melbet-ma.com melbetegypt.com 1xlite-815256.bar *.staticfilesonly.com *.analvids.com tour1.analvids.com; report-uri https://www.pornorama.com/csp-reports; report-to csp-endpoint 2
default-src 'self'; script-src 'self' 'unsafe-eval' https://static.siege-amazon.com https://www.googletagmanager.com https://*.doubleclick.net https://d3.wholefoodsmarket.com https://c.la4-c3-ia2.salesforceliveagent.com https://c.la2-c1-phx.salesforceliveagent.com https://service.force.com https://dev.wholelabs.com:3333 https://dev.wholefoodsmarket.com:3031 https://s.amazon-adsystem.com https://*.googleapis.com https://*.amazon.com https://*.wholefoodsmarket.com https://wholefoodsmarket.com https://*.media-amazon.com https://media-amazon.com 'nonce-ZGU1YzkyNDktMDk4Mi00ZWI4LWI4MmMtMDRlYjQwYWQ2OGY5'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.wholefoodsmarket.com https://wholefoodsmarket.com https://*.amazon.com; img-src 'self' blob: data: https://picsum.photos https://www.googletagmanager.com https://*.media-amazon.com https://media-amazon.com https://*.google.com https://google.com https://assets.wholefoodsmarket.com https://images-na.ssl-images-amazon.com https://s.amazon-adsystem.com https://media-origin-na-ssl.integ.amazon.com https://sage.blob.core.windows.net https://via.placeholder.com https://*.googleapis.com https://*.wholefoodsmarket.com https://wholefoodsmarket.com https://amazon.com https://*.amazon.com; font-src 'self' data: https://fonts.gstatic.com https://*.wholefoodsmarket.com; object-src data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://doubleclick.net; connect-src 'self' https://*.amazonaws.com https://fls-na.amazon.com https://wfm.integ.amazon.com https://*.wholefoodsmarket.com https://wholefoodsmarket.com https://*.google.com https://google.com https://www.google-analytics.com https://doubleclick.net https://*.doubleclick.net https://googleapis.com https://*.googleapis.com https://amazon.com https://*.amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon; upgrade-insecure-requests; 2
default-src 'self'; font-src data: https://apps.bazaarvoice.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.de https://app.usercentrics.eu https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.de https://tags.tiqcdn.com https://web.cmp.usercentrics.eu https://www.dm.de https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.de https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omacs.nonprod.services.dmtech.com https://omacs.services.dmtech.com https://omc.dm.de https://predictive-shopping-service.services.dmtech.com https://product-based-recos.services.dmtech.com https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://s2s.adjust.com https://services.dm.de https://signin.dm.de https://staedtetour.dm-fb2.de https://stars.services.dmtech.com https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://v1.api.service.cmp.usercentrics.eu https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cartnext.services.dmtech.com https://products.dm.de https://pds-api-prod.apps.prod.gcp.dmtech.cloud https://shopping-list-prod.services.dmtech.com; media-src 'self'; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.de https://giftcard-checkout.dm.de/api/checkout https://signin.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://composer.apps.nonprod.gcp.dmtech.cloud https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://editorial-content.dm-static.com https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://products.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.de https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://kinderwunschsprechstunde.podigee.io https://player.podigee-cdn.net https://recaptcha.google.com/recaptcha/ https://sandbox.om.dm.de https://web.cmp.usercentrics.eu https://www.google.com/recaptcha/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 2
frame-ancestors 'self' *.springernature.com; 2
base-uri 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://cse.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://partner.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://www.google.com; frame-ancestors 'self'; form-action 'self' https: https://*.state.ak.us https://*.alaska.gov; img-src 'self' https://*.state.ak.us https://*.alaska.gov https://www.google-analytics.com https://www.googleapis.com https://www.google.com https://clients1.google.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com 2
default-src 'none'; frame-ancestors https://*.sr.se http://localhost:* https://lookerstudio.google.com https://app.kilkaya.com; form-action 'self' https://www.sverigesradio.se; base-uri 'self'; connect-src 'self' https://sr.se https://*.sr.se https://sverigesradio.se https://*.sverigesradio.se https://*.cdn.svt.se https://sr.reco.ebu.io https://*.google-analytics.com https://*.ingest.de.sentry.io https://cl-eu6.k5a.io   https://statistics-event-api-fe.sr.se; script-src 'self' 'unsafe-inline'  https://www.googletagmanager.com https://cl-eu6.k5a.io https://sr.neobox.ebu.io https://*.ebu.io/news-reco-sr.js https://analytics.codigo.se https://trafficgateway.research-int.se; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://sr.se https://*.sr.se https://www.googletagmanager.com https://trafficgateway.research-int.se https://i.scdn.co; font-src 'self' data:; manifest-src 'self'; worker-src 'self' blob:; media-src https://*.sverigesradio.se https://sverigesradio.se https://*.sr.se blob:; frame-src https://*.reco.ebu.io https://sr.neobox.ebu.io; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: webpack-internal: webpack: blob: https://*.calltouch.ru https://*.calltouch.net wss://ws.calltouch.ru https://ab-ct.ru https://aw-demo.ru https://*.addevent.com https://addevent.com https://*.adriver.ru push4site.com https://ads.betweendigital.com https://adservice.google.com https://*.ad.smaato.net https://*.analytics.google.com https://analytics.google.com https://an.yandex.ru https://anycomment.io https://api.enkod.ru https://api-maps.yandex.ru https://api.tomi.ai https://*.bidswitch.net https://bitrix.info https://*.botfaqtor.ru https://*.bumlam.com https://calltouchru.push4site.com https://cdn.accutics.net https://cdn.anycomment.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com/jquery-migrate-1.4.1.min.js https://connect.facebook.net https://const.uno *.digitaltarget.ru https://dm.hybrid.ai https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.hybrid.ai https://ib.adnxs.com https://*.integrations-hub.ru https://inv-nets.admixer.net https://leonardo.osnova.io https://linur.dj https://madte.st https://*.mail.ru https://manalyticshub.com https://match.new-programmatic.com/userbind https://mc.yandex.com https://mc.yandex.md https://mc.yandex.ru https://*.openx.net https://*.beeline.ru https://*.ops.beeline.ru https://pixel.onaudience.com https://push4site.com https://redirect.frontend.weborama.fr https://*.witstroom.com https://secure.gravatar.com https://ssp.bestssp.com https://static.terratraf.io https://smartcaptcha.yandexcloud.net https://sync.bumlam.com https://tags.soloway.ru https://td.doubleclick.net https://tech.rtb.mts.ru https://*.tildacdn.com https://track.onef.pro https://*.turbotargeting.io https://unpkg.com/swiper@7/ https://us.ck-ie.com https://vk.com https://widget.anycomment.io https://www.1c-bitrix.ru https://www.googleadservices.com https://www.google-analytics.com https://www.google.by https://www.google.bg https://www.google.co.id https://www.google.com https://www.google.com.cy https://www.google.de https://www.google.me https://www.google.nl https://www.googleoptimize.com https://www.google.pt https://www.google.ru https://www.googletagmanager.com https://www.gstatic.com https://www.w3.org https://www.youtube-nocookie.com https://youtu.be https://x01.aidata.io https://yandex.ru https://yastatic.net https://*.youtube.com https://*.ytimg.com https://kinescope.io https://vkvideo.ru wss://mc.yandex.ru ; report-uri https://sentry.calltouch.ru/api/49/security/?sentry_key=051618c290784f49b8f0714d8f3295e5  2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: www.googletagmanager.com www.google-analytics.com cache.img.gmo.jp siteseal.gmo-cybersecurity.com gmo-cybersecurity.com seal.atlas.globalsign.com   www.value-server.com www.coreserver.jp www.google.co.jp code.jquery.com connect.facebook.net  www.google.com googleads.g.doubleclick.net static.cloudflareinsights.com static.ads-twitter.com minerva-deliver.sp.gmossp-sp.jp  *.clarity.ms analytics.twitter.com t.co cdnjs.cloudflare.com www.youtube.com analytics.ahrefs.com www.googleadservices.com analytics.google.com stats.g.doubleclick.net ; 2
frame-ancestors 'self' https://register.sch.gr; 2
frame-ancestors 'self' https://orovivo-tablet.vercel.app 2
default-src 'self';  script-src 'self' 'unsafe-inline'  www.gstatic.com www.google.com stats.epic.com;	child-src embed-ssl.ted.com embed.ted.com e.issuu.com secure.quantserve.com sentry.issuu.com pingback.issuu.com www.youtube.com player.vimeo.com www.google.com;	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;	form-action 'self';  font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com;  connect-src 'self' www.google.com stats.epic.com;  img-src 'self' data: stats.epic.com i.ytimg.com media.epic.com media.epic.com epicshare.blob.core.windows.net media.epic.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://script.hotjar.com https://static.opentok.com https://static.hotjar.com https://www.googletagmanager.com https://api.tdl.com.ua https://maps.googleapis.com 2
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com *.youtube.com kit.fontawesome.com *.addthis.com *.addthisedge.com s3.amazonaws.com *.list-manage.com *.highcharts.com code.jquery.com maxcdn.bootstrapcdn.com *.telerik.com cdn.jsdelivr.net *.3playmedia.com www.google-analytics.com *.sharethis.com *.crazyegg.com *.mapbox.com *.clarity.ms *.datatables.net datatables.net *.digitalgov.gov *.powerbigov.us *.nrel.gov *.nlr.gov www.energy.gov *.accuweather.com www.buzzsprout.com https://public.tableau.com app.everviz.com vizgen.openei.org dap.digitalgov.gov *.arcgis.com *.arcgisonline.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdnjs.cloudflare.com *.mailchimp.com *.bootstrapcdn.com cdn.jsdelivr.net *.sharethis.com *.crazyegg.com *.mapbox.com *.datatables.net datatables.net *.powerbigov.us *.nrel.gov *.nlr.gov *.accuweather.com app.everviz.com vizgen.openei.org *.arcgis.com *.arcgisonline.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.google-analytics.com thesource2.nrel.gov *.datatables.net *.sharethis.com *.mapbox.com *.clarity.ms *.bing.com video.stratus.nrel.gov *.nrel.gov *.nlr.gov *.accuweather.com https://public.tableau.com nrel-aut.sitefinity.cloud nrel-stg.sitefinity.cloud *.arcgis.com *.arcgisonline.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com data: *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.powerbigov.us *.nrel.gov *.nlr.gov *.arcgis.com *.arcgisonline.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube.com *.twitter.com s7.addthis.com calendar.google.com nrel.force.com nrel.my.site.com *.sociablekit.com *.powerbigov.us video.stratus.nrel.gov nrel.carto.com https://maps.google.com www.google.com clausa.app.carto.com www.buzzsprout.com *.nrel.gov *.nlr.gov nrel.github.io public.tableau.com vizgen.openei.org *.arcgis.com *.arcgisonline.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://*.googleapis.com/ *.fontawesome.com *.addthis.com *.3playmedia.com analytics.google.com *.crazyegg.com *.sharethis.com *.mapbox.com *.clarity.ms *.nrel.gov *.nlr.gov www.energy.gov *.highcharts.com dap.digitalgov.gov *.arcgis.com *.arcgisonline.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: video.stratus.nrel.gov *.nrel.gov *.nlr.gov; child-src 'self' blob: 2
default-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; media-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; prefetch-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; script-src https://www.phonepe.com https://www.googletagmanager.com https://phonepe.com https://website.phonepe.com https://www.gstatic.com https://www.google.com https://cdn.jotfor.ms https://form.jotform.me https://code.jquery.com https://www.google-analytics.com https://platform.twitter.com/ https://www.googleadservices.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://connect.facebook.net https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; style-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com  https://cdn.jotfor.ms https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; img-src data: https://website.phonepe.com data: https://www.phonepe.com https://phonepe.com https://imgstatic.phonepe.com https://images.phonepe.com https://cdn.jotfor.ms www.googletagmanager.com 'self' https://www.google-analytics.com https://*.doubleclick.net https://adservice.google.com https://css.page-source.com https://www.google.com https://www.google.co.in https://www.facebook.com https://analytics.twitter.com https://t.co https://www.googleadservices.com/; font-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com https://cdn.jotfor.ms https://fonts.gstatic.com/ 'self'; connect-src https://www.google-analytics.com https://boards-api.greenhouse.io https://api.phonepe.com https://www.phonepe.com https://phon.pe https://phonepe.com https://website.phonepe.com https://insights-api.phonepe.com https://sentry.phonepe.com https://page-source.com https://css.page-source.com https://logo.page-source.com https://cdn.page-source.com https://hcaptcha.com https://*.hcaptcha.com https://www.googleadservices.com/ https://www.google.com/ 'self'; frame-src https://www.greenhouse.io https://script.google.com/a/macros/phonepe.com/ https://boards.greenhouse.io https://boards-api.greenhouse.io https://form.jotform.me https://docs.google.com https://qr.phonepe.com https://www.google.com https://phonepe.helpshift.com https://phonepe.freshdesk.com https://hcaptcha.com https://*.hcaptcha.com *.phonepe.com https://www.sisainfosec.com https://website.phonepe.com https://www.youtube.com https://platform.twitter.com/ https://*.doubleclick.net https://bugbase.ai; frame-ancestors https://mercury.phonepe.com https://mercury-t1.phonepe.com https://mercury-t2.phonepe.com https://bugbase.ai; base-uri 'self'; object-src 'none'; report-uri https://csp.phonepe.com/log 2
frame-ancestors 'self' https://cms.bolt.eu https://cms.prelive.bolt.eu https://mm-web.bolt.eu https://mm-web.prelive.bolt.eu; 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; base-uri 'none'; worker-src blob: www.cathaypacific.com flights.cathaypacific.com api.cathaypacific.com book.cathaypacific.com 2
default-src 'self' blob: *.cms-wien.magwien.gv.at *.magwien.gv.at *.wien.gv.at *.maptoolkit.net *.youtube.com *.vimeo.com archiv.yourvideo.tv *.buzzsprout.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cms-wien.magwien.gv.at *.magwien.gv.at *.wien.gv.at wien.kavedo.com code.jquery.com cdn.priv.center prod-origin.truendo.com track.adform.net *.adform.net siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io *.maptoolkit.net *.webspellchecker.net platform.twitter.com syndication.twitter.com js.stripe.com; connect-src 'self' https://*.cms-wien.magwien.gv.at https://*.magwien.gv.at https://stadtservicebot.wien.gv.at ws://stadtservicebot.wien.gv.at https://clients.wh-i.at  https://*.wien.gv.at https://*.maptoolkit.net https://ux.maptoolkit.net https://prod-origin.truendo.com https://*.truendo.com https://*.priv.center https://svc.webspellchecker.net https://*.jsdelivr.net https://wien.kavedo.com; style-src 'self' 'unsafe-inline' *.cms-wien.magwien.gv.at *.magwien.gv.at *.wien.gv.at wien.kavedo.com; style-src-elem 'self' 'unsafe-inline' *.cms-wien.magwien.gv.at * magwien.gv.at *.wien.gv.at scds.dev.handbuch.wien.gv.at wiener-melange-theme.wien.gv.at svc.webspellchecker.net; img-src 'self' data: blob: *.cms-wien.magwien.gv.at *.magwien.gv.at *.wien.gv.at *.seadform.net *.siteimproveanalytics.io siteimproveanalytics.io *.maptoolkit.net *.stripe.com *.blob.core.windows.net wien.kavedo.com; worker-src 'self' blob: *.maptoolkit.net; font-src 'self' data: blob: *.wien.gv.at *.webspellchecker.net wien.kavedo.com; frame-src 'self' *.cms-wien.magwien.gv.at *.magwien.gv.at *.wien.gv.at *.truendo.com *.adform.net cams.its-viennaregion.at platform.twitter.com youtu.be vimeo.com *.youtube.com *.vimeo.com *.yourvideo.tv *.justlive.tv justlive.tv js.stripe.com webtv.feratel.com stp.wien.gv.at *.gemeinderecht.wien.gv.at; frame-ancestors 'self' https://*.magwien.gv.at 2
default-src 'self' *.flexport.com *.wistia.com *.wistia.net;base-uri 'self' *.flexport.com;object-src 'none';child-src blob:;connect-src 'self' global.ketchcdn.com cdn.ketchjs.com *.ketch.com *.doubleclick.net stats.g.doubleclick.net *.google-analytics.com *.googletagmanager.com api.amplitude.com cdn.linkedin.oribi.io *.fullstory.com embedwistia-a.akamaihd.net *.litix.io *.wistia.com *.wistia.net rum-http-intake.logs.datadoghq.com sentry.io *.browser-intake-datadoghq.com browser-intake-datadoghq.com ws.zoominfo.com *.getsitecontrol.com *.getsitectrl.com *.algolia.net *.algolianet.com *.algolia.io noembed.com www.facebook.com api-cdn.embed.ly *.mapbox.com *.clarity.ms *.bing.com ingesteer.services-prod.nsvcs.net api.growsurf.com js.zi-scripts.com *.auryc.com aorta.clickagy.com hemsync.clickagy.com api.schedule.zoominfo.com flexport.widget.insent.ai *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.linkedin.com google.com *.google.com *.googleadservices.com *.recaptcha.net heapanalytics.com bat.bing.net browser.sentry-cdn.com t.spectaclehq.com pixel-config.reddit.com;font-src 'self' data: *.wistia.com *.wistia.net fonts.gstatic.com cdn.embedly.com *.auryc.com *.typekit.net;form-action 'self' *.flexport.com www.facebook.com *.pardot.com;frame-src 'self' mailto: www.facebook.com hackerone.com fast.wistia.com fast.wistia.net www.youtube.com public.tableau.com www.recaptcha.net td.doubleclick.net *.flexport.com cdn.embedly.com tpc.googlesyndication.com hemsync.clickagy.com flexport.widget.insent.ai *.googletagmanager.com bat.bing.com;frame-ancestors 'self' *.recaptcha.net *.flexport.com;img-src 'self' data: *.doubleclick.net *.google-analytics.com *.googletagmanager.com analytics.twitter.com purecatamphetamine.github.io *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.ctfassets.net images.contentful.com *.linkedin.com px.ads.linkedin.com rs.fullstory.com t.co www.facebook.com i.ytimg.com i-cdn.embed.ly *.mapbox.com *.bing.com *.clarity.ms *.getsitecontrol.com *.getsitectrl.com heapanalytics.com global.ketchcdn.com cdn.ketchjs.com www.googleadservices.com bat.bing.net alb.reddit.com *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws;script-src 'self' blob: global.ketchcdn.com cdn.ketchjs.com *.ketch.com/* *.ketch.com 'unsafe-eval' *.google-analytics.com *.googletagmanager.com connect.facebook.net edge.fullstory.com *.wistia.com *.wistia.net googleads.g.doubleclick.net *.getsitecontrol.com *.getsitectrl.com pi.pardot.com snap.licdn.com static.ads-twitter.com *.flexport.com ws.zoominfo.com www.googleadservices.com www.recaptcha.net www.gstatic.com www.gstatic.cn *.algolianet.com *.algolia.net cdn.embedly.com www.youtube.com *.bing.com *.clarity.ms *.mapbox.com netlify-rum.netlify.app cdn.heapanalytics.com flexport.widget.insent.ai js.zi-scripts.com tags.clickagy.com ws-assets.zoominfo.com schedule.zoominfo.com *.growsurf.com *.linkedin.com p.spectaclehq.com  'nonce-LefQ+jXK76N/ZYOrzqJdGA==';style-src 'self' 'unsafe-inline' fast.wistia.com fonts.googleapis.com cdn.embedly.com *.typekit.net;worker-src 'self' blob:;media-src 'self' blob: videos.ctfassets.net *.wistia.com *.wistia.net;report-uri https://o26092.ingest.sentry.io/api/1847116/security/?sentry_key=89a88bc5d40744adacdc99621950997c 2
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://vorschau.computerbild.de https://rendering.computerbild.de 2
media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.youtube.com https://www.googletagmanager.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com *.fontawesome.com use.fontawesome.com api.connectedcommunity.org http://www.lifescitrc.org https://cdn.feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.cloudfront.net *.ngpvan.com *.everyaction.com *.research.net *.tickcounter.com *.smassets.net *.rdmobile.com *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net https://code.jquery.com *.photoshelter.com *.jquery.com blob: cdnjs.cloudflare.com fe.sitedataprocessing.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com www.googletagmanager.com use.fontawesome.com *.fontawesome.com use.typekit.net p.typekit.net *.crazyegg.com *.hotjar.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com *.photoshelter.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com *.twimg.com data: blob: novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com *.google-analytics.com https://www.googletagmanager.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com twitter.com *.twitter.com use.fontawesome.com *.eloqua.com *.physiology.org connect.the-aps.org *.cloudfront.net *.placehold.it stats.g.doubleclick.net marco.feathr.co *.adsrvr.org polo-v1.feathr.co polo.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.everyaction.com *.tickcounter.com *.rdmobile.com *.vimeo.com picsum.photos *.picsum.photos s3.amazonaws.com voicesofaps.gv-one.com *.photoshelter.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com use.fontawesome.com use.typekit.net *.crazyegg.com *.hotjar.com *.everyaction.com *.tickcounter.com *.rdmobile.com; frame-src 'self' *.facebook.com novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com www.youtube.com api.connectedcommunity.org cdn.feathr.co polo.feathr.co marco.feathr.co *.qzzr.com *.crazyegg.com *.hotjar.com twitter.com *.twitter.com html5-player.libsyn.com www.podbean.com *.surveymonkey.com *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net *.photoshelter.com *.googletagmanager.com web-chat.nativechat.com; connect-src *.google-analytics.com *.informz.net polo.feathr.co *.crazyegg.com *.doubleclick.net *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com *.fontawesome.com *.photoshelter.com *.googletagmanager.com fe.sitedataprocessing.com 'self' *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: www.youtube.com fast.wistia.net *.vimeo.com voicesofaps.gv-one.com *.photoshelter.com; child-src 'self' blob: web-chat.nativechat.com 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:;connect-src 'self' https://eb2.3lift.com https://*.omnitagjs.com https:;media-src data: blob: https:;upgrade-insecure-requests 2
frame-ancestors 'self' btprt.dj snip.ly 2
default-src 'none';connect-src 'self' https://cdn77.com https://*.cdn77.com https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.doubleclick.net https://*.cdn77.eu https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.pingdom.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://bat.bing.net https://*.ads.linkedin.com https://www.facebook.com;script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' https://*.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.intercom.io https://*.intercomcdn.com https://*.pingdom.net https://static.hotjar.com https://*.hotjar.com https://bat.bing.com https://*.ads-twitter.com https://*.licdn.com https://*.facebook.net https://*.hcaptcha.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.typekit.net;font-src 'self' https://*.gstatic.com https://*.typekit.net https://*.intercomcdn.com;img-src * data:;frame-src 'self' https://www.facebook.com https://*.hcaptcha.com;media-src 'self' https://*.intercomcdn.com;form-action 'self';manifest-src 'self';worker-src 'self' blob:;child-src 'self' blob:;base-uri 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 2
frame-ancestors 'self' https://splytech.io https://*.splytech.io 2
default-src 'self' https: blob: wss: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' https://builder.io https://*.builder.io;object-src 'none';base-uri 'self' https://static.panpno.com;report-uri https://web.gatetrace.com/api/30/security/?sentry_key=cbaa601fc0474593a765a98f3cfefa0c; 2
default-src 'self' *.amazonaws.com *.getunleash.io *.gstatic.com *.hotjar.com *.hsforms.com *.hsforms.net *.liadm.com *.list-manage.com *.plausible.io *.youtube.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com *.analytics.google.com *.calendly.com *.clarity.ms *.clearbitjs.com *.clearbitscripts.com *.getunleash.io *.google-analytics.com *.google.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hsforms.net *.hubspot.com *.liadm.com *.lfeeder.com *.redditstatic.com *.youtube.com cdn-cookieyes.com d3pkntwtp2ukl5.cloudfront.net googleads.g.doubleclick.net ipapi.co js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net optimize.google.com plausible.io snap.licdn.com static.ads-twitter.com static.hsappstatic.net static.reo.dev tracker.ub-analytics.com tracking-api.g2.com unpkg.com vercel.live; style-src 'report-sample' 'self' 'unsafe-inline' *.calendly.com *.getunleash.io *.googletagmanager.com *.hubspot.com fonts.googleapis.com optimize.google.com vercel.live; object-src 'none'; base-uri 'self'; connect-src 'self' *.algolia.net *.algolianet.com *.amazonaws.com *.analytics.google.com *.clarity.ms *.clearbit.com *.cookieyes.com *.getunleash.io *.github.com *.google-analytics.com *.googleadservices.com *.google.com *.google.pl *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.hscollectedforms.net *.hsappstatic.net *.hsforms.com *.hubspot.com *.liadm.com *.linkedin.com *.oribi.io *.pusher.com *.reddit.com *.unleash-hosted.com *.usbrowserspeed.com alocdn.com api.hubapi.com api.reo.dev cdn-cookieyes.com calendly.com forms.hubspot.com google.com googleads.g.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com ipapi.co js.hs-banner.com plausible.io pro.ip-api.com stats.g.doubleclick.net tracking-api.g2.com unpkg.com wss://*.hotjar.com; font-src 'self' data: *.hubspot.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; frame-src *.doubleclick.net *.google.com *.googletagmanager.com *.hotjar.com *.hsforms.com *.hsforms.net *.hubspot.com *.youtube.com *.youtube-nocookie.com app.hubspot.com calendly.com meetings.hubspot.com optimize.google.com vercel.live; frame-ancestors 'self' *.google.com *.hubspot.com; img-src 'self' data: *.analytics.google.com *.bing.com *.calendly.com *.clarity.ms *.doubleclick.net *.getunleash.io *.githubusercontent.com *.google-analytics.com *.google.com *.google.de *.google.no *.google.pl *.googletagmanager.com *.hotjar.com *.hsforms.com *.hsforms.net *.hubspot.com *.lfeeder.com *.linkedin.com *.reddit.com *.youtube.com *.ytimg.com analytics.twitter.com cdn-cookieyes.com optimize.google.com t.co track.hubspot.com; worker-src 'none' 2
frame-ancestors 'self' https://m.superonline.net; 2
frame-ancestors 'self' https://xmission.com; 2
frame-ancestors 'self' cdn.adkaora.space 2
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jaris.co *.jaris.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.paypal.com *.termly.io *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com api.preczn.com caas-sf.wildapricot.org https://*.forethought.ai live-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org vimeo.com widget-mediator.zopim.com wss://widget-mediator.zopim.com/ reserveddomainnames.wildapricot.org sf.wildapricot.org;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:; 2
default-src 'none'; connect-src 'self' ipleak.net:* *.ipleak.net:* ipleak.net *.ipleak.net; font-src 'self'; frame-src 'self' *.google.com; img-src 'self' data:; script-src 'self'; style-src 'self'; manifest-src 'self'; base-uri 'none'; form-action 'self' 2
default-src 'self'; font-src 'self' data:; img-src 'self' data: https://toegankelijkheidsverklaring.nl https://www.toegankelijkheidsverklaring.nl; object-src 'none'; script-src 'self' https://portal.secumail.nl/v6/assets/js/portal-jquery.min.js; script-src-elem 'self' https://portal.secumail.nl/v6/assets/js/portal-jquery.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2
frame-ancestors 'self' http://localhost:80 https://localhost:443 http://127.0.0.1:80 https://127.0.0.1:443; 2
frame-ancestors 'self' https://vk.com https://m.vk.com http://awards.ratingruneta.ru; 2
frame-ancestors 'self' https://cryptofingers.com https://coinspector.pl https://gamepost.io https://b2b-partner-space.emcd.io https://www.thedailypulse.net/ 2
default-src 'none';object-src 'self';img-src data: https:;script-src 'unsafe-inline' 'unsafe-eval' blob: https:;style-src 'unsafe-inline' https:;font-src data: https:;frame-ancestors 'self' cue.politiken.dk;connect-src https: wss://supchat.politiken.supwizapp.com; media-src blob: https:;frame-src https: data: blob:;child-src https:;worker-src blob: https:;base-uri https:;form-action https: 2
default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com https://*.abtasty.com https://attachuk.imi.chat https://cdn-widget.eu.webexengage.com https://api.pdok.nl https://statistiek.rijksoverheid.nl; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://secure.opinionlab.com https://*.readspeaker.com https://www.youtube.com https://www.youtube-nocookie.com ; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com https://survey.alchemer.eu https://douane.livepresence.net https://attachuk.imi.chat; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://*.readspeaker.com https://statistiek.rijksoverheid.nl https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com https://attachuk.imi.chat https://statistiek.rijksoverheid.nl 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com  https://attachuk.imi.chat *.abtasty.com 'unsafe-inline' 2
frame-ancestors 'self' https://addeventinc.github.io/; 2
frame-ancestors 'self' https://www.conservativereview.com/ 2
default-src 'self'; style-src 'self'; img-src 'self' data: hosted.weblate.org blog.cihar.com gate.thepay.cz *.githubusercontent.com; script-src 'self' browser.sentry-cdn.com de.sentry.io; connect-src 'self' de.sentry.io; object-src 'none'; font-src 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'self' weblate.org hosted.weblate.org gate.thepay.cz thepay.cz;report-uri https://o4507304895905792.ingest.de.sentry.io/api/4507486269866064/security/?sentry_key=5eb5194266692a262a4f8a6aad7a25b6 2
frame-ancestors 'self' http://api.securedvisit.com http://track.securedvisit.com http://content.securedvisit.com http://images.securedvisit.com http://track.sv.rkdms.com https://cdn-us.algoliaradar.com https://insights.algolia.io/1/events https://insights.algolia.io/1/searches 2
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; worker-src blob:; img-src 'self' https: data:; font-src 'self' https: data: 2
frame-ancestors 'self' https://comscore.sharepoint.com https://*.skilljar.com https://*.basis.net; 2
default-src 'self'; connect-src 'self' *.aptrinsic.com; font-src 'self' fonts.gstatic.com; frame-ancestors 'self' *.emplifi.io; frame-src 'self' mailto: www.youtube.com; img-src * data:; script-src 'unsafe-eval' 'self'; script-src-attr 'unsafe-inline' 'self'; script-src-elem 'unsafe-inline' 'self' *.aptrinsic.com; style-src-attr 'unsafe-inline' 'self'; style-src-elem 'unsafe-inline' 'self' fonts.googleapis.com code.getmdl.io 2
default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.youtube.com snap.licdn.com static.hotjar.com plugin.handtalk.me unpkg.com *.hubspot.net cdnjs.cloudflare.com www.gstatic.com script.hotjar.com www.google.com try.abtasty.com static.hotjar.com code.jquery.com googleads.g.doubleclick.net www.google-analytics.com www.clarity.ms ajax.googleapis.com cdn.cookielaw.org connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com plugin.handtalk.me px.ads.linkedin.com snap.licdn.com *.hsappstatic.net unpkg.com *.hubspot.com *.hubspotusercontent-na1.net cdn.jsdelivr.net *.cloudfront.net *.bing.com *.albacross.com *.privacytools.com.br *.linkedin.com *.googletagmanager.com www.gupy.io *.gupy.io; style-src 'self' 'unsafe-inline' static.hsappstatic.net *.hubspot.net cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.cookielaw.org *.hubspotusercontent-na1.net *.hubspotusercontent40.net fonts.googleapis.com *.gupy.io *.hubspot.com cdn-uicons.flaticon.com *.privacytools.com.br www.gupy.io; img-src 'self' blob: 3299491.fs1.hubspotusercontent-na1.net perf-na1.hsforms.com track.hubspot.com www.gupy.io data: *; font-src 'self' fonts.gstatic.com *.hubspotusercontent-na1.net *.hubspotusercontent40.net www.gupy.io; connect-src 'self' blob: 'self' fs1.hubspotusercontent-na1.net cdn.cookielaw.org *.gupy.io data: gap: *; media-src *.hubspotusercontent-na1.net *.hubspot.com *.gupy.io www.gupy.io; frame-src gupy.com.br gupy.io www.youtube.com app.hubspot.com td.doubleclick.net www.facebook.com forms.hsforms.com; frame-ancestors 'self' gupy.com.br gupy.io *.uc.r.appspot.com googletagmanager.com; 2
default-src https: 'unsafe-inline' 'unsafe-eval' *.web.osce.org *.relaunch.web.osce.org; object-src 'none'; img-src https: data: 2
default-src 'self'; frame-ancestors 'self' https://*.sachsen.de; frame-src 'self' https://*.sachsen.de https://e.issuu.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://e.issuu.com https://www.youtube-nocookie.com; font-src 'self' data:; img-src 'self' data: https://*.sachsen.de https://i.ytimg.com https://syndication.twitter.com https://vrweb15.linguatec.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sachsen.de https://connect.facebook.net https://platform.twitter.com https://e.issuu.com https://vrweb15.linguatec.org https://*.etracker.com https://*.etracker.de; style-src 'self' 'unsafe-inline' https://*.sachsen.de https://vrweb15.linguatec.org; connect-src 'self' https://*.sachsen.de https://vrweb15.linguatec.org https://www.etracker.de; media-src 'self' https://vrweb15.linguatec.org; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.elisa.ee https://entitlement1.ses.elisa.ee:10076; 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com code.jquery.com *.pinterest.com *.pinimg.com *.knotch-cdn.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com cdn.evgnet.com *.visualwebsiteoptimizer.com googletagmanager.com *.virtualearth.net cdn.ckeditor.com *.google.com *.evergage.com code.jquery.com *.pinterest.com *.pinimg.com *.knotch-cdn.com; frame-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com dev.visualwebsiteoptimizer.com *.googletagmanager.com *.pinterest.com; frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; child-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com 2
default-src data: https:; script-src data: https: 'unsafe-inline' 'unsafe-eval'; style-src  data: https: 'unsafe-inline'; object-src 'self' blob:; img-src data: blob: https:; 2
frame-ancestors 'self' *.trekbikes.com 2
frame-ancestors 'self' https://*.bouyguestelecom.fr https://bouyguestelecom--c.vf.force.com https://bouyguestelecom.lightning.force.com https://bouyguestelecom.my.salesforce.com; 2
base-uri 'none'; font-src 'self' data: fonts.gstatic.com; form-action https://api.daad.de validator.w3.org export.highcharts.com; frame-ancestors https://portal.daad.de https://*.daad.com http://*.daad.com; img-src data: blob: *; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.daad.de www.youtube.com www.google.com www.google-analytics.com *.googletagmanager.com static.doubleclick.net cdn.jsdelivr.net ajax.googleapis.com static.virtualbadge.io; default-src 'self'; connect-src 'self' https://api.daad.de *.daad.com *.daad.de *.doubleclick.net www.youtube.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlevideo.com europe.directline.botframework.com wss://europe.directline.botframework.com export.highcharts.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com *.daad.com *.daad.de newsletter.alumniportal-deutschland.org ablok-portal-next.azurewebsites.net public.virtualbadge.io; media-src https://api.daad.de *.daad.com *.daad.de *.googlevideos.com www.youtube-nocookie.com; 2
default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline' *.zdf.de *.zdfheute.de; font-src 'self' *.zdf.de *.zdfheute.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.zdf.de *.zdfheute.de *.sensic.net *.aticdn.net *.nmrodam.com *.gstatic.com *.twitter.com *.facebook.net *.instagram.com *.xiti.com; img-src 'self' blob: data: *.zdf.de *.zdfheute.de *.nmrodam.com *.ytimg.com; frame-src 'self' *.zdf.de *.zdfheute.de *.twitter.com *.sensic.net *.nmrodam.com *.facebook.com *.instagram.com *.dwcdn.net *.youtube-nocookie.com; media-src 'self' blob: *.zdf.de *.zdfheute.de *.zdf.dev *.akamaihd.net *.akamaized.net *.dradio.de; frame-ancestors 'self'; 2
default-src 'self'; script-src 'unsafe-inline' https://*.cdn.us2.com *.addevent.com info.factsmgt.com https://js-na2.hubspot.com https://js-na2.hsforms.net https://js-na2.hs-scripts.com https://js-na2.hsadspixel.net/fb.js https://js.hubspot.com/content-embed/v1.js https://static.hsappstatic.net https://js-na2.hs-analytics.net https://js-na2.hscollectedforms.net https://js-na2.hs-banner.com transcend-cdn.com assets.apollo.io tracking-api.g2.com js.ipredictive.com *.storylane.io nelnet.jotform.com *.gstatic.com snap.licdn.com embed.eventbookings.com *.vimeo.com 'self' *.cookielaw.org *.hotjar.com *.google-analytics.com *.google.com ajax.googleapis.com *.facebook.net googleads.g.doubleclick.net *.facebook.com addevent.com static.addtoany.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com *.pardot.com *.googletagmanager.com whova.com *.factsmgt.com factsmgt.com *.cloudfront.net *.googleadservices.com 'unsafe-eval'; style-src https://*.cdn.us2.com *.bootstrapcdn.com cdnjs.cloudflare.com transcend-cdn.com www.googletagmanager.com https://7052064.fs1.hubspotusercontent-na1.net 'unsafe-inline' *.fontawesome.com 'self' *.googleapis.com *.cloudfront.net; img-src 'self' https://*.cdn.us2.com *.google.com *.google-analytics.com https://forms-na2.hsforms.com https://cta-na2.hubspot.com https://static.hsappstatic.net https://static.hubspot.com https://track-na2.hubspot.com https://perf-na2.hsforms.com https://connect.facebook.net *.googletagmanager.com googleads.g.doubleclick.net i.vimeocdn.com ct.capterra.com px.ads.linkedin.com *.cookielaw.org *.w.org *.facebook.com *.gravatar.com *.nelnet.net data: *.s3.amazonaws.com *.cloudfront.net; connect-src 'self' *.bugsnag.com *; font-src *.fontawesome.com *.gstatic.com 'self' * data:; media-src 'self'; frame-src *.pardot.com https://forms-na2.hsforms.com *.hs-sites-na2.com info.factsmgt.com.au ad.ipredictive.com nelnet.jotform.com *.storylane.io embed.eventbookings.com *.evnt.is *.google.com *.vimeo.com *.factsmgt.com www.googletagmanager.com *.addtoany.com *.hotjar.com factsmgt.com *.facebook.com *.doubleclick.net *.youtube.com https://whova.com *.whova.com; 2
frame-ancestors 'self' http://webvisor.com; default-src 'self' https://yandex.ru; font-src 'self'; script-src 'self' https://api-maps.yandex.ru https://maps.google.com https://code.jivosite.com https://www.googletagmanager.com https://stats.hts.ru https://mc.yandex.ru https://yastatic.net https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://mc.yandex.ru https://code.jivosite.com https://*.jivosite.com; img-src 'self' https://ext.host-tracker.com https://api-maps.yandex.ru https://counter.yadro.ru http://cp.hts.ru https://mc.yandex.ru https://*.maps.yandex.net http://www.hts.ru http://hubble.ht-systems.ru https://stats.hts.ru https://www.google-analytics.com data:; media-src 'self' https://code.jivosite.com; style-src 'self' 'unsafe-inline'; object-src 'self' 2
frame-ancestors 'self' https://my.wealthsimple.com 2
frame-ancestors 'self' www.ellipsizdss.com keysight.lookbookhq.com keysight.pathfactory.com next.brella.io online-events.keysight.com *.keysight.com *.keysight.com.cn 2
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.eur.nl 2
frame-ancestors 'none'; report-uri https://shoptetwww.report-uri.com/r/t/csp/enforce; report-to default 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' strict-dynamic https: http: blob: data: *.osano.com *.braintreegateway.com;img-src * data: *.activeprospect.com;object-src 'none';base-uri 'none';style-src 'self' 'unsafe-inline' *.jsdelivr.net *.typekit.net *.braintreegateway.com; 2
frame-ancestors 'self' *.anthem.com; 2
default-src 'none'; base-uri 'self'; manifest-src 'self'; font-src 'self' data: https://*.polo-static.com https://fonts.gstatic.com; img-src 'self' https://support.poloniex.com data: blob: https://*.polo-static.com https://static.poloniex.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://d21y75miwcfqoq.cloudfront.net/5d308ddf https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://dn-staticdown.qbox.me https://report.woodpeckerlog.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.hbfile.net https://i.ytimg.com https://d1x7dwosqaosdj.cloudfront.net *.google.com  *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' https://*.polo-static.com https://*.poloniex.com wss://*.poloniex.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://poloniex.zendesk.com wss://*.zopim.com https://report.woodpeckerlog.com https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://dn-staticdown.qbox.me https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net *.google.com  *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://s3.ap-northeast-1.amazonaws.com; frame-src 'self' blob: polo: https://docs.google.com https://td.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.polo-static.com https://pixel.mediamathrdrt.com https://scripts.mediamathrdrt.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://dn-staticdown.qbox.me https://*.googletagmanager.com https://tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.polo-static.com https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://dn-staticdown.qbox.me https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; worker-src 'self' blob: https://*.polo-static.com; form-action https://checkout.simplexcc.com; media-src 'self' blob: https://*.polo-static.com; child-src 'self' blob: polo: https://docs.google.com https://td.doubleclick.net https://*.polo-static.com; report-uri /frontend-api/skynet/csp-uri; report-to skynet 2
default-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; upgrade-insecure-requests; frame-ancestors 'self' https://teams.microsoft.com https://retailservices.teams.microsoft.com https://retailservices-ppe.teams.microsoft.com https://tasks.teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://teams.live.com https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://assignments.edu.cloud.microsoft https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net https://loop.microsoft.com https://*.loop.microsoft.com https://loop.cloud.microsoft https://loop.cloud-dev.microsoft https://app.int.whiteboard.microsoft.com https://whiteboard.cloud-dev.microsoft https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com https://whiteboard.office.com https://teams.cloud.microsoft https://outlook.cloud.microsoft https://m365.cloud.microsoft https://res-sdf.cdn.office.net https://res.cdn.office.net https://mesh.public.onecdn.static.microsoft https://mesh.df.onecdn.static.microsoft https://m365.cloud.microsoft https://sbrprodprv.www.office.com https://scuprodprv.www.office.com https://fa000000174.resources.office.net https://outlook.office.com https://planner.cloud.microsoft; base-uri 'none'; manifest-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; script-src 'self' 'unsafe-eval' 'report-sample' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://*.office.net https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res-1.cdn.office.net https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net 'sha256-VCkGe6AeV2B4vV7flXt9Dkkp04wMc8zq7faHdRwhOx0=' 'sha256-Wmg7miLkEVn5v393z4Ch7lbKnpNnLZhnVOk/iJN1miE='; style-src 'self' 'unsafe-inline' 'report-sample' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft blob: data: https://*.office.com https://*.office.net https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://*.svc.ms https://login.live.com https://storage.live.com https://az495088.vo.msecnd.net; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://whiteboard.svc.cloud.microsoft/sync wss://whiteboard.svc.cloud.dev.microsoft/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://int.augloop.svc.cloud.dev.microsoft wss://*.int.augloop.svc.cloud.dev.microsoft wss://*.augloop-int.officeppe.com wss://augloop-int.officeppe.com wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com wss://augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; frame-src 'self' https://*; form-action 'self' https://*; worker-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; media-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; object-src 'none'; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2
default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' *.cdw.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.needle.com *.liadm.com *.demandbase.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.akamaihd.net *.google.com *.twitter.com *.demdex.net *.d41.co *.cxense.com pactsafe.io *.webcollage.net *.simpli.fi *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com *.youtube.com *.easy2.com *.go-mpulse.net *.linkedin.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.dotomi.com blob: *.flixsyndication.net data.g2.com *.g2crowd.com *.adobe.com *.omtrdc.net *.spexlive.net *.gstatic.com *.turnto.com *.licdn.com *.hs-scripts.com *.ispot.tv *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.stackadapt.com *.zemanta.com *.botframework.com *.administrateweblink.com *.stripe.com *.pactsafe.io *.peerspot.com *.sketchfab.com *.quantummetric.com *.fiservapps.com *.quora.com sierra.chat *.algorecs.com *.cimulate.ai *.officeperceptioninstinct.com *.oktapreview.com *.okta.com oc-cdn-ocprod.azureedge.net *.adobedtm.com *.mktoresp.com *.mktoapi.com *.mktoweb.com *.mktoedge.com *.adobedc.net *.marketo.net *.adoberesources.net sketchfab.com *.6sc.co *.6sense.com p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.needle.com *.googleapis.com *.webcollage.net *.easy2.com *.amazonaws.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.omtrdc.net *.spexlive.net *.turnto.com *.syndigo.com *.syndigo.cloud *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.stackadapt.com *.administrateweblink.com *.stripe.com *.sketchfab.com *.quantummetric.com sierra.chat oc-cdn-ocprod.azureedge.net *.adobedtm.com;img-src 'self' *.cdw.com *.qualtrics.com *.optimizely.com *.needle.com *.liadm.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.akamaihd.net *.google.com *.demdex.net *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com *.ytimg.com *.youtube.com *.easy2.com *.amazonaws.com *.linkedin.com *.company-target.com *.facebook.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.everesttech.net *.bluecore.com *.prod.bidr.io cdn.optimizely.com p.adsymptotic.com um.simpli.fi data: *.dotomi.com *.flixsyndication.net liveintent.com *.adobe.com *.omtrdc.net *.spexlive.net *.windows.net *.turnto.com *.edgecastcdn.net *.licdn.com *.ispot.tv *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeocdn.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.stackadapt.com *.zemanta.com *.pactsafe.io *.administratehq.com *.peerspot.com *.sketchfab.com *.quora.com sierra.chat *.officeperceptioninstinct.com *.oktapreview.com *.okta.com *.hubspotusercontent-na1.net *.adobedtm.com *.mktoedge.com *.6sc.co *.6sense.com;frame-src 'self' *.cdw.com *.qualtrics.com *.needle.com *.liadm.com *.doubleclick.net *.google.com *.twitter.com *.demdex.net *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com *.youtube.com *.easy2.com *.facebook.com *.rlcdn.com *.cloudfront.net *.cdwemail.com www.emjcd.com *.dotomi.com *.kingston.com *.flixsyndication.net *.adobe.com *.spexlive.net *.swcontentsyndication.com *.cisco.com *.exct.net *.syndigo.com *.syndigo.cloud *.hsforms.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com chromeos-selector-cdw-prod.web.app *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.criteo.com *.criteo.net *.se.com *.administrateweblink.com *.stripe.com *.sketchfab.com *.quantummetric.com *.fiservapps.com *.microsoft.com oc-cdn-ocprod.azureedge.net *.mktoweb.com *.adobedc.net sketchfab.com *.6sc.co *.6sense.com;font-src * data:;connect-src 'self' *.cdw.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.needle.com *.liadm.com *.demandbase.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.akamaihd.net *.google.com *.demdex.net *.d41.co *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com *.go-mpulse.net *.linkedin.com *.company-target.com *.facebook.com *.cdnwidget.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.cdnbasket.net *.akstat.io data.g2.com *.g2crowd.com *.adobe.com *.omtrdc.net *.spexlive.net *.turnto.com *.ispot.tv *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.stackadapt.com *.botframework.com wss://*.botframework.com *.administrateweblink.com *.pactsafe.io *.administratehq.com *.sketchfab.com *.quantummetric.com sierra.chat *.algorecs.com *.cimulate.ai wss://*.cimulate.ai *.adobedtm.com *.mktoresp.com *.mktoapi.com *.mktoweb.com *.mktoedge.com *.adobedc.net *.marketo.net *.6sc.co *.6sense.com p11.techlab-cdn.com;object-src 'self' *.cdw.com *.scene7.com;media-src 'self' *.cdw.com *.webcollage.net *.youtube.com blob: *.flixsyndication.net *.spexlive.net *.syndigo.com *.syndigo.cloud *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.sketchfab.com;worker-src 'self' *.needle.com *.cloudfront.net blob: *.quantummetric.com *.cimulate.ai; 2
frame-ancestors 'self'  aemauthor.barclaycardus.com www.aviatormastercard.com www.emiratesskywardscards.com www.hawaiianbohcard.com www.myluxurycard.com www.hawaiiancreditcard.com www.jetbluemastercard.com www.pricelinerewardsvisa.com www.breezeairwaysvisa.com www.barclaycardus.com gap.barclaysus.com oldnavy.barclaysus.com athleta.barclaysus.com bananarepublic.barclaysus.com staging-www.barclaycardus.com prod-test-www.barclaycardus.com prod-pi-www.barclaycardus.com prod-cn-www.barclaycardus.com barclaysuscbfeedback.qualtrics.com; 2
frame-ancestors 'self' https://mychart-np.et1288.epichosted.com https://internal.my.lablue.com https://mychart-np.et1288.epichosted.com https://my.lablue.com; 2
default-src * data: https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src blob: https: 2
default-src 'self' static-cdn.mackeeper.com static-cdn.sz.mackeeper.com;frame-ancestors 'self' *.cleverbridge.com;frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.mackeeper.com *.facebook.com *.youtube.com *.trustpilot.com *.criteo.com *.googletagmanager.com;child-src 'self';form-action 'self';img-src 'self' data: *.kromtech.net *.mackeeper.com *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.googletagmanager.com *.outbrain.com *.gstatic.com http://mackeeper.com https://mackeeper.com *.atdmt.com https://files.clario.co https://c.clarity.ms https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ *.shopperapproved.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.mackeeper.com *.doubleclick.net *.youtube.com *.ytimg.com *.taboola.com *.outbrain.com *.trustpilot.com http://mackeeper.com https://mackeeper.com http://support.zoomsupport.com http://crm.zoomsupport.com http://chat-crm.zoomsupport.com *.criteo.net *.criteo.com https://www.dwin1.com http://www.youtube.com/player_api https://zchat.account.sz.mackeeper.com https://zchat.account.mackeeper.com https://files.clario.co *.clarity.ms *.googleoptimize.com *.sentry-cdn.com *.shopperapproved.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net *.mackeeper.com *.google.com *.googletagmanager.com http://mackeeper.com https://mackeeper.com *.shopperapproved.com;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net *.mackeeper.com *.shopperapproved.com;object-src 'none';connect-src 'self' *.facebook.com *.mackeeper.com http://mackeeper.com https://mackeeper.com *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com https://analytics.google.com wss://*.hotjar.com *.taboola.com *.outbrain.com http://rp.liadm.com https://rp.liadm.com https://bat.bing.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.clarity.ms https://sentry.cloudmccloud.com https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ *.googleadservices.com *.sentry-cdn.com *.trustpilot.com 2
frame-ancestors 'self' https://woobox.com/ https://*.secondstreetapp.com/ https://products.bestreviews.com/ https://www.channel4000.com/ https://kdvr.com/ https://kfor.com/ https://fox2now.com/ https://fox5sandiego.com/ https://ktla.com/ https://fox40.com/ https://fox4kc.com/ https://wgntv.com/ https://fox8.com/ https://khon2.com/ https://klfy.com/ https://kron4.com/ https://krqe.com/ https://wavy.com/ https://wfla.com/ https://wivb.com/ https://wkrg.com/ https://wkrn.com/ https://woodtv.com/ https://wwlp.com/ https://channel4000.com/ https://koin.com/ https://wreg.com/ https://wric.com/ https://fox59.com/ https://wspa.com/ https://wgno.com/ https://myfox8.com/ https://nbc4i.com/ https://kxan.com/ https://wtnh.com/ https://stage.nxstrib.com/ https://nxs-staging.go-vip.net/ https://wate.com/ https://wkbn.com/ https://cbs17.com/ https://wpri.com/ https://wsav.com/ https://whnt.com/ https://who13.com/ https://abc27.com/ https://cbs42.com/ https://wjhl.com/ https://cw33.com/ https://cw39.com/ https://localdvm.com/watch-dcw50/ https://wgnradio.com/ https://phl17.com/ https://cbs4indy.com/ https://borderreport.com/ https://everythinglubbock.com/ https://myhighplains.com/ https://nxsttv-stage.go-vip.net/ https://nxstrib-com-staging.go-vip.net/ https://myarklamiss.com/ https://kark.com/ https://siouxlandproud.com/ https://keloland.com/ https://easttexasmatters.com/ https://texomashomepage.com/ https://kget.com/ https://yourbigsky.com/ https://8newsnow.com/ https://mysterywire.com/ https://fox16.com/ https://conchovalleyhomepage.com/ https://yourbasin.com/ https://nwahomepage.com/ https://ozarksfirst.com/ https://westernslopenow.com/ https://yourcentralvalley.com/ https://fourstateshomepage.com/ https://ksnt.com/ https://ksn.com/ https://bigcountryhomepage.com/ https://arklatexhomepage.com/ https://ktsm.com/ https://abc4.com/ https://valleycentral.com/ https://kxnet.com/ https://fox21news.com/ https://fox44news.com/ https://wane.com/ https://binghamtonhomepage.com/ https://wboy.com/ https://pahomepage.com/ https://wbtw.com/ https://counton2.com/ https://wcia.com/ https://wdhn.com/ https://wdtn.com/ https://localdvm.com/ https://tristatehomepage.com/ https://mytwintiers.com/ https://mychamplainvalley.com/ https://wearegreenbay.com/ https://wfxrtv.com/ https://cnyhomepage.com/ https://ourquadcities.com/ https://wjtv.com/pine-belt-news/ https://wjbf.com/ https://yourerie.com/ https://upmatters.com/ https://wjtv.com/ https://fox46.com/ https://wiproud.com/ https://wlns.com/ https://mypanhandle.com/ https://centralillinoisproud.com/ https://foxlexington.com/ https://wnct.com/ https://cenlanow.com/ https://wowktv.com/ https://wvillustrated.com// https://mystateline.com/ https://wrbl.com/ https://rochesterfirst.com/ https://localsyr.com/ https://wearecentralpa.com/ https://news10.com/ https://wtrf.com/ https://mywabashvalley.com/ https://brproud.com/ https://wvnstv.com/ https://informnny.com/ https://wytv.com/ https://pix11.com/ https://www.snntv.com/ https://www.wavy.com/ https://cw33.com/ https://www.dcnewsnow.com/ https://www.ketk.com/ https://www.ktalnews.com/ https://www.qcnews.com/ https://fox56news.com/ https://www.wtaj.com/ https://www.newsnationnow.com/ https://thehill.com/; 2
frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com http://local.app.logos.com:* https://app.logos.com https://*.app.logos.com logos-app://* https://builder.io; object-src https://cloud.faithlife.net https://cloud.mail.logos.com; base-uri https://optimize.google.com; block-all-mixed-content 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://stats.spdns.de; object-src 'none' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ; img-src 'self' data: https://ssl.gstatic.com/ https://stats.spdns.de https://status.securepoint.de; media-src 'none'; frame-src https://stats.spdns.de/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; connect-src 'self' https://*.checkdns.spdyn.de/ https://*.checkcat.spdyn.de/; font-src 'self' https://fonts.gstatic.com 2
frame-ancestors 'self' https://*.mobiauto.com.br https://*.mobigestor.com.br https://*.passecarros.com.br https://*.suaoficinaonline.com.br https://*.evergage.com 2
frame-ancestors 'self' *.ais.th, font-src 'self'  *.ais.th fonts.gstatic.com *.blob.core.windows.net *.cdc.ais.th maxcdn.bootstrapcdn.com data: 2
frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net *.helpdocsite.com teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com teams.cloud.microsoft outlook.cloud.microsoft m365.cloud.microsoft app.hubspot.com app-eu1.hubspot.com *.canva.com; 2
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae rum.hlx.page bat.bing.com *.amazon-adsystem.com s.amazon-adsystem.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com cdn-assets-prod.s3.amazonaws.com app.contentsquare.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com snap.licdn.com *.recaptcha.net s.yimg.com *.askus.hsbc.co.uk *.appspot.com tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.twitter.com t.co *.walkme.com *.omguk.com *.adsrvr.org pixel.everesttech.net liveperson.com *.contentsquare.com *.qualtrics.com *.quantserve.com *.outbrain.com *.taboola.com *.google-analytics.com www.google.com www.gstatic.cn *.hsbc.com.cn *.isstprod.hsbc.com.cn *.akamaihd.net *.tt.omtrdc.net c-hsbc.lytics.io; img-src data: * blob: *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com *.liveperson.net *.lpsnmedia.net; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.brightcovecdn.com *.contentsquare.net bat.bing.com manifest.prod.boltdns.net adservice.google.com *.api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com *.siteintercept.qualtrics.com ad.doubleclick.net stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk *.lo.cobrowse.liveperson.net *.tt.omtrdc.net *.sc.omtrdc.net *.mcmprod.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.askus.hsbc.co.uk www.security.hsbc.co.uk translate.googleapis.com *.brightcove.com cdn-assets-prod.s3.amazonaws.com www.isstukdev.hsbc.co.uk www.mcmdev.hsbc.co.uk www.mcmperf.hsbc.co.uk www.isstukuat.hsbc.co.uk www.isstuk.hsbc.co.uk *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com stream-dev.data.hsbc.com *.akamaihd.net px.ads.linkedin.com *.hsbc.co.uk *.qualtrics.com *.amazonaws.com *.we-stats.com *.hsbc.com wss://*.hsbc.com *.onfido.com *.appspot.com *.facebook.com tt.omtrdc.net *.liveperson.net *.google.com *.walkme.com pixel.everesttech.net *.contentsquare.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net code.jquery.com *.isstprod.hsbc.com.cn *.eu.v2.customers.biocatch.com analytics-ipv6.tiktokw.us www.googleadservices.com *.lpsnmedia.net; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com *.demdex.net www.googletagmanager.com td.doubleclick.net *.ep-mimecast.facebook.com 8068700.fls.doubleclick.net gateway.zscalertwo.net google.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com *.online-metrix.net *.hsbc.com.hk *.walkme.com liveperson.com *.qualtrics.com tags.tiqcdn.com *.hsbc.co.uk *.facebook.com *.recaptcha.net bid.g.doubleclick.net cdntm.hsbc.co.uk *.akamaihd.net *.ibosscloud.com m.hbeu.dxp1.preprod.eu.dynp.cloud1.vv1865.com; frame-ancestors 'self' www.hsbc.co.uk *.liveperson.net *.hsbc.co.uk; font-src 'self' data: *.hsbc.com.hk *.gstatic.com fonts.gstatic.com *.cloudfront.net at.alicdn.com cdn.jsdelivr.net *.avast.com *.alicdn.com fonts.googleapis.com *.hsbc.co.uk; worker-src 'self' blob: tags.tiqcdn.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.askus.hsbc.co.uk www.googletagmanager.com *.lo.cobrowse.liveperson.net *.liveperson.net *.optimizely.com *.walkme.com c-hsbc.lytics.io *.lpsnmedia.net; object-src 'self' blob: players.brightcove.net; child-src 'self' *.demdex.net *.lpsnmedia.net *.liveperson.net *.google.com blob: tags.tiqcdn.com; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net *.lpsnmedia.net; manifest-src 'self' www.hsbc.co.uk; upgrade-insecure-requests ; report-uri /csp/report; 2
frame-ancestors https://app.contentful.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://a.mgid.com https://unpkg.com https://a.plerdy.com https://snap.licdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://polyfill.io https://script.hotjar.com https://cdn.liqpay.ua https://w.liqpay.ua https://channelapi.liqpay.ua https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://static.hotjar.com https://fingerprint.pb.ua https://socauth.privatbank.ua https://24.privatbank.ua https://*.privatbank.ua https://*.it.loc; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://24.privatbank.ua https://*.privatbank.ua; img-src 'self' data: blob: https: https://*.privatbank.ua https://dobro.privatbank.ua https://www.liqpay.ua https://auto.privatbank.ua https://carddesign.privatbank.ua https://dwfvpbrjajjfs.cloudfront.net; font-src 'self' data: https://fonts.gstatic.com https://*.privatbank.ua; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://region1.analytics.google.com https://www.google.com https://a.plerdy.com https://snap.licdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://px.ads.linkedin.com https://stats.g.doubleclick.net https://dwfvpbrjajjfs.cloudfront.net https://www.facebook.com https://connect.facebook.net https://socauth.privatbank.ua https://cdn.liqpay.ua https://channelapi.liqpay.ua wss://channelapi.liqpay.ua https://w.liqpay.ua https://fingerprint.pb.ua https://*.privatbank.ua https://*.it.loc https://promin.privatbank.ua:8072 https://promin.stage.it.loc https://promin.test.it.loc https://cp.privatbank.ua:443 https://uniagr.test.it.loc https://dio.privatbank.ua https://otp-inner.privatbank.ua https://activepoints.privatbank.ua https://cis.stage.it.loc https://atmtsoorder.privatbank.ua https://uniagr.privatbank.ua https://bmetal.privatbank.ua https://odb.privatbank.ua:10151 https://deposits.privatbank.ua http://odb.privatbank.ua:11151 http://treasury.privatbank.ua http://wf.privatbank.ua:8186 https://fxcash.privatbank.ua https://iq.privatbank.ua:9488 https://moneyreturn.privatbank.ua https://ex.privatbank.ua https://stat.privatbank.ua wss://a.plerdy.com; frame-src 'self' 'unsafe-inline' data: blob: https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://w.liqpay.ua https://a.plerdy.com https://fingerprint.pb.ua https://24.privatbank.ua https://socauth.privatbank.ua https://static.privatbank.ua https://login-widget.privatbank.ua https://*.privatbank.ua https://*.it.loc; child-src 'self' blob:  https://www.googletagmanager.com https://w.liqpay.ua; media-src 'self' data: blob: https://cdn.liqpay.ua https://*.privatbank.ua https://dwfvpbrjajjfs.cloudfront.net; object-src 'self' https://static.privatbank.ua https://maxcdn.bootstrapcdn.com; base-uri 'self'; form-action 'self' https://www.liqpay.ua https://*.privatbank.ua https://*.it.loc privat24:; 2
default-src ;script-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.textexpander.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google-analytics.com https://*.googleadservices.com https://*.facebook.net https://*.pvd.to https://*.dwin1.com https://*.doubleclick.net https://*.google.at https://*.twitter.com https://*.iubenda.com https://*.vimeocdn.com https://*.hubspot.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.calendly.com https://*.usemessages.com https://*.recruitee.com https://d10zminp1cyta8.cloudfront.net https://cdnjs.cloudflare.com https://unpkg.com https://*.paddle.com https://*.helpscout.net https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.co https://*.google.com.gr https://*.google.com.mx https://*.google.com.pk https://*.google.com.tr https://*.google.com.tw https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.pl https://*.google.pt https://*.googleoptimize.com https://vimeo.com https://*.yoast.com https://*.vimeo.com https://*.google.com https://*.fontawesome.com https://*.hsappstatic.net https://ads.yahoo.com https://*.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://ib.adnxs.com https://idsync.rlcdn.com https://image2.pubmatic.com https://*.adsymptotic.com https://*.advertising.com https://*.rubiconproject.com https://simage2.pubmatic.com https://*.licdn.com https://*.outbrain.com https://*.taboola.com https://ups.analytics.yahoo.com https://*.bidswitch.net https://*.facebook.com https://*.clearbitscripts.com https://*.clearbitjs.com https://*.hsforms.com https://*.hsforms.net https://*.bing.com https://*.linkedin.com https://*.gstatic.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://*.g2crowd.com https://*.attributionapp.com https://*.intercom.io https://*.intercom.com https://*.intercomcdn.com https://*.clarity.ms https://google.com https://google.com https://*.segment.com https://*.getreditus.com/ https://*.mountain.com https://pocustrack.com https://*.pocustrack.com https://*.influ2.com;style-src https://*.textexpander.com https://sentry.io 'unsafe-inline' 'self' https://*.helpscout.net https://unpkg.com https://*.google.com https://*.fontawesome.com https://*.calendly.com https://*.googleapis.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://s3.amazonaws.com https://*.intercom.io https://*.intercom.com https://*.intercomcdn.com https://google.com https://google.com https://*.typekit.net;font-src https://*.textexpander.com https://*.gstatic.com data: 'self' https://*.googletagmanager.com https://*.helpscout.net https://*.googleoptimize.com https://*.fontawesome.com https://textexpander.com https://*.intercomcdn.com https://*.typekit.net;img-src * data: https://*.influ2.com;connect-src https://*.textexpander.com wss://visitors.live https://*.hubapi.com https://*.fontawesome.com wss://*.visitors.live https://*.googleapis.com https://*.linkedin.com https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com https://*.sumologic.com https://cdn.linkedin.oribi.io 'self' https://*.analytics.google.com https://*.hubspot.com https://*.iubenda.com https://*.pvd.to https://*.recruitee.com https://*.helpscout.net https://sentry.io https://*.facebook.com https://*.google-analytics.com https://*.yoast.com https://*.google.com https://*.adroll.com https://*.googlesyndication.com https://*.clearbit.com https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.bing.com https://*.doubleclick.net https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://*.attributionapp.com https://*.intercom.com https://*.intercom.io https://*.intercomcdn.com wss://*.intercom.io https://*.clarity.ms https://google.com https://google.com https://*.g2crowd.com https://*.segment.com https://*.segment.io https://bat.bing.net https://*.g2.com https://*.pocustrack.com https://*.influ2.com https://rest-staging.tenet.textexpander.com;media-src https://*.textexpander.com https://*.youtu.be https://vod-progressive.akamaized.net 'self' https://*.vimeocdn.com https://*.helpscout.net https://download-video.akamaized.net https://vimeo.com https://*.vimeo.com https://*.youtube.com https://textexpander.com https://*.intercomcdn.com;object-src https://*.textexpander.com blob: 'self' https://*.helpscout.net https://textexpander.com;frame-src https://*.textexpander.com https://10fastfingers.com https://calendly.com https://*.wufoo.com 'self' https://*.twitter.com https://*.hubspot.com https://*.iubenda.com https://*.vimeocdn.com https://*.helpscout.net https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.co https://*.google.com.gr https://*.google.com.mx https://*.google.com.pk https://*.google.com.tr https://*.google.com.tw https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.pl https://*.google.pt https://vimeo.com https://*.vimeo.com https://*.google.com https://*.youtube-nocookie.com https://*.adroll.com https://*.hsforms.com https://*.youtube.com https://*.doubleclick.net https://*.facebook.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://*.attributionapp.com https://*.intercom.io https://*.intercom.com https://*.intercomcdn.com https://*.intercom-reporting.com https://intercom-sheets.com https://fast.wistia.net https://google.com https://google.com https://*.googletagmanager.com https://js.hsforms.net;worker-src https://*.textexpander.com 'self' blob: https://textexpander.com https://*.intercom-reporting.com https://intercom-sheets.com https://fast.wistia.net https://vimeo.com https://*.youtube.com; 2
frame-ancestors 'self' *.crestron.com *.crestron.com:81; 2
base-uri 'self'; default-src 'none'; img-src 'self' https: data: blob:; worker-src 'self' https: data: blob:; media-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; object-src 'none'; frame-src https:; frame-ancestors 'none'; connect-src 'self' https: blob: data: ws:; font-src 'self' data:; manifest-src 'self' 2
frame-ancestors 'self' *.3bb.co.th, font-src 'self' *.3bb.co.th *.ais.th fonts.gstatic.com *.blob.core.windows.net *.cdc.ais.th maxcdn.bootstrapcdn.com data: 2
default-src 'none'; connect-src *; font-src * data: about:; frame-src *; img-src * data: about:; media-src 'self' www.l3harris.com; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'strict-dynamic' 'nonce-mN5Px4iDyLSiVydBb9fXig'; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'strict-dynamic' 'nonce-mN5Px4iDyLSiVydBb9fXig'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.wescam.info www.googletagmanager.com cdn.userway.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; report-uri https://www.l3harris.com/system/reporting/csp; report-to csp; trusted-types * 'allow-duplicates'; require-trusted-types-for 'script' 2
frame-src https://portal.exoscale.com/ https://push.getbeamer.com/ https://app.getbeamer.com/ https://changelog.exoscale.com/ 2
default-src 'none'; media-src *; font-src 'self' *.typekit.net *.cloudfront.net fonts.gstatic.com data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com *.substack.com platform.x.com substackapi.com boards.greenhouse.io job-boards.greenhouse.io cdn.jsdelivr.net cdn.optimizely.com *.parsely.com connect.facebook.net info.a16z.com munchkin.marketo.net plausible.io px.ads.linkedin.com snap.licdn.com static.ads-twitter.com www.youtube.com script.crazyegg.com www.google-analytics.com www.googletagmanager.com a16z.com blob:; style-src 'unsafe-inline' *.typekit.net fonts.googleapis.com info.a16z.com a16z.com; connect-src *; frame-src 'self' platform.twitter.com my.spline.design *.a16z.news *.substack.com *.googletagmanager.com *.loom.com *.cdn.optimizely.com speedrun.substack.com *.simplecast.com gamma.app boards.greenhouse.io job-boards.greenhouse.io www.youtube.com info.a16z.com; base-uri 'none'; form-action 'self' info.a16z.com; frame-ancestors 'self' 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at *.tugraz.at https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://connect.facebook.net https://*.google-analytics.com https://stats.g.doubleclick.net https://*.analytics.google.com https://*.licdn.com https://*.linkedin.com; child-src 'self' *.tugraz.at *.youtube.com *.youtube-nocookie.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org https://*.twitter.com https://letscast.fm; img-src 'unsafe-inline' 'unsafe-eval' * data:; 2
default-src 'self' wss://*.cyberstock.com.my wss://*.maybank2u.com.my *.maybank2u.com.my *.maybank.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.useinsider.com https://perfectsencollector.com *.google.com https://analytics.google.com *.googleapis.com *.googletagmanager.com https://*.maybankheart.com https://analytics.twitter.com https://s.yimg.com https://analytics.tiktok.com https://c.clarity.ms https://k.clarity.ms https://n.clarity.ms https://v.clarity.ms https://s.clarity.ms https://p.clarity.ms; object-src *.maybank2u.com.my; style-src 'self' 'unsafe-inline' *.googleapis.com https://livechat.maybank2u.com.my *.google.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com https://livechat.maybank2u.com.my; font-src *.gstatic.com *.maybank2u.com.my *.google.com *.mobiletrade.powerbroking2u.com.my; script-src 'self' *.maybank2u.com.my *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.mbww.com *.useinsider.com https://connect.facebook.net *.googleadservices.com *.google.com *.gstatic.com *.cyberstock.com.my https://analytics.tiktok.com https://bat.bing.com https://www.clarity.ms https://s.yimg.com https://analytics.twitter.com https://static.ads-twitter.com; frame-src 'self' *.maybank2u.com.my *.useinsider.com https://unity.cadreon.com *.doubleclick.net *.youtube.com *.google.com *.mobiletrade.powerbroking2u.com.my *.cyberstock.com.my https://search-prod.maybanksandbox.com; img-src 'self' data: blob: *.maybank2u.com.my https://emerchant.maybank2u.com.my:8443 *.google-analytics.com *.googlesyndication.com *.doubleclick.net https://www.google.com https://www.google.com.my https://www.google.com.sg https://www.google.co.in https://www.google.co.id https://www.facebook.com/tr/ *.useinsider.com www.maybank.com *.gstatic.com *.googleapis.com http://dbv47yu57n5vf.cloudfront.net https://perfectsencollector.com *.amazonaws.com *.oto.my *.googletagmanager.com *.youtube.com https://t.co https://analytics.twitter.com https://sp.analytics.yahoo.com https://bat.bing.com https://c.clarity.ms https://c.bing.com 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; frame-src 'self' https:; media-src 'self' https:; connect-src 'self' https:; 2
default-src 'self'; script-src 'self' https://*.js.stripe.com https://js.stripe.com https://challenges.cloudflare.com https://*.googletagmanager.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' image.shutterstock.com *.tineye.com *.staging.cloud.tineye.com https://*.googletagmanager.com data:; font-src 'self'; connect-src 'self' https://api.stripe.com https://challenges.cloudflare.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://challenges.cloudflare.com; frame-ancestors 'none'; object-src 'none' https://tineye.com; base-uri 'self'; form-action 'self'; worker-src 'self' blob:; upgrade-insecure-requests; 2
frame-ancestors 'self' https://statistics.uni-saarland.de; 2
frame-ancestors 'self' *.servicetitan.com; 2
frame-src 'self'  https://*.matterport.com https://*.takemobi.io https://*.ada.support https://*.yimg.com https://*.sandbox.my.site.com https://*.adalyser.com https://*.redditstatic.com https://*.reddit.com  https://www.googletagmanager.com https://pcl.satmetrix.com https://*.adsrvr.org https://*.edkt.io https://*.adnxs.com https://*.omniture.com https://*.teads.tv https://*.everesttech.net https://*.everestjs.net https://fledge.teads.tv https://*.adentifi.com https://*.linkedin.com https://*.licdn.com https://*.sojern.com https://*.videoamp.com https://awin1.com https://dwin1.com https://*.adobe.com https://*.niceincontact.com https://na-gateway.mastercard.com https://mtf.gateway.mastercard.com https://analytics.analytics-egain.com https://princesscruises.egain.cloud https://surfly-us.com https://princess.qualtrics.com https://sr.rlcdn.com https://www.facebook.com https://assets.adobedtm.com https://cdn.appdynamics.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://carnivalbrands.demdex.net https://servedby.flashtalking.com https://www.youtube.com https://*.princess.com https://*.ocean.com https://*.pinterest.com https://*.td.doubleclick.net https://*.tpc.googlesyndication.com https://publish-p107522-e1006297.adobeaemcloud.com https://td.doubleclick.net https://tpc.googlesyndication.com https://*.optimizely.com https://*.fullstory.com https://*.paypal.com; frame-ancestors 'self' https://*.princess.com https://*.polarres.com https://*.clubprincess.com https://*.medallionclassmarket.com  https://*.princesspromotions.com https://*.ocean.com  https://*.niceincontact.com https://*.adobeaemcloud.com https://*.optimizely.com https://*.fullstory.com https://*.yimg.com https://*.demandware.net https://runtime.commercecloud.com https://*.ada.support; 2
frame-ancestors 'self' *.ispmanager.com *.ispmanager.ru https://mc.yandex.ru https://mc.yandex.com https://yastatic.net https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr http://webvisor.com http://*.webvisor.com 2
frame-ancestors self https://*.asianetnews.com https://*.asianetnews.co http://*.annpl.org https://*.asianetnews.org https://jionews.com https://jionewsdev1.jio.ril.com 2
default-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com *.s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au *.hsadspixel.net play.goconsensus.com *.jsdelivr.net *.hockeystack.com *.cloudflareinsights.com *.hubapi.com *.hsappstatic.net fonts.googleapis.com csxd.exclaimer.net csxd.exclaimer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com *.s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au *.hsadspixel.net play.goconsensus.com *.jsdelivr.net *.hockeystack.com *.cloudflareinsights.com *.hubapi.com *.hsappstatic.net fonts.googleapis.com t.contentsquare.net app.contentsquare.com; worker-src 'self' blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com *.s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au *.hsadspixel.net play.goconsensus.com *.jsdelivr.net *.hockeystack.com *.cloudflareinsights.com *.hubapi.com *.hsappstatic.net fonts.googleapis.com; img-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com *.s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au *.hsadspixel.net play.goconsensus.com *.jsdelivr.net *.hockeystack.com *.cloudflareinsights.com *.hubapi.com *.hsappstatic.net fonts.googleapis.com *.contentsquare.net data: blob:; font-src 'self' a.storyblok.com maxcdn.bootstrapcdn.com fast.wistia.com data:; media-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com *.s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au *.hsadspixel.net play.goconsensus.com *.jsdelivr.net *.hockeystack.com *.cloudflareinsights.com *.hubapi.com *.hsappstatic.net fonts.googleapis.com data: blob:; object-src 'none'; frame-ancestors 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com *.s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au *.hsadspixel.net play.goconsensus.com *.jsdelivr.net *.hockeystack.com *.cloudflareinsights.com *.hubapi.com *.hsappstatic.net fonts.googleapis.com; connect-src 'self' https://www.gstatic.com/ exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com *.s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au *.hsadspixel.net play.goconsensus.com *.jsdelivr.net *.hockeystack.com *.cloudflareinsights.com *.hubapi.com *.hsappstatic.net fonts.googleapis.com *.contentsquare.net *.litix.io blob: data:; child-src 'self' blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com *.s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au *.hsadspixel.net play.goconsensus.com *.jsdelivr.net *.hockeystack.com *.cloudflareinsights.com *.hubapi.com *.hsappstatic.net fonts.googleapis.com; style-src 'self' 'unsafe-inline' data: blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com *.s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au *.hsadspixel.net play.goconsensus.com *.jsdelivr.net *.hockeystack.com *.cloudflareinsights.com *.hubapi.com *.hsappstatic.net fonts.googleapis.com; 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.segment.com https://*.boost.ai https://*.hotjar.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://www.google.com https://*.gstatic.com https://*.appboycdn.com https://*.doubleclick.net https://*.northbeam.io https://*.appsflyer.com https://*.tiktok.com https://*.segmentstream.com https://maps.googleapis.com https://*.iesnare.com https://*.typeform.com https://*.rudderlabs.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typeform.com; img-src 'self' data: https: https://*.typeform.com; font-src 'self' data: https:; connect-src 'self' data: wss://*.boost.ai https://*.google.com.co https://www.google.com.co https://www.google-analytics.com https://analytics.google.com https://*.segmentstream.com https://*.csidetm.com https://*.stytch.com https://*.seondnsresolve.com https://*.seondfresolver.com https://*.deviceinfresolver.com https://*.seonintelligence.com https://*.onelink.me https://*.appsflyer.com https://*.tiktok.com https://*.tiktokw.us https://*.pangle-ads.com https://*.doubleclick.net https://*.launchdarkly.com https://*.strich.io https://*.google.com https://*.pndsn.com https://*.bold.co https://bold.co https://*.segment.com https://*.segment.io https://api.segment.io https://cdn.segment.com https://*.amazonaws.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.boost.ai https://*.maze.co https://*.braze.eu https://*.googleapis.com https://*.seondf.com https://iteratehq.com https://*.sentry.io https://*.auth0.com https://*.kustomerapp.com https://*.shopifysvc.com https://*.boldcf.co https://boldcf.co https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.iesnare.com https://*.typeform.com https://*.rudderlabs.com https://*.browser-intake-datadoghq.com https://*.datadoghq.com https://*.googlevideo.com; media-src 'self' blob: https://*.googlevideo.com; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://*.typeform.com https://www.youtube.com https://www.youtube-nocookie.com; manifest-src 'self' https://bold.co https://*.bold.coframe-ancestors 'self' https://bold.co https://web.bold.co https://www.bold.co 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.isbank.com.tr *.google.com *.google.com.tr *.efilli.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.yandex.ru *.taboola.com *.intisbank *.uatisbank *.dmzisbank *.uatdmzisbank *.taboola.com *.signfordeaf.com *.youtube.com *.facebook.net *.facebook.com *.adform.net *.googleapis.com *.gstatic.com *.webservice.foreks.com *.maxiweb.isbank.com.tr data:; frame-src 'self' maxiweb.isbank.com.tr webservice.foreks.com www.youtube.com *.dataroid.com appconnect.isbank.com.tr connect-cdn.isbank.com.tr anindaislem.isbank.com.tr; child-src 'self' *.dataroid.com appconnect.isbank.com.tr connect-cdn.isbank.com.tr 2
default-src 'none'; media-src 'self' data:; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self'; connect-src 'self'; 2
frame-ancestors 'self' https://anz.sharepoint.com; 2
default-src 'self' data: https:;base-uri 'self';font-src 'self' https: data:;form-action 'self' https://*.dotmetrics.net;frame-ancestors https://cue.wanews.com.au 'self';img-src 'self' data: https:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:;style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;report-to csp-violations;report-uri https://thewest.com.au/csp-report;connect-src 'self' https: data: wss:;frame-src 'self' https:;media-src 'self' data: blob: https:;worker-src 'self' https: data: blob: 2
default-src 'self'; connect-src https://googlecdn.org https://perfops3.byteperf.com https://perfops2.byteperf.com https://perfops3.byte-test.com https://perfops1.byteperf.com https://devnull.perfops.net https://*.test.resolver.perfops.net https://test-perfops.wedos.delivery https://cdn.perftest.f5-cloud-demo.com https://test-perfops.blazingcdn.com https://eo-perfops4.qcloudteo.com https://eo-perfops6.qcloudteo.com https://perfops.cloudflareperf.com https://eo-perfops10.qcloudteo.com https://perf-test.sufycdn.com https://eo-perfops8.qcloudteo.com https://cdn.jsdelivr.net https://eo-perfops1.qcloudteo.com https://perf.qinglanbaseunicast.com https://d3888oxgux3fey.cloudfront.net https://eo-static-perfops.qcloudcdn.com https://cdn23602612.ahacdn.me https://rum.perfops.cdb.cdn.orange.com https://perfops.byte-test.com https://akamai-cdn.perfops.io https://eo-static-perfops1.qcloudcdn.com https://cdnperf.cachefly.net https://medianova-cdnperf.mncdn.com https://djlzvy5xcvhxt.cloudfront.net https://1596384882.rsc.cdn77.org https://d161f70cbh7kx6.cloudfront.net https://medianova-cdnvperf.mncdn.com https://cdnperf.vergecloud.com https://perfops.gcorelabs.com https://25748s.ha.azioncdn.net https://test-perfops.haproxy.com https://perfops.swiftycdn.net https://perfops2.byte-test.com https://eo-perfops5.qcloudteo.com https://ultrawaf.canary.scrubbingcenter.com https://eo-perfops9.qcloudteo.com https://cdnperf-rum.cdnetworks.net https://perfops.edge.run https://eo-perfops2.qcloudteo.com https://eo-static-perfops3.qcloudcdn.com https://ovh-cdn.perfops.io https://eo-perfops7.qcloudteo.com https://afdcdnperf-e8aeffg7frd0a3c0.z01.azurefd.net https://proxy.canary.scrubbingcenter.com https://perfops1.b-cdn.net https://perfops-bench.sos-ch-gva-2.exoscale-cdn.com https://eo-perfops3.qcloudteo.com https://perfops-static.freetls.fastly.net https://perfopsrumapi.akamaized.net https://test-perfops.ldgslb.com https://cpt96125.shopvoxpopulus.com https://perfopsrum.akamaized.net https://perfopsrum-eip.akamaized.net https://eo-static-perfops2.qcloudcdn.com https://perfops.test.edgekey.net https://test-perfops.idevops.suijinetworks.com https://cdnperf-rum.quantil.com https://rum.perfops.mdb.cdn.orange.com https://rum-cdn.perfops.net 'self'; img-src 'self' https://quickchart.io https://files.catbox.moe; media-src 'self' https://files.catbox.moe; style-src 'self' 'unsafe-inline'; script-src https://www.google.com https://www.gstatic.com https://cdn.perfops.net 'self' 'unsafe-inline'; frame-src https://www.google.com; 2
frame-ancestors 'self' https://statshub.sportradar.com 2
default-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com *.hsadspixel.net *.hs-analytics.net https://js.hscta.net *.hubspot.com https://static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com https://feedback.hubapi.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://sdk.privacy-center.org https://load.insights.juspay.io https://insights.juspay.io *.stape.io https://snap.licdn.com https://connect.facebook.net https://tracking-api.g2.com *.g2.com https://app.factors.ai *.factors.ai; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://sdk.privacy-center.org https://www.googletagmanager.com https://fonts.googleapis.com; form-action 'self' crm.zoho.com api.social.juspay.in https://www.facebook.com; object-src 'none'; img-src 'self' data: crm.zoho.com https://dth95m2xtyv8v.cloudfront.net https://cdn.sanity.io https://track-eu1.hubspot.com https://js.hscta.net https://no-cache.hubspot.com *.hubspot.com *.hsforms.net *.hsforms.com https://sdk.privacy-center.org https://px.ads.linkedin.com https://www.facebook.com *.facebook.com *.g2.com https://analytics.google.com https://www.google.com https://www.google.co.in https://stats.doubleclick.net *.google.com *.google.co.in *.doubleclick.net https://fonts.gstatic.com https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://forms.zohopublic.com/ https://sdk.privacy-center.org *.hubspot.com *.hs-sites.com *.hsforms.net *.hsforms.com *.stape.io https://www.googletagmanager.com https://insights.juspay.io https://www.facebook.com; frame-ancestors 'self'; connect-src 'self' api.social.juspay.in https://joinus.juspay.in/api/careerJobOpening https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://analytics.google.com https://stats.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://forms-eu1.hscollectedforms.net *.hubapi.com https://js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.sentry.io *.ingest.de.sentry.io https://sdk.privacy-center.org https://api.privacy-center.org https://load.insights.juspay.io https://insights.juspay.io *.stape.io https://px.ads.linkedin.com https://www.facebook.com https://tracking-api.g2.com *.factors.ai; child-src 'self' *.hsforms.com 2
frame-src 'self' *.youtube.com *.youtube-nocookie.com youtu.be https://www.googletagmanager.com player.vimeo.com tradetracker.jobs.personio.com; 2
frame-ancestors 'self' *.amplience.net runtime.commercecloud.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://ssl.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com http://visit.smartjailmail.com https://visit.smartjailmail.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://challenges.cloudflare.com; img-src 'self' blob: data: https://ssl.google-analytics.com https://www.gstatic.com https://sjm-photos.s3.amazonaws.com; 2
frame-ancestors https://wework.mindtickle.com https://wework.share.mindtickle.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://*.quantserve.com https://*.quantcount.com https://tsdtocl.com https://google.com/pagead/form-data/1071727046 https://privacyportal.onetrust.com https://edge.adobedc.net https://cm.everesttech.net https://google.com/ccm/form-data/1071727046 https://onsemi.demdex.net https://geolocation.onetrust.com https://i.liadm.com/s/66627 https://trc.taboola.com/sg/liveintent/1/um https://cdn.cookielaw.org https://assets.adobedtm.com https://adobedc.demdex.net https://dpm.demdex.net https://data.enablementadobe.com https://*.wootric.com https://wootric-eligibility.herokuapp.com https://s.yimg.com https://static.lightning.force.com https://onsemineworg.my.salesforce.com https://service.force.com https://d.la2-c1-ia5.salesforceliveagent.com https://c.la2-c1-ia5.salesforceliveagent.com https://onsemineworg.my.site.com https://c1.sfdcstatic.com https://www.gstatic.cn https://www.recaptcha.net https://onsemineworg.my.salesforce.com https://onsemineworg.my.site.com https://d.la2-c1-ia5.salesforceliveagent.com https://service.force.com https://c1.sfdcstatic.com https://onsemi.componentsearchengine.com https://*.plexim.com https://event.on24.com https://my.onsemi.com https://www.onsemi.jp https://www.onsemi.cn https://www.onsemi.com https://identity.onsemi.com https://tags.tiqcdn.cn https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.marketodesigner.com https://*.mktoweb.com https://*.experience.adobe.com https://*.adobe.net https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.zencdn.net https://*.akamaihd.net https://*.cloud.coveo.com https://*.org.coveo.com https://*.ytimg.com https://go.onsemi.com https://*.kc-usercontent.com https://app.kontent.ai blob: data:  https://cdn.linkedin.oribi.io https://767-faw-709.mktoutil.com https://sp.analytics.yahoo.com https://*.analytics.google.com https://analytics.google.com https://*.cdn.office.net  https://insight.adsrvr.org  https://js.adsrvr.org https://*.6sc.co https://j.6sc.co https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://*.6sense.com https://*.inmoment.com https://googleapis.com https://gstatic.com https://*.qualtrics.com https://*.contentsquare.net https://*.hotjar.io https://cx.onsemi.com 2
frame-ancestors 'self' engage.navan.com app.contentful.com app.navan.com 2
report-uri https://app.glitchtip.com/api/11200/security/?glitchtip_key=494a24ed68494ff097e52d6ce573a8c0;base-uri 'self';connect-src 'self' https://log.cookieyes.com https://*.cookieyes.com https://translate.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://cdn.matomo.cloud https://theideasletter.matomo.cloud https://cdn.plyr.io https://cdn-cookieyes.com;default-src 'self';form-action 'self';img-src 'self' data: https: https://www.gstatic.com https://*.googletagmanager.com https://theideasletter.matomo.cloud https://*.google-analytics.com https://opensocietyfoundations.imgix.net https://i.ytimg.com;object-src 'self' https://video.ted.com;script-src 'self' 'unsafe-eval' https://translate.googleapis.com https://cdn.plyr.io/3.4.4/plyr.polyfilled.js https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://www.youtube.com https://www2.osfound.org/shorten https://*.ingest.sentry.io https://cdn.matomo.cloud https://theideasletter.matomo.cloud https://cdncache-a.akamaihd.net https://connect.facebook.net https://public.flourish.studio https://cdn-cookieyes.com 'sha256-6cF9Ywiz6qk2WZRDoFzd0YpRXdxiyGW2ZWo3RNSjlY4=' 'sha256-hcXMpFtYkVL5u4KUMnE+k7z2UwPrc91qeu7d6BAD2wg=' 'sha256-6vmNTbfgubexXPiaZdcqfKCk+vKBe9cfsKsAciXQtMg=' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' 'sha256-isqZ0Q9pUWxBIyLN3u9Y3hy3MuWSJMoiNKT/nB5AbP8=' 'sha256-E+9KuTkZkFIuiN69g5Y/rS1KDaDR2Wsfoq7Eetly00k=' 'sha256-4A71+eBTUzk+eqeYnEVcDQgmfqADEcilqeQIAiwyPj8=' 'sha256-IQuu99eybyUVQl8tdKPujuMVZMAtiHk2XPu15i9EH4A=' 'sha256-Ft85708B4GnIXzdTu8nxvQbyFHRn0yYy/8Sa3eDtv38=' 'sha256-Rr2cOcZ0xb7Hj5zQ+dbiMS1utknUKamWG8MpHMGpkM8=' 'sha256-FhudaH+D1DhcOfC3dGgEcvkNWiujsnNBXvpOnYT+asw' 'sha256-DqrJErZI/7pog0A9GesbTSM9ARg5dFwEiTotQt+PXns=' 'nonce-zznlJkLjF4rOsyEAjjRZ3oBT1STIW6gZ';style-src 'self' 'unsafe-inline' https:;frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://player.vimeo.com https://flo.uri.sh https://www.googletagmanager.com;font-src 'self' https: data:;media-src 'self' https:;manifest-src 'self';worker-src 'none' 2
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; connect-src 'self' wss://tsock.us1.twilio.com/v3/wsconnect https:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data: 2
default-src 'self' 'unsafe-inline' https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com https://public-eur.mkt.dynamics.com https://assets1-eur.mkt.dynamics.com; font-src 'self' https://*.uni-paderborn.de data:; img-src 'self' data: https://pbs.twimg.com https://*.google.com https://www.googleapis.com https://*.uni-paderborn.de https://*.gstatic.com/images; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uni-paderborn.de https://www.google.com https://cse.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; media-src 'self' https://*.uni-paderborn.de https://*.upb.de https://streaming.uni-paderborn.de:2233 blob:; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 'self'  mailto: tel: https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com 2
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 2
default-src 'self' *.icons8.com *.hotjar.com data: *.doubleclick.net *.wistia.net *.euronext.com *.youtube.com *.google.com *.onetrust.com *.cookielaw.org *.google.fr; child-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.docs.google.com *.googletagmanager.com *.wistia.com *.wistia.net blob:; connect-src 'self' *.cookielaw.org *.google-analytics.com *.freshworks.com *.mapbox.com *.euronext.com *.hotjar.com *.hotjar.io ws.hotjar.com ws: *.onetrust.com *.wistia.net *.wistia.com *.doubleclick.net www.googleadservices.com *.googleapis.com *.g.doubleclick.net *.google.com *.google.fr *.freshdesk.com *.linkedin.com *.companywebcast.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' *.euronext.com maxcdn.icons8.com *.doubleclick.net *.google.com fonts.gstatic.com embed.tawk.to data: *.hotjar.com *.wistia.net; frame-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.google.com *.wistia.com *.wistia.net *.companywebcast.com *.googletagmanager.com; img-src 'self' *.cookielaw.org *.ytimg.com *.w3.org data: *.euronext.com *.googletagmanager.com blob: *.globenewswire.com *.wistia.net *.wistia.com *.google-analytics.com www.googleadservices.com *.google.com *.google.fr *.linkedin.com *.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' blob: *.wistia.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.cookielaw.org *.google-analytics.com *.euronext.com *.mapbox.com *.datatables.net *.jsdelivr.net *.cloudflare.com *.jquery.com *.knightlab.com *.twitter.com *.polyfill.io *.unpkg.com *.mdbootstrap.com *.rawgit.com *.bootstrapcdn.com *.google.com *.freshworks.com *.youtu.be *.doubleclick.net *.gstatic.com *.schema.org *.hotjar.com *.drupal.org *.wistia.com *.youtube.com *.wistia.net *.licdn.com *.companywebcast.com api.mapbox.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://cdn.knightlab.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io mdbootstrap.com platform.twitter.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.icons8.com *.freshworks.com *.gstatic.com *.ytimg.com *.ggpht.com *.wistia.com *.euronext.com *.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.knightlab.com https://cdnjs.cloudflare.com maxcdn.icons8.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self' *.euronext.com; report-uri https://www.euronext.com/en/report-uri/enforce 2
frame-ancestors *.metropolitan.si 2
frame-src *; frame-ancestors 'self' https://*.eventscloud.com; 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; media-src https: blob:; img-src https: data:; font-src https: data:; worker-src https: blob:; connect-src https: wss: 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; upgrade-insecure-requests; 2
default-src 'self'; script-src 'self' *.go-mpulse.net apis.mappls.com 'unsafe-eval' assets.adobedtm.com connect.facebook.net snap.licdn.com cdn.branch.io *.clarity.ms app.link 'unsafe-inline'; style-src 'self' apis.mappls.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' *.tatacliq.com onemg.gumlet.io *.mapmyindia.com placehold.co media.tatacroma.com *.cloudfront.net data: blob: *.tatadigital.com *.clarity.ms cdn.sanity.io ik.imagekit.io px.ads.linkedin.com ad.doubleclick.net adservice.google.com c.bing.com media-ik.croma.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.akstat.io *.go-mpulse.net *.mappls.com *.mapmyindia.com unpkg.com cdn.jsdelivr.net px.ads.linkedin.com *.api.sanity.io o4504451288334336.ingest.us.sentry.io *.branch.io *.clarity.ms *.tatadigital.com cdn.sanity.io; worker-src 'self' blob:; media-src 'self' media-ik.croma.com; 2
frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; object-src 'self' https:; connect-src 'self' https: wss: wss://*.docsbot.ai; img-src 'self' data: https: blob:; font-src 'self' data: https:; 2
default-src 'self' http://widget.scpl.sber247.ru wss://widget.scpl.sber247.ru wss://comet.rabota.ru https://*.sbermarketing.ru https://sbermarketing.ru front-log.rabota.ru *.rabota.space rabota.ru *.rabota.ru https://*.yandex.md https://*.yandex.ru https://yandex.ru https://*.yandex.net https://*.yandexadexchange.net https://*.mail.ru https://vk.com https://*.odnoklassniki.ru https://*.rambler.ru https://*.adfox.ru https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.ucweb.com https://*.livetex.ru https://*.livetex.me https://*.2gis.ru https://*.2gis.com https://2gis.github.io https://*.calltouch.ru ws://*.jivosite.com https://*.jivosite.com ws://*.jivo.ru https://*.jivo.ru https://*.vimeocdn.com https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.rutube.ru https://*.coub.com https://*.imgsmail.ru https://*.dadata.ru https://*.mediator.media https://stat.media https://*.stat.media https://static.smi2.net https://smi2.ru https://*.smi2.ru https://e-cc01-i.sber247.ru https://*.experrto.io https://sa.online.sberbank.ru https://*.online.sberbank.ru https://*.sberbank.ru https://sa.online.sberbank.ru:8098/metrics/partners https://recaptcha.net https://*.recaptcha.net https://*.recaptcha.net/recaptcha/api.js https://ad.adriver.ru https://rezumet.ru https://id.sber.ru https://yastatic.net https://*.serving-sys.ru;script-src 'unsafe-inline' 'unsafe-eval' widget.scpl.sber247.ru sp.otm-r.com *.sbermarketing.ru sbermarketing.ru *.rabota.space rabota.ru *.rabota.ru yandex.ru *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net *.googleusercontent.com *.googletagmanager.com *.googleapis.com creativecdn.com *.creativecdn.com www.google-analytics.com stats.g.doubleclick.net *.rambler.ru yastatic.net vk.com *.odnoklassniki.ru *.mail.ru unpkg.com *.livetex.ru *.livetex.me *.google.com ws://*.jivosite.com *.jivosite.com ws://*.jivo.ru *.jivo.ru *.gstatic.com *.ucweb.com *.2gis.ru *.2gis.com *.calltouch.ru *.adfox.ru 2gis.github.io *.vimeocdn.com *.youtube.com *.imgsmail.ru collector.mediator.media *.dadata.ru *.mediator.media *.helpdeskeddy.com anketolog.ru static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.criteo.net *.criteo.com cdn.ampproject.org *.buzzsprout.com e-cc01-i.sber247.ru *.experrto.io sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js st.top100.ru yastatic.net mc.yandex.ru tags.soloway.ru/DSPCounter.min.js content.adriver.ru/AdRiverFPS.js ad.adriver.ru telegram.org/js/telegram-web-app.js *.hybrid.ai rezumet.ru *.serving-sys.ru;style-src 'unsafe-inline' 'unsafe-eval' blob: *.rabota.space rabota.ru *.rabota.ru *.googleapis.com *.gstatic.com *.2gis.ru *.2gis.com *.vimeocdn.com *.jivo.ru *.yandex.md yandex.ru *.yandex.ru *.yandex.net *.yandexadexchange.net 2gis.github.io *.dadata.ru anketolog.ru static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru e-cc01-i.sber247.ru sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners rezumet.ru;img-src * data: blob: mc.yandex.ru;font-src 'self' data: blob: *.rabota.space rabota.ru *.rabota.ru *.livetex.ru *.livetex.me *.gstatic.com sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js rezumet.ru yastatic.net chrome-extension:;worker-src *.rabota.space rabota.ru *.rabota.ru rezumet.ru;frame-src blob: madte.st madtest.ru *.rabota.space rabota.ru *.rabota.ru oprosso.net creativecdn.com *.creativecdn.com yastatic.net *.google.com *.livetex.ru *.livetex.me *.2gis.ru *.2gis.com yandex.ru *.yandex.md *.yandex.ru *.yandex.net *.yandex.tld *.yandexadexchange.net vk.com *.odnoklassniki.ru *.youtube.com *.ucweb.com *.imgsmail.ru *.googleusercontent.com *.googletagmanager.com *.helpdeskeddy.com anketolog.ru *.hurma.ai hurma.ai *.vimeocdn.com  *.youtube.com *.youtu.be *.vimeo.com *.rutube.ru rutube.ru *.coub.com coub.com *.fls.doubleclick.net static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.criteo.net *.criteo.com w.soundcloud.com *.rambler.ru music.yandex.ru podcasts.apple.com podcasts.google.com *.buzzsprout.com e-cc01-i.sber247.ru *.experrto.io app.ex.co infogram.com embed.podcasts.apple.com interacty.me p.interacty.me recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js sber-zvuk.com webvisor.com *.webvisor.com mc.yandex.ru content.adriver.ru rezumet.ru id.sber.ru ad.adriver.ru *.serving-sys.ru;object-src 'self' blob:;media-src blob: *.rabota.ru rabota.ru *.rabota.space rabota.ru *.rabota.ru *.jivosite.com *.jivo.ru *.vimeocdn.com *.helpdeskeddy.com rezumet.ru;report-uri https://www.rabota.ru/snitch.txt;base-uri 'none';frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com https://*.webvisor.com https://*.telegram.org; 2
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' https: blob:; style-src 'self' 'unsafe-inline' https: data: 2
object-src 'self' https://hightail.com;base-uri 'self';img-src https: http: blob: data:; frame-src https://* https://www.google.com/recaptcha/ 'self';font-src 'self' https://hightail.com data: ;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://*.hs-banner.com/ https://*.hs-scripts.com/ https://*.hs-analytics.net/ https://*.hsforms.net/ https://*.hsadspixel.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://*.hs-analytics.net/ http://*.hs-scripts.com/ http://*.hsforms.net/ http://*.hsadspixel.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ http://cdn.jsdelivr.net/npm/cookieconsent@3/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://player.vimeo.com/* https://d2t77mnxyo7adj.cloudfront.net/v1/c.js http://now.eloqua.com/visitor/ http://secure.p01.eloqua.com/visitor/ http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://*.bing.com/ https://*.hotjar.com/ https://*.facebook.net/ https://*.doubleclick.net/ https://*.hsadspixel.net/ https://*.hs-scripts.com/ https://*.clarity.ms/ data https://hightail.com/; frame-ancestors 'self' https://hightail.com; 2
default-src 'self' *.typekit.net *.fontawesome.com; style-src 'unsafe-inline' *.typekit.net *.fontawesome.com *.cmich.edu 'self' *.google.com *.datatables.net *.monitor.azure.com *.cdn.technolutions.net https://cdn.insight.sitefinity.com; script-src 'self' 'unsafe-inline' *.google.com *.googletagmanager.com *.adnxs.com *.doubleclick.net *.licdn.com *.app-us1.com *.bing.com trackcmp.net *.clarity.ms *.facebook.net *.cmich.edu analytics.tiktok.com *.eab.com mx.technolutions.net my.go-cmich.org *.datatables.net 'unsafe-eval' *.youvisit.com *.office.net *.azure.com *.adtrafficquality.google *.googleadservices.com *.libanswers.com *.cdn.technolutions.net *.youtube.com *.ivy.ai https://cdn.insight.sitefinity.com https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; font-src * 'self' data:; img-src data: * *.eab.com https://cdn.insight.sitefinity.com 'self'; frame-src *.googletagmanager.com scribehow.com *.scribehow.com *.youvisit.com *.sharepoint.com *.microsoftonline.com *.youtube-nocookie.com *.adtrafficquality.google *.cmich.edu chipcast.hosted.panopto.com *.google.com *.ivy.ai; connect-src *.google.com *.adnxs.com *.linkedin.com analytics.tiktok.com analytics.tiktokw.us mx.technolutions.net my.go-cmich.org *.scribe-how.com *.flagsmith.com *.azure.com *.adtrafficquality.google *.googleadservices.com *.google-analytics.com *.run.app *.conversionsapigateway.com *.libanswers.com *.cdn.technolutions.net *.cmich.edu https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self'; media-src  'self' 2
default-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://csp.d47wgg8.com 2
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es tally.so *.tally.so *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; style-src 'self' https: 'unsafe-inline'  *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es tally.so *.tally.so *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es tally.so *.tally.so *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; font-src 'self' data:  *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es tally.so *.tally.so *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; connect-src 'self'  *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es tally.so *.tally.so *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; frame-src 'self' data:  *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es tally.so *.tally.so *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; frame-ancestors 'self'  *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es tally.so *.tally.so *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; object-src data:  *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es tally.so *.tally.so *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; media-src 'self' data:  *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es tally.so *.tally.so *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; worker-src 'self' data: blob:  *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es tally.so *.tally.so *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com 2
font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io *.googleapis.com;, frame-ancestors 'self' data: *.kornferry.com *.kfadvance.com; 2
object-src 'self'; frame-src 'self' www.google.com cloud.hostingraja.in www.googletagmanager.com chat.hostingraja.in www.youtube.com https://widget.trustpilot.com https://securegw-stage.paytm.in/ https://secure.paytmpayments.com/ https://accounts.paytm.com/ paytm https://staticpg.paytm.in/ https://api.razorpay.com/ https://checkout.stripe.com/ https://td.doubleclick.net/ https://secure.paytmpayments.com/ https://clients.hostingraja.in/ https://consentcdn.cookiebot.com/ https://livechat.sgp1.whgi.net/ https://ml42.hostingraja.in/ https://embed.upmind.app/ https://api.upmind.io/ https://secure.livechatinc.com/; 2
frame-ancestors https://*.phoenixcontact.com http://*.phoenixcontact.com https://*.phoenixcontact.com.cn http://*.phoenixcontact.com.cn https://phoenixcontact.custhelp.com https://*.jobcloud.ch https://*.jobs.ch https://*.jobup.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch/de https://topjobs.ch https://phoenix.enterprise.punchcommerce.de https://dev-phoenixcontact.one.punchcommerce.de https://*.phoenixcontact.coremedia.cloud https://*.wiredminds.de 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com http://www.jadlog.com.br https://pod-27-sunco-ws.zendesk.com https://www.gstatic.com https://cdn.cookielaw.org https://www.googletagmanager.com https://connect.facebook.net https://static.zdassets.com https://ekr.zdassets.com https://snap.licdn.com https://code.jquery.com https://oss.maxcdn.com https://www.google.com; style-src 'self' 'unsafe-inline' http://www.jadlog.com.br https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://code.jquery.com https://oss.maxcdn.com https://fonts.googleapis.com; img-src 'self' data: https://code.jquery.com https://www.jadlog.com.br https://jadloglogsticahelp.zendesk.com https://www.googletagmanager.com https://cdn.cookielaw.org https://www.facebook.com https://px.ads.linkedin.com https://*.zdassets.com https://*.zdusercontent.com https://www.google-analytics.com https://www.jadlog.com.br https://www.google.com; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' https://www.jadlog.com.br wss://pod-27-sunco-ws.zendesk.com https://www.google-analytics.com https://*.zdassets.com https://*.zendesk.com https://px.ads.linkedin.com https://cdn.cookielaw.org https://www.google.com https://geolocation.onetrust.com https://jadlog-privacy.my.onetrust.com; frame-src https://jadlog.my.site.com https://www.googletagmanager.com https://www.facebook.com https://*.zendesk.com https://jadlog.force.com https://www.youtube.com https://www.google.com; child-src 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self';frame-ancestors https://www.google.com 2
frame-ancestors 'self' https://layout-cms.fox9.com; 2
default-src 'self' https://buerokratt.ria.ee/; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://cdn.jsdelivr.net/ https://ruuter.buerokratt.ria.ee/ https://www.google-analytics.com https://www.googletagmanager.com https://matomo.ria.ee/ https://ruuter.buerokratt.ria.ee/v2/public/backoffice https://buerokratt.ria.ee/widget_bundle.js https://search.service.eu-live.vportal.ee/v1/search/ria https://search.service.eu-live.vportal.ee/v1/globalsearch/total https://form.service.eu-live.vportal.ee/v1/ https://search.service.eu-live.vportal.ee/v1/events/ria https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://xgis.maaamet.ee; img-src 'self' data: *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://matomo.ria.ee https://www.google-analytics.com https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://matomo.ria.ee https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://buerokratt.ria.ee https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com https://matomo.ria.ee/ 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://matomo.ria.ee static.cludflareinsaights.com https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://buerokratt.ria.ee https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com https://ruuter.buerokratt.ria.ee/v2/public/backoffice https://buerokratt.ria.ee/widget_bundle.js; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com https://use.fontawesome.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com https://use.fontawesome.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self'; upgrade-insecure-requests 2
frame-ancestors 'self' https://layout-cms.fox5atlanta.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com/gtag/js *.googletagmanager.com translate.google.com cse.google.com cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com s3.amazonaws.com alt.khronos.org github.khronos.org cdn.mathjax.org www.recaptcha.net *.disqus.com *.disquscdn.com *.bootstrapcdn.com img.shields.io www.youtube.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com use.fontawesome.com cdn-images.mailchimp.com platform.twitter.com *.disquscdn.com; img-src 'self' data: blob: *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.ytimg.com avatars.githubusercontent.com github.com cdn.khronos.org img.shields.io ping.eeharbor.com wikimedia.org *.disqus.com *.disquscdn.com; font-src 'self' data: fonts.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; connect-src 'self' blob: *.google.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.gstatic.com updates.expressionengine.com cdn.khronos.org alt.khronos.org api.github.com; frame-src 'self' *.google.com *.googletagmanager.com *.translate.google.com github.khronos.org registry.khronos.org td.doubleclick.net cx20.github.io cdn.knightlab.com www.youtube.com www.youtube-nocookie.com tamrat-b.github.io sketchfab.com disqus.com www.recaptcha.net; media-src 'self' blob: data:; object-src data: sandbox.babylonjs.com cx20.github.io tamrat-b.github.io; child-src 'self' www.youtube.com; worker-src 'self' blob:; form-action 'self' www.paypal.com cdn.khronos.org; frame-ancestors 'self' *.translate.google.com; base-uri 'self'; report-uri /assets/utilities/csp.php 2
frame-ancestors https://www.cedars-sinai.org/ https://www-dev.cedars-sinai.org/ https://www-stage.cedars-sinai.org/ https://aodlipsx002188.aws.csmc.edu/ https://mycslink.cedars-sinai.org/ https://mycslink-test.cedars-sinai.org/ https://mycslink-stage.cedars-sinai.org/ https://mycslink-dev.cedars-sinai.org/ https://webflow-staging.cedars-sinai.org/ https://telehealth.epic.com/  https://webflow-prod.cedars-sinai.org/ https://cedars-sinai.webflow.io/ 2
frame-ancestors 'self' https://*.wynnlasvegas.com https://app.contentful.com; 2
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://web-assets.esetstatic.com https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; form-action 'self' https://enjoy.eset.com; frame-ancestors 'self'; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://td.doubleclick.net https://tpc.googlesyndication.com https://vars.hotjar.com https://www.buzzsprout.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.captcha.eset.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://media.giphy.com https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'self'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://embed.playbuzz.com https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.buzzsprout.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'self'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/reports; report-to csp-endpoint; 2
frame-ancestors 'self'; default-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: wss: *.arsys.dev *.arsysdesarrollo.lan *.arsysdesarrollo.lan:* *.arsys.es *.arsys.es:* *.arsys.net *.arsys.fr *.arsys.pt *.piensasolutions.com *.piensasolutions.com:* *.shop-mch.es *.soportetotal.es *.youtube.com *.youtube-nocookie.com *.ytimg.com *.office.net *.microsoft.com *.vimeo.com *.1and1.org *.rankingcoach.com *.marketingpanel.es *.tiktok.com *.facebook.com *.facebook.net *.twitter.com *.g.doubleclick.net *.google-analytics.com *.google.ad *.google.ae *.google.at *.google.bg *.google.ch *.google.cl *.google.co.ao *.google.co.id *.google.co.il *.google.co.in *.google.co.ma *.google.co.th *.google.co.uk *.google.co.ve *.google.com *.google.com.ar *.google.com.bo *.google.com.br *.google.com.co *.google.com.do *.google.com.eg *.google.com.et *.google.com.gh *.google.com.mx *.google.com.ng *.google.com.ni *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.py *.google.com.ua *.google.com.uy *.google.com.vn *.google.cz *.google.de *.google.ee *.google.es *.google.fr *.google.ge *.google.ie *.google.it *.google.kz *.google.lu *.google.nl *.google.pl *.google.pt *.google.ro *.google.ru *.google.sn *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.googleoptimize.com *.adition.com *.adfarm1.adition.com *.bing.com *.licdn.com *.doubleclick.net *.quantserve.com utt.pm *.utt.pm *.linkedin.com *.ads.linkedin.com *.oribi.io *.quantcount.com *.pexels.com *.moz.com *.consensu.org *.invisiblebits.com *.polyfill.io *.crazyegg.com installatron.com *.installatron.com *.slideshare.net *.clarity.ms *.arsys.server.lan uberall.com *.uberall.com *.pixel.ad *.sitescout.com *.adform.net *.sharepointonline.com *.qccerttest.com *.trustpilot.com *.byspotify.com *.spotify.com *.ionos.com *.uicdn.net *.cloudflare.com quickchart.io *.go2sdk.com *.findip.net *.openstreetmap.org unpkg.com google.com *.hs-scripts.com *.hubspot.com *.hs-banner.com *.hs-analytics.net *.hsforms.com *.hsforms.net *.mypurecloud.de *.nr-data.net *.bing.net; 2
frame-ancestors 'self' *.ibm.com ; child-src blob: * 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.blacknut.com *.blacknut.net *.blacknutlemag.com *.blacknut.biz *.google-analytics.com *.googletagmanager.com *.youtube.com *.googleapis.com *.stripe.com data: *.jsdelivr.net *.facebook.com *.facebook.net *.doubleclick.net *.google.com *.google.fr *.gouv.fr js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net *.hubspot.com *.hubapi.com *.google.ie *.googleadservices.com *.metaffiliation.com api.mixpanel.com ipinfo.io freegeoip.net marketing-image-production.s3.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.usemessages.com u360.d-bi.fr analytics.google.com *.google.com *.google.ie *.clarity.ms clarity.microsoft.com *.gstatic.com *.firebaseio.com *.taboola.com *.adnxs.com *.affilae.com *.hs-banner.com *.blacknut.biz *.api.sanity.io *.sanity.build s3.eu-west-1.amazonaws.com blacknut-prod-images.b-cdn.net blacknut-prod-videos.b-cdn.net *.ads-twitter.com 2
frame-ancestors  *.jjwxc.net  *.jjwxc.com 2
default-src 'self'; connect-src 'self' blob: *.token.awswaf.com https://api.prod.legislation.gov.au/ https://www.legislation.gov.au/; font-src 'self'; frame-src 'self' blob: https://www.legislation.gov.au/; img-src 'self' data: https://www.googletagmanager.com https://www.legislation.gov.au/; script-src 'self' 'unsafe-inline' *.token.awswaf.com https://www.googletagmanager.com https://www.legislation.gov.au/; style-src 'self' 'unsafe-inline' https://www.legislation.gov.au/; 2
default-src https: blob: 'unsafe-inline' https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com *.crazyegg.com https://mailtrack.me ; script-src 'self' 'unsafe-inline' https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://embed.typeform.com https://d5phz18u4wuww.cloudfront.net https://cdnjs.cloudflare.com https://seal.digicert.com https://js.stripe.com https://www.googleadservices.com https://billing.quaderno.io https://www.gstatic.com https://s3-eu-west-1.amazonaws.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://d1fc8wv8zag5ca.cloudfront.net https://*.hotjar.com https://cdn.jsdelivr.net/gh/snowplow https://connect.facebook.net https://www.googletagmanager.com https://*.cookiebot.com *.crazyegg.com https://analytics.tiktok.com https://mailtrack.me ; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://mailtrackio.typeform.com https://www.googleadservices.es https://www.googleadservices.com https://googleads.g.doubleclick.net https://seal.digicert.com https://billing.quaderno.io https://s3-eu-west-1.amazonaws.com https://dc.ads.linkedin.com https://d1ptrxl5bj7757.cloudfront.net https://analytics-v2.mailtrack.io https://px.ads.linkedin.com https://www.linkedin.com https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ https://www.googletagmanager.com https://templates-images-dev.s3.eu-west-1.amazonaws.com https://templates-images-prod.s3.eu-west-1.amazonaws.com https://*.cookiebot.com *.crazyegg.com https://mailtrack.me https://mt-video-dev.s3.eu-west-1.amazonaws.com https://mt-video-prod.s3.eu-west-1.amazonaws.com ; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com https://mailtrack.me ; worker-src blob: https://mailsuite.me https://mailsuite.com ; media-src 'self' data: blob: https://mailtrack.me https://mt-video-dev.s3.eu-west-1.amazonaws.com https://mt-video-prod.s3.eu-west-1.amazonaws.com ; 2
frame-ancestors 'self' https://*.infocert.it; 2
frame-ancestors 'self' https://hub.bmc.com; 2
frame-ancestors https://app.contentstack.com/ 2
default-src 'self' https://jsonplaceholder.typicode.com/ https://api.ntplc.co.th/ https://*.googleapis.com https://*.googleapis.com/* https://uatweb.nteservice.com https://jsonip.com/; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://accounts.google.com/gsi/client http://localhost:3000 http://localhost:5001 http://localhost:3001 https://cdn.jsdelivr.net/npm/axios@1.1.2/dist/axios.min.js https://unpkg.com/vue-thailand-address@3/dist/db.web.js https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js http://localhost:5500 https://api-preweb.ntplc.co.th/ https://jsonplaceholder.typicode.com/ https://code.jquery.com/jquery-3.7.0.js https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js https://cdn.datatables.net/1.13.7/js/jquery.dataTables.min.js https://cdn.datatables.net/buttons/2.4.1/js/dataTables.buttons.min.js https://cdnjs.cloudflare.com/ajax/libs/jszip/3.10.1/jszip.min.js https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.2.7/pdfmake.min.js https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.2.7/vfs_fonts.js https://cdn.datatables.net/buttons/2.4.1/js/buttons.html5.min.js https://cdn.datatables.net/buttons/2.4.1/js/buttons.print.min.js https://cdn.datatables.net/fixedcolumns/3.3.2/js/dataTables.fixedColumns.min.js https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/5.3.0/js/bootstrap.bundle.min.js https://cdn.datatables.net/plug-ins/1.10.25/api/sum().js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://cdn.jsdelivr.net/npm/vue/dist/vue.js https://api.ntplc.co.th/ https://uatweb.nteservice.com https://cdn.jsdelivr.net/npm/air-datepicker@3.5.3/air-datepicker.min.js https://jsonip.com/ https://texttospeech.googleapis.com/* https://nt.webchat.zwiz.app/sdk.js *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://accounts.google.com/gsi/style http://localhost:3000 http://localhost:5001 http://localhost:3001 http://localhost:5500 https://api-preweb.ntplc.co.th/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css https://cdn.datatables.net/1.13.7/css/jquery.dataTables.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css https://cdn.datatables.net/fixedcolumns/3.3.2/css/fixedColumns.dataTables.min.css https://code.jquery.com/ui/1.12.1/themes/ui-lightness/jquery-ui.css https://cdn.jsdelivr.net/npm/vue-thailand-address@3/dist/vue-thailand-address.min.css https://www.ntplc.co.th/ https://api.ntplc.co.th/ https://uatweb.nteservice.com https://cdn.jsdelivr.net/npm/air-datepicker@3.5.3/air-datepicker.min.css https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com http://localhost:3000 http://localhost:3001 https://api-preweb.ntplc.co.th http://localhost:5001 http://localhost:5500 platform.twitter.com https://api.ntplc.co.th/ https://ntplc.co.th/ https://www.ntplc.co.th/images/ *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' www.youtube-nocookie.com www.google.com https://www.youtube.com https://nt.webchat.zwiz.app/ web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com validate.theoplayer.com license.theoplayer.com exzillamedia-aaea.streaming.media.azure.net texttospeech.googleapis.com www.nteservice.com maps.googleapis.com https://www.youtube.com https://api-preweb.ntplc.co.th/ https://api.ntplc.co.th/ https://uatweb.nteservice.com https://jsonip.com/ https://ntplc.co.th/ https://texttospeech.googleapis.com/* https://analytics.google.com https://analytics.google.com/* https://www.google-analytics.com https://*.google-analytics.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://api-preweb.ntplc.co.th/ https://api.ntplc.co.th/ https://uatweb.nteservice.com web-chat.nativechat.com 2
frame-ancestors 'self' *.cube365.net *.thecube.net *.siliconangle.com *.thecuberesearch.com 2
child-src blob:;connect-src 'self' https://api.welcometothejungle.com wss://api.welcometothejungle.com sp.welcometothejungle.com https://alerts.welcometothejungle.com https://employerbrand.welcometothejungle.com wss://realtime.getbeamer.com *.algolianet.com *.algolia.net *.algolia.io *.facebook.com *.sentry.io accounts.google.com app.getwisp.co backend.getbeamer.com www.google-analytics.com www.google.com vimeo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ip2c.org autocomplete.search.hereapi.com lookup.search.hereapi.com revgeocode.search.hereapi.com geocode.search.hereapi.com *.batch.com *.axept.io *.contentsquare.net http://cypress.preprod.wttj.tech/zafoh2ie/ae3 api.maze.co prompts.maze.co region1.analytics.google.com stats.g.doubleclick.net data.debugbear.com www.google.com/recaptcha/ www.gstatic.com;default-src 'none';font-src cdn.welcometothejungle.com cdn.welcometothejungle.com cdn.welcome-ui.com cdn.welcometothejungle.co fonts.gstatic.com data: script.hotjar.com *.axept.io snippet.maze.co;form-action 'self' www.facebook.com;frame-ancestors none;frame-src 'self' platform.linkedin.com www.linkedin.com api.linkedin.com cdn.iframe.ly www.youtube.com www.youtube-nocookie.com www.dailymotion.com geo.dailymotion.com www.facebook.com connect.facebook.net w.soundcloud.com optimize.google.com app.getbeamer.com push.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com vars.hotjar.com *.axept.io form.typeform.com www.google.com www.googletagmanager.com;img-src http: https: blob: data: optimize.google.com www.google-analytics.com script.hotjar.com static.hotjar.com *.axept.io *.contentsquare.net dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com snippet.maze.co;media-src cdn.welcometothejungle.com;script-src 'unsafe-inline' cdn.welcometothejungle.com platform.linkedin.com www.linkedin.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com connect.facebook.net www.facebook.com www.youtube.com www.youtube-nocookie.com *.ytimg.com app.getwisp.co optimize.google.com app.getbeamer.com realtime.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com static.hotjar.com script.hotjar.com *.batch.com *.axept.io cdn.goldenbees.fr tag.goldenbees.fr t.contentsquare.net app.contentsquare.com embed.typeform.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/ snippet.maze.co acdn.adnxs.com cdn.debugbear.com data.debugbear.com googletagmanager.com google-analytics.com;style-src 'unsafe-inline' cdn.welcometothejungle.com tagmanager.google.com fonts.googleapis.com optimize.google.com accounts.google.com app.getbeamer.com *.axept.io embed.typeform.com snippet.maze.co static.hotjar.com script.hotjar.com assets-cdn.maze.co;upgrade-insecure-requests;worker-src 'self' blob: 2
frame-ancestors 'self' https://mail.vodafone.de 2
frame-ancestors https://cms-prod.monotype.com https://monotype.mindtickle.com https://admin.mindtickle.com https://support.monotype.com https://content.monotype.com; report-uri /report-csp-violation 2
frame-ancestors 'self' https://layout-cms.fox13news.com; 2
base-uri 'none'; font-src 'self' https: data:; form-action 'self' epost.online.no; frame-ancestors 'self' *.telenor.no telenor.no; img-src 'self' https: data:; object-src 'none'; style-src 'self' https: blob: 'unsafe-inline' telenor.no *.telenor.no; script-src 'self' telenor.no *.telenor.no https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; worker-src blob:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self' https://www.paypal.com; frame-ancestors 'self'; frame-src 'self' https://*.guardedhost.com https://*.omnis.com https://*.omnis.com:2222;  img-src 'self' data: https://ssl.google-analytics.com https://www.paypalobjects.com https://*.guardedhost.com; connect-src 'self' wss://wssp.guardedhost.com; 2
default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 2
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' http://manifest.prod.boltdns.net http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com http://platform.instagram.com wss://metadata.musicradio.com; 2
default-src 'self' blob: *.mgm.mo; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com *.gstatic.com *.sojern.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.aliyuncs.com *.tiqcdn.com *.googletagmanager.com *.googleapis.com hm.baidu.com *.facebook.net *.bing.com *.doubleclick.net use.typekit.net *.mgm.mo; font-src 'self' data: use.typekit.net *.gstatic.com *.mgm.mo; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net *.googleapis.com; img-src 'self' data: blob: *.googletagmanager.com *.aliyuncs.com *.bing.com *.google-analytics.com *.google.com *.google.co.jp *.baidu.com *.doubleclick.net *.facebook.net *.facebook.com *.googleapis.com maps.gstatic.com p.typekit.net *.mgm.mo *.mcmsapoc.com;; media-src 'self' *.mgm.mo *.mcmsapoc.com *.oss-cn-hongkong.aliyuncs.com; connect-src 'self' performance.typekit.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.facebook.com *.mgm.mo; frame-src 'self' *.tiqcdn.com *.youtube.com *.ytimg.com *.recaptcha.net *.doubleclick.net *.facebook.com *.googletagmanager.com *.google.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests 2
default-src 'self' *.orange.be *.google.es  *.abtasty.com *.fontawesome.com *.typekit.net *.digitalchannels.technology cdn.jsdelivr.net *.cookielaw.org *.googletagmanager.com *.optimizegoogle.com *.optimize-google.com *.googleanalytics.com *.google-analytics.com *.newrelic.com *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.amazon-adsystem.com *.sprinklr.com brand-messenger.app.khoros.com *.khoros.com ssl://brandmessenger-ws.euw1.khoros.com:8883 proactive-chat-server-eu.prod.aws.lcloud.com messaging-auth-eu-west-1.prod.aws.lcloud.com *.ekoo.co *.supabase.co;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://googleads.g.doubleclick.net  https://script.hotjar.com https://connect.facebook.net https://www.googleadservices.com http//www.googleadservices.com https://static.hotjar.com https://trk.adbutter.net https://accounts.google.com https://www.googleanalytics.com https://www.googleoptimize.com *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com  *.orange.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com https://assets.pinterest.com  https://widgets.pinterest.com *.sprinklr.com *.ekoo.co *.supabase.co;  object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com *.sprinklr.com *.ekoo.co *.supabase.co;  style-src 'unsafe-inline' 'self' https://optimize.google.com https://fonts.googleapis.com *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com cdn.jsdelivr.net *.typekit.net *.googletagmanager.com *.sprinklr.com *.ekoo.co *.supabase.co;  img-src * blob: https://optimize.google.com *.orange.be https://www.facebook.com https://www.google.com https://www.google.es https://static.hotjar.com *.fls.doubleclick.net https://brand-messenger.app.khoros.com *.adnxs.com https://p1.zemanta.com https://aax-eu.amazon-adsystem.com https://www.google-analytics.com *.googletagmanager.com data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net https://i.pinimg.com  https://log.pinterest.com *.sprinklr.com *.ekoo.co *.supabase.co;  media-src 'self' data: *.mobistar.be  *.orange.be *.netdna-ssl.com brand-messenger.app.khoros.com https://v.pinimg.com *.sprinklr.com *.ekoo.co *.supabase.co;  frame-src 'self'  https://optimize.google.com * emsecure.net  *.orange.be https://assets.pinterest.com *.sprinklr.com *.ekoo.co *.supabase.co;  font-src 'self' https://fonts.gstatic.com *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com  *.typekit.net *.fontawesome.com *.sprinklr.com *.ekoo.co *.supabase.co *.contentsquare.net;  connect-src 'self' *.googlesyndication.com *.gstatic.com w998baawd3-dsn.algolia.net uq5v1rcrhz-dsn.algolia.net *.algolianet.com insights.algolia.io *.cloudfront.net *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com wss://*.sprinklr.com *.sprinklr.com wss://*.khoros.com wss://*.khorostech.com *.eshop.orange.be *.orange.be *.digitalchannels.technology *.mousestats.com secure.comparecycle.com *.abtasty.com *.contentsquare.net *.smooch.io *.slgnt.eu *.google-analytics.com *.prod.aws.lcloud.com *.typekit.net cdn.jsdelivr.net *.nr-data.net cdnjs.cloudflare.com *.google.com *.google.es *.google.be *.fontawesome.com  *.cookielaw.org *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.newrelic.com wss://*.hotjar.com *.googletagmanager.com *.ipify.org px.ads.linkedin.com *.zemanta.com *.googleadservices.com *.facebook.net *.facebook.com *.hotjar.io *.amazon-adsystem.com browser-update.org *.googleapis.com *.tiqcdn.com *.teads.tv *.pinterest.com *.taboola.com *.clarity.ms *.gsitrix.com *.adensemble.com *.cookieless-data.com bbd-tag.de admaxium.com *.perfectaudiencertg.com *.netdna-ssl.com *.twitter.com *.bing.com *.pinimg.com *.licdn.com https://static.ads-twitter.com https://js.adsrvr.org https://img.netaffiliation.com https://files.qualifio.com *.khoros.com *.ekoo.co *.supabase.co *.outbrain.com *.paa-reporting-advertising.amazon *.bing.net loopwidget.com *.adsrvr.org;  frame-ancestors 'self' https://mobile.kbc-group.com https://kbctouch.kbc.be https://cbctouch.cbc.be https://touch.kbcbrussels.be https://mobileyoungsterapp.kbc-group.com wss://*.sprinklr.com *.sprinklr.com; 2
default-src 'self' *.crazyegg.com *.northropgrumman.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.onetrust.com *.cloudfront.net *.crazyegg.com jsv3.recruitics.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com www.clarity.ms connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com cdn.cookielaw.org cookie-cdn.cookiepro.com www.redditstatic.com tag.demandbase.com www.google-analytics.com ngc.avature.net api-engage-us.sitecorecloud.io www.googletagmanager.com www.youtube.com x.com platform.twitter.com t.co tagmanager.google.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.onetrust.com *.cloudfront.net *.crazyegg.com jsv3.recruitics.com www.google.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com www.redditstatic.com cse.google.com www.googleadservices.com googleads.g.doubleclick.net tag.demandbase.com www.google-analytics.com cookie-cdn.1trust.app cdn.cookielaw.org cookie-cdn.cookiepro.com ngc.avature.net www.googletagmanager.com code.jquery.com www.youtube.com x.com platform.twitter.com t.co; connect-src 'self' *.vercel.app *.northropgrumman.com *.onetrust.com *.crazyegg.com stats.g.doubleclick.net www.google-analytics.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.google.com conversions-config.reddit.com www.redditstatic.com pixel-config.reddit.com www.googleapis.com rum.browser-intake-datadoghq.com api.company-target.com cookie-cdn.1trust.app cdn.cookielaw.org cookie-cdn.cookiepro.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com tracking.crazyegg.com ngc.avature.net vitals.vercel-insights.com x.com platform.twitter.com t.co api-engage-us.sitecorecloud.io discover.sitecorecloud.io/; base-uri 'self'; form-action 'self' login.microsoftonline.us; font-src 'self' 'unsafe-inline' *.vercel.app *.crazyegg.com ngc.avature.net use.typekit.net fonts.gstatic.com *.northropgrumman.com *.agencyq.site cdn.northrupgrumman.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.vercel.app *.northropgrumman.com *.onetrust.com *.crazyegg.com ngc.avature.net www.google.com use.typekit.net p.typekit.net fonts.googleapis.com; frame-src 'self' *.vercel.app *.doubleclick.net *.agencyq.site *.northropgrumman.com *.onetrust.com *.crazyegg.com portalstospace.com login.goservicepro.com jsv3.recruitics.com ngc.avature.net s.company-target.com td.doubleclick.net jsv3.recruitics.com www.portalstospace.com www.youtube.com x.com platform.twitter.com t.co w.soundcloud.com data: blob: www.googletagmanager.com; img-src 'self' data: * northropgrumman-sb1.dam.aprimo.com s1.sb.previews.aprimo.com s.gravatar.com *.crazyegg.com *.wp.com/cdn.auth0.com/avatars *.northropgrumman.com cdn.northropgrumman.com; media-src 'self' *.vercel.app *.agencyq.site *.northropgrumman.com *.onetrust.com *.crazyegg.com ngc.avature.net x.com platform.twitter.com t.co img.youtube.com data: cdn.northropgrumman.com; worker-src blob: *.crazyegg.com; 2
default-src 'self' *.mypurecloud.ie *.cloudflare.com *.cookiebot.com *.doubleclick.net *.hotjar.com *.hotjar.io *.licdn.com *.googletagmanager.com *.google.com *.google.lt *.google.ie *.gstatic.com *.googleapis.com *.google-analytics.com *.googlesyndication.com *.linkedin.com *.youtube.com *.jsdelivr.net *.tellq.io *.typekit.net *.wufoo.com *.trueengage.com *.github.io unpkg.com 'unsafe-inline' 'unsafe-eval' data: ws:; object-src 'none'; report-uri https://cspaudit.balt.net/_/csp-report; 2
default-src 'self' undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://npotag.npo-data.nl https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* blob: undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://npotag.npo-data.nl https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.fontawesome.com https://*.gstatic.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.vimeocdn.com/ https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://www.riddle.com https://*.akamaized.net; font-src * data: https://fonts.gstatic.com https://*.fontawesome.com; img-src * data: 'report-sample'; script-src data: 'unsafe-inline' 'unsafe-eval' undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://npotag.npo-data.nl https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://tag.aticdn.net https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://polyfill.io https://cdn.jotfor.ms https://*.fontawesome.com https://*.gstatic.com https://www.riddle.com 'report-sample'; style-src * 'unsafe-inline' 'report-sample'; media-src * blob: undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://npotag.npo-data.nl https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:*; frame-src *; object-src https://*.spotify.com https://media-service.vara.nl https://media.vara.nl https://player.vimeo.com https://w.soundcloud.com https://*.powned.nl https://radiobox2.omroep.nl https://icij.org https://projects.icij.org https://medicaldevices.icij.org https://medicaldevices-staging.cloud.icij.org https://*.tweedekamer.nl https://players.brightcove.net https://localfocus2.appspot.com https://localfocuswidgets.net https://*.calconic.com https://public.flourish.studio https://flo.uri.sh; base-uri 'self'; form-action 'self' 'report-sample'; manifest-src 'self' https://accounts.google.com; worker-src 'self' 2
frame-ancestors 'self' dw.beyondtrustcloud.com dwspectrum.com; 2
frame-ancestors 'self' *.winfuture.de; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://pub-storage.s3.us-east-1.amazonaws.com/ *.system1.com *.typekit.net *.formstack.com *.googletagmanager.com *.google.com *.gstatic.com *.google-analytics.com s.flocdn.com mapquest.com *.mapquest.ca *.youtube.com s3.amazonaws.com stats.g.doubleclick.net cdn.cookielaw.org *.onetrust.com jobs.lever.co *.soflopxl.com data:; img-src *; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; media-src 'self' https: data: blob:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://auth.privy.io https://rarible.com https://rarible.fun https://testnet.rarible.fun https://camp.rarible.fun https://beta-olga.rarible.fun https://beta-andre.rarible.fun https://beta-irina.rarible.fun https://beta-sigma.rarible.fun https://beta-shmeta.rarible.fun https://beta-igor.rarible.fun; child-src https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org https://www.crossmint.com; frame-src https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org https://www.crossmint.com https://challenges.cloudflare.com; connect-src 'self' blob: https://auth.privy.io wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org https://*.rpc.privy.systems https://explorer-api.walletconnect.com https:; worker-src 'self' blob:; manifest-src 'self' 2
frame-ancestors 'self' https://*.uchealth.org 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data:; frame-src https://* about: javascript:; frame-ancestors 'self' http://*.vegas.com https://*.vegas.com 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval', form-action 'self', img-src 'self' data: https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net, script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.cloudfront.net https://api.userlike.com https://cdn.jsdelivr.net https://plausible.io https://web-sdk-cdn.singular.net, style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net, base-uri 'self', 2
frame-ancestors 'self' https://*.zaobao.com.sg https://*.zaobao.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nyi.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  www.youtube.com www.youtube-nocookie.com; font-src 'self' data:; img-src 'self' pbs.twimg.com data:; media-src 'self' pb.twimg.com data:; frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' 2
default-src 'self'; base-uri 'self'; script-src 'unsafe-inline' 'self' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com stats.pusher.com cdn.conversationalsdevelopment.nl cdn.seamly-app.com; style-src 'self' 'unsafe-inline' *.rvo.nl cdn.seamly-app.com; object-src *.rvo.nl; connect-src 'self' *.rvo.nl *.rvochat.nl *.rovid.nl *.obi4wan.ai *.shoppingminds.com *.shoppingminds.net *.creative-serving.com *.pusher.com wss://*.pusher.com *.obi4wan.com wss://api.seamly-app.com api.seamly-app.com; img-src 'self' data: *.rvo.nl *.rovid.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com *.mediatheekrijksoverheid.nl services.arcgisonline.com www.toegankelijkheidsverklaring.nl; media-src 'self' *.seamly-app.com *.rovid.nl *.mediatheekrijksoverheid.nl; form-action 'self' *.rvo.nl; frame-ancestors 'self' *.rvo.nl; frame-src 'self' *.rvo.nl bridge-to-knowledge.nl apps.vertigisstudio.com; script-src-elem 'self' 'unsafe-inline' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com stats.pusher.com cdn.seamly-app.com; upgrade-insecure-requests 2
default-src 'self' my.gov.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com s.ytimg.com assets.adobedtm.com dynatrace.humanservices.gov.au; connect-src blob: 'self' adobedc.demdex.net docs.apigw.my.gov.au edge.adobedc.net *.my.gov.au my.gov.au mygov-dls-bff.apps.openshift-prod1-dca1.csda.gov.au mygov-dls-bff.apps.openshift-prod1-dcb1.csda.gov.au swift.csda.gov.au stats.g.doubleclick.net dynatrace.humanservices.gov.au *.dynamsoft.com https://127.0.0.1:* ws://127.0.0.1:* wss://127.0.0.1:* data: cdn.jsdelivr.net w3.org/svg/2000; img-src 'self' data: blob: stats.g.doubleclick.net swift.csda.gov.au; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; object-src 'self' blob: swift.csda.gov.au; frame-src 'self' blob: bluey-webchat.azurewebsites.net my.gov.au *.my.gov.au swift.csda.gov.au www.youtube.com www.youtube-nocookie.com w.soundcloud.com servicesaustralia.vudoo.io 2
frame-ancestors 'self' https://www.spikenow.com https://spikenow.com https://lp.spikenow.com 2
frame-ancestors 'self' https://www.lexware.de 2
frame-ancestors 'self' https://layout-cms.fox4news.com; 2
default-src 'self' blob: *.aman-d8.my127.site *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com *.aman.com *.quantummetric.com cloud.typography.com *.sojern.com 'unsafe-inline' 'unsafe-eval'; worker-src blob: *.aman.com *.rudderlabs.com; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.googletagmanager.com *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com *.aman.com *.ipstack.com *.quantummetric.com *.doubleclick.net *.googleadservices.com impactradius-event.com utt.impactcdn.com *.cinnox.com *.gstatic.com *.onetrust.com *.synxis.com *.recaptcha.net *.google.com logs-01.loggly.com ojrq.net *.zencdn.net *.thehotelsnetwork.com *.google-analytics.com https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js *.analytics.google.com s.yimg.jp snap.licdn.com connect.facebook.net d.line-scdn.net p.relay-t.io js.sentry-cdn.com *.yahoo.co.jp *.clarity.ms bat.bing.com cdn.linkedin.oribi.io https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.js https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/intlTelInput-jquery.min.js https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/intlTelInput.min.js https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/utils.js fxgate.baidu.com secure-hotel-tracker.com newbooking.azds.com *.cinnox.cn https://*.googletagmanager.com aman-d8.my127.site browser.sentry-cdn.com *.visualwebsiteoptimizer.com app.vwo.com https://acsbapp.com https://accesswidget-log-receiver.acsbapp.com https://global.localizecdn.com https://js.appboycdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.adsrvr.org https://*.cloudflare.com api.mapbox.com js-agent.newrelic.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com *.sojern.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cloud.typography.com *.buyatab.com *.aman.com *.cinnox.com *.googleapis.com *.bootstrapcdn.com *.synxis.com *.thehotelsnetwork.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css newbooking.azds.com cdnjs.cloudflare.com *.cinnox.cn *.aman-d8.my127.site *.visualwebsiteoptimizer.com app.vwo.com https://use.fontawesome.com api.mapbox.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com; img-src 'self' data: about: *.googletagmanager.com *.buyatab.com *.aman.com *.cinnox.com *.boltdns.net *.google-analytics.com *.onetrust.com *.thehotelsnetwork.com https://www.google.com https://www.google.com.uk https://www.google.co.uk https://px.ads.linkedin.com https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/img/flags.png bat.bing.com tr.line.me ad.doubleclick.net doubleclick.net www.facebook.com *.clarity.ms newbooking.azds.com dbmajt85xhr99.cloudfront.net controlcenter-p1.synxis.com newbooking.azds.com dbmajt85xhr99.cloudfront.net d1t1qzzb2zwrre.cloudfront.net *.bing.com *.linkedin.com *.cinnox.cn https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.aman-d8.my127.site *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com appboy-images.com braze-images.com cdn.braze.eu https://ade.googlesyndication.com  *.mapbox.com https://*.cloudflare.com api.mapbox.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com; media-src 'self' blob: *.buyatab.com *.aman.com *.akamaihd.net *.boltdns.net *.aman-d8.my127.site; frame-src *; frame-ancestors 'self'; child-src *; font-src 'self' data: *.typekit.net *.aman.com *.gstatic.com *.cinnox.com *.thehotelsnetwork.com newbooking.azds.com dbmajt85xhr99.cloudfront.net d1t1qzzb2zwrre.cloudfront.net *.cinnox.cn *.aman-d8.my127.site https://use.fontawesome.com; connect-src 'self' *.aman.com *.boltdns.net  *.thehotelsnetwork.com *.quantummetric.com *.akamaihd.net *.doubleclick.net *.google-analytics.com *.nr-data.net ws: 'unsafe-eval' *.googleapis.com *.onetrust.com *.synxis.com  *.cinnox.com impactradius-event.com utt.impactcdn.com ojrq.net logs-01.loggly.com amanresorts.pxf.io sessions.bugsnag.com p.relay-t.io cdn.linkedin.oribi.io pagead2.googlesyndication.com *.clarity.ms newbooking.azds.com *.analytics.google.com *.cinnox.cn https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.aman-d8.my127.site px.ads.linkedin.com am.yahoo.co.jp *.visualwebsiteoptimizer.com app.vwo.com https://cdn.acsbapp.com/config/stage.www.aman.com/config.json https://cdn.acsbapp.com/cache/app/wildcards.json https://sdk.iad-01.braze.com https://sdk.fra-02.braze.eu https://www.facebook.com *.mapbox.com p.typekit.net use.typekit.net insight.adsrvr.org bat.bing.com apm.yahoo.co.jp https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com *.sojern.com; upgrade-insecure-requests 2
report-uri https://www.barmer.de/report; frame-ancestors 'self' https://lernen.barmer.de; 2
default-src 'self';frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usabilla.com *.chatlayer.ai *.politie.nl translate.google.com https://translate.googleapis.com;style-src 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net *.politie.nl https://translate.googleapis.com https://*.mopinion.com;style-src-elem 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net *.politie.nl https://*.mopinion.com;object-src 'none';base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/;connect-src 'self' *.pdok.nl *.politie.nl api.usabilla.com https://translate.googleapis.com https://*.mopinion.com;font-src 'self' https://d6tizftlrpuof.cloudfront.net https://*.mopinion.com;frame-src 'self' *.chatlayer.ai *.youtube.com www.youtube-nocookie.com politie.bbvms.com politietest.bbvms.com politienederland.bbvms.com art19.com *.twitter.com https://d6tizftlrpuof.cloudfront.net https://*.mopinion.com;img-src 'self' blob: data: https://d6tizftlrpuof.cloudfront.net *.chatlayer.ai *.usabilla.com *.pdok.nl *.ytimg.com https://d6tizftlrpuof.cloudfront.net *.twitter.com translate.google.com https://www.google.com https://translate.googleapis.com https://www.gstatic.com www.burgernet.nl https://*.mopinion.com https://politie.bbvms.com https://politienederland.bbvms.com;report-uri https://www.politie.nl/cspreports;worker-src 'none';script-src-elem 'self' 'unsafe-inline' www.youtube.com/iframe_api www.youtube.com/s/player/ *.usabilla.com *.chatlayer.ai *.twitter.com *.politie.nl chatbox.prod.europe-west1.gc.chatlayer.ai https://d6tizftlrpuof.cloudfront.net https://*.mopinion.com;upgrade-insecure-requests 2
font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com; 2
frame-ancestors 'self' https://layout-cms.foxla.com; 2
default-src 'self'; script-src 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://apis.google.com https://*.google-analytics.com https://kit.fontawesome.com https://cdn.insight.sitefinity.com https://js.monitor.azure.com https://*.marker.io https://*.youtube.com 'self' https://cdn.bc0a.com https://*.bazaarvoice.com https://*.monetate.net 'unsafe-eval' https://api.astutebot.com https://bot.emplifi.io https://cdn.listrakbi.com https://s1.listrakbi.com https://onescript-recscont.listrakbi.com https://bl.listrakbi.com https://at1.listrakbi.com https://www.googletagmanager.com https://cdn.cookielaw.org https://services.listrak.com https://static.addtoany.com/ https://*.likebtn.com https://*.ipstack.com https://*.pricespider.com https://*.mapbox.com https://mediacdn.espssl.com https://*.listrakbi.com onescript-recscont.listrakbi.com https://*.crayola.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://api.ipregistry.co https://ucarecdn.com https://c.amazon-adsystem.com https://s.amazon-adsystem.com; connect-src https://maps.googleapis.com https://*.fontawesome.com https://dc.services.visualstudio.com https://api.insight.sitefinity.com https://*.marker.io https://s3.eu-west-1.amazonaws.com/marker.sessions.prod https://*.youtube.com 'self' https://*.bc0a.com https://*.bazaarvoice.com https://api.astutebot.com https://bot.emplifi.io https://bl.listrakbi.com https://www.google-analytics.com https://services.listrak.com https://cdn.cookielaw.org http://localhost.com in-v3.mailjet.com http://*.googleapis.com https://i.ytimg.com https://*.pricespider.com wss://*.pricespider.com https://*.mapbox.com https://*.ipstack.com blob: https://*.listrakbi.com https://*.google-analytics.com https://geolocation.onetrust.com https://www.google.com/ccm/collect https://analytics.google.com/g/collect https://*.crayola.com https://ad.doubleclick.net https://www.facebook.com https://youtube.com https://api.ipregistry.co https://api.ipify.org https://ucarecdn.com  https://c.amazon-adsystem.com https://t.lt02.net https://js.monitor.azure.com https://s.amazon-adsystem.com https://stats.g.doubleclick.net https://ara.paa-reporting-advertising.amazon; font-src data: https://fonts.gstatic.com https://*.fontawesome.com 'self' https://*.bazaarvoice.com https://*.monetate.net https://w.likebtn.com https://*.pricespider.com https://mediacdn.espssl.com; img-src data: https://*.likebtn.com https://maps.gstatic.com https://maps.googleapis.com https://*.bazaarvoice.com https://*.monetate.net https://www.googletagmanager.com https://i.ytimg.com https://*.pricespider.com https://*.googletagmanager.com https://mediacdn.espssl.com https://s1.listrakbi.com https://cdn.cookielaw.org https://www.facebook.com https://www.google.com 'self'; frame-src https://*.youtube.com https://*.marker.io https://*.bazaarvoice.com https://bot.emplifi.io https://api.astutebot.com https://bl.listrakbi.com https://services.listrak.com https://static.addtoany.com https://*.juicer.io/ https://*.listrakbi.com https://*.crayola.com https://www.googletagmanager.com https://astutebot.com https://*.monetate.net https://*.doubleclick.net https://ucarecdn.com https://s.amazon-adsystem.com blob:; style-src 'unsafe-inline' https://*.likebtn.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.bazaarvoice.com https://*.monetate.net https://cdn.listrakbi.com https://bl.listrakbi.com https://*.pricespider.com https://*.mapbox.com https://*.googletagmanager.com https://*.listrakbi.com https://*.jquery.com 'self'; worker-src blob: 'self'; media-src https://ucarecdn.com 'self'; video-src https://ucarecdn.com https://www.googletagmanager.com 2
upgrade-insecure-requests; base-uri 'none'; font-src 'self' data: fonts.gstatic.com consent.trustarc.com; form-action 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com www.googletagmanager.com consent.trustarc.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com consent-pref.trustarc.com; 2
frame-ancestors 'self' https://*.toyota-europe.com https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.adform.net 360yield.com *.doubleclick.net cdn.tiny.cloud adservice.google.com adservice.google.pl ahrefs.com analytics.tiktok.com apis.google.com app.usercentrics.eu bat.bing.com connect.facebook.net doubleclick.net emplocity.com *.facebook.com *.facebook.net fintech.pkobp.pl fonts.googleapis.com fonts.gstatic.com iko.pkobp.pl kredobank.com.ua ls.hit.gemius.pl m.emplobot.com maps.google.com maps.googleapis.com maps.gstatic.com media.pkobp.pl sr-dev.travatar.ai pkosr.travatar.ai pagead2.googlesyndication.com platform.twitter.com pro.hit.gemius.pl pko.salesmanago.com https://programpartnerski.pkobp.pl googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com www.google.com www.google.pl www.googleadservices.com www.googletagmanager.com www.gstatic.com www.mojafirma.pkobp.pl www.obligacjeskarbowe.pl www.pkobh.pl www.pkobp.pl www.pkofaktoring.pl www.pkofinance.se www.pkoleasing.pl www.pkopte.pl www.pkotfi.pl www.polecam.pkobp.pl www.wspieramyeksport.pl www.youtube.com www.youtube-nocookie.com www.zakup.obligacjeskarbowe.pl cdn.cookielaw.org; worker-src 'self' blob: https://www.pkobp.pl; frame-ancestors https://ias3-ipko-ipko3-pirates-3.perversion.qa.inteligo.com.pl https://www.ipko.pl https://ipko.pkobp.pl; report-uri /report-csp; 2
upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src 'none'; worker-src 'self' blob:; default-src https: blob: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static-maps.yandex.ru https://assetsgarantibbva.com *.amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.hangikredi.com *.tiktokw.us *.corpowid.com *.tiktok.com *.garantibbvayatirim.com.tr *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com;media-src 'self' data: *.signfordeaf.com http://*.signfordeaf.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.api.useinsider.com https://*.useinsider.com;connect-src 'self' data: *.garantibbvayatirim.com.tr *.paa-reporting-advertising.amazon *.kaspersky-labs.com *.amazon-adsystem.com *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.assetsgarantibbva.com *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr *.highcharts.com *.tiktokw.us *.corpowid.com *.tiktok.com ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.signfordeaf.com;worker-src 'self' *.kaspersky-labs.com *.assetsgarantibbva.com *.garantibbva.com.tr; script-src-elem 'self' 'unsafe-inline' *.amazon-adsystem.com *.tiktokw.us *.corpowid.com *.tiktok.com *.hangikredi.com *.googleapis.com *.facebook *.kaspersky-labs.com *.googletagmanager.com *.dataroid.com *.efilli.com *.useinsider.com *.assetsgarantibbva.com *.garantibbva.com.tr; frame-src 'self' *.cdn-garantibbva.dataroid.com *.cdn.dataroid.com https://video.garanti.com.tr *.amazon-adsystem.com *.api.useinsider.com *.kaspersky-labs.com *.doubleclick.net *.efilli.com *.assetsgarantibbva.com *.garantibbva.com.tr; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.efilli.com *.api.useinsider.com *.doubleclick.net https://static-maps.yandex.ru *.assetsgaranti.com *.assetsgarantibbva.com  https://assetsgarantibbva.com *.highcharts.com *.garantibbvayatirim.com.tr *.kaspersky-labs.com *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com;style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.dataroid.com *.kaspersky-labs.com *.googletagmanager.com *.efilli.com *.useinsider.com *.api.useinsider.com fonts.googleapis.com ajax.googleapis.com *.assetsgarantibbva.com *.garantibbva.com.tr;font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.useinsider.com *.assetsgarantibbva.com *.garantibbva.com.tr *.api.useinsider.com fonts.go/ogleapis.com ajax.googleapis.com fonts.gstatic.com; 2
default-src 'self';  connect-src 'self' https://*.iubenda.com https://*.mux.com https://*.ada.support https://*.hotjar.com wss://*.hotjar.com https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.io https://*.linkedin.co https://*.linkedin.com https://*.mypurecloud.com https://*.mypurecloud.ie wss://*.mypurecloud.com https://ads-api.twitter.com https://cdn.linkedin.oribi.io https://connect.facebook.net https://google.com https://gtm-mr26nnc-ztexm.uc.r.appspot.com https://maps.googleapis.com https://static.ads-twitter.com https://webto.salesforce.com https://www.facebook.com https://www.googleadservices.com https://*.curator.io/ https://*.eskimi.com https://pagead2.googlesyndication.com https://siteintercept.qualtrics.com https://tally.so https://*.novemberfive.co https://*.posthog.com https://*.sentry.io https://*.avo.app https://*.digicelgroup.com;  script-src 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com https://googleads.g.doubleclick.net https://siteintercept.qualtrics.com https://ssl.google-analytics.com https://tagmanager.google.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://tally.so https://*.novemberfive.co https://*.posthog.com https://*.sentry.io https://*.avo.app;  script-src-elem 'self' 'unsafe-inline' https://*.eskimi.com https://*.iubenda.com https://*.youtube.com https://*.hotjar.com https://googleads.g.doubleclick.net https://*.ada.support https://*.mypurecloud.com https://*.mypurecloud.ie https://api-cdn.mypurecloud.ie https://*.ads-twitter.com https://*.clarity.ms https://*.google-analytics.com https://*.licdn.com https://*.googletagmanager.com https://connect.facebook.net https://maps.googleapis.com https://static.ads-twitter.com https://www.googleadservices.com https://tally.so https://*.novemberfive.co https://*.posthog.com;  style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mypurecloud.ie https://*.mypurecloud.com https://cdn.curator.io https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://*.posthog.com;  object-src 'none';  img-src 'self' data: https://*.bing.com https://*.clarity.ms https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.linkedin.com https://*.qualtrics.com https://img.youtube.com https://*.mypurecloud.com https://*.mypurecloud.ie https://analytics.twitter.com https://t.co https://curator-assets.b-cdn.net https://google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://ssl.gstatic.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://*.analytics.google.com https://googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com https://maps.gstatic.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://*.digicelbusiness.com https://tally.so https://*.novemberfive.co https://*.datocms-assets.com https://*.posthog.com https://*.digicelgroup.com;  font-src 'self' https://fonts.gstatic.com https://*.posthog.com data:;  base-uri 'none';  media-src 'self' https://*.datocms-assets.com https://*.posthog.com blob:;  frame-src 'self' https://leafletjs.com https://*.ada.support https://*.digicelgroup.com https://*.qualtrics.com https://*.doubleclick.net https://*.mypurecloud.com https://*.mypurecloud.ie https://*.googletagmanager.com https://*.appspot.com https://bid.g.doubleclick.net https://digicel.bigidprivacy.cloud https://service.digiceltt.com https://www.facebook.com https://*.shuftipro.com https://www.youtube.com https://tally.so https://*.novemberfive.co https://*.avo.app;  form-action https://*.qualtrics.com https://www.facebook.com https://tally.so https://*.novemberfive.co;  frame-ancestors 'self' https://*.posthog.com https://*.digicelgroup.com https://*.novemberfive.co https://*.datocms.com 2
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' *.preview.kkn.zd.intranet.bund.de wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.wikimedia.org *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de *.preview.kkn.zd.intranet.bund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net userlike-cdn-umm.b-cdn.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
base-uri 'self' https://amli.sekindo.com; connect-src 'self' https: data: www.google-analytics.com fundingchoicesmessages.google.com pagead2.googlesyndication.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com; frame-src 'self' https: googleads.g.doubleclick.net error-report.com; img-src 'self' data: https:; media-src 'self' blob: gcdn.2mdn.net video.primis.tech; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https: blob: www.google-analytics.com pagead2.googlesyndication.com cdn.perfops.net; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com content.quantcount.com live.primis.tech html-load.com; worker-src blob:; block-all-mixed-content; report-to https://o881419.ingest.sentry.io/api/6108064/security/?sentry_key=53507701d302401b97c4a9ec903c141e 2
upgrade-insecure-requests;report-uri https://csp.prezly.net/report 2
base-uri 'self'; default-src 'self'; connect-src 'self' data: https://api.storyblok.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com https://logs1412.xiti.com https://px.ads.linkedin.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com; img-src 'self' data: https://a.storyblok.com https://cdn.cookielaw.org https://assets.kuehne-nagel.com https://logs1412.xiti.com https://px.ads.linkedin.com https://ipv6.6sc.co https://b.6sc.co https://www.googletagmanager.com https://ad.doubleclick.net https://adservice.google.com; frame-src * ; form-action 'self'; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; media-src 'self' https://a.storyblok.com https://recordingassets-store-prod-useast1-osdops.s3.amazonaws.com https://assets.kuehne-nagel.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://app.storyblok.com https://www.googletagmanager.com https://e.video-cdn.net https://cdn.cookielaw.org https://tag.aticdn.net https://snap.licdn.com https://j.6sc.co https://cdn.ablyft.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com; frame-ancestors 'self' https://app.storyblok.com; upgrade-insecure-requests; 2
frame-ancestors 'self' *.kiwify.com.br *.kiwify.com 2
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 2
frame-ancestors 'self' https://*.abtasty.com; 2
default-src 'self' ; base-uri 'self' ; font-src 'self' data:     *.buzzsprout.com     *.marketo.com     *.hotjar.com     *.trustarc.com     fonts.gstatic.com     *.teads.tv     *.pathfactory.com     *.wistia.com     *.userway.org ; style-src 'self' 'unsafe-inline'     *.marketo.com     *.coveo.com     engage.aveva.com     tagmanager.google.com     fonts.googleapis.com     *.teads.tv     *.pathfactory.com     *.userway.org ; object-src 'none' ; worker-src 'self' blob: ; connect-src 'self'     *.6sc.co     *.google-analytics.com     *.analytics.google.com     *.doubleclick.net     *.googlesyndication.com     *.spotify.com     *.podscribe.com     *.wistia.com     *.wistia.net     *.clarity.ms     *.linkedin.com     *.accountinsight.cloud     *.marketo.com     *.mktoresp.com     *.coveo.com     *.sharethis.com     *.buzzsprout.com     *.crazyegg.com     *.b0e8.com     *.bc0a.com     *.company-target.com     *.hotjar.com:*     wss://*.hotjar.com     *.hotjar.io:*     *.everesttech.net     *.adobedtm.com     *.omtrdc.net     *.demdex.net     *.addthis.com     *.crwdcntrl.net     *.teads.tv     *.tealiumiq.com     *.adsrvr.org     *.trustarc.com     *.demandbase.com     *.google.com     engage.aveva.com     smetrics.aveva.com     *.leadspace.com     *.facebook.com     *.bizible.com     *.pathfactory.com     *.sentry-cdn.com     *.userway.org ; img-src 'self' data:     *.googlesyndication.com     *.6sc.co     *.podscribe.com     *.33across.com     *.sharethis.com     *.adsrvr.org     *.doubleclick.net     *.1rx.io     *.typepixel.com     *.linkedin.com     *.bing.com     *.ml-api.io     *.adroll.com     *.clarity.ms     *.buzzsprout.com     *.coveo.com     *.google-analytics.com     *.analytics.google.com     *.hotjar.com     *.trustarc.com     *.twitter.com     *.aveva.com     *.gstatic.com     *.googletagmanager.com     *.adnxs.com     *.yoyi.com.cn     *.company-target.com     *.facebook.com     *.demdex.net     *.bidr.io     *.omtrdc.net     *.everesttech.net     *.adobedtm.com     *.2o7.net     *.mathtag.com     *.bidswitch.net     *.casalemedia.com     *.rlcdn.com     *.rubiconproject.com     *.openx.net     *.pubmatic.com     *.outbrain.com     *.yahoo.com     *.3lift.com     *.taboola.com     *.teads.tv     *.google.com     *.google.co.in     *.google.com.mx     *.google.co.uk     *.bizible.com     *.pathfactory.com     *.wistia.com     *.userway.org ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:     *.6sc.co     *.cloudfront.net     *.o11.tech     *.aveva.com     *.marketo.com     *.marketo.net     *.coveo.com     *.clarity.ms     *.adroll.com     *.sharethis.com     *.adsrvr.org     *.doubleclick.net     *.googlesyndication.com     *.googleadservices.com     *.google-analytics.com     *.analytics.google.com     *.googletagmanager.com     *.googleapis.com     *.google.com     *.gstatic.com     *.gvt1.com     *.crazyegg.com     *.b0e8.com     *.bc0a.com     *.brightedge.com     *.demandbase.com     *.hotjar.com     *.cloudflare.com     *.cloudflareinsights.com     *.jsdelivr.net     *.moatads.com     *.bing.com     *.leadspace.com     *.thinglink.me     *.trustarc.com     *.accountinsight.cloud     *.ceros.com     okt.to     *.twitter.com     *.ads-twitter.com     *.oktopost.com     *.driftt.com     *.facebook.com     *.facebook.net     *.licdn.com     noembed.com     *.adobe.com     *.everesttech.net     *.adobedtm.com     *.demdex.net     *.wistia.com     *.vimeo.com     *.youtube.com     *.ytimg.com     *.addthis.com     *.addthisedge.com     *.teads.tv     *.tiqcdn.com     *.tealiumiq.com     *.pdst.fm     *.wistia.net     *.bizible.com     *.hlx.page     *.mktoweb.com     *.pathfactory.com     *.sentry-cdn.com     *.userway.org ; frame-src 'self'     *.dwcdn.net     *.flourish.studio     *.drift.click     *.driftt.com     *.mediavalet.com     *.adroll.com     *.adsrvr.org     *.sharethis.com     *.doubleclick.net     *.buzzsprout.com     *.marketo.com     *.adobe.com     *.google.com     *.googletagmanager.com     *.hotjar.com     *.thinglink.com     *.aveva.com     *.trustarc.com     *.w3.org     *.ceros.com     *.demdex.net     *.facebook.com     *.youtube.com     *.wistia.net     *.addthis.com     *.vimeo.com     *.slideshare.net     *.mathtag.com     *.teads.tv     *.run.app     *.company-target.com     *.pathfactory.com     *.userway.org ; frame-ancestors 'self'     *.osisoft.com     *.lookbookhq.com     *.pathfactory.com     *.aveva.com     *.teads.tv ; media-src 'self' https: blob: data: ; 2
default-src https: data: wss: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src blob: https:; frame-ancestors *.pageuppeople.com; 2
frame-src *.youtube.com *.youtu.be acl.gov youtu.be *.addtoany.com addtoany.com static.addtoany.com; frame-ancestors *.youtube.com *.youtu.be acl.gov youtu.be *.addtoany.com addtoany.com static.addtoany.com; child-src *.youtube.com *.youtu.be acl.gov youtu.be *.addtoany.com addtoany.com static.addtoany.com; report-uri /report-csp-violation 2
frame-ancestors 'self' https://layout-cms.fox5ny.com; 2
frame-ancestors 'self'; upgrade-insecure-requests ; report-uri https://sentry.arkadiumhosted.com/api/2/security/?sentry_key=bcb574bf0e0200c8449ec5e88917387d 2
worker-src blob: *.uhhospitals.org; default-src 'self' *.uhhs.com data: 'unsafe-inline' 'unsafe-eval' *.uhhospitals.org http://uhlakforceapp04.uhhs.com:8070 *.typekit.net *.siteimproveanalytics.com siteimproveanalytics.com *.bing.com *.youtube.com *.invoca.net s.ytimg.com *.ytimg.com *.facebook.net *.invocacdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.facebook.com *.siteimproveanalytics.io *.doubleclick.net *.gstatic.com *.w3.com *.podbean.com *.ads-twitter.com *.twitter.com *.t.co t.co *.alphonso.tv *.calculatestuff.com calculatestuff.com doubleclick.net *.selfcare.info selfcare.info *.digitalmedia.hhs.gov api.digitalmedia.hhs.gov *.appcatalyst.com appcatalyst.com *.staywellsolutionsonline.com staywellsolutionsonline.com *.hhs.gov *.livestream.com livestream.com *.issuu.com issuu.com *.isu.pub isu.pub *.w3.org w3.org *.quantserve.com quantserve.com *.boxcloud.com boxcloud.com *.box.com box.com *.bananatag.com bananatag.com *.alpixtrack.com alpixtrack.com *.adxcel-ec2.com *.data.adxcel-ec2.com data.adxcel-ec2.com adxcel-ec2.com *.cancer.gov cancer.gov *.kramesstaywell.com kramesstaywell.com *.nextdoor.com nextdoor.com *.youtube-nocookie.com youtube-nocookie.com *.licdn.com licdn.com *.stackadapt.com stackadapt.com *.hepdata.com hepdata.com *.jsdelivr.net cdn.jsdelivr.net *.pinimg.com s.pinimg.com *.pinterest.com ct.pinterest.com *.googleoptimize.com *.domo.com domo.com *.marketingcloudapis.com marketingcloudapis.com *.epic.com *.vfpnext.com *.adobedtm.com *.adobedc.net https://adobedc.demdex.net http://edge.adobedc.net https://atlas.microsoft.com *.visualstudio.com atlas.min.js cdnapisec.kaltura.com https://uhhospitals.cdn-v3.conductrics.com https://sqs.us-east-2.amazonaws.com https://uhhospitals.conductrics.com *.azurewebsites.net; frame-ancestors 'self' *.uhhospitals.org *.uhhs.com; 2
frame-ancestors 'self' https://docs.readme.com 2
frame-src 'self' *.youtube.com *.googletagmanager.com *.doubleclick.net *.trustpilot.com *.creativecdn.com *.google.com *.facebook.com ; frame-ancestors 'self'; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.shiprocket.in; 2
frame-ancestors 'self' https://dbwas.service.deutschebahn.com 2
default-src 'self' *.luno.com; script-src 'self' 'unsafe-inline' *.luno.com *.framer.com framer.com framerusercontent.com sdk.privacy-center.org www.googletagmanager.com cdn.amplitude.com *.google-analytics.com web-sdk-cdn.singular.net; style-src 'self' 'unsafe-inline' *.luno.com *.framer.com framerusercontent.com fonts.googleapis.com; img-src 'self' data: blob: *.luno.com *.framer.com framerusercontent.com d32exi8v9av3ux.cloudfront.net *.lunostatic.com; font-src 'self' *.luno.com fonts.gstatic.com framerusercontent.com; connect-src 'self' *.luno.com *.framer.com *.framerstatic.com framerusercontent.com sdk-api-v1.singular.net api2.amplitude.com *.amplitude.com *.google-analytics.com; frame-src 'self' *.luno.com *.framer.com framer.com www.googletagmanager.com; media-src 'self' *.luno.com framerusercontent.com; object-src 'none'; base-uri 'self'; form-action 'self' *.luno.com; frame-ancestors 'self' *.luno.com; report-uri /csp_report; 2
frame-ancestors https://*.brazzers.com 2
report-uri /report-csp;report-to /report-csp;base-uri 'self';child-src number26://* *.n26.com n26.com *.doubleclick.net pixel.mathtag.com n26.go2cloud.org www.googletagmanager.com *.youtube-nocookie.com youtube-nocookie.com boards.greenhouse.io;connect-src 'self' https://spc.n26.com * https://*.logs.datadoghq.eu;font-src 'self' data:;img-src https://spc.n26.com 'self' data: images.ctfassets.net images.contentful.com * *.greenhouse.io;media-src videos.contentful.com videos.ctfassets.net;object-src 'none';style-src 'unsafe-inline' 'self' tagmanager.google.com;script-src 'self' cdn.number26.de 'unsafe-inline' * connect.facebook.net *.youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com boards.greenhouse.io datadoghq.eu datadoghq-browser-agent.com cdn.cookielaw.org;worker-src 'self';default-src *;frame-ancestors app.contentful.com 'self' *.n26.com;frame-src *.n26.com www.googletagmanager.com *.doubleclick.net www.youtube-nocookie.com boards.greenhouse.io job-boards.greenhouse.io 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *.logr-ingest.com *.lr-ingest.io *.lrkt-in.com; font-src 'self' data:; connect-src 'self' preview.contentful.com *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *.logr-ingest.com *.lr-ingest.com *.lr-ingest.io *.lrkt-in.com; img-src 'self' data: *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *.lexialearningresources.com *.logr-ingest.com *.lr-ingest.io; worker-src 'self' blob:; frame-src 'self' mailto: *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *; 2
default-src 'none';media-src 'self';style-src 'self' https: 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cdn.cookielaw.org ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com region1.google-analytics.com;  img-src 'self' data: cdn.cookielaw.org ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com region1.google-analytics.com; ;connect-src 'self' cdn.cookielaw.org region1.google-analytics.com ;manifest-src 'self' cdn.cookielaw.org; report-uri /csp_report_parser; 2
frame-ancestors 'self' https://app.contentful.com/ https://cms-cf-pdp-integration.knauf.digital/ 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com http://www.googleadservices.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maxcdn.bootstrapcdn.com https://cdn.gigya.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://cdns4.gigya.com https://cdns5.gigya.com https://accounts.gigya.com https://accounts.eu1.gigya.com https://signin.qa.nationalexpress.com https://cdn.synthetix.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://tag.yieldoptimizer.com https://connect.facebook.net https://bat.bing.com http://bat.bing.com https://*.vo.msecnd.net http://az416426.vo.msecnd.net https://prod.limitlesslivemessenger.com https://sc-static.net https://tr.snapchat.com https://static.ads-twitter.com https://analytics.twitter.com https://platform.twitter.com https://widget.trustpilot.com https://cdn.syndication.twimg.com https://sn1.clicktripz.com js.hsforms.net https://eu.clicktripz.com http://uktc.fospha.com https://forms.hsforms.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net/analytics/ https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://d2oh4tlt9mrke9.cloudfront.net https://d2qmp7jjpd79k7.cloudfront.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://static.hotjar.com https://script.hotjar.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://ict.infinity-tracking.net/js/ https://script.infinity-tracking.com https://widgets.moovit.com https://widgets.moovit.com/wtp/en-gb/ https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://*.tiktok.com/ https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://secure.data-insight365.com/js/265823.js https://secure.data-insight365.com/Track/Capture.aspx https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://*.quantserve.com/ https://rules.quantcount.com https://edge.quantserve.com http://www.instagram.com https://cdn.weglot.com https://s.yimg.com/wi/ytc.js https://acdn.adnxs.com/dmp/up/pixie.js https://cdn.mookie1.com/containr.js https://*.abtasty.com blob: https://service.force.com https://*.my.salesforce.com https://*.salesforceliveagent.com/ https://*.my.salesforce-scrt.com/ https://*.my.site.com/ https://widget.tripgo.com https://*.flashtalking.com/ http://*.oracleinfinity.io/ https://dev.oathstudio.com https://book.distribusion.com https://*.mouseflow.com/ https://*.salecycle.com https://d16fk4ms6rqz1v.cloudfront.net wss://ws.salecycle.com https://mymachine.salecycle.com:8080;object-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.synthetix.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://platform.twitter.com https://ton.twimg.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://use.typekit.net/hpe8ksj.css https://p.typekit.net/p.css https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.weglot.com https://*.abtasty.com https://service.force.com https://*.my.salesforce-scrt.com/ https://*.my.site.com/ https://widget.tripgo.com http://*.oracleinfinity.io/ https://dev.oathstudio.com https://book.distribusion.com https://*.mouseflow.com/;img-src 'self' https://*.google-analytics.com https://www.google.com https://www.google.co.uk https://cm.g.doubleclick.net https://ad.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com http://www.googletagmanager.com https://www.googletagmanager.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://www.facebook.com https://bat.bing.com https://cdn.jsdelivr.net https://www.nationalexpress.com https://4ez2xrmccannwebprd1.blob.core.windows.net https://zwu74omccannwebqa1.blob.core.windows.net https://4ez2xrmccannwebprd1-secondary.blob.core.windows.net http://uktc.fospha.com data: https://forms.hubspot.com https://forms.hsforms.com https://track.hubspot.com https://t.co/i/ https://abs.twimg.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com https://analytics.twitter.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://signin.qa.nationalexpress.com https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://platform-cdn.sharethis.com https://l.sharethis.com https://script.hotjar.com https://static.hotjar.com https://*.clarity.ms/ https://c.bing.com https://cdn-ukwest.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://widgets.moovit.com https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://a-tiles.locationiq.com https://b-tiles.locationiq.com https://c-tiles.locationiq.com https://secure.agile-company-365.com/265823.png blob: https://d1fd8aj8bhyfe9.cloudfront.net https://d3dh5c7rwzliwm.cloudfront.net https://pixel.quantserve.com https://cdn.weglot.com https://sp.analytics.yahoo.com https://*.abtasty.com https://resources.tripgo.com https://*.flashtalking.com/ http://*.oracleinfinity.io/ https://dev.oathstudio.com https://*.mouseflow.com/ https://assets.sc-trc.com https://mymachine.salecycle.com:8080;frame-src 'self' https://routemap-embed.nationalexpress.com https://faq.nationalexpress.com https://cdns.eu1.gigya.com https://signin.qa.nationalexpress.com https://www.google.com https://*.fls.doubleclick.net https://www.google.com/recaptcha/ https://forms.gle https://docs.google.com https://td.doubleclick.net https://accounts.google.com https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://contactless.nxbus.com https://live.ekashu.com https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://nationalexpressportal.icasework.com https://national-express--bguat.my.salesforce.com https://webto.salesforce.com https://national-express.force.com https://*.my.salesforce-scrt.com/ https://*.my.site.com/ https://timetables-embed.nxbus.co.uk https://*.nationalexpress.com/%20 https://bustimetables-nx.utrackapps.com https://bustimetables-dev.utrackapps.com https://contactless.nxbus.com https://nxbusgateway.co.uk https://player.vimeo.com https://forms.hsforms.com https://tr.snapchat.com https://www.trustpilot.com https://c.sharethis.mgr.consensu.org https://widget.trustpilot.com https://platform.twitter.com https://syndication.twitter.com https://vars.hotjar.com https://widgets.moovit.com https://moovitapp.com https://m.moovitapp.com https://appassets.mvtdev.com/mobile/ https://www.tiktok.com https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://www.loom.com http://www.instagram.com https://*.abtasty.com https://service.force.com https://*.my.salesforce.com https://*.flashtalking.com/ http://*.oracleinfinity.io/ https://dev.oathstudio.com https://*.mouseflow.com/ https://*.salecycle.com https://d16fk4ms6rqz1v.cloudfront.net wss://ws.salecycle.com https://mymachine.salecycle.com:8080;font-src 'self' https://fonts.gstatic.com https://script.hotjar.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://digitalcampaignsstorage.blob.core.windows.net https://use.typekit.net/af/ https://cdn.weglot.com https://*.abtasty.com data: https://*.my.salesforce-scrt.com/ https://*.my.site.com/ https://dev.oathstudio.com https://book.distribusion.com https://*.mouseflow.com/;connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://docs.google.com https://*.analytics.google.com https://www.google.com https://dc.services.visualstudio.com https://bat.bing.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubapi.com https://connect.facebook.net https://www.facebook.com/tr/ https://www.facebook.com/plugins/customer_chat/ https://eu.clicktripz.com https://www.clicktripz.com https://prod.api.belimitless-app.io https://l.sharethis.com https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://signin.qa.nationalexpress.com https://signin.dev.nationalexpress.com https://signin.ptbook.nationalexpress.com https://signin.stable.nationalexpress.com https://signin.www.nationalexpress.com https://signin.nationalexpress.com https://holidays.nationalexpress.com https://packagesmetasearch.api.pro.logitravel.internal https://packagesmetasearch.api.external.logitravel.com https://packagesmetasearch-api-external.logitravel.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://privacyportal-uk.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://oneyou-cms.nhswebsite.nhs.uk https://webto.salesforce.com https://api.hsforms.com https://login.salesforce.com https://thekingsferry.my.salesforce.com https://*.my.salesforce-scrt.com/ https://*.my.site.com/ https://ict.infinity-tracking.net https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://script.infinity-tracking.com https://qaapi.azure-api.net https://apinxbus.azure-api.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://nas.lon.infinity-tracking.net https://nexgen.ats.careers/api/ https://idx.liadm.com/idex/unknown/ https://pixel.quantcount.com https://cdn.weglot.com https://cdn-api-weglot.com https://s.yimg.com https://*.abtasty.com https://faq.nationalexpress.com https://api.tripgo.com https://api.geocode.earth http://*.oracleinfinity.io/ https://*.distribusion.com/ https://*.tiktok.com/ https://*.amazon-adsystem.com/ https://*.mouseflow.com/ https://*.salecycle.com https://d16fk4ms6rqz1v.cloudfront.net wss://ws.salecycle.com https://mymachine.salecycle.com:8080;frame-ancestors 'self' https://www.facebook.com 2
default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors 'self' https://*.ergo.com https://*.ergo.de https://www.slipcase.com https://marketplace.marsh.com; 2
frame-ancestors 'self' *.bloomerang.com *.revsure.cloud; 2
frame-ancestors 'self' *.shift4shop.com *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 2
default-src 'self' images.ctfassets.net http://images.ctfassets.net http://videos.ctfassets.net;base-uri 'self';connect-src 'self' geolocation.onetrust.com 120-gkj-051.mktoutil.com 120-gkj-051.mktoresp.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com secure.adnxs.com cdn.cookielaw.org api.lever.co vimeo.com https://pagead2.googlesyndication.com googlesyndication.com https://investors.palantir.com https://palantir.com https://px.ads.linkedin.com;font-src 'self' fonts.gstatic.com;frame-src 'self' 120-gkj-051.mktoweb.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ bid.g.doubleclick.net cdn.cookielaw.org player.vimeo.com www.youtube.com www.youtube-nocookie.com palantir.tfaforms.net www.google.com https://td.doubleclick.net https://10848750.fls.doubleclick.net;img-src 'self' cdn.cookielaw.org www.linkedin.com/px/ heapanalytics.com www.google.com googleads.g.doubleclick.net p.adsymptotic.com secure.adnxs.com px.ads.linkedin.com www.googletagmanager.com www.google-analytics.com https://ade.googlesyndication.com data: i.ytimg.com https://ad.doubleclick.net www.palantir.io palantir.com https://www.palantir.com images.ctfassets.net http://images.ctfassets.net assets.ctfassets.net https://assets.ctfassets.net videos.ctfassets.net downloads.ctfassets.net;script-src 'self' 120-gkj-051.mktoweb.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ snap.licdn.com munchkin.marketo.net palantir.tfaforms.net player.vimeo.com cdn.cookielaw.org https://*.googletagmanager.com googleads.g.doubleclick.net doubleclick.net palantir.com 'wasm-unsafe-eval' 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-3fLttXmGXkZ5WQ3hX1PQz0O6/EPnGdGD6f73C+bHQGo=' 'sha256-PxAm6FXbbh5OkHYK9e9yK7ru41bHsXZrC7/jasSL3Ng=' 'sha256-a/7pNTd3a9x1ULIoxUTDXYWJrMtBopUlnWUwJylJTOI=' 'sha256-5VrVgGfPbUH5IoPb+tGodpswZad/XDHQfqHeVD0LMG4=' 'sha256-rl/vw6OO2nB811eUCK2TsRM+NJABb36KT2a7JHY/RV0=' 'sha256-OQzKDlDGCiO+PI2duQLxTbbZjko95b1fj34uCRWUja0=' 'sha256-YGLqxGCCQ5OYcADqsPTGeQEBKKvTHKKV9vXQxOS6g/s=' 'sha256-+obxZHq74iTlXamY+oEi2oinLv5DJBBlYZcbEulR+BU=' 'sha256-DrU88AevkT4jpUCCNzlTAahgv2PuaeUvxUJfnaqWAjc=' https://ad.doubleclick.net/ https://td.doubleclick.net https://10848750.fls.doubleclick.net;style-src 'self' 'unsafe-inline' 120-gkj-051.mktoweb.com www.googletagmanager.com hello.myfonts.net fonts.googleapis.com palantir.tfaforms.net www.palantir.io palantir.com https://www.palantir.com;object-src 'none';frame-ancestors 'self' https://resources.palantir.com; 2
default-src 'self'; 		script-src 'self' 'unsafe-inline' 'unsafe-eval' 			*.leonardo.com 			*.leonardocompany.com 			*.finmeccanica.com 				https://www.youtube.com 				https://cdn.jsdelivr.net 			https://*.walls.io 				https://walls.io 			https://consent.trustarc.com 			https://*.googletagmanager.com 			https://region1.google-analytics.com 			https://region1.analytics.google.com 			https://www.google-analytics.com 			https://*.usercentrics.eu 			https://maps.googleapis.com 			https://maps.gstatic.com; 		frame-ancestors 'self' 			*.leonardo.com 			*.leonardocompany.com; 		connect-src 'self' 			*.leonardo.com 			*.leonardocompany.com 			*.finmeccanica.com 				https://cdn.jsdelivr.net 			https://*.walls.io 				https://walls.io 				https://*.youtube.com 			https://*.usercentrics.eu 				https://consent.trustarc.com 				https://consent-pref.trustarc.com 			https://*.googletagmanager.com 			https://region1.google-analytics.com 			https://region1.analytics.google.com 			https://*.google-analytics.com 			https://*.g.doubleclick.net 			https://*.google.com 			https://pagead2.googlesyndication.com 			https://www.google.it 			https://maps.googleapis.com; 		img-src 'self' data: 			*.leonardo.com 			*.leonardocompany.com 			*.finmeccanica.com 			https://*.walls.io 			https://leonardo.canto.global 			https://*.googletagmanager.com 			https://region1.google-analytics.com 			https://region1.analytics.google.com 			https://*.google-analytics.com 			https://consent.trustarc.com 			https://consent-pref.trustarc.com 			https://www.google.it 			https://*.google.com 			https://*.g.doubleclick.net 			https://maps.googleapis.com 			https://maps.gstatic.com; 		style-src 'self' 'unsafe-inline' 			https://fonts.googleapis.com 			https://fonts.walls.io 			https://fonts-cdn.walls.io; 		font-src 'self' 				https://fonts.walls.io 				https://fonts-cdn.walls.io 				https://consent.trustarc.com 			https://fonts.gstatic.com; 		media-src 'self' 				https://*.canto.global 				https://*.cloudfront.net; 		frame-src 'self' 				https://*.walls.io 				https://*.usercentrics.eu 				https://consent.trustarc.com 				https://consent-pref.trustarc.com 				https://www.googletagmanager.com 				https://qfx.tools.investis.com 				https://syndication.teleborsa.it 				https://*.youtube.com; 2
frame-ancestors 'self' https://layout-cms.fox10phoenix.com; 2
script-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com blob: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.googletagmanager.com polyfill.io unpkg.com storage.googleapis.com *.google-analytics.com www.snapengage.com code.jquery.com cdn.jsdelivr.net api.mapbox.com cdn.skypack.dev d3js.org cse.google.com www.google.com maps.googleapis.com partner.talk.naver.com ssl.pstatic.net; font-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com data: fonts.gstatic.com cdnjs.cloudflare.com unpkg.com storage.googleapis.com; style-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com hosteduxprod.blob.core.windows.net www.google.com ssl.pstatic.net; img-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com https://* data:; connect-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com api.mapbox.com *.google-analytics.com cdn.jsdelivr.net www.snapengage.com ui.customsearch.ai maps.googleapis.com wss://cloudzoo.rhino3d.com; frame-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com www.google.com; frame-ancestors 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com self; 2
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; frame-src * 'self' mailto: tel: *.komen.org 2
frame-ancestors 'self' https://info.thryv.com https://info.thryv.com.au https://info.thryv.ca https://info.thryv.co.nz https://www.thryv.com https://www.thryv.com.au https://www.thryv.ca https://www.thryv.co.nz 2
default-src 'self' hse.ie *.hse.ie; script-src 'self' 'unsafe-inline' 'unsafe-eval' hse.ie *.hse.ie *.jquery.com *.adobedtm.com *.googletagmanager.com *.force.com *.cloudfront.net *.salesforceliveagent.com *.cookielaw.org *.google-analytics.com *.hotjar.com *.healthatlasireland.ie *.cloudflare.com *.gstatic.com *.osi.ie *.juicer.io naashospital.ie *.twitter.com *.fbcdn.net *.fontawesome.com *.contactcentrechat.com *.usabilla.com *.google.com *.salesforce.com *.squiz.cloud *.containers.piwik.pro players.brightcove.net vjs.zencdn.net https://hselive--preprod.sandbox.my.site.com https://*.hselive.my.site.com https://hselive.my.site.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' hse.ie *.hse.ie *.googleapis.com *.fontawesome.com https://hselive--preprod.sandbox.my.site.com https://*.hselive.my.site.com https://hselive.my.site.com; img-src 'self' data: blob: hse.ie *.hse.ie *.ytimg.com *.google-analytics.com *.2o7.net *.osi.ie *.googletagmanager.com *.gstatic.com *.googleapis.com *.ggpht.com *.cloudfront.net *.cookielaw.org *.usabilla.com *.gravatar.com *.brightcove.com *.brightcovecdn.com https://hselive--preprod.sandbox.my.site.com https://*.hselive.my.site.com; font-src 'self' data: hse.ie *.hse.ie *.gstatic.com *.fontawesome.com; connect-src 'self' hse.ie *.hse.ie https://cdn.cookielaw.org https://hse.containers.piwik.pro https://hse.piwik.pro https://hse-privacy.my.onetrust.com *.brightcove.com *.brightcovecdn.com *.boltdns.net *.google-analytics.com *.usabilla.com *.youtube.com *.googlevideo.com https://dxp-uk-search.funnelback.squiz.cloud https://hselive--preprod.sandbox.my.site.com https://*.hselive.my.site.com https://hselive--preprod.sandbox.my.salesforce-scrt.com https://*.hselive.my.salesforce-scrt.com https://hselive.my.salesforce-scrt.com; media-src 'self' blob: *.brightcove.com *.brightcovecdn.com *.boltdns.net *.googlevideo.com; frame-src 'self' https://hselive.my.site.com https://*.hselive.my.site.com https://*.sandbox.my.site.com https://www.google.com *.cloudfront.net *.usabilla.com *.youtube.com *.youtube-nocookie.com https://www.youtube.com https://www.youtube.com/embed/ *.livechatinc.com; frame-ancestors 'self' *.hse.ie https://hselive.my.site.com; 2
frame-ancestors 'self' apachearimlbvip.corpuk.net 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' wasm-eval cdnjs.cloudflare.com konicaminoltaus.b-cdn.net script.crazyegg.com www.googletagmanager.com; script-src-elem 'self' data: 'unsafe-inline' cdnjs.cloudflare.com konicaminoltaus.b-cdn.net www.googletagmanager.com script.crazyegg.com trans.xdtsmart.com 3001.scriptcdn.net api.wire.threatspike.com bat.bing.com blob: cdn.amplitude.com connect.facebook.net dap.digitalgov.gov extensionscontrol.com extmanagers.com infird.com sc-static.net secured-pixel.com speed.ilink-tk.com stapecdn.com static.ads-twitter.com www.google-analytics.com www.upsellit.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' ka-p.fontawesome.com kit.fontawesome.com konicaminoltaus.b-cdn.net; style-src-elem 'self' 'unsafe-inline' ka-p.fontawesome.com konicaminoltaus.b-cdn.net kit.fontawesome.com cdn.honey.io fonts.googleapis.com www.gstatic.com; style-src-attr 'unsafe-inline'; img-src 'self' data: kmbscontent.konicaminolta.us konicaminoltaus.b-cdn.net www.googletagmanager.com hm.baidu.com blob: cdn.honey.io analytics.twitter.com bat.bing.com fonts.gstatic.com s.w.org s3.amazonaws.com secure.gravatar.com t.co tagging.mkt.zappos.com translate.google.com www.gstatic.com; font-src 'self' data: ka-p.fontawesome.com at.alicdn.com cdn.scite.ai cdnjs.cloudflare.com fonts.gstatic.com konicaminoltaus.b-cdn.net migaku-public-data.migaku.com moz-extension ms-browser-extension static.zip.co svcs.tql.com; connect-src 'self' www.googletagmanager.com tracking.crazyegg.com assets-tracking.crazyegg.com script.crazyegg.com pagestates-tracking.crazyegg.com www.google-analytics.com kmbscontent.konicaminolta.us hm.baidu.com trans.xdtsmart.com konicaminoltaus.b-cdn.net region1.google-analytics.com api2.amplitude.com clientstream.launchdarkly.com overbridgenet.com sr-client-cfg.amplitude.com tagging.mkt.zappos.com www.google.com zjaasd.zappos.com; media-src 'self' data:; child-src blob:; frame-src www.googletagmanager.com; worker-src blob:; report-uri https://4cb6d1b88ad70041e7bad82563439f7d.report-uri.com/r/t/csp/enforce 2
frame-ancestors 'self' https://support.phorest.com/ https://phorest1547654878.zendesk.com/ https://phorest.zendesk.com/ https://www.salonownersummit.com/host 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' s.exist.ru yandex.ru yastatic.net ajax.googleapis.com *.yandex.net yandex.st code.createjs.com apis.google.com www.gstatic.com www.google.com ssl.gstatic.com www.googletagmanager.com *.facebook.net www.googleadservices.com vk.com st.top100.ru www.google-analytics.com *.yandex.ru *.adfox.ru otclick-adv.ru cdn.otclick-adv.ru *.exist.ru *.exist.parts telegram.org storage.yandexcloud.net www.sravni.ru cdn.jsdelivr.net *.cdn.ngenix.net cdn.botfaqtor.ru; img-src * 'unsafe-inline' data:; font-src * 'unsafe-inline'; connect-src * 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.exist.ru tc.exist.ru yastatic.net yandex.ru yandex.kz yandex.ua yandex.by *.yandex.ru *.yandex.kz *.yandex.by *.yandex.ua api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net www.facebook.com staticxx.facebook.com vk.com www.google.com api-maps.yandex.ru www.elcats.ru www.japancats.ru www.youtube.com oauth.telegram.org otclick-adv.ru cdn.otclick-adv.ru www.sravni.ru storage.yandexcloud.net c.botfaqtor.ru checks.botfaqtor.ru blocked.botfaqtor.ru; media-src 'self' data: *.yandex.net *.yandex.ru; frame-ancestors 'self' https://webvisor.com https://metrica.yandex.ru https://metrika.yandex.ru; 2
default-src * blob:;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org https://*.screenmeet.com;connect-src wss://*.liveperson.net *.liveperson.net *.lpsnmedia.net *.my.site.com *.hongkongdisneyland.com *.my.salesforce-scrt.com *.salesforce.com 'self' *.disney.com *.go.com *.demdex.net adobedc.demdex.net edge.adobedc.net *.tt.omtrdc.net *.akstat.io *.go-mpulse.net *.clicktale.net *.contentsquare.net *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.apptentive.com bat.bing.com *.branch.io *.doubleclick.net www.googleadservices.com *.google.com pagead2.googlesyndication.com cdn.linkedin.oribi.io *.reson8.com *.snapchat.com analytics.tiktok.com s.yimg.com insight.adsrvr.org https://*.screenmeet.com wss://*.screenmeet.com *.launchdarkly.com;media-src blob: *.lpsnmedia.net *.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com;img-src * data: *.lpsnmedia.net *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.akstat.io *.clicktale.net *.contentsquare.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org px.ads.linkedin.com https://*.screenmeet.com;style-src 'self' 'unsafe-inline' *.lpsnmedia.net *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net *.gam-apigw.wdprapps.disney.com *.twdc.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com tagmanager.google.com fonts.googleapis.com *.apptentive.com;frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net cdn1.parksmedia.wdprapps.disney.com cdn2.parksmedia.wdprapps.disney.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com s.amazon-adsystem.com *.bluekai.com *.doubleclick.net *.snapchat.com *.adsrvr.org *.disney.com *.wdpromedia.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com *.tt.omtrdc.net blob: https://*.screenmeet.com;font-src * data: fonts.gstatic.com;child-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob:;worker-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob: 2
default-src 'self'; child-src 'self' ceuedu-my.sharepoint.com googletagmanager.com www.youtube.com www.youtube-nocookie.com ceu.my.salesforce-sites.com *.matomo.cloud *.piktochart.com *.powerbi.com *.sharethis.com *.google.com *.facebook.com *.twitter.com unibuddy.co *.unibuddy.co *.doubleclick.net ceu-edu.zoom.us w.soundcloud.com datawrapper.dwcdn.net player.vimeo.com free.timeanddate.com gifcdn.com e.issuu.com www.yumpu.com *.simplecast.com *.genial.ly *.genially.com forms.office.com webto.salesforce.com; connect-src 'self' *.matomo.cloud *.google-analytics.com bam.nr-data.net l.sharethis.com *.linkedin.com *.analytics.google.com stats.g.doubleclick.net *.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com use.fontawesome.com; img-src 'self' data: events.ceu.edu *.google.com googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net ad.doubleclick.net i.ytimg.com *.matomo.cloud *.piktochart.com *.powerbi.com *.sharethis.com *.facebook.com *.twimg.com *.twitter.com *.linkedin.com www.google.at https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' w.soundcloud.com datawrapper.dwcdn.net player.vimeo.com gifcdn.com www.youtube.com www.youtube-nocookie.com *.twitter.com www.yumpu.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net googletagmanager.com *.googletagmanager.com google-analytics.com cdnjs.cloudflare.com use.fontawesome.com s.ytimg.com *.matomo.cloud *.piktochart.com *.powerbi.com *.sharethis.com *.google.com *.gstatic.com *.facebook.com *.twitter.com *.twimg.com js-agent.newrelic.com cdn.unibuddy.co connect.facebook.net snap.licdn.com www.youtube.com https://cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net googletagmanager.com *.googletagmanager.com google-analytics.com cdnjs.cloudflare.com use.fontawesome.com s.ytimg.com *.matomo.cloud *.piktochart.com *.powerbi.com *.sharethis.com *.google.com *.gstatic.com *.facebook.com *.twitter.com *.twimg.com js-agent.newrelic.com cdn.unibuddy.co connect.facebook.net snap.licdn.com www.youtube.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com ws.sharethis.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2
frame-ancestors 'self'; report-uri https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce 2
frame-ancestors none; report-uri /report-csp-violation 2
frame-ancestors 'self' https://layout-cms.fox2detroit.com; 2
default-src 'self' https://*.e-i.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.e-i.com https://*.linkedin.com https://cdn.matomo.cloud https://cdn.tagcommander.com https://cmcic.matomo.cloud https://googleads.g.doubleclick.net https://platform.linkedin.com https://snap.licdn.com https://symposium.dashboard.data-driven.fr https://symposium.dashboard.test.data-driven.fr https://tag.aticdn.net https://tags.data-driven.fr https://www.google.com https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.e-i.com; img-src 'self' blob: data: https://*.e-i.com https://*.linkedin.com https://ad.doubleclick.net https://conv.indeed.com/pagead/ https://googleads.g.doubleclick.net https://i.ytimg.com https://img.youtube.com https://manager.tagcommander.com https://pubads.g.doubleclick.net https://www.google.com https://www.google.fr https://www.googletagmanager.com; font-src 'self' data: https://*.e-i.com; object-src 'none'; media-src 'self' blob: https://*.e-i.com; base-uri 'none'; form-action 'self' https://www.linkedin.com; frame-ancestors 'self'; child-src 'self' blob: https://*.e-i.com https://*.fls.doubleclick.net https://api.linkedin.com https://bid.g.doubleclick.net https://recaptcha.google.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.linkedin.com https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://*.e-i.com https://*.googlesyndication.com https://*.linkedin.com https://ad.doubleclick.net https://adservice.google.com https://cmcic.matomo.cloud https://google.com https://googleads.g.doubleclick.net https://logs1412.xiti.com https://stats.g.doubleclick.net https://symposium.dashboard.data-driven.fr https://symposium.dashboard.test.data-driven.fr https://tags.data-driven.fr https://www.google.com https://www.googleadservices.com https://zkkwkzt.pa-cd.com; report-uri 2
frame-ancestors 'self' https://*.easyname.com https://*.easyname.at; 2
default-src 'self' *.blinkist.com *.blinkist.io; font-src 'self' use.typekit.net data: *; frame-src *; frame-ancestors 'self' *.blinkist.com *.optimizely.com https://*.hygraph.com; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' blob: *; connect-src *; img-src data: *; worker-src 'self' blob:; object-src 'none'; media-src * blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub9eac233acd1d4a5885c5b6095292de05&dd-evp-origin=content-security-policy&ddsource=csp-report 2
default-src 'self' cdn.segment.com myob.com *.myob.com *.myobdev.com *.ninetailed.co *.clarity.ms *.bing.com *.linkedin.com *.reddit.com connect.facebook.net *.facebook.com *.fullstory.com *.segmentapis.com *.google.com.au *.redditstatic.com d.impactradius-event.com analytics.tiktok.com www.googletagmanager.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-banner.com *.hubspot.com *.hubspotfeedback.com *.hs-analytics.net *.segment.io *.hsappstatic.net *.clickagy.com *.adsrvr.org *.zoominfo.com feedback.hubapi.com *.survicate.com snap.licdn.com *.pinimg.com *.google.com *.google-analytics.com fast.wistia.net *.mypurecloud.com.au *.newrelic.com *.pinterest.com *.zi-scripts.com *.doubleclick.net *.wistia.com *.youtube.com *.youtu.be *.jsdelivr.net *.algolia.io *.algolia.net *.algolia.com alg.li *.algolianet.com *.ctfassets.net *.sentry-cdn.com *.sentry.io *.contentful.com *.survicate-cdn.com *.googleapis.com *.zdassets.com *.zendesk.com *.googleadservices.com myob.74xz8u.net d.impct.site ws: blob:; script-src 'self' cdn.segment.com myob.com *.myob.com *.myobdev.com *.ninetailed.co *.clarity.ms *.bing.com *.linkedin.com *.reddit.com connect.facebook.net *.facebook.com *.fullstory.com *.segmentapis.com *.google.com.au *.redditstatic.com d.impactradius-event.com analytics.tiktok.com www.googletagmanager.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-banner.com *.hubspot.com *.hubspotfeedback.com *.hs-analytics.net *.segment.io *.hsappstatic.net *.clickagy.com *.adsrvr.org *.zoominfo.com feedback.hubapi.com *.survicate.com snap.licdn.com *.pinimg.com *.google.com *.google-analytics.com fast.wistia.net *.mypurecloud.com.au *.newrelic.com *.pinterest.com *.zi-scripts.com *.doubleclick.net *.wistia.com *.youtube.com *.youtu.be *.jsdelivr.net *.algolia.io *.algolia.net *.algolia.com alg.li *.algolianet.com *.ctfassets.net *.sentry-cdn.com *.sentry.io *.contentful.com *.survicate-cdn.com *.googleapis.com *.zdassets.com *.zendesk.com *.googleadservices.com myob.74xz8u.net d.impct.site 'unsafe-eval' 'unsafe-inline' ws: blob:; style-src 'self' *.myob.com *.myobdev.com *.wistia.com *.survicate.com *.survicate-cdn.com www.googletagmanager.com *.googleapis.com 'unsafe-inline' ws: blob:; img-src 'self' *.myob.com *.myobdev.com *.wistia.com *.ctfassets.net *.survicate-cdn.com data: https: ws: blob:; font-src 'self' *.myob.com *.myobdev.com *.wistia.com *.survicate-cdn.com fonts.gstatic.com data:; frame-src *; frame-ancestors *; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; object-src 'self' https://boomi.com/wp-content/uploads/; base-uri 'self'; connect-src 'self' https: wss://*.qualified.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https:; img-src 'self' data: blob: https:; manifest-src 'self' https:; media-src 'self' blob: https:; worker-src 'self' blob: https:; 2
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' https://app.storyblok.com https://*.netlify.app; img-src 'self' data: https://a-us.storyblok.com https://cdn.jwplayer.com https://prd.jwpltx.com https://ping-meta-prd.jwpltx.com https://assets-jpcust.jwpsrv.com https://www.googletagmanager.com; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'sha256-RmOHt8YQwKu/Tc/yB+HMnv3GRcmNkZj9iCJKm4zbB8Y=' 'sha256-XTsNaLl5+rmQ2oQ6fJvQ4ZIncmJnIbv38uEGMMrBgm4=' 'sha256-08KLGxUTOPNXeMvZ33kmBEkWwzapDrli57Q5rCop7Pw=' 'sha384-TtoB0Ldux3VEAK3VxdBXdMSjRtPZYm/hozKFRsrOgx7Q/v3D+LtAaSFHyfdcQELf' 'sha384-8Fcgrkd5QRep6HUWTAVExBhyUrtC21aR2eGPcVjADt1tvdHJl4wrqZaLjOwhwWNN' 'sha384-03cSz+yOZQCsXVfFuUmWeP7+sYpwFSNHTJN/PP7IbivZFKYpGoZBzLf4CRyR+TBf' 'sha384-uYGpyV8XNqNrB3LoASfGe1lzW9mzaHnaJ9nwJTIMjI7OPT/xYQ5G4QQHK11NN5LI' 'sha384-8CK6CE0PDSUmD/rjOlxccpVofEbAA5V/rEYYKD5yRZlt9MkkoWJCYeAHheyK5T3C' 'sha384-4o84KRIuITK8o3sWUC1SEBBqBd3QwmrYDFpyq6sZWo9muQJuL0zAJn+mWlqeH4By' 'sha384-tuPKoR5/wwAZzxZHeoTmSepIotdzsrmsyd5u6fOcSjPKiPHUA5hfcgADtc1aoH6Q' 'sha384-9khgfY1Dcjahvqdkga50z2egviQBz/sf6ndP4ZC1zFjPVJRqyHbUDWGjhvH6ne8/' 'sha384-1Qsx0RFzWcFrp2nK8uNw/MCGLPpaGRWHahqacVxC4AuIf4aeB2K8czmUP111fdZR' 'sha384-Hf2HoHcZTgVc81RHhfHaTiwHK0Oe5v1Ju+DGomyDUSeugJoWZE79QBTo2rvcRwz/' 'sha384-Rt62kSOdIrK7f0ZyhGgeNefbxjc4/iFXeEaZ5nccHhP9UauA2RDcwohmQdBHREqL' 'sha384-9x7nYrqZpnIlwVVhVK32KUDZ3fBHkMM24c8776DydQh1fTHMEz9cBggJ/ltZbTPE' 'sha384-T6nI2nsgnfmMHRdQB99EYVnk0IjJVGwLRczEbpeb6IbND/YNtHgG+Fur7NEII8W6' 'sha384-R1alweRthwcUzIMhaNPbg4quQ8dh7a9givEYGUl0sZ/f0zyakv359ywv2gP/6Y5f' 'sha384-qjjckmnr/V6BUGAuuLOwek79PiWHYnLlx2a7wR3yf7QIKoPyeXUaqCigChlmHv/T' 'sha384-nX1HImVnL1jW/yeFsL1jxQkxeIvvgvHn2ZT+Y1QPu59HYPafgui7vAdgkLf5Cc1d' 'sha384-o+AOLudSruApiP++wNQKxvI1oduevUyTd6E4nSYlJYel62HESYju7iHm4AnnnHhr' 'sha384-T4Ad8oqOyO9tYW+13DqnATEEiQolS6RnqhmHwxqj7KPEPfXzJREG14qYPyBNt3nF' 'sha384-YWUcF5LWwbtlAoG0Hc/jQyjkTHWBpVxRgHLrguvKDSOl4kydiqKEj2pmG/VhOjqG' 'sha384-oIIHqdByTLI6zlUNxGaWfTynzyWe2J8LrmR31A6ENe0yzVvlJa7n3RgK3dBcD09K' 'sha384-0KZsOqT7VzFJKapA5TvCMsuWjYPxKPCbsaYfA8A80sdFs/RxIWb+3n4wJQp7oiYf' 'sha384-hSBNBcDP2NFVgDFQW1v4GQd+WL5EG8xINCKjTcMiq+2BLvRmrf0RsFluC0LHuzrq' 'sha384-gUpAGJqj/VNkc0U8RXHYmSQ9aTs0mzEZJvQzr8i9rZkppTRubADzvIiq0pT4UHis' 'sha384-RqJ13FP5f6KjDzhrrXbmThrQbqyksPLdCiV0ZL7shBJNJsuoUG3O/fWoqrVJYtss' 'sha384-rXsQ0bkahWs7u9o4k/wn9XEYUo7k65Jo63B39iu/TCMV08gKNxo8UG20mNeA+cdY' 'sha384-N/y9XqStiK8tZwkWFmK1v+wduOsIbelMkxlnnYw2tXToqQSRo3tfhKijPA8d7g+M' 'sha384-yqe5lBUOU9h+YHHbyjlkz0J6U4JX3HAeXBejErWEXaqVQPA9arRAFdcQ06Kjf+V5' 'sha384-z5LLp0MMpws1Zf3IYylhIqyPEN4uQLx6qezjXGN9uxhlAI0ABXrRLV52H7XsyaVP' 'sha384-yViTnU/UVQ5qY+EFuihE2RUn7fWILqRKCxeYwhwkkkRBjJAssUZ9IHnGtr4v+S5e' 'sha384-Hj3ZxX4hqoqsJEvGAGmzFs51TRFTYKBYkwvJQPN5E4NfPRzilTH47xEIbAu1LsYQ' 'sha384-RyAnqBUcCU9n8s7w/+5RHprxnPQ6PSLXC+pL92AC+yXMumz+jbeoSOsyWGNk+7e/' 'sha384-f+MAkBS+0a0L1CH9SkdqDMHztaXiFBMfzKooH6O3WvLX1MV6f0gEaDQt0n0lK8T2' 'sha384-QmhAuTmExSGvaAA9exNBh9AHB8QSAhOb3nCZySfeZYxlfm0K0d61fzCA9rfJ+pOb' 'sha384-s4uJTr8Nv4RqYbb+bYYMRqflOpeJkFTd/BuSQ+PXBrRQbdM2kGLxMx/sDTei31Fh' 'sha384-Jko6VYY3HFLBxnvOszotcg05MaVED3mOuBhuY3mBDcfWwc/2sV8vh7pG5SRqE+KE' 'sha384-RYbFVg6Yy80ZsPhjDeKaQpXyDEJ2R8CP9T1qS/N98ldVoNU+nIXxy5wjYROsTj6d' 'sha384-h9bQ1WJ8gJhmGgcPt2QjdHr3iO/2l89O2GrDtSetEDykyaaldrPQsqKPpxW8UYcd' 'sha384-fPF4s1iPcyVf9cj9XwSsJZi6mKqAob+xj1uW71Nd0UQzrp8OcFyobQIzWUNleTbd' 'sha384-Yaxu4eFIGW0yeUhjS+TymERpj1lppZuMQAe35aKLiXvLIFdrdqrZ37Xoie+H4nH2' 'sha384-eD2fsOVpoYEhcNr/KhyBvJK0xdsZL1Q9zFB+/uY4UkvnXuNSxFsVlmpuCySEvJb7' 'sha256-Gi/nYCICyD4LRGFj9MsNVvca6TNBdFh0D4/fdz2euRI='; upgrade-insecure-requests; frame-src 'self' *.wufoo.com app.netlify.com; 2
"default-src 'self';      script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.bluemail.me bluemail.me;     style-src 'self' 'unsafe-inline' 'unsafe-hashes' fonts.googleapis.com *.bluemail.me bluemail.me;     font-src 'self' data: fonts.gstatic.com;     img-src 'self' data: www.google-analytics.com *.bluemail.me bluemail.me https://logos-typeapp.s3.amazonaws.com;     connect-src 'self' www.google-analytics.com reg3.bluemailapp.com logos-typeapp.s3.amazonaws.com *.bluemail.me bluemail.me;     frame-src 'self' *.bluemail.me bluemail.me;     manifest-src 'self';     object-src 'none';     form-action 'self';     base-uri 'self';" always; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com https://googleads.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com https://api-maps.yandex.ru https://yastatic.net https://static.cloudflareinsights.com https://img.armtek.ru https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://img.armtek.ru; font-src 'self' https://img.armtek.ru; img-src 'self' data: blob: https:; connect-src 'self' https: wss:; frame-src https://www.googletagmanager.com https://platiecom.ru; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; 2
default-src *; img-src * 'self' data: https://*; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' https://koreascience.kr https://ocean.kisti.re.kr; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; object-src 'self' https://koreascience.kr https://ocean.kisti.re.kr; connect-src 'self' https://koreascience.kr https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://koreascience.kr https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://koreascience.kr https://ocean.kisti.re.kr https://www.google-analytics.com https://data.doi.or.kr data:; frame-src 'self' https://koreascience.kr https://ocean.kisti.re.kr https://data.doi.or.kr; frame-ancestors 'self' https://koreascience.kr https://ocean.kisti.re.kr https://www.koreanoncology.or.kr http://www.kjrs.or.kr http://kjrs.or.kr https://www.ksdt.kr https://ksdt.kr/ http://smarttourism.khu.ac.kr http://www.kstp.or.kr https://www.ksdb.org https://www.ejmsb.org https://www.ekjps.org https://www.kosfaj.org https://www.jkmood.org https://www.ejast.org https://www.ejast.org https://www.jksaa.org https://www.jkiees.org https://www.ekosfop.or.kr https://www.e-fas.org https://www.woodj.org https://www.eksss.org https://www.eksss.org https://www.eksss.org https://www.jkila.org https://www.jkila.org http://journal.rubber.or.kr http://journal.cg-korea.org http://journal.kfs21.or.kr http://old.kjrs.or.kr https://www.janss.kr https://www.snak.or.kr www.e-fppi.org http://journal.tribology.kr; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;  2
frame-ancestors 'self' https://plan-admin.yamap.com https://dev-plan-admin.yamap.com 2
frame-ancestors 'self' https://*.stackoverflow.com https://*.stackoverflow.co; 2
frame-ancestors 'self' *.awsapps.nvidia.com *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com https://salespro.hpe.com https://hpe.seismic.com https://cms.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://cms.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud https://events.rainfocus.com https://docs.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://docs.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud; 2
frame-ancestors http://msdcxp.msp.int http://msdcxp.msp.de 2
default-src * blob: ws: wss: gap://ready 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'unsafe-inline'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline'; img-src * 'self' data: blob: 'unsafe-inline'; frame-src * blob: intent:; child-src * blob: gap:; frame-ancestors *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; worker-src * blob: 'unsafe-inline'; 2
default-src data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src data: https: 'unsafe-inline'; object-src 'self' blob:; img-src data: blob: https:; 2
child-src *.hsforms.com; connect-src 'self' *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.hs-banner.com *.hsforms.com *.hubapi.com *.hubspot.com *.ip-api.com *.liadm.com *.vector.co analytics.ahrefs.com api.claydar.com api.cr-relay.com app.clearbit.com app.navattic.com cdn.athenahq.ai cdn.jsdelivr.net/npm/swiper@11/ cdn.linkedin.oribi.io cdn.prod.website-files.com conversions-config.reddit.com hubspot-forms-static-embed.s3.amazonaws.com joinamply.github.io/amply-motion/dist/index.js.map js.hscta.net material-site.cdn.prismic.io pagead2.googlesyndication.com pixel-config.reddit.com px.ads.linkedin.com static.hsappstatic.net unpkg.com/@rive-app/ www.redditstatic.com; default-src 'self'; font-src 'self' assets.website-files.com cdn.prod.website-files.com data: uploads-ssl.webflow.com; frame-src 'self' *.hs-sites.com *.hsforms.com *.hsforms.net *.hubspot.com *.liadm.com capture.navattic.com cdn.embedly.com demo.arcade.software material-site.prismic.io open.spotify.com player.vimeo.com td.doubleclick.net www.googletagmanager.com www.vimeo.com www.youtube.com; img-src 'self' *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.hsforms.com *.hsforms.net *.hubspot.com *.liadm.com alb.reddit.com blob: cdn.prod.website-files.com d3e54v103j8qbb.cloudfront.net/img/ data: google.com googleads.g.doubleclick.net i.vimeocdn.com i.ytimg.com images.prismic.io js.hscta.net material-site.cdn.prismic.io/material-site/ no-cache.hubspot.com pagead2.googlesyndication.com prismic-io.s3.amazonaws.com/material-site/ px.ads.linkedin.com px4.ads.linkedin.com www.google.com www.linkedin.com; media-src 'self' cdn.prod.website-files.com material-site.cdn.prismic.io; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' *.googletagmanager.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsforms.com *.hsforms.net *.hubspot.com *.liadm.com *.usemessages.com *.vector.co analytics.ahrefs.com cdn.athenahq.ai cdn.claydar.com cdn.cr-relay.com cdn.jsdelivr.net/npm/@deltaclan/superform@2/ cdn.jsdelivr.net/npm/@finsweet/ cdn.jsdelivr.net/npm/swiper@11/ cdn.prod.website-files.com cdnjs.cloudflare.com/ajax/libs/ d3e54v103j8qbb.cloudfront.net/js/ joinamply.github.io/amply-motion/dist/index.js js.hscta.net js.navattic.com material.security/pageload.js player.vimeo.com prismic.io px.ads.linkedin.com snap.licdn.com static.cdn.prismic.io static.claydar.com tag.clearbitscripts.com unpkg.com/@rive-app/ www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com x.clearbitjs.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net/npm/swiper@11/ cdn.prod.website-files.com joinamply.github.io/amply-motion/styles.css 2
frame-ancestors 'self' http://plugins-cdn.datocms.com https://isabel-corporate-website.admin.datocms.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.hsforms.com https://*.hsforms.net https://*.hs-sites-eu1.com https://*.hubspot.com https://www.google.com https://www.recaptcha.net https://*.convertcalculator.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hsappstatic.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://js-eu1.hs-scripts.com https://*.hsadspixel.net https://*.cookielaw.org https://*.onetrust.com https://*.matomo.cloud https://*.clarity.ms https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://snap.licdn.com https://*.convertcalculator.com; connect-src 'self' https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubapi.com https://*.hscollectedforms.net https://*.hsadspixel.net https://static.hsappstatic.net https://api-eu1.hubspot.com https://*.cookielaw.org https://*.onetrust.com https://*.matomo.cloud https://*.clarity.ms https://www.google.com https://*.licdn.com https://*.convertcalculator.com 2
script-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' https://*.adobedtm.com https://*.unbounce.com https://*.paypal.com https://*.paypalobjects.com https://*.gstatic.com https://*.braintreegateway.com https://*.google.com https://*.sezzle.com https://*.iseeme.com https://*.cloudflare.com https://cdn.inspectlet.com https://*.turnto.com https://*.googletagmanager.com https://connect.facebook.net https://www.googlecommerce.com https://dev.visualwebsiteoptimizer.com https://*.olark.com https://cdn.ywxi.net https://www.googleadservices.com https://bat.bing.com https://cdn.datasteam.io https://amplify.outbrain.com https://cdn.attn.tv https://s.pinimg.com https://snip.bronto.com https://collector-12391.tvsquared.com https://www.google-analytics.com https://www.googleadservices.com https://*.googlesyndication.com https://*.steelhousemedia.com https://*.adsrvr.org https://*.clarity.ms https://*.g.doubleclick.net https://*.cloudflare.net https://*.cloudfront.net https://*.criteo.net https://*.criteo.com https://*.outbrain.com https://*.scarabresearch.com https://*.emarsys.net https://*.trustpilot.com https://*.cookielaw.org https://*.trustedsite.com https://*.youtube.com https://*.tiktok.com https://*.cardinalcommerce.com https://*.ads-twitter.com https://*.mountain.com https://*.adnxs.com https://*.boldcommerce.com https://static.xx.fbcdn.net https://*.kaptcha.com https://*.pinterest.com https://*.convertexperiments.com https://*.niceincontact.com https://*.planetart.com https://*.clickcease.com https://*.stamped.io https://*.googleapis.com https://*.axon.ai https://*.albss.com https://*.applovin.com https://*.affirm.com https://unpkg.com https://misc.iseeme.com https://*.herbstarsbuilding.com https://*.fontawesome.com https://*.id5-sync.com; frame-ancestors 'self'; upgrade-insecure-requests; 2
frame-ancestors 'self'; default-src 'self' https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.rcrsv.io; 2
frame-ancestors 'self' https://one.hu https://digi.hu https://salesweb.digi.hu; object-src 'self'; 2
font-src fonts.gstatic.com use.typekit.net *.omds.acidgreen.com.au *.explore.omsystem.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.omds.acidgreen.com.au *.explore.omsystem.com cl.s51.exct.net *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.sanity.studio 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.omds.acidgreen.com.au *.explore.omsystem.com *.zendesk.com *.adyen.com *.google.com/ instafeed.pixlee.co photos.pixlee.co *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io *.omds.acidgreen.com.au *.explore.omsystem.com explore.omsystem.com blob: *.getolympus.com *.akstat.io *.cookielaw.org *.ggpht.com https://www.magezon.com *.bing.com *.bing.net *.criteo.com *.doubleclick.net *.elfsightcdn.com *.facebook.com *.facebook.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.igodigital.com *.mczbf.com *.olympus.eu *.omappapi.com *.pricespider.com google.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cf www.google.ch www.google.ci www.google.cl www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ge www.google.gg www.google.gl www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sr www.google.tn www.google.tt www.google.vu https://id5-sync.com *.quantserve.com alb.reddit.com *.linkedin.com https://tg.socdm.com https://cs.adingo.jp https://ads.stickyadstv.com https://idsync.rlcdn.com https://exchange.mediavine.com https://jadserve.postrelease.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://x.bidswitch.net https://ib.adnxs.com https://r.casalemedia.com https://ad.360yield.com https://contextual.media.net https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://eb2.3lift.com https://aa.agkn.com https://ade.clmbtech.com https://sync.1rx.io https://a.twiago.com https://sync.targeting.unrulymedia.com *.zendesk.com *.adyen.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.pxlecdn.com *.pixlee.com *.cdninstagram.com *.sanity.io www.facebook.com *.magentosite.cloud shop.olympus.com.au www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.googletagmanager.com *.cash.app *.payments-amazon.com *.google.com *.paypal.com *.checkout.visa.com *.mastercard.com *.omds.acidgreen.com.au *.explore.omsystem.com *.go-mpulse.net *.newrelic.com *.cookielaw.org *.weglot.com *.om-digitalsolutions.com *.pricespider.com cdnjs.cloudflare.com api.tiles.mapbox.com *.adobedtm.com *.bing.com *.criteo.com *.doubleclick.net *.elfsight.com *.facebook.net *.googleapis.com *.googletagmanager.com *.googleadservices.com *.googleads.g.doubleclick.net *.igodigital.com *.mczbf.com *.omappapi.com *.pixlee.com *.js-agent.newrelic.com *.bam.nr-data.net *.cardinalcommerce.com  merchant-center-analytics.goog  analytics.tiktok.com *.quantserve.com www.redditstatic.com https://trck.linkster.co https://unpkg.com snap.licdn.com *.tradedoubler.com *.zdassets.com *.zendesk.com *.adyen.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com/ *.marketo.com *.pxlecdn.com *.pixlee.co https://acsbapp.com https://*.acsbapp.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.omds.acidgreen.com.au *.explore.omsystem.com *.weglot.com *.fontawesome.com api.tiles.mapbox.com *.omappapi.com *.pricespider.com *.gstatic.com *.marketo.com assets.pixlee.com *.addthis.com *.moatads.com *.addthisedge.com maxcdn.bootstrapcdn.com *.scandiweb.dev unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.googleapis.com *.gstatic.com *.scandiweb.dev *.omsystem.com https://cdn.pubble.io *.commondatastorage.googleapis.com *.sanity.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.omds.acidgreen.com.au *.explore.omsystem.com *.akamaihd.net *.akstat.io *.go-mpulse.net *.cookielaw.org *.weglot.com cdn-api-weglot.com *.om-digitalsolutions.com *.bing.com *.bing.net *.criteo.com *.doubleclick.net *.elfsight.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.mczbf.com *.mapbox.com *.omappapi.com *.onetrust.com *.pricespider.com *.pixlee.com *.bam.nr-data.net *.js-agent.newrelic.com merchant-center-analytics.goog  analytics.tiktok.com *.quantserve.com www.redditstatic.com conversions-config.reddit.com pixel-config.reddit.com *.linkedin.com rules.quantcount.com pixel.quantcount.com *.zdassets.com *.zendesk.com wss://pod-28-sunco-ws.zendesk.com https://olympus.registria.com *.googletagmanager.com *.googleadservices.com *.googleads.g.doubleclick.net *.adyen.com https://getolympus.registria.com https://maps.googleapis.com https://player.vimeo.com bam.nr-data.net *.marketo.com *.addthis.com https://acsbapp.com https://*.acsbapp.com www.facebook.com *.exct.net explore.omsystem.com *.cardinalcommerce.com apps.elfsight.com player.vimeo.com *.facebook.net *.merchant-center-analytics.goog api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://3706dfdc-3ec8-4812-add5-b403178623a6.sansec.watch/; report-to report-endpoint; 2
default-src https: data: wss: 'unsafe-eval' 'unsafe-inline' 2
base-uri 'self'; report-uri https://cdn1.hellohumankindness.org/svc/csp-report/?t=2c30318d157a3a246eb902f5cc3f638e9cd04663f78d7f84312518ede8d73b325cc59d8edda29f2b8d2582ce14ca3d5e5b310d69d31d28b4; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com care.commonspirit.org cdn.commonspirit.org cdn.cookielaw.org cookie-cdn.cookiepro.com fonts.googleapis.com geolocation.onetrust.com privacyportal.onetrust.com ucm-us.verint-cdn.com/files/sites/commonspirit/ use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dignityhealth.org *.evaliahealth.com *.everestjs.net *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.youtube-nocookie.com *.youtube.com adobedc.demdex.net ajax.googleapis.com ajax.microsoft.com assets.adobedtm.com assets.adobedtm.com bam.nr-data.net care.commonspirit.org cdn.commonspirit.org cdn.cookielaw.org cdn1.commonspirit.org cdnjs.cloudflare.com commonspirit.experiencecloud.adobe.com cookie-cdn.cookiepro.com experience.adobe.com geolocation.onetrust.com js-agent.newrelic.com login.commonspirit.org maps.googleapis.com privacyportal.onetrust.com resources.unlockhealthnow.com/embed-script/ script.crazyegg.com ucm-us.verint-cdn.com/files/modules/ ucm-us.verint-cdn.com/files/sites/commonspirit/ use.typekit.net; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube-nocookie.com *.youtube.com care.commonspirit.org commonspirit.demdex.net docasap.com www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.blob.core.windows.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.twimg.com *.youtube.com api.clearsensecloud.com apps.vmfh.org bam.nr-data.net care.commonspirit.org cdn.cookielaw.org cdn.healthwise.net cdn.jotfor.ms d20bb9v528piij.cloudfront.net data: dpm.demdex.net i.ytimg.com login.commonspirit.org s3.amazonaws.com s7d1.scene7.com s7d2.scene7.com trinityhealth.com/wp-content/uploads/ ucm-us.verint-cdn.com use.typekit.net www.google.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.googleapis.com *.hellohumankindness.org *.mktoresp.com *.mktoutil.com *.omtrdc.net *.recaptcha.net adobedc.demdex.net ajax.microsoft.com analytics.google.com api.ipify.org apiprod.commonspirit.org assets.adobedtm.com bam.nr-data.net cdn.commonspirit.org cdn.cookielaw.org cdn.cookielaw.org dcs.adobedc.net dpm.demdex.net fid.agkn.com fonts.googleapis.com geolocation.onetrust.com identity-api.commonspirit.org identity-func.commonspirit.org login.commonspirit.org maps.googleapis.com privacyportal-na01.onetrust.com providers.commonspirit.org readaloud.googleapis.com script.crazyegg.com telemetry.commonspirit.org translate.googleapis.com ucm-us.verint-cdn.com/files/sites/commonspirit/; media-src 'self' d20bb9v528piij.cloudfront.net s7d1.scene7.com; default-src 'self' *.dignityhealth.org account.commonspirit.org cdn1.commonspirit.org commonspirit.demdex.net identity-func.commonspirit.org login.commonspirit.org; font-src 'self' *.dignityhealth.org *.gstatic.com cdn.jorfor.ms cdn1.commonspirit.org data: use.typekit.net www.commonspirit.org; 2
frame-ancestors *.frankfurt-airport.com *.fraport.de https://fraportag.sharepoint.com https://external.airport.ai; 2
block-all-mixed-content; frame-ancestors https://bigscoots.com https://portal.bigscoots.com/ https://www.bigscoots.com 2
child-src *.googletagmanager.com *.greenhouse.io *.vimeo.com app.qualified.com; connect-src *.clarity.ms *.6sc.co *.mutinyhq.io *.mutinyhq.com *.mutinycdn.com *.cookiefirst.com *.google-analytics.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.vimeocdn.com *.forethought.ai *.linkedin.com *.vidyard.com *.vimeo.com *.6sense.co *.6sense.com *.d2l.com wss://*.qualified.com lottie.host e.calibermind.com app.navattic.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com dl102401s.searchunify.com dl182403p.searchunify.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net *.g2.com www.redditstatic.com bam.nr-data.net pagead2.googlesyndication.com secure.adnxs.com www.google.co.in www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.br www.google.com.co www.google.com.mx www.google.ie 'self' 482-pda-858.mktoresp.com 482-pda-858.mktoutil.com app.qualified.com conversions-config.reddit.com data: eps.6sc.co my.yoast.com pixel-config.reddit.com prod.customershome.com region1.analytics.google.com tracking.g2crowd.com translate.googleapis.com www.facebook.com www.google.ca www.googleadservices.com yoast.com vimeo.com; default-src *.clarity.ms *.6sc.co *.acuityplatform.com *.mutinyhq.io *.mutinyhq.com *.mutinycdn.com *.linkedin.com 'self' 'unsafe-inline' *.d2l.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com c.bing.com secure.adnxs.com 482-pda-858.mktoresp.com alb.reddit.com analytics.google.com connect.facebook.net data: googleads.g.doubleclick.net ipv6.6sc.co js.qualified.com munchkin.marketo.net origin.acuityplatform.com pixel-config.reddit.com 'self' tracking.g2crowd.com www.facebook.com www.google.com www.googletagmanager.com www.redditstatic.com www.youtube.com; font-src 'self' data: www.d2l.com dl102401s.searchunify.com dl182403p.searchunify.com fonts.gstatic.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; form-action 'self' www.d2l.com www.facebook.com applications.zoom.us; frame-src *.googletagmanager.com *.greenhouse.io *.vidyard.com *.vimeo.com *.forethought.ai *.d2l.com 'self' blob: capture.navattic.com applications.zoom.us app.qualified.com td.doubleclick.net www.facebook.com www.google.com www.youtube.com www.buzzsprout.com; img-src *.clarity.ms *.6sc.co *.mutinycdn.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.vimeocdn.com *.linkedin.com *.vidyard.com *.d2l.com img.youtube.com cdn.shortpixel.ai c.navattic.com i.ytimg.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net dl102401s.searchunify.com dl182403p.searchunify.com static.pheedloop.com assets.swoogo.com google.com pagead2.googlesyndication.com consent.cookiefirst.com secure.adnxs.com www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.ma www.google.co.nz www.google.co.uk www.google.co.vi www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.bz www.google.com.co www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.ly www.google.com.mx www.google.com.np www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.sa www.google.com.sg www.google.com.tr www.google.de www.google.dz www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.ht www.google.hu www.google.ie www.google.it www.google.nl www.google.pt www.google.rs 'self' app.navattic.com c.bing.com alb.reddit.com data: fonts.gstatic.com secure.gravatar.com translate.google.com www.facebook.com www.google.ca blob:; media-src *.vimeo.com *.vimeocdn.com 'self' h5p.com app.qualified.com; object-src 'self'; script-src-attr 'unsafe-inline'; script-src-elem *.clarity.ms *.6sc.co *.acuityplatform.com *.mutinycdn.com *.cookiefirst.com *.greenhouse.io *.forethought.ai *.vidyard.com *.vimeo.com *.d2l.com 'self' 'unsafe-inline' js.navattic.com cdn.shortpixel.ai js.navattic.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net pagead2.googlesyndication.com snap.licdn.com bam.nr-data.net apis.google.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com js.qualified.com js.storylane.io munchkin.marketo.net origin.acuityplatform.com cdn.calibermind.com tracking.g2crowd.com unpkg.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com yoast.com js.live.net www.dropbox.com www.buzzsprout.com; script-src *.6sc.co *.acuityplatform.com *.mutinycdn.com *.googletagmanager.com *.googleadservices.com *.google.com *.vimeocdn.com *.vimeo.com *.greenhouse.io *.forethought.ai *.d2l.com 'self' 'unsafe-eval' 'unsafe-inline' js.navattic.com pagead2.googlesyndication.com snap.licdn.com bam.nr-data.net consent.cookiefirst.com client-registry.cdn.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com js.qualified.com munchkin.marketo.net tracking.g2crowd.com unpkg.com www.clarity.ms www.redditstatic.com; style-src-attr 'unsafe-inline' dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; style-src-elem *.cookiefirst.com *.greenhouse.io *.d2l.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net 'self' 'unsafe-inline' data: fonts.googleapis.com www.gstatic.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; style-src 'self' 'unsafe-inline' d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net consent.cookiefirst.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com pages.d2l.com; worker-src 'self' blob:; frame-ancestors 'self' *.d2l.com app.mutinyhq.com applications.zoom.us; 2
frame-ancestors 'self' *.tennis-warehouse.com www.tenniswarehouse-europe.com www.tennisonly.com.au; 2
frame-ancestors 'self' https://ahunga.sharepoint.com https://mywallet.onewallet.one.nz/ https://netspeed.net.nz/ https://wirelessnation.co.nz/ https://koganmobile.co.nz/ https://www.one.nz/ 2
frame-ancestors 'self' https://app.experiencewelcome.com/ 2
base-uri 'none'; default-src 'self' data: https: wss: 'unsafe-inline'; style-src 'self' data: https: wss: 'unsafe-inline' https://cdn.thieme.de; font-src 'self' data: https://cdn.thieme.de; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://cdn.cookielaw.org https://cdn.mouseflow.com https://www.googletagmanager.com https://widget.netigate.se https://widget-api.netigate.se https://widgetapi-stage.netigate.se https://netigate.se https://devwidgetstatic.z6.web.core.windows.net; frame-src 'self' https://cdn.cookielaw.org https://www.google-analytics.com https://www.youtube-nocookie.com/ https://www.youtube.com/ https://s20.video-stream-hosting.de https://start.video-stream-hosting.de https://*.frcapi.com https://eventsuite-068.dtmsdigi.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com https://cdn.cookielaw.org 2
frame-ancestors 'self' https://askvoid.com; 2
default-src https://*.visualwebsiteoptimizer.com https://app.vwo.com https://appdsv.omie.com.br https://vc.hotjar.io https://js.intercomcdn.com https://in.hotjar.com https://api.hubapi.com https://www.facebook.com wss://nexus-websocket-a.intercom.io https://*.hubspot.com https://ws6.hotjar.com wss://ws6.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.dataunion.com.br https://api-iam.intercom.io; script-src 'self' 'unsafe-inline' 'report-sample' blob: https://static.hsappstatic.net https://pagead2.googlesyndication.com https://tag.goadopt.io https://www.clarity.ms https://*.bing.com https://analytics.tiktok.com https://js.hs-scripts.com https://*.googleapis.com https://www.omie.com.br https://*.gomerlin.com.br https://*.amplitude.com https://js.hubspot.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.hsappstatic.net https://*.taboola.com https://api.segment.io  https://tag.goadopt.io https://api.segment.com https://track.segment.com https://cdn.segment.com https://measurement-api.criteo.com https://*.clarity.ms https://*.bing.com https://apis.google.com https://analytics.tiktok.com https://appdsv.omie.com.br https://snap.licdn.com https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://cse.google.com https://www.google.com https://www.google.com.br https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://js.usemessages.com https://stackpath.bootstrapcdn.com https://www.dataunion.com.br https://js.hscollectedforms.net https://www.googletagmanager.com https://*.hotjar.com https://*.tailtarget.com https://*.intercom.io https://js.hsleadflows.net https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://www.googleadservices.com https://js.hsforms.net https://js.hs-scripts.com https://connect.facebook.net https://forms.hsforms.com https://www.google-analytics.com https://app.omie.com.br https://cdnjs.cloudflare.com https://js.intercomcdn.com https://*.criteo.com https://static.criteo.net https://preview-new.mkt.omie.us; style-src 'self' 'unsafe-inline' 'report-sample' https://www.omie.com.br https://app.vwo.com https://*.visualwebsiteoptimizer.com https://*.gomerlin.com.br https://optimize.google.com https://preview-new.mkt.omie.us https://cdn.omie.com.br https://use.fontawesome.com https://cdn.jsdelivr.net https://fonts.googleapis.com; frame-src https://youtube.com https://scores.securityscorecard.io https://thorn-plot-94c.notion.site https://www.googletagmanager.com https://td.doubleclick.net https://app.getdemo.com.br https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.firebaseapp.com https://*.google.com https://*.omie.com.br https://*.hubspot.com https://chat-convecao24.firebaseapp.com https://www.googletagmanager.com https://td.doubleclick.net https://intercom-sheets.com/ https://cdn.omie.com.br/ https://cdndsv.omie.com.br/ https://www.intercom-reporting.com/ https://www.facebook.com/ https://player.vimeo.com/ https://www.youtube.com https://optimize.google.com https://www.googletagmanager.com/ https://bid.g.doubleclick.net/ https://vars.hotjar.com/ https://tags.t.tailtarget.com/ https://forms.hsforms.com/ https://*.criteo.com https://static.criteo.net; img-src 'self' data: blob: https://googleads.g.doubleclick.net https://secure.gravatar.com https://*.amazonaws.com https://*.gomerlin.com.br https://dev.visualwebsiteoptimizer.com https://measurement-api.criteo.com https://ads.stickyadstv.com https://*.clarity.ms https://*.bing.com https://www.googletagmanager.com https://s3-sa-east-1.amazonaws.com https://www.linkedin.com https://px.ads.linkedin.com https://www.google-analytics.com https://sync-t1.taboola.com https://*.criteo.com https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://sync-criteo.ads.yieldmo.com https://cm.g.doubleclick.net https://*.hubspot.com https://*.omie.com.br https://conpass.blob.core.windows.net https://fast.conpass.io https://static.intercomassets.com https://omie-b8c3f6a65bc3.intercom-attachments-5.com https://app.intercom.com/ https://*.intercomcdn.com/ https://omiexperience-sa.intercom-attachments-7.com/ https://omie-b8c3f6a65bc3.intercom-attachments-1.com/ https://omie-b8c3f6a65bc3.intercom-attachments-9.com/ https://*.googleapis.com https://*.gstatic.com *.google.com *.google.com.br *.googleusercontent.com *.facebook.net *.facebook.com https://*.hsforms.com; font-src 'self' data: https://app.vwo.com https://*.visualwebsiteoptimizer.com https://use.typekit.net https://script.hotjar.com https://js.intercomcdn.com https://fonts.gstatic.com https://*.omie.com.br/omiesaga/ https://use.fontawesome.com; connect-src 'self' https://*.intercom-messenger.com wss://*.intercom-messenger.com https://static.hsappstatic.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://axeptio-api.goadopt.io https://analytics-ipv6.tiktokw.us wss://app.gomerlin.com.br https://*.gomerlin.com.br https://*.amplitude.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://omie.ravena.app https://*.taboola.com https://api.hsforms.com https://disclaimer-api.goadopt.io https://api.segment.io https://cdn.jsdelivr.net https://api.segment.com https://track.segment.com https://cdn.segment.com https://measurement-api.criteo.com https://*.clarity.ms https://*.bing.com https://google.com https://securetoken.googleapis.com https://identitytoolkit.googleapis.com https://firestore.googleapis.com https://analytics.tiktok.com https://px.ads.linkedin.com https://analytics.google.com https://sslwidget.criteo.com https://blog.omie.com.br https://forms.hscollectedforms.net https://viacep.com.br https://appdsv.omie.com.br https://api.crm.ops.omie.us https://apidev.crm.ops.omie.us https://api.plm.ops.omie.us https://www.omie.com.br https://app.omie.com.br https://forms.hsforms.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://hubspot-forms-static-embed.s3.amazonaws.com https://www.dataunion.com.br https://www.google-analytics.com https://*.doubleclick.net https://www.google.com https://www.google.com.br https://www.facebook.com/ https://*.hubspot.com https://*.hubapi.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com; form-action https://intercom.help https://api-iam.intercom.io https://www.facebook.com https://*.omie.com.br https://omie.clickmeeting.com/ https://*.omie.com.br https://app.omie.com.br https://www.omie.com.br https://forms.hsforms.com; media-src blob: https://js.intercomcdn.com https://preview.omie.com.br https://www.omie.com.br https://omie.com.br; frame-ancestors 'self'; object-src 'none'; worker-src blob: https://*.omie.com.br; base-uri 'self';  2
frame-ancestors https://*.storyblok.com; 2
default-src 'self' *.googleapis.com cdnjs.cloudflare.com *.gdi-sh.de efi2.schleswig-holstein.de efi.schleswig-holstein.de phpefi.schleswig-holstein.de *.openstreetmap.org *.openstreetmap.fr *.openstreetmap.de cdn.podigee.com phpefi.schleswig-holstein.de *.podigee-cdn.net *.kaltura.com landesportal-sh.dwebanalytics.de luftdaten.umweltbundesamt.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openstreetmap.org *.openstreetmap.fr *.openstreetmap.de *.schleswig-holstein.de *.gdi-sh.de cdnjs.cloudflare.com cdn.podigee.com *.podigee-cdn.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com phpefi.schleswig-holstein.de *.openstreetmap.org *.openstreetmap.de *.vimeo.com *.schleswig-holstein.de *.gdi-sh.de cdn.podigee.com *.podigee-cdn.net cdnjs.cloudflare.com landesportal-sh.dwebanalytics.de *.summ-ai.com; object-src luftdaten.umweltbundesamt.de; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.youtube-nocookies.com youtu.be vimeo.com *.schleswig-holstein.de; frame-src *.google.com *.gstatic.com *.vimeo.com *.schleswig-holstein.de *.gdi-sh.de *.kaltura.com cdn.podigee.com *.podigee-cdn.net *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.openstreetmap.de *.openstreetmap.fr luftdaten.umweltbundesamt.de; img-src 'self' data: *.seminareonlinebuchen.de *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeocdn.com phpefi.schleswig-holstein.de *.openlayers.org *.openstreetmap.org *.openstreetmap.fr *.openstreetmap.de *.schleswig-holstein.de *.gdi-sh.de sgx.geodatenzentrum.de *.cdninstagram.com *.podigee-cdn.net *.fbcdn.net *.bootstrapcdn.com stamen-tiles-b.a.ssl.fastly.net stamen-tiles-c.a.ssl.fastly.net stamen-tiles-d.a.ssl.fastly.net stamen-tiles-a.a.ssl.fastly.net luftdaten.umweltbundesamt.de summ-media-prod.s3.amazonaws.com; worker-src blob: 'self'; frame-ancestors 'self' *.schleswig-holstein.de; font-src 'self' cdnjs.cloudflare.com *.gdi-sh.de maxcdn.bootstrapcdn.com; connect-src 'self' *.schleswig-holstein.de *.gdi-sh.de landesportal-sh.dwebanalytics.de *.summ-ai.com; 2
default-src 'none' ; worker-src 'self' blob: ; media-src https://s3-eu-west-1.amazonaws.com https://*.devrdx.com https://storage.devrdx.com https://visomdm.com https://*.visomdm.com 'self' blob: data: ; frame-src https://radix-downloads.s3.eu-west-1.amazonaws.com https://charts.mongodb.com *.bluesnap.com *.hotjar.com https://www.youtube.com *.google.com *.googletagmanager.com https://visomdm.com https://*.visomdm.com ; connect-src https://api.descope.com *.productfruits.com https://app.grapesjs.com wss://*.visomdm.com https://pro.ip-api.com *.hotjar.io *.devrdx.com *.glbth.com https://*.devrdx.com *.visomdm.com https://visomdm.com https://rdxstate.vtv.vodafone.com wss://*.devrdx.com wss://*.glbth.com wss://*.hotjar.com wss://*.tawk.to wss://*.xirsys.com *.hotjar.com *.tawk.to *.hubapi.com *.hs-banner.com *.hsappstatic.net *.google.com 'self' ; font-src 'self' *.tawk.to *.gstatic.com ; img-src *.productfruits.com *.ggpht.com tawk.link blob: *.googleusercontent.com *.googleadservices.com https://www.youtube.com https://www.google.com https://*.gstatic.com https://*.mzstatic.com https://cdn.jsdelivr.net/emojione/ *.tawk.to https://storage.devrdx.com https://*.devrdx.com https://visomdm.com https://*.visomdm.com *.tile.openstreetmap.org *.hubspot.net *.hubspot.com data: 'self' ; style-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net/emojione/ *.productfruits.com https://cdnjs.cloudflare.com *.googleapis.com https://embed.tawk.to/ ; script-src 'self' https://cdn.jsdelivr.net/emojione/ *.productfruits.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.usemessages.com *.hs-banner.com *.hotjar.com *.tawk.to *.openstreetmap.org https://www.youtube.com https://apis.google.com *.google.com *.googletagmanager.com *.doubleclick.net *.gstatic.com *.ip-api.com 'sha256-jxahBNaefKb7HUgrP6SFqod39I6KB1wnzxNv+Gahh2s=' 'sha256-mf7OlEdaUdLAGAIDqicGf/kRbd9P604n4ooz6WIWPZc=' 'sha256-YJ3eJPxdzm7qieW1lfM307T3jCkb8WIfRGJEnAE84p0=' 'sha256-HCQgNWRxpMGyJmBen1qvR4yz7uVPEl0DqYaArRIfx5g=' https://itunes.apple.com/ ; frame-ancestors 'self' 2
frame-ancestors 'self' https://preview--link-curate-dash.lovable.app https://discovertool2.lovable.app https://id-preview--f23e5e3d-5e92-4b7c-b502-6b188deb8dc9.lovable.app; 2
connect-src 'self' data: blob: https://surveystats.hotjar.io https://*.hotjar.io https://*.clarity.ms https://l.getsitecontrol.com https://dash.getsitecontrol.com https://gse.gigaset.com *.hotjar.com wss://*.hotjar.com *.getsitectrl.com https://api.chatchamp.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu graphql.usercentrics.eu stats.g.doubleclick.net www.google.de bat.bing.com halc.iadvize.com in.hotjar.com s.adroll.com ct.pinterest.com https://fast-static.smarketer.de https://*.billwerk.com sandbox.billwerk.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com vc.hotjar.io ws3.hotjar.com ws7.hotjar.com wss://ws3.hotjar.com wss://ws7.hotjar.com www.facebook.com www.google.ch www.google.com www.google.fr ws6.hotjar.com wss://ws6.hotjar.com www.google.co.uk ws10.hotjar.com ws4.hotjar.com ws8.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws4.hotjar.com wss://ws8.hotjar.com www.google.be www.google.hr www.google.it www.google.nl www.google.ru ws12.hotjar.com ws18.hotjar.com ws2.hotjar.com wss://ws12.hotjar.com wss://ws18.hotjar.com wss://ws2.hotjar.com ws5.hotjar.com wss://ws5.hotjar.com www.google.es www.google.se www.google.com.tr www.google.cz ws17.hotjar.com wss://ws17.hotjar.com ws15.hotjar.com wss://ws15.hotjar.com www.google.co.in ws16.hotjar.com wss://ws16.hotjar.com www.google.com.cy www.google.pl ws9.hotjar.com wss://ws9.hotjar.com ws11.hotjar.com wss://ws11.hotjar.com app.getsitecontrol.com ws1.hotjar.com www.google.at d.adroll.com ws13.hotjar.com ws14.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com www.google.gr api.trustbadge.etrusted.com www.google.cl www.google.co.cr www.google.co.za www.google.com.ar www.google.rs service.gigaset.com www.google.ba www.google.dk www.google.ae network-eu.bazaarvoice.com www.google.hu wss://ff.kis.v2.scr.kaspersky-labs.com www.google.com.mx www.bing.com www.google.co.il www.google.co.ma www.google.co.ve www.google.com.bd www.google.com.co www.google.com.lb www.google.com.pe www.google.ie www.google.lu www.google.no www.google.pt www.google.ro www.google.si *.convertize.io pop1.getsitecontrol.com maps.googleapis.com *.etracker.de s.clcktrax.com *.analytics.google.com consent-api.service.consent.usercentrics.eu gcmatomo.gigaset.com https://fast.smarketer.de https://eu-api.friendlycaptcha.eu https://api.friendlycaptcha.com api.bazaarvoice.com accounts-eu.freshworks.com gigaset-org.freshworks.com https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://googleads.g.doubleclick.net https://gigaset.freshdesk.com https://*.paypal.com https://www.paypal.com https://*.ads.linkedin.com https://google.com https://www.googleadservices.com https://challenges.cloudflare.com https://*.bazaarvoice.com https://*.cmp.usercentrics.eu https://*.google-analytics.com https://*.eye-able.com https://*.civiccomputing.com https://s2.getsitecontrol.com https://www.googletagmanager.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.iamsmartad.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu app.usercentrics.eu connect.facebook.net data: googleads.g.doubleclick.net graphql.usercentrics.eu https://pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.facebook.com www.google.com www.google.de https://www.googletagmanager.com www.youtube.com halc.iadvize.com bat.bing.com widgets.getsitecontrol.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com pixel.convertize.io p.typekit.net use.typekit.net ct.pinterest.com https://fast-static.smarketer.de s.pinimg.com ups.xplosion.de display.ugc.bazaarvoice.com s.adroll.com gse.gigaset.com ff.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com https://mpsnare.iesnare.com gcmatomo.gigaset.com accounts-eu.freshworks.com gigaset-org.freshworks.com https://*.etrusted.com https://*.fresworks.com https://*.gigaset.com https://*.paypal.com https://*.linkedin.com https://*.eye-able.com https://*.eye-able-cdn.com https://cdn.eye-able.com https://*.bazaarvoice.com https://*.cmp.usercentrics.eu https://*.googleadservices.com https://*.google-analytics.com https://*.civiccomputing.com https://s2.getsitecontrol.com; font-src https://script.hotjar.com use.typekit.net data: 'self' st.getsitecontrol.com fonts.gstatic.com github.com static3.avast.com gcmatomo.gigaset.com https://fonts.gstatic.com https://apps.bazaarvoice.com; form-action 'self' https://www.facebook.com https://feldtest.gigaset.com https://security.gigaset.com https://service.gigaset.com https://api.bazaarvoice.com https://ct.pinterest.com https://gigaset-org.freshworks.com https://accounts-eu.freshworks.com; frame-ancestors 'self' www.gigaset.com *.etracker.com *.google.com; img-src 'self' 'report-sample' https://c.clarity.ms/c.gif https://c.bing.com https://dsum-sec.casalemedia.com https://script.hotjar.com https://smarttracking.defacto-x.net https://m2.getsitecontrol.com https://trc.taboola.com https://d.adroll.com https://www.google.ee https://www.google.is app.usercentrics.eu googleads.g.doubleclick.net pixel.mathtag.com test.gse.gigaset.com tr.outbrain.com widgets.magentocommerce.com widgets.trustedshops.com www.facebook.com www.gigaset.com www.google.com www.google.de display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com photos-uat-eu.bazaarvoice.com bat.bing.com data: d.adroll.com cdn.pay1.de image-charts.com www.googletagmanager.com ct.pinterest.com img.youtube.com network-eu-stg-a.bazaarvoice.com app.getsitecontrol.com media.getsitecontrol.com gse.gigaset.com insight.adsrvr.org network-eu.bazaarvoice.com pro-gse.gigaset.com www.google.ch www.google.co.uk www.google.com.tr www.google.com.tw www.google.es www.google.fr www.google.it www.google.nl www.google.pl photos-eu.bazaarvoice.com test.gigaset.com www.google.at www.google.be aax-eu.amazon-adsystem.com ads.yahoo.com cm.g.doubleclick.net connect.facebook.net network-eu-a.bazaarvoice.com stats.g.doubleclick.net sync.outbrain.com sync.taboola.com www.google.co.il www.google.cz www.google.hr www.google.lu www.google.ru www.google.sk www.gstatic.com www.google.com.lb translate.google.com www.google.se www.google.co.ao www.google.co.in www.google.co.kr www.google.com.mx www.google.hu www.google.no px.ads.linkedin.com www.awin1.com www.google.com.cy ib.adnxs.com i.ytimg.com www.google.az www.google.co.za www.google.com.bd www.google.fi www.google.pt www.google.co.cr www.google.ci www.google.com.sa www.google.rs www.google.gr android-webview-video-poster www.google.com.ar www.google.tn www.google.com.vn www.google.cl www.google.iq maps.googleapis.com maps.gstatic.com www.google.com.mt www.google.mn www.google.ro www.google.si www.google.ba blob: www.google.com.eg www.google.ae www.google.dk www.google.li pixel.rubiconproject.com pagead2.googlesyndication.com www.google.co.id www.google.co.ma www.google.ge www.google.ie www.linkedin.com analytics.google.com fcmatch.google.com fcmatch.youtube.com sync.mathtag.com ups.analytics.yahoo.com www.google.by www.google.cn www.google.co.ve www.google.com.br www.google.com.co www.google.com.et www.google.com.gt www.google.com.kw www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.ua dpm.demdex.net *.advertising.com *.pubmatic.com *.3lift.com *.bidswitch.net *.outbrain.com *.openx.net *.convertize.io www.etracker.de uct.service.usercentrics.eu s.clcktrax.com photos-us.bazaarvoice.com gcmatomo.gigaset.com https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://fonts.gstatic.com contentorigin.bazaarvoice.com https://www.paypalobjects.com https://*.paypal.com https://t.paypal.com https://*.ads.linkedin.com https://*.eye-able-cdn.com https://cdn.eye-able.com https://*.bazaarvoice.com https://*.googleadservices.com https://*.google-analytics.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://*.clarity.ms https://s2.getsitecontrol.com https://cdn.iamsmartad.com amplify.outbrain.com app.usercentrics.eu connect.facebook.net googleads.g.doubleclick.net js.chatchamp.com pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com halc.iadvize.com widgets.getsitecontrol.com analytics-static.ugc.bazaarvoice.com bat.bing.com display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com stg.api.bazaarvoice.com script.hotjar.com static.hotjar.com a.adroll.com d.adroll.com d.adroll.mgr.consensu.org s.adroll.com pixel.convertize.io secure.pay1.de s.pinimg.com cdn.xplosion.de ups.xplosion.de sandbox.billwerk.com selfservice.sandbox.billwerk.com https://*.billwerk.com https://selfservice.billwerk.com apps.bazaarvoice.com asn-trk.advolution.de st.getsitecontrol.com api.bazaarvoice.com network-eu.bazaarvoice.com tpc.googlesyndication.com gse.gigaset.com me.kis.v2.scr.kaspersky-labs.com static.iadvize.com www.google.com www.dwin1.com ad1.adfarm1.adition.com adfarm1.adition.com gc.kis.v2.scr.kaspersky-labs.com secure.adnxs.com snap.licdn.com maps.googleapis.com s2.adform.net track.adform.net www.pagespeed-mod.com 'unsafe-eval' cdn.taboola.com ff.kis.v2.scr.kaspersky-labs.com www.google.de www.google.it imagesrv.adition.com https://mpsnare.iesnare.com https://l.getsitecontrol.com/p7jz5lm4.js *.etracker.com *.etracker.de cdn.iamstudent.com s.clcktrax.com https://api.signalize.com/accounts/X3ssZWx/signalize.min.js *.analytics.google.com gcmatomo.gigaset.com https://fast-static.smarketer.de https://fast.smarketer.de https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://*.googletagmanager.com https://app.usercentrics.eu https://accounts-eu.freshworks.com https://service.gigaset.com https://gigaset-org.freshworks.com https://www.paypal.com https://pay.google.com https://www.sandbox.paypal.com https://x.klarnacdn.net https://www.gstatic.com https://challenges.cloudflare.com https://*.eye-able.com https://*.bazaarvoice.com https://web.cmp.usercentrics.eu https://*.google-analytics.com https://*.civiccomputing.com; style-src data: 'self' 'unsafe-inline' display.ugc.bazaarvoice.com s.adroll.com p.typekit.net use.typekit.net gse.gigaset.com gc.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com me.kis.v2.scr.kaspersky-labs.com translate.googleapis.com gcmatomo.gigaset.com https://*.etrusted.com https://www.googletagmanager.com https://*.eye-able-cdn.com https://cdn.eye-able.com https://*.bazaarvoice.com https://*.google-analytics.com; child-src blob:; frame-src https://www.pinterest.de https://ir.tools.investis.com pixel.mathtag.com www.google.com www.facebook.com vars.hotjar.com secure.pay1.de www.youtube.com bid.g.doubleclick.net js.chatchamp.com api.bazaarvoice.com display.ugc.bazaarvoice.com tpc.googlesyndication.com cms.gigaset.com gigaset-prov.gigaset.com gigaset.secure.force.com where-to-buy.co www.googletagmanager.com player.vimeo.com ad2.adfarm1.adition.com 'self' gigaset-net.gigaset.com ct.pinterest.com forms.office.com verify.iamstudent.com www.iamstudentverify.com pwm-image.trendmicro.com www.pinterest.com gcmatomo.gigaset.com app.usercentrics.eu gigaset.my.salesforce-sites.com https://*.etrusted.com https://*.doubleclick.net https://*.reepay.com https://challenges.cloudflare.com https://*.cmp.usercentrics.eu https://*.google-analytics.com; 2
frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com https:;img-src https: data: 'self' maps.gstatic.com *.googleapis.com *.ggpht.com;style-src 'self' 'unsafe-inline' https:; 2
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' * 'unsafe-inline' data: blob:; img-src 'self' * data: blob:; font-src 'self' * data:; connect-src 'self' *; media-src 'self' *; frame-src 'self' *; object-src 'self' * 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 2
img-src 'self' blob: data: https://www.googletagmanager.com https://www.google.co.kr https://i.ytimg.com https://perf-na1.hsforms.com https://track.hubspot.com https://forms.hsforms.com https://admin.counterpointresearch.com https://test.counterpointresearch.com https://counterpointresearch.com https://display.counterpointresearch.com https://loki.counterpointresearch.com data:; 2
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com *.visualwebsiteoptimizer.com https://forms.hsforms.com; frame-ancestors 'self' http://cms.colombiahosting.com.co; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com  https://googleads.g.doubleclick.net; upgrade-insecure-requests; worker-src blob:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.eventit.de blob:; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.eventit.de *.akamaized.net *.cloudfront.net *.vimeocdn.com vimeo.com data.w52.com data: blob:; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.webcast-eqs.com export.highcharts.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.vimeocdn.com vimeo.com data.w52.com blob: data:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io blob:; child-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com blob: data:; style-src 'self' 'unsafe-inline' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.eye-able.com *.eye-able-cdn.com; font-src 'self' data: *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pusher.com walls.io *.walls.io *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.vimeocdn.com vimeo.com *.youtube.com data.w52.com *.eye-able.com *.eye-able-cdn.com blob:; img-src 'self' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.vimeocdn.com vimeo.com *.youtube.com *.ytimg.com *.eye-able.com *.eye-able-cdn.com data.w52.com data data:; object-src 'self' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.eye-able.com *.eye-able-cdn.com; connect-src 'self' ws: *.pusher.com *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.akamaized.net *.cloudfront.net *.vimeocdn.com vimeo.com *.eye-able.com *.eye-able-cdn.com data.w52.com blob:; frame-ancestors 'self' file://* social.cloud.tbintra.net *.daimlertruck.com *.mercedes-benz-trucks.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com 2
default-src 'self'; script-src 'self' https://cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com https://script.crazyegg.com https://sc.lfeeder.com https://www.googletagmanager.com https://*.cloudfront.net https://a.quora.com https://www.redditstatic.com https://bat.bing.com https://analytics.twitter.com https://static.ads-twitter.com https://t.co https://plausible.io https://snap.licdn.com https://js.hs-scripts.com https://cdn.vector.co https://cdn.intellimize.co https://js.hsforms.net https://hubspotonwebflow.com https://cdn.jsdelivr.net https://cdn.jetboost.io https://api.jetboost.io https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://s3-us-west-2.amazonaws.com/b2bjsstore/ https://*.liadm.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://static.hsappstatic.net https://www.google.com https://google.com https://recaptcha.net https://boards.greenhouse.io https://w.chatlio.com https://www.gstatic.com https://*.hubspotusercontent-na1.net https://*.hubspotusercontent-eu1.net https://cdnjs.cloudflare.com/ajax/libs/highlight.js/ https://googleads.g.doubleclick.net https://js.pusher.com https://*.osano.com https://static.reo.dev/ https://unpkg.com/@rive-app/ https://ob.sornavellon.com https://obs.sornavellon.com https://a.usbrowserspeed.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://services.min.io https://cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com https://*.quora.com https://analytics.twitter.com https://t.co https://www.google.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://*.hsforms.com https://bat.bing.com https://*.lfeeder.com https://track.hubspot.com https://*.liadm.com https://*.reddit.com https://d10lpsik1i8c69.cloudfront.net https://d3e54v103j8qbb.cloudfront.net https://*.linkedin.com https://*.chatlio.com https://www.googleadservices.com https://*.doubleclick.net https://fonts.gstatic.com https://obs.sornavellon.com; connect-src 'self' https://cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com https://services.min.io https://dl.min.io https://a.quora.com https://analytics.google.com https://www.google-analytics.com https://plausible.io https://*.linkedin.com https://www.google.com https://google.com https://pagead2.googlesyndication.com https://*.intellimize.co https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://accounts.finsweet.com https://hubspotonwebflow.com https://pro.ip-api.com https://api.vector.co https://cs.lf-discover.com https://static.hsappstatic.net https://api.hubapi.com https://a.usbrowserspeed.com https://alocdn.com https://stats.g.doubleclick.net https://*.liadm.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://cdn.jsdelivr.net https://api.jetboost.io https://*.algolia.net https://*.algolianet.com https://api.chatlio.com https://bat.bing.com https://pipedream.wistia.com https://*.reddit.com https://www.redditstatic.com https://settings.luckyorange.net https://*.crazyegg.com wss://in.visitors.live wss://visitors.live https://*.luckyorange.com https://www.googleadservices.com wss://ws.pusherapp.com https://api-cdn.chatlio.com https://www.googletagmanager.com https://*.webflow.com wss://realtime.webflow.com https://prodregistryv2.org https://internet-up.ably-realtime.com https://*.osano.com https://api.reo.dev https://unpkg.com/@rive-app/ https://obs.sornavellon.com https://www.gstatic.com; style-src 'self' https://cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com https://boards.greenhouse.io https://w.chatlio.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/ https://d10lpsik1i8c69.cloudfront.net https://d3e54v103j8qbb.cloudfront.net https://fonts.googleapis.com https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: https://cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com https://fonts.gstatic.com https://d3e54v103j8qbb.cloudfront.net; media-src 'self' https://cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com https://d10lpsik1i8c69.cloudfront.net https://*.chatlio.com; object-src 'none'; frame-src 'self' https://*.intellimizeio.com https://www.googletagmanager.com https://app.storylane.io https://cdn.embedly.com https://job-boards.greenhouse.io https://forms.hsforms.com https://www.google.com https://google.com https://i.liadm.com https://webflow.com; frame-ancestors 'self' https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.io https://learn.min.io; worker-src 'self' blob:; base-uri 'none'; 2
default-src 'self'; child-src 'self' blob:; connect-src 'self' *.twitter.com *.ads-twitter.com *.redditstatic.com *.reddit.com rgitsprdstorage.blob.core.windows.net *.clarity.ms unpkg.com cdn.jsdelivr.net *.6sense.com *.6sc.co assets.contentstack.io cdn.contentstack.io api.smartrecruiters.com *.coveo.com *.cvent.com *.g2crowd.com *.algolianet.com pubsub.googleapis.com ingest.insights.ninetailed.co cdn.bizible.com cdn.bizibly.com munchkin.marketo.net images.contentstack.io *.typekit.net ws.zoominfo.com *.luckyorange.com *.visitors.live js.zi-scripts.com settings.luckyorange.com *.google.com experience.ninetailed.co cdn.cookielaw.org *.akamaihd.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.google-analytics.com *.microstrategy.com *.strategy.com *.mktoutil.com *.calendly.com microstrategy.sharepoint.com *.omtrdc.net *.wistia.net *.wistia.com swb-pd-amecc5bkdjechdb2.z01.azurefd.net swb-pp-g9cmc2f9b2eaf8aw.z01.azurefd.net *.mktoresp.com platform.cloud.coveo.com wss:; font-src 'self' *.wistia.net *.microstrategy.com *.strategy.com *.typekit.net data: fonts.gstatic.com; frame-src 'self' form.typeform.com www.youtube-nocookie.com insight.adsrvr.org www.googletagmanager.com *.wistia.com *.wistia.net *.cvent.com *.demdex.net *.doubleclick.net *.microstrategy.com *.strategy.com *.youtube.com *.calendly.com calendly.com optimize.google.com; img-src 'self' blob: *.wistia.net *.reddit.com *.twitter.com t.co c.clarity.ms cdn.bizible.com cdn.bizibly.com *.6sense.com *.6sc.co cdn.cookielaw.org images.contentstack.io adservice.google.com rgitsprdstorage.blob.core.windows.net microstrategy.sharepoint.com *.cvent.com *.adsymptotic.com *.ads.linkedin.com *.akamaihd.net *.demdex.net *.doubleclick.net *.everesttech.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.microstrategy.com *.omtrdc.net *.wistia.com optimize.google.com data: static.cloud.coveo.com www.google.com; media-src 'self' *.akamaihd.net *.microstrategy.com *.strategy.com *.wistia.com blob: data: fast.wistia.net; object-src 'self'; script-src 'self' *.clarity.ms 'unsafe-inline' 'unsafe-eval' *.redditstatic.com *.twitter.com *.ads-twitter.com *.calendly.com *.6sense.com *.6sc.co *.wistia.net cdn.bizible.com cdn.bizibly.com tools.luckyorange.com js.adsrvr.org js.zi-scripts.com *.g2crowd.com js.sentry-cdn.com *.cvent.com *.mktoweb.com *.googleanalytics.com *.googleoptimize.com optimize.google.com *.akamaihd.net *.doubleclick.net *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.licdn.com *.marketo.net *.microstrategy.com *.strategy.com *.onetrust.com *.wistia.com blob: assets.adobedtm.com cdn.cookielaw.org *.coveo.com wcs.naver.net ws.zoominfo.com; style-src 'self' 'unsafe-inline' optimize.google.com fonts.googleapis.com *.microstrategy.com *.strategy.com *.typekit.net cdn.cookielaw.org static.cloud.coveo.com; worker-src 'self' 'unsafe-inline' blob: data:; frame-ancestors 'none'; 2
frame-src 'self' https://*.youtube.com https://*.google.com https://*.sibforms.com; 2
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com  *.stitcher.com use.typekit.net https://fonts.gstatic.com data:; media-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.gstatic.com *.bakermckenzie-podcastlibrary-wordpress.onenorth.com bakermckenzie-podcastlibrary-wordpress.onenorth.com blob: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.oribi.io *.onetrust.com  *.stitcher.com *.google-analytics.com translate.googleapis.com stats.g.doubleclick.net cdn.cookielaw.org https://px.ads.linkedin.com *.mktoresp.com blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com translate.google.com *.google-analytics.com app-static.turtl.co static.ads-twitter.com munchkin.marketo.net cdn.cookielaw.org snap.licdn.com *.ceros.com connect.facebook.net *.cloudfront.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: filesystem: *.google-analytics.com *.bakermckenzie.com bakermckenzie.com *.googletagmanager.com gstatic.com *.gstatic.com translate.google.com *.siteimproveanalytics.io px.ads.linkedin.com *.linkedin.com p.adsymptotic.com  cdn.cookielaw.org; frame-src 'self' gateway.zscalertwo.net *.youtube.com *.stitcher.com *.libsyn.com *.buzzsprout.com *.spotify.com *.podbean.com *.soundcloud.com *.podcasts.apple.com omny.fm *.vbrick.com *.bryter.io *.bakermckenzie.com *.youtube-nocookie.com *.vimeo.com *.google.com *.googletagmanager.com *.yoshki.com app-static.turtl.co view.ceros.com 2
default-src 'none'; frame-src open.spotify.com www.youtube-nocookie.com data: video/mp4 https://widget.trustpilot.com/ td.doubleclick.net www.googletagmanager.com *.doubleclick.net; style-src 'self' 'unsafe-inline' https://www.hl.co.uk open.spotify.com www.youtube-nocookie.com fonts.googleapis.com; font-src 'self' https://www.hl.co.uk https://www.hl.co.uk fonts.gstatic.com fonts.googleapis.com; img-src 'self' https://online.hl.co.uk https://www.hl.co.uk data: images.hl.uk open.spotify.com www.youtube-nocookie.com www.googletagmanager.com googleads.g.doubleclick.net www.google.co.uk www.google.com *.ytimg.com *.ggpht.com www.facebook.com https://widget.trustpilot.com/ https://www.hl.co.uk cdn-ukwest.onetrust.com bat.bing.com bat.bing.net analytics.twitter.com t.co https://*.google-analytics.com *.doubleclick.net adservice.google.com; media-src assets.hl.uk videos.hl.uk open.spotify.com *.youtube-nocookie.com; script-src 'self' https://www.hl.co.uk https://online.hl.co.uk open.spotify.com *.youtube-nocookie.com https://widget.trustpilot.com/ 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com connect.facebook.net tpc.googlesyndication.com online.hl.co.uk cdn-ukwest.onetrust.com *.amplitude.com *.qualtrics.com bat.bing.com bat.bing.net bat.bing-int.com www.googleadservices.com googleads.g.doubleclick.net www.google.co.uk www.facebook.com static.ads-twitter.com; connect-src 'self' https://www.hl.co.uk https://online.hl.co.uk open.spotify.com logs.browser-intake-datadoghq.eu rum.browser-intake-datadoghq.eu https://browser-intake-datadoghq.eu www.youtube-nocookie.com video.google.com www.hl.co.uk online.hl.co.uk hlsearch.hl.co.uk search.hl.uk content.hl.uk app.launchdarkly.com events.launchdarkly.com cdn-ukwest.onetrust.com geolocation.onetrust.com privacyportal-uk.onetrust.com *.amplitude.com *.qualtrics.com bat.bing.com bat.bing.net bat.bing-int.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.google.co.uk https://*.google-analytics.com https://*.analytics.google.com www.googletagmanager.com www.facebook.com static.ads-twitter.com https://widget.trustpilot.com browser-intake-datadoghq.eu *.doubleclick.net; frame-ancestors none; 2
default-src 'none'; script-src 'self' *.b0e8.com *.bc0a.com blob: marvel-b2-cdn.bc0a.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com *.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com j.6sc.co bam.nr-data.net geolocation.onetrust.com *.google.com tpc.googlesyndication.com maps.googleapis.com www.gstatic.com js.hsforms.net *.hsforms.com *.pressganey.com *.cdntwrk.com www.googleoptimize.com connect.facebook.net js.hs-scripts.com js.usemessages.com js.hs-analytics.net js.hs-banner.com cdn.cookielaw.org *.wistia.com *.wistia.net src.litix.io fast.wistia.com *.googletagmanager.com info.pressganey.com js.hsleadflows.net cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com *.zoominfo.com js.hsadspixel.net subscriptions.smartrecruiters.com static.smartrecruiters.com www.smartrecruiters.com jobpal-sm.s3.amazonaws.com pressganey.com cdn.jsdelivr.net *.castos.com 675-zyq-542.mktoweb.com googleads.g.doubleclick.net *.marketo.net *.pathfactory.com *.googleadservices.com *.google.com *.google.com/pagead/form-data *.googlesyndication.com pressganey.wistia.com code.jquery.com browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com legal.pressganey.com static.smartrecruiters.com *.hsforms.com *.wistia.com *.cdntwrk.com *.googletagmanager.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com *.pressganey.com *.castos.com googleads.g.doubleclick.net *.pathfactory.com 'unsafe-inline'; frame-ancestors 'self' library.forsta.com resources.rioseo.com pressganey.com *.pathfactory.com view-su2.highspot.com; frame-src 'self' play.vidyard.com vars.hotjar.com tpc.googlesyndication.com td.doubleclick.net *.google.com *.pressganey.com www.googletagmanager.com survey.us.confirmit.com js.hsforms.net *.hsforms.com www.facebook.com app.livestorm.co *.hubspot.com pressganey-20208516.hs-sites.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com *.myworkdayjobs.com googleads.g.doubleclick.net *.pathfactory.com pressganey.wistia.com *.wistia.com *.wistia.net *.pathfactory.com www.youtube.com emergingrnleader.com view-su2.highspot.com cdn-app.pathfactory.com/:0 open.spotify.com; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com *.hsforms.com www.facebook.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com googleads.g.doubleclick.net *.pathfactory.com; connect-src 'self' 'self' go.pressganey.com play.vidyard.com www.google-analytics.com cdn.cookielaw.org secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com www.google.com adservice.google.com *.googleapis.com *.googletagmanager.com *.googleapis.com maps.googleapis.com *.google.com *.6sc.co digitalfeedback.us.confirmit.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.hsforms.com *.cdntwrk.com js.hs-banner.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com www.facebook.com cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com ws.zoominfo.com api.hubapi.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io jobpal-sm.s3.amazonaws.com pressganey.com cdn.growthbook.io px.ads.linkedin.com *.castos.com googleads.g.doubleclick.net *.mktoresp.com *.pathfactory.com www.google.com/ccm/collect *.googleadservices.com browser.sentry-cdn.com; font-src 'self' data: fonts.gstatic.com *.cdntwrk.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com googleads.g.doubleclick.net *.pathfactory.com ; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-fastly.wistia.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com googleads.g.doubleclick.net *.pathfactory.com; img-src https: data:; report-uri 2
default-src 'self' https://*.directupload.net https://*.directupload.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.directupload.net https://*.directupload.eu; img-src 'self' https://ssl.google-analytics.com data: https://*.directupload.net https://*.directupload.eu; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; frame-src 'self' https://www.google.com https://*.directupload.net https://*.directupload.eu; worker-src 'self'; frame-ancestors 'self'; connect-src 'self' https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net; 2
frame-ancestors 'self' https://*.nwea.org; 2
default-src blob: ws: data: 'self' 'unsafe-inline' 'unsafe-eval' *.pobeda.aero *.flypobeda.ru www.youtube.com mc.yandex.ru mc.yandex.com captcha-api.yandex.ru yastatic.net smartcaptcha.yandexcloud.net vk.com *.vk.com *.tripster.ru *.mail.ru; frame-ancestors 'self' https://*.yandex.ru https://*.webvisor.com 2
frame-ancestors 'self' https://app.mutinyhq.com https://docs.google.com ajax.cloudflare.com cloudflareinsights.com 2
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; 2
base-uri 'self'; child-src 'self'; connect-src 'self' https://*.meo.pt https://*.botschool.ai https://api.botschool.ai wss://api.botschool.ai wss://api.ng.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud wss://*.engagement.coremedia.cloud https://*.byside.com wss://*.byside.com https://cdn-api-weglot.com https://cloudflarestream.com https://*.creativecdn.com https://*.evergage.com https://www.facebook.com https://*.google-analytics.com https://adservice.google.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://in.hotjar.com https://*.inmobi.com https://*.inside-graph.com wss://*.inside-graph.com https://*.qualifio.com https://*.qualifioapp.com https://*.qualtrics.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://visit-server.inmobi-choice.io https://*.weglot.io https://*.clarity.ms https://*.doubleclick.net https://quantcast.mgr.consensu.org https://*.quantcast.mgr.consensu.org https://*.userway.org https://www.google.pt https://services.sapo.pt https://signet-spot.telecom.pt https://analytics-ipv6.tiktokw.us; default-src 'self'; font-src 'self' data: https://*.meo.pt https://cdnjs.cloudflare.com https://*.evergage.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://eu-cdn.inside-graph.com https://connect.facebook.net https://fast.fonts.net; form-action 'self' https://*.meo.pt https://*.engagement.coremedia.cloud https://*.byside.com https://www.facebook.com https://connect.facebook.net; frame-ancestors 'self' https://en.meo.pt https://sapo.pt https://hp2025.bk.sapo.pt https://cinema.sapo.pt https://mag.sapo.pt https://preview.sapo.pt https://hp2025.staging.sapo.pt https://tv.sapo.pt https://www.sapo.pt; frame-src 'self' https://*.meo.pt https://youtu.be https://*.engagement.coremedia.cloud https://stags.bluekai.com https://*.byside.com https://*.creativecdn.com https://www.facebook.com https://*.figma.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://vars.hotjar.com https://*.inside-graph.com https://meo.speedtestcustom.com https://meoteste.speedtestcustom.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.youtube.com https://*.smark.io https://*.meo.velocidi.io https://*.brightcove.net https://*.doubleclick.net https://*.userway.org https://qualifio.sapo.pt https://signet-spot.telecom.pt; img-src 'self' data: https:; media-src 'self' blob: data: https://*.meo.pt; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/pkX84pGsGX/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud https://tags.bkrtx.com https://*.byside.com https://cdnjs.cloudflare.com https://*.creativecdn.com https://*.evergage.com https://cdn.evgnet.com https://*.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com https://*.hotjar.com https://*.inmobi.com https://*.inside-graph.com https://*.qualifio.com https://*.qualifioapp.com https://*.qualtrics.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.serving-sys.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://p.smrk.io https://*.meo.velocidi.io https://u.heatmap.it https://*.clarity.ms https://mstat.acestream.net https://*.doubleclick.net https://connect.facebook.net https://quantcast.mgr.consensu.org https://*.userway.org https://selo.confio.pt; style-src 'self' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud https://s3.amazonaws.com https://*.byside.com https://*.evergage.com https://use.fontawesome.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com https://*.inside-graph.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://cdn.weglot.com https://fast.fonts.net https://*.userway.org https://selo.confio.pt; worker-src 'self' blob:; object-src 'none' 2
default-src 'self'; img-src 'self' blob: data: https://vercel.live/ https://vercel.com https://api-frameworks.vercel.sh https://sockjs-mt1.pusher.com/ https://emoji.slack-edge.com/ https://vercel.fides-cdn.ethyca.com/ https://hebbkx1anhila5yf.public.blob.vercel-storage.com/ https://xurtccytrzafbfk3.public.blob.vercel-storage.com/ https://gvsmhepiuiax2e6y.public.blob.vercel-storage.com/ https://4o3mjgkuedjhm5we.public.blob.vercel-storage.com/ https://ss5vlswhqmiddtca.public.blob.vercel-storage.com/ https://7oslg1lqcbxvjpfm.public.blob.vercel-storage.com/ https://9z6zzmtcb9nt0fnu.public.blob.vercel-storage.com/ https://pdgvvgmkdvyeydso.public.blob.vercel-storage.com/ https://rzlr8f5n71kfl4us.public.blob.vercel-storage.com/ https://blobs.vusercontent.net https://avatars.githubusercontent.com; script-src 'self' blob: 'unsafe-inline' 'wasm-unsafe-eval' https://vercel.live/ https://vercel.com https://vercel.fides-cdn.ethyca.com/ https://va.vercel-scripts.com/v1/ https://js.stripe.com/ https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/ https://unpkg.com/react-scan/dist/auto.global.js https://cdn.jsdelivr.net/npm/react-scan/dist/auto.global.js https://cdn.jsdelivr.net/npm/@huggingface/ *.cr-relay.com; style-src 'self' 'unsafe-inline' data: https://vercel.live/ https://vercel.fides-cdn.ethyca.com/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/; font-src 'self' https://fonts.gstatic.com https://vercel.live https://assets.vercel.com data: https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/; connect-src 'self' https://v0.dev https://v0.app https://vercel.live/ https://vercel.com https://*.pusher.com/ https://blob.vercel-storage.com https://*.blob.vercel-storage.com https://blobs.vusercontent.net wss://*.pusher.com/ wss://*.vercel.run https://fides-vercel.us.fides.ethyca.com/api/v1/ https://cdn-api.ethyca.com/location https://privacy-vercel.us.fides.ethyca.com/api/v1/ https://vercel.com/.well-known/otel/metrics https://*.sentry.io/api/ https://huggingface.co/onnx-community/ https://cas-bridge.xethub.hf.co/xet-bridge-us/ https://cdn.jsdelivr.net/npm/@huggingface/ *.cr-relay.com; frame-src 'self' http://localhost:* https://*.vusercontent.net/ https://*.lite.vusercontent.net/ https://generated.vusercontent.net/ https://*.vercel.run/ https://*.vercel.app/ https://*.vercel.sh/ https://vercel.live/ https://vercel.com https://vercel.fides-cdn.ethyca.com/ https://js.stripe.com/; frame-ancestors 'self' https://notion.site https://embed.notion.co notion://www.notion.so https://www.notion.so https://notion.so https://*.notion.so notion://notion.so https://inflight.co https://*.inflight.co https://v0-git-shu-e7sf.vercel.sh; media-src 'self' https://hebbkx1anhila5yf.public.blob.vercel-storage.com/ https://xurtccytrzafbfk3.public.blob.vercel-storage.com/ https://pdgvvgmkdvyeydso.public.blob.vercel-storage.com/ https://rzlr8f5n71kfl4us.public.blob.vercel-storage.com/ https://blobs.vusercontent.net; report-uri /api/csp-report; 2
frame-ancestors 'self' https://layout-cms.fox35orlando.com; 2
default-src https: blob: wss: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' googleads.g.doubleclick.net www.youtube.com propellerads.com *.propellerads.com; 2
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://cspabuse.itpays.no 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com files.bizhub.sh cdnjs.cloudflare.com *.stripe.com *.compute.amazonaws.com iwsuibuilder-v21-develo.elasticbeanstalk.com recaptcha.net; connect-src 'self' api.locize.io *.stripe.com *.taxjar.com files.bizhub.sh www.google-analytics.com piwik.konicaminolta.eu bizhub.singles *.bizhub.singles develop.singles *.develop.singles 0a0243a9.green *.0a0243a9.green 0a0243a9.xyz *.0a0243a9.xyz 9a3420a0.xyz *.9a3420a0.xyz konicaminoltamarketplace.com *.konicaminoltamarketplace.com bizhubmarketplace.com *.bizhubmarketplace.com developmarketplace.com *.developmarketplace.com *.compute.amazonaws.com iwsuibuilder-v21-develo.elasticbeanstalk.com *.amazonaws.com; font-src 'self' files.bizhub.sh fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ajax.aspnetcdn.com *.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com files.bizhub.sh maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ajax.aspnetcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io *.stripe.com cdn.polyfill.io www.google-analytics.com www.googletagmanager.com *.google.com www.gstatic.com cdnjs.cloudflare.com ajax.aspnetcdn.com piwik.konicaminolta.eu recaptcha.net; img-src 'self' data: files.bizhub.sh cdnjs.cloudflare.com s3.us-west-2.amazonaws.com www.google-analytics.com *.stripe.com *.stripecdn.com; frame-src 'self' *.stripe.com *.stripecdn.com recaptcha.net 2
frame-ancestors 'self' https://layout-cms.fox29.com; 2
default-src https:;  script-src https: data: 'unsafe-inline' 'unsafe-eval';  style-src https: 'unsafe-inline';  img-src https: data: blob:;  media-src https: data: blob:;  font-src https: data:;  connect-src https: wss:;  worker-src 'self' blob:;  form-action 'self';  frame-ancestors 'none';  upgrade-insecure-requests; 2
default-src 'self' https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ https://matomo.ovgu.de/; connect-src https://vtdnntts-eu.readspeaker.com/cgi-bin/vtapi4/8a5329cbccf8907da3d36aa9009fcaf0.flv https://app-eu.readspeaker.com/cgi-bin/rsent?logid=4717&ver=3.2.5_rev1125-wr *.ovgu.de; img-src 'self' *.ovgu.de data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.ovgu.de/; object-src 'none'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' *.ovgu.de *.uni-magdeburg.de; frame-src https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ https://www.google.com/maps/ *.ovgu.de *.uni-magdeburg.de; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-cookieyes.com https://cdn.tolt.io https://unpkg.com https://cdn.jsdelivr.net https://www.youtube.com https://www.youtube-nocookie.com https://tally.so https://va.vercel-scripts.com https://www.googletagmanager.com https://widget.kapa.ai https://www.google.com https://www.gstatic.com https://metrics.kapa.ai https://proxyhog.prisma-data.net https://cdn.cr-relay.com https://app.enzuzo.com/ https://static.ads-twitter.com https://snap.licdn.com https://vercel.live https://58qr5yci46.execute-api.us-east-1.amazonaws.com https://analytics.twitter.com https://t.co https://static.ads-twitter.com https://px.ads.linkedin.com https://snap.licdn.com https://region1.google-analytics.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://kit.fontawesome.com https://raw.githubusercontent.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tolt.io https://vercel.live https://proxyhog.prisma-data.net; font-src 'self' data: https://fonts.gstatic.com https://vercel.live https://assets.vercel.com https://ka-f.fontawesome.com; img-src 'self' data: https://cdn.sanity.io https://prismalens.vercel.app https://api.producthunt.com https://www.google.com https://www.google.com/s2/favicons https://*.gstatic.com https://pbs.twimg.com/ https://cdn.tolt.io https://cdn-cookieyes.com https://website-prisma.vercel.app https://www.cursor.com/ https://cursor.com/ https://analytics.twitter.com https://t.co https://static.ads-twitter.com https://px.ads.linkedin.com https://snap.licdn.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://vercel.live https://vercel.com data: blob: https://td.doubleclick.net https://raw.githubusercontent.com; connect-src 'self' https://api.github.com https://p2zxqf70.api.sanity.io https://www.youtube.com https://cdn.jsdelivr.net https://accelerate-analytics-exporter.prisma-data.net https://www.prisma-status.com https://api.rippling.com https://api.producthunt.com https://*.tally.so https://va.vercel-scripts.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://metrics.kapa.ai https://cdn-cookieyes.com https://log.cookieyes.com https://*.algolia.net https://*.algolianet.com https://proxyhog.prisma-data.net https://directory.cookieyes.com https://api.cr-relay.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://internal-t.posthog.com https://vercel.live wss://ws-us3.pusher.com https://react-tweet.vercel.app https://cdn.tolt.io https://58qr5yci46.execute-api.us-east-1.amazonaws.com https://analytics.twitter.com https://t.co https://static.ads-twitter.com https://px.ads.linkedin.com https://snap.licdn.com https://region1.google-analytics.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://raw.githubusercontent.com https://www.google-analytics.com https://unpkg.com; media-src 'self' https://*.prisma.io https://unpkg.com https://cdn.jsdelivr.net https://www.youtube.com; frame-src 'self' https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://tally.so https://*.tally.so https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://vercel.live/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://calculator.prisma.io/ https://ppg-pricing-calculator.vercel.app; child-src 'self' https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://tally.so https://*.tally.so https://www.googletagmanager.com https://www.google.com https://www.gstatic.com; worker-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 2
default-src *; connect-src 'self' https://cdnjs.cloudflare.com https://js.zi-scripts.com https://region1.google-analytics.com https://ws.zoominfo.com; font-src *; img-src * data:; script-src * 'unsafe-inline' blob:; style-src * 'unsafe-inline'; 2
frame-ancestors 'self' *.telia.ee 2
frame-src my.walls.io google.com *.google.com www.nobelbiocare.com *.fls.doubleclick.net *.hotjar.com *.hotjar.io *.facebook.com *.hsforms.com static.addtoany.com app.hubspot.com oc-cdn-ocprod.azureedge.net *.qualtrics.com td.doubleclick.net *.hs-sites.com; frame-ancestors www.nobelbiocare.com nobel.metamark-dev.com *.metamark-dev.com *.hs-sites.com; report-uri /report-csp-violation 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.twilio.com *.contentsquare.net *.heapanalytics.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.sdiapi.com *.sdiapi.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.aurusepay.com *.auruspay.com h.online-metrix.net td.doubleclick.net *.sdiapi.com *.sdiapi.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com h.online-metrix.net *.google-analytics.com *.analytics.google.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org tracking.deepsearch.adlucent.com *.twilio.com *.zumiez.com blob: *.contentsquare.net *.heapanalytics.com *.crowdtwist.com *.online-metrix.net *.google.com *.googletagmanager.com *.doubleclick.net *.cookielaw.org scene7.zumiez.com scene7.zumiez.ca s7d1.scene7.com *.rfksrv.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.avada.io https://cdn.ownid.com https://cdn.uat.ownid.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com h.online-metrix.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com tracking.deepsearch.adlucent.com *.twilio.com *.contentsquare.net *.contentsquare.com *.hotjar.com cdn.us.heap-api.com *.heapanalytics.com *.scarabresearch.com www.clarity.ms *.cookielaw.org *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.cloudfront.net *.rfksrv.com *.sdiapi.com *.sdiapi.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.typekit.net *.aurusepay.com *.auruspay.com *.heapanalytics.com 'self' 'unsafe-inline'; object-src *.twilio.com *.zumiez.com blob: 'self' 'unsafe-inline'; media-src *.adobe.com *.twilio.com *.zumiez.com scene7.zumiez.com scene7.zumiez.ca 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io https://cdn.ownid.com/ https://*.server.ownid.com/ https://*.server.uat.ownid.com/ https://*.uat.ownid.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com ws: h.online-metrix.net *.google-analytics.com *.analytics.google.com *.twilio.com *.zumiez.com *.contentsquare.net *.heapanalytics.com c.us.heap-api.com *.aurusepay.com *.auruspay.com *.scarabresearch.com stats.g.doubleclick.net w.clarity.ms bam.nr-data.net *.cookielaw.org *.onetrust.com *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.sdiapi.com *.sdiapi.net *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: *.sdiapi.com *.sdiapi.net http: https: blob: 'self' 'unsafe-inline'; default-src *.zumiez.com blob: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.advantech.com *.advantech.com.cn static.zdassets.com static.hotjar.com cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com dev.visualwebsiteoptimizer.com js.hs-analytics.net script.hotjar.com www.google-analytics.com lpcdn.lpsnmedia.net dashboard.whoisvisiting.com snap.licdn.com va.v.liveperson.net connect.facebook.net accdn.lpsnmedia.net fast.wistia.com fast.wistia.net api.ipify.org www.google.com hm.baidu.com az416426.vo.msecnd.net player.polyv.net www.youtube.com www.clarity.ms kit.fontawesome.com cdn-cookieyes.com cdn.jsdelivr.net openfpcdn.io challenges.cloudflare.com app.vwo.com cdn.mouseflow.com js.sentry-cdn.com maps.google.com maps.googleapis.com browser.sentry-cdn.com api.map.baidu.com dlswbr.baidu.com maponline0.bdimg.com googleads.g.doubleclick.net www.googleadservices.com pi.pardot.com adv.my.site.com static.cloudflareinsights.com scripts.clarity.ms adv--staging.sandbox.my.site.com;       img-src 'self' data: *.advantech.com *.advantech.com.cn campaign.advantech.online *.visualwebsiteoptimizer.com advantechfiles.blob.core.windows.net advdownload.blob.core.windows.net app.vwo.com c.bing.com c.clarity.ms cdn-cookieyes.com chart.googleapis.com dashboard.whoisvisiting.com dev.visualwebsiteoptimizer.com embed-ssl.wistia.com fast.wistia.com fonts.gstatic.com googleads.g.doubleclick.net hm.baidu.com img.videocc.net px.ads.linkedin.com www.facebook.com www.google-analytics.com www.google.com www.google.com.tw www.googleadservices.com www.googletagmanager.com www.linkedin.com maps.googleapis.com maps.gstatic.com api.map.baidu.com maponline0.bdimg.com maponline1.bdimg.com webmap0.bdimg.com  miao.baidu.com fast.wistia.net;       style-src 'self' 'unsafe-inline' *.advantech.com *.advantech.com.cn fonts.googleapis.com dev.visualwebsiteoptimizer.com cdnjs.cloudflare.com kit.fontawesome.com ka-p.fontawesome.com www.googletagmanager.com api.map.baidu.com fast.wistia.com n.foxdsgn.com advantechfiles.blob.core.windows.net adv.my.site.com adv--staging.sandbox.my.site.com;                               font-src 'self' data: *.advantech.com *.advantech.com.cn fast.wistia.com fast.wistia.net fonts.gstatic.com script.hotjar.com ka-p.fontawesome.com;                               worker-src 'self' blob:;                               frame-ancestors 'self' *.advantech.com *.advantech.com.cn *.iotmart.com adv--iotmartdev.sandbox.my.site.com campaign.advantech.online ottlive.hinet.net www.google.com;                                      object-src 'none'; 2
frame-ancestors 'self' https://planeetta.ladesk.com 2
script-src * 'unsafe-inline' 'unsafe-eval' 'self'  *.263.net 2
default-src 'self' fl.ru *.fl.ru static.fl.ru production-flru.website.yandexcloud.net *.mail.ru *.yandex.ru; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: *.fl.ru static.fl.ru production-flru.website.yandexcloud.net *.acstat.com artfut.com www.artut.com counter.rambler.ru mc.yandex.ru *.mail.ru *.tns-counter.ru; img-src data: blob: *; media-src *.fl.ru *.usedesk.ru static.fl.ru production-flru.website.yandexcloud.net; style-src 'unsafe-inline' 'unsafe-eval' blob: https: 'self' *.fl.ru static.fl.ru production-flru.website.yandexcloud.net; font-src 'self' data: blob: https: fonts.gstatic.com an.yandex.ru yastatic.net yastat.net; frame-src 'self' *.fl.ru static.fl.ru smartcaptcha.yandexcloud.net yookassa.ru production-flru.website.yandexcloud.net *.hcaptcha.com *.soundcloud.com direct.yandex.ru mc.yandex.ru *.yandex.md yastatic.net *.typeform.com *.adriver.ru rutube.ru *.rutube.ru *.vimeo.com youtube.com *.youtube.com; child-src fl.ru *.fl.ru static.fl.ru; connect-src 'self' *.fl.ru fl.ru fl.ru:* *.fl.ru:* ws://fl.ru:* wss://fl.ru:* ws://*.fl.ru:* wss://*.fl.ru:* static.fl.ru ws://*.usedesk.ru *.usedesk.ru *.hcaptcha.com *.popmechanic.ru *.mradx.net *.mail.ru vk.com *.vk.com *.adriver.ru *.acstat.com static.fl.ru *.mail.ru wss://mc.yandex.ru *.yandex.ru yandex.ru ymetrica1.com; 2
form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.fls.doubleclick.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.omtrdc.net *.twitter.com covers.odilo.io *.ads-twitter.com *.facebook.com *.facebook.net cdn.cookielaw.org *.googletagmanager.com *.googleadservices.com online.bancosantander.es a.omappapi.com *.googleapis.com extend.vimeocdn.com t.co adservice.google.com *.linkedin.com *.google-analytics.com *.santanderopenacademy.com *.universia.net fonts.gstatic.com in-automate.sendinblue.com z.omappapi.com api.omappapi.com snap.licdn.com images.findawayworld.com *.tiktok.com privacyportal-de.onetrust.com sibautomation.com use.typekit.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com santander-privacy.my.onetrust.com; frame-ancestors 'self' *.santanderopenacademy.com *.googletagmanager.com; connect-src 'self' cdn.equalweb.com *.universia.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com www.linkedin.com script.hotjar.com img.youtube.com px4.ads.linkedin.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com www.google.ie www.facebook.com cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com *.analytics.google.com *.google-analytics.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io px.ads.linkedin.com analytics.tiktok.com *.pangle-ads.com *.omappapi.com *.vimeo.com *.santanderopenacademy.com *.onetrust.com *.tiktokw.us sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com *.doubleclick.net track.adform.net www.facebook.com *.universia.net universia.net *.googletagmanager.com *.santanderopenacademy.com *.vimeo.com doubleclick.net *.doubleclick.net; img-src 'self' data: *.santanderopenacademy.com *.santanderx.com dss.hybrid.ai su-commons-documents.s3.eu-west-1.amazonaws.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com i.ytimg.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com *.universia.net img.youtube.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es *.googletagmanager.com *.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com covers.odilo.io images.findawayworld.com *.doubleclick.net *.odilotk.es *.googlesyndication.com snapchat.com *.snapchat.com; manifest-src 'self'; media-src 'self' data: *.santanderopenacademy.com *.santanderx.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' emd.hybrid.ai *.hybrid.ai pixel.wp.pl *.santanderopenacademy.com www.google.com cdn.jsdelivr.net cdn.equalweb.com *.googleadservices.com code.jquery.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com *.googletagmanager.com *.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com *.googleapis.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com *.gstatic.com *.omappapi.com *.googlesyndication.com sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net st.hybrid.ai; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com *.googletagmanager.com fonts.googleapis.com *.omappapi.com; worker-src *.universia.net 2
frame-ancestors 'self' stvr.sk *.stvr.sk *.dev.stvr.sk stvr.org *.stvr.org 2
script-src * 'unsafe-inline' 'unsafe-eval' blob: 2
frame-ancestors https://preferred.kotaksecurities.com https://staging.kotaksecurities.com https://www.kotaksecurities.com https://www.kotakneo.com https://netbanking.kotak.com  https://q-ntrade.kotaksecurities.online https://ntrade.kotaksecurities.online https://ntrade.kotaksecurities.com https://neo.kotaksecurities.com https://cdn-static.trendlyne.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-static.trendlyne.com https://cdn-static.trendlyne.com/static/clientstatic/kayal/js/all-in-one-screener-summary-modal.v1.18.min.js https://cdn-static-cf.trendlyne.com/static/clientstatic/kayal/js/all-in-one-screener-summary-modal.v1.18.min.js https://cdnjs.cloudflare.com/ajax/libs/highcharts/9.0.1/highcharts.js https://cdnjs.cloudflare.com/ajax/libs/highcharts/9.0.1/modules/variable-pie.js https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.min.js https://unpkg.com/react-dom@16.8.4/umd/react-dom.production.min.js https://unpkg.com/react@16.8.4/umd/react.production.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/popper.min.js https://cdn-static.trendlyne.com/static/clientstatic/kayal/js/screener-loader.min.js https://code.jquery.com/jquery-3.6.0.min.js https://cdn.ampproject.org https://*.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://*.clarity.ms https://static.ads-twitter.com https://www.linkedin.com https://web-in21.mxradon.com https://bat.bing.com http://*.googleadservices.com https://f1.leadsquaredcdn.com https://*.notifyvisitors.com wss://kotaksecurities-uat.allincall.in wss://*.notifyvisitors.com https://fonts.gstatic.com https://*.googleapis.com https://kotak9-securities-acc.allincall.in https://kotak-securities-acc.allincall.in https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.co.in https://accounts.google.com https://kotaksecurities-uat.allincall.in https://kotak-securities-acc-uat.allincall.in https://*.doubleclick.net https://*.amazonaws.com https://adservice.google.com https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.4/jquery-ui.js https://*.cloudfront.net/Simplify360Chat.js https://www.youtube.com https://www.gstatic.com https://websdk.appsflyer.com https://unpkg.com/web-vitals@3/dist/web-vitals.iife.js https://platform.twitter.com https://www.redditstatic.com/ads/pixel.js https://cdn.debugbear.com/TTqbBqIKiNnR.js https://insights-api.rebid.co; object-src 'none'; 2
frame-ancestors 'self' https://www.swcp.com 2
frame-ancestors 'self' https://lissaplay.com https://noalvodaroletaapp.com ; 2
value 2
default-src 'self' https://privacyportal.cookiepro.com https://pagestrip.com; script-src *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com *.doubleclick.net *.googleadservices.com *.recaptcha.net munchkin.marketo.net *.eloqua.com *.en25.com *.pagestrip.com player.vimeo.com *.ssl.cf1.rackcdn.com *.youtube.com s3.amazonaws.com magna.us5.list-manage.com *.baidu.com *.usersnap.com *.adform.net *.adnxs.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hscollectedforms.net *.hs-banner.com forms-eu1.hsforms.com *.cookielaw.org *.google.com *.mediavalet.com cdn.jsdelivr.net cdnjs.com code.jquery.com consent.cookiebot.com consentcdn.cookiebot.com cookie-cdn.cookiepro.com cse.google.com dec.azureedge.net downloads.mailchimp.com emea3.recruitmentplatform.com fast.fonts.net geolocation.onetrust.com js-eu1.hsforms.net kendo.cdn.telerik.com maxcdn.bootstrapcdn.com mc.us5.list-manage.com platform.stumbleupon.com/1/widgets.js publish.twitter.com rum-static.pingdom.net s.ytimg.com s7.addthis.com secure.adnxs.com sjs.bizographics.com snap.licdn.com stackpath.bootstrapcdn.com syndication.twitter.com unpkg.com v1.addthisedge.com walls.io www.googletagmanager.com www.youtube.com/iframe_api z.moatads.com *.hsleadflows.net js-eu1.hubspot.com www.52cloudacute.com www.acuteimaginative.com js.hsforms.net player.podigee-cdn.net 'self' cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.pagestrip.com *.ssl.cf1.rackcdn.com cdn.jsdelivr.net cdn.mediavalet.com cdn-images.mailchimp.com cdnjs.cloudflare.com dec.azureedge.net downloads.mailchimp.com emea3.recruitmentplatform.com fast.fonts.net form.asana.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com www.youtube.com player.podigee-cdn.net 'self' 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://www.google.co.uk https://dec.azureedge.net https://*.dec.sitefinity.com https://px.ads.linkedin.com *.eloqua.com https://i3.ytimg.com https://i.ytimg.com https://ml.globenewswire.com https://p.adsymptotic.com https://downloads.mailchimp.com https://resource.globenewswire.com https://cookie-cdn.cookiepro.com https://shp.qpic.cn https://img.youtube.com https://magna.com https://cdnjs.cloudflare.com https://clients1.google.com https://www.google.com https://www.googletagmanager.com *.magna.com *.pagestrip.com https://puui.qpic.cn https://cms.sps-digital.com https://stats.g.doubleclick.net https://www.google.ca https://hm.baidu.com https://mcusercontent.com https://cdn-images.mailchimp.com https://www.google.vg https://www.google.de https://www.google.fr *.rackcdn.com *.adnxs.com *.hsforms.com *.hubspot.com cdn.mediavalet.com https://insights.apps-magna.com https://media.corporate-ir.net https://px4.ads.linkedin.com https://images.podigee-cdn.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.pagestrip.com *.magna.com player.podigee-cdn.net; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://mpt-product-information.com/ https://td.doubleclick.net/ https://www.recaptcha.net/ https://magna.gcs-web.com/ https://my.walls.io/ https://www.google.com/ https://forms-eu1.hsforms.com/ https://www.facebook.com/ https://magna.s2.positionierung.at/ https://form.asana.com/ https://app.truelook.cloud/ https://embed.mediavalet.com/ https://www.googletagmanager.com/ https://js.hsforms.net https://player.podigee-cdn.net https://magna.jifflenow.com/ https://scribehow.com/; connect-src 'self' *.google-analytics.com https://*.googleapis.com/ *.mktoresp.com *.linkedin.oribi.io *.addthis.com *.hs-banner.com *.hubspot.com *.hubapi.com forms-eu1.hscollectedforms.net *.google.com *.analytics.google.com *.dec.sitefinity.com *.pagestrip.com analytics.google.com cdn.cookielaw.org cookie-cdn.cookiepro.com emea3.recruitmentplatform.com forms-eu1.hsforms.com geolocation.onetrust.com global3.recruitmentplatform.com hm.baidu.com m.addthis.com magna-na.magna.com pagead2.googlesyndication.com pagestrip.com privacyportal.cookiepro.com px.ads.linkedin.com rum-collector-2.pingdom.net s7.addthis.com stats.g.doubleclick.net www.google.ca www.google.de www.google.se www.google.vg googleads.g.doubleclick.net ib.adnxs.com www.facebook.com fclog.baidu.com forms.hsforms.com cdn.mediavalet.com unpkg.com static.hsappstatic.net; media-src 'self' data: blob: *.ssl.cf1.rackcdn.com *.cf2.rackcdn.com *.cf1.rackcdn.com *.iosr.cf1.rackcdn.com https://cms.sps-digital.com https://cdn.mediavalet.com; child-src 'self' https://embed.mediavalet.com/ https://td.doubleclick.net/ https://magna.gcs-web.com https://s7.addthis.com https://consentcdn.cookiebot.com/ https://www.google.com https://v.qq.com/ https://walls.io/ https://cse.google.com/ https://pagestrip.com https://*.pagestrip.com https://my.walls.io https://www.magnapeople.com https://mpt-product-information.com/ https://magna-staging.jifflenow.com/ https://magna.jifflenow.com/ https://www.recaptcha.net https://www.mpt-product-information.com https://bid.g.doubleclick.net https://open.spotify.com/ https://www.youtube-nocookie.com/ https://forms-eu1.hsforms.com/ https://magna.s2.positionierung.at/ 2
default-src 'unsafe-inline' 'unsafe-eval' https: data:; block-all-mixed-content; upgrade-insecure-requests 2
frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' https://vercel.live https://www.datadoghq-browser-agent.com https://embed.typeform.com https://static.zdassets.com https://*.zendesk.com https://www.google.com https://accounts.google.com https://static.ads-twitter.com https://www.googletagmanager.com https://analytics.twitter.com https://www.gstatic.com https://challenges.cloudflare.com https://maps.googleapis.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://ajax.googleapis.com https://d3e54v103j8qbb.cloudfront.net https://cdn.prod.website-files.com https://appleid.cdn-apple.com; style-src 'self' 'unsafe-inline' https://embed.typeform.com https://cdn.prod.website-files.com https://fonts.googleapis.com https://accounts.google.com https://appleid.cdn-apple.com https://maps.googleapis.com; img-src 'self' data: blob: https://static.arkhamintelligence.com https://explorer-api.walletconnect.com https://*.zendesk.com https://*.google.com https://cdn.prod.website-files.com https://t.co https://analytics.twitter.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com *.googleadservices.com https://www.facebook.com https://*.facebook.com https://raw.githubusercontent.com https://assets.coingecko.com https://coin-images.coingecko.com https://s2.coinmarketcap.com https://arbitrum.foundation https://assets.kraken.com https://ipfs.io https://cdnjs.cloudflare.com/ajax/libs/twemoji/; font-src 'self' https://fonts.gstatic.com https://cdn.prod.website-files.com; connect-src 'self' https://*.amplitude.com https://browser-intake-datadoghq.com wss://arkm.com https://arkm.com https://explorer-api.walletconnect.com https://api.mixpanel.com https://ekr.zdassets.com https://*.zdassets.com https://*.zendesk.com https://api.typeform.com https://tracking.typeform.com wss://*.zendesk.com https://*.google.com https://www.google-analytics.com https://accounts.google.com https://appleid.cdn-apple.com https://www.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://*.facebook.com https://api.moonpay.com https://*.g.alchemy.com https://api.0x.org https://coins.llama.fi https://api.arkm.com; frame-src 'self' https://vercel.live blob: https://form.typeform.com https://www.youtube.com https://www.google.com https://accounts.google.com https://appleid.cdn-apple.com https://arkham-intelligenceinc-uat.web.amer-1.jumio.ai https://arkham-intelligenceinc-prod.web.amer-1.jumio.ai/ https://challenges.cloudflare.com https://client-portal.dotfile.com/ https://maps.googleapis.com https://td.doubleclick.net https://www.googletagmanager.com https://buy.moonpay.com https://buy-sandbox.moonpay.com https://sell.moonpay.com https://sell-sandbox.moonpay.com; worker-src 'self' blob:; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf13099fba9124cbb76a582d44fe80de0&dd-evp-origin=content-security-policy&ddsource=csp-report; 2
default-src 'self' data: ws: blob: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com *.office365.com *.kuka.com *.kuka.cn *.mouseflow.com *.zscaler.net d2csxpduxe849s.cloudfront.net kuka-digital-sphere.pages.dev; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com *.ads-twitter.com *.twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com *.instabot.io *.yandex.ru *.convertwork.cn *.hotjar.com *.cavy9soho.com *.cloudflare.com *.force.com *.my.salesforce.com *.salesforceliveagent.com *.kuka.com *.cloudflareinsights.com *.mouseflow.com *.zscaler.net *.youtube.com kuka-digital-sphere.pages.dev *.adroll.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.force.com *.kuka.com *.googletagmanager.com kuka-digital-sphere.pages.dev; child-src 'self' blob: *.vimeo.com; frame-src 'self' *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly player.youku.com https: *.doubleclick.net snap.licdn.com *.presono.com *.linkedin.com *.juicer.io *.audi-mediacenter.com *.office365.com *.mouseflow.com; connect-src 'self' data: ws: blob: *.googleadservices.com *.googlesyndication.com adservice.google.com *.instabot.io *.yandex.ru *.hotjar.com *.bing.com *.office365.com *.kuka.com *.mouseflow.com *.convertwork.cn noembed.com *.google.com *.doubleclick.net *.linkedin.com *.googletagmanager.com; frame-ancestors 'self' https://kuka.presono.com *.kuka.com *.sandbox.my.site.com 2
default-src 'self' *.adobe.io *.omtrdc.net www.facebook.com www.google-analytics.com; frame-src 'self' https://www.googletagmanager.com/ https://acrobatservices.adobe.com/ https://tools.eurolandir.com/ https://gamma.euroland.com/ https://www.youtube.com/ https://wavedw.santandergroup.net/ https://td.doubleclick.net/ https://documentservices.adobe.com https://open.spotify.com https://www.tiktok.com/ https://tr.snapchat.com *.google.com *.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/ ; media-src 'self' https://waveplayer01.santandergroup.net https://www.santander.com;  img-src 'self' https://bat.bing.net/ https://cdn.cookielaw.org https://adservice.google.com https://*.inspiringbenefits.com https://*.linkedin.com https://abs.twimg.com https://analytics.twitter.com https://bat.bing.com https://dev.day.com https://googleads.g.doubleclick.net https://i.ytimg.com https://pbs.twimg.com https://platform.twitter.com https://px.ads.linkedin.com https://syndication.twitter.com https://t.co https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.es  *.omtrdc.net data: w3.org/svg/2000 https://*.clarity.ms https://dummyimage.com https://www.santander.com https://*.bing.com; script-src 'self' https://tools.euroland.com/ https://tools.eurolandir.com/ https://acrobatservices.adobe.com/ https://qvdt3feo.com/ https://sf16-website-login.neutral.ttwstatic.com/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_v1.0.11.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_lib_v1.0.11.js track.adform.net 'unsafe-inline' 'unsafe-eval' https://tr.snapchat.com cdn-dev.wdesk.org cdn-prod.wdesk.com sc-static.net platform.instagram.com documentservices.adobe.com www.googletagmanager.com maps.googleapis.com gruposantand-stage.adobemsbasic.com gruposantand-prod.adobemsbasic.com geolocation.onetrust.com cdn.cookielaw.org tbcdn.talentbrew.com player.vimeo.com www.youtube.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net fonts.gstatic.com www.google-analytics.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com www.adobe.io tag.oniad.com  sstats.adobe.com documentcloud.adobe.com p13n.adobe.io viewlicense.adobe.io use.typekit.net santander.com www.santander.com gruposantand-prod.adobemsbasic.com static-exp1.licdn.com bat.bing.com stackadapt.com srv.stackadapt.com tags.srv.stackadapt.com syndication.twitter.com cdn.syndication.twimg.com licdn.com www.linkedin.com www.omtrdc.net www.instagram.com platform.twitter.com tbcdn.talentbrew.com maps.googleapis.com player.vimeo.com www.google.com www.google.es www.google-analytics.com www.gstatic.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net www.youtube.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com r3---sn-h5q7dne6.googlevideo.com ikuna.s3.amazonaws.com assets.adobedtm.com www.googletagmanager.com static.ads-twitter.com snap.licdn.com connect.facebook.net analytics.twitter.com https://www.googleadservices.com googleads.g.doubleclick.net https://accdn.lpsnmedia.net/api/account/52492817/configuration/setting/accountproperties/ https://assets.adobedtm.com/fdfbb5376673/978974bd73e8/launch-a4fb25bd3770.min.js sc-static.net/scevent.min.js https://bat.bing.com/bat.js https://cdn.syndication.twimg.com/timeline/profile https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10781141842/ https://lpcdn.lpsnmedia.net/le_unified_window/10.17.0.8-release_5442/ui-framework.js https://lptag.liveperson.net/tag/tag.js https://platform.twitter.com/widgets.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://tags.srv.stackadapt.com/events.js https://tags.tiqcdn.com/utag/santander/corporate-main-aem/prod/utag.js https://www.clarity.ms/tag/b84z53kzvw https://www.google-analytics.com/analytics.js  https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www.clarity.ms https://www.go-mpulse.net https://www.google-analytics.com; style-src tbcdn.talentbrew.com 'self' 'unsafe-inline' https://sf16-website-login.neutral.ttwstatic.com/ https://lf16-tiktok-web.ttwstatic.com/ https://platform.twitter.com https://tags.srv.stackadapt.com https://ton.twimg.com https://tags.srv.stackadapt.com/sa.css; connect-src 'self' https://www.googleadservices.com/ https://www.facebook.com/ https://bat.bing.net/ https://www.google.com https://cdn-prod.wdesk.com/ https://googleads.g.doubleclick.net/pagead/landing https://www.google.com/pagead/landing https://region1.google-analytics.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io/partner/3624849/domain/ https://*.tiktok.com https://adservice.google.com https://analytics.google.com https://cdn.cookielaw.org https://bat.bing.com https://collect.tealiumiq.com *.omtrdc.net https://region1.analytics.google.com https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://viewlicense.adobe.io https://www.clarity.ms https://*.clarity.ms https://www.google-analytics.com https://www.google.es https://www.facebook.com/tr/ https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://tr.snapchat.com/p data:; font-src 'self' data:; object-src 'self' https://8853727.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob: data: wss:; form-action 'self' forms.hsforms.com www.facebook.com; frame-ancestors 'self' *; 2
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'none'; frame-ancestors 'self' serato.sanity.studio; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://bat.bing.com https://*.googletagmanager.com https://*.facebook.net https://connect.facebook.net https://*.app-us1.com https://analytics.tiktok.com https://*.hotjar.com https://*.zdassets.com https://serato.zendesk.com https://*.iubenda.com https://insights.serato.com; font-src 'self' https://fast.fonts.net https://static.serato.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://static.serato.com https://*.hotjar.com https://*.iubenda.com; img-src 'self' data: https://*.cdn.sera.to https://cdn.sanity.io https://static.serato.com https://serato.com https://bat.bing.com https://*.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.facebook.com https://*.hotjar.com https://serato.zendesk.com https://*.iubenda.com https://insights.serato.com; connect-src 'self' https://*.serato.com https://*.sanity.io https://serato-limited.breezy.hr/json https://gtm-p9hq86n-mgfkm.uc.r.appspot.com https://analytics.google.com https://www.google-analytics.com https://bat.bing.com https://*.facebook.net https://connect.facebook.net https://*.app-us1.com https://analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.zdassets.com https://serato.zendesk.com wss://serato.zendesk.com https://*.iubenda.com https://insights.serato.com; media-src 'self' https://static.serato.com https://*.cdn.sera.to https://cdn.sanity.io; frame-src 'self' https://youtube.com https://www.youtube.com https://w.soundcloud.com https://embed.music.apple.com https://gtm-p9hq86n-mgfkm.uc.r.appspot.com https://*.iubenda.com https://insights.serato.com 2
frame-ancestors 'self' *.lovecrafts.com 2
default-src 'self' *; base-uri 'self'; font-src 'self' https: data:; form-action http://*.enterprisedb.com http://enterprisedb.com http://enterprisedb.okta.com 'self'; frame-ancestors 'self'; img-src 'unsafe-inline' 'self' blob: data: *; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' * blob:; script-src-attr 'unsafe-inline'; style-src 'unsafe-inline' 'self' *; upgrade-insecure-requests 2
form-action *.a1.hr *.tomato.com.hr *.corvus.hr *.paypal.com *.corvuspay.com; 2
frame-ancestors 'self' *.ramtrucks.com; 2
frame-src 'self' https://app.cofcsports.com https://google.com https://www.google.com https://*.snapchat.com https://*.adsrvr.org charleston.gpinsights.org  https://td.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://googletagmanager.com https://go.pardot.com https://cofc.secure.force.com https://forms.charleston.edu https://forms.cofc.edu https://cofc-edu.my.salesforce-sites.com youtube.com *.youtube.com vimeo.com *.vimeo.com calendar.charleston.edu *.charleston.edu https://cofc.tfaforms.net www.imleagues.com imleagues.com *.k12insight.com k12insight.com cofc.edu *.cofc.edu cofc.zoom.us fm-cofc.maps.arcgis.com cougarconnect.cofc.edu outlook.office365.com *.arcgis.com teams.microsoft.com *.lightcastcc.com *.camstreamer.com *.buzzsprout.com buzzsprout.com; 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' https: https://paynow.pmnts-sandbox.io https://paynow.pmnts.io; 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https: twitter:; frame-ancestors http: https:; img-src https: data: blob:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval'  https:; worker-src 'self' blob:; child-src 'self' blob:;  style-src 'unsafe-inline' https:; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' https://ge.ch *.etat-ge.ch https://datawrapper.dwcdn.net/; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' data: https://*.ge.ch https://ge.ch https://*.infomaniak.com https://*.infomaniak.ch https://www.google-analytics.com *.etat-ge.ch https://www.etat.ge.ch https://datawrapper.dwcdn.net; media-src 'self' https://*.infomaniak.com https://*.infomaniak.ch blob:; frame-src 'self' https://vod.infomaniak.com https://player.infomaniak.com https://*.ge.ch https://ge.ch https://www.ropag-data.ch https://sketchfab.com https://datawrapper.dwcdn.net/; frame-ancestors https://*.ge.ch https://sitg.maps.arcgis.com; child-src 'self' https://vod.infomaniak.com https://*.ge.ch https://ge.ch blob:; font-src 'self' data:; connect-src 'self' *.etat-ge.ch ge.ch *.ge.ch *.geneveid.ch https://*.infomaniak.com; report-uri /report-csp-violation 2
default-src 'self' https://pretix.eu https://static.pretix.cloud; script-src 'self' 'sha256-+tmFggeXIPOAC2UgcQ3LW/gPHTkwyWg3/D6FOJ5BHGo=' 'unsafe-eval' https://matomo.rami.io https://pretix.eu https://static.pretix.cloud https://support.rami.io; object-src 'none'; frame-src 'self' https://matomo.rami.io https://pretix.eu https://static.pretix.cloud https://support.rami.io https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' data: https://cdn.pretix.cloud https://pretix.eu https://static.pretix.cloud https://support.rami.io; connect-src 'self' https://cdn.pretix.cloud https://matomo.rami.io https://pretix.eu https://static.pretix.cloud https://support.rami.io ws://support.rami.io; img-src 'self' data: https://cdn.pretix.cloud https://matomo.rami.io https://pretix.eu https://static.pretix.cloud https://support.rami.io; font-src 'self' https://pretix.eu https://static.pretix.cloud; media-src 'self' data: https://cdn.pretix.cloud https://pretix.eu https://static.pretix.cloud; form-action 'self' https: https://pretix.eu 2
connect-src 'self' https://vimeo.com https://s7g10.scene7.com https://track.adform.net https://unpkg.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://swedbankab.d3.sc.omtrdc.net *.swedbank.net https://dpm.demdex.net https://*.swedbank.se https://dpm.swedbank.se https://dpu.swedbank.se https://agent.nina-nuance.com/  https://www.swedbank.se https://swedbank.se https://enklafondhjalpen.swedbank.se https://agent-locator.nina-nuance.com https://agent-fp.nina-nuance.com https://swedbank.dfs.investis.com https://agent-ha.nina-nuance.com https://report.swedbank.glassboxdigital.io http://storybook-sb-9031-acorn-ui.apps.scp-west-zone02-z01.swedbank.net https://maps.googleapis.com/ https://www.google.com/ app.swedbank.test app.swedbank.se online.swedbank.se 2
frame-ancestors 'self' https://app.optimizely.com; upgrade-insecure-requests; object-src 'none' 2
default-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https: https://www.googletagmanager.com;   frame-src 'self'      https://www.google.com/recaptcha/      https://www.gstatic.com/recaptcha/      https://www.youtube.com      https://plcorp-cms.pinelabs.com      https://www.youtube-nocookie.com      https://www.googletagmanager.com      https://plcorp-cdn.pinelabs.com     https://www.google.com/     https://maps.google.com/     https://maps.googleapis.com/;   child-src 'self' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;   worker-src 'self' blob:;   connect-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https: wss://ws.hotjar.com;   style-src 'self' 'unsafe-inline' https:;   img-src 'self' data: https:;   font-src 'self' data: https:;   media-src 'self' https:;   frame-ancestors 'self' https://plcorp-cms.pinelabs.com; 2
default-src 'self'; media-src 'self' https://clickhouse.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://static.ads-twitter.com https://tag.unifyintent.com https://www.googleadservices.com https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://ajax.cloudflare.com https://buttons.github.io https://cdnjs.cloudflare.com https://cdn.ampproject.org https://cdn.cr-relay.com https://cdn.redocly.com https://cdn.segment.com https://static.cloudflareinsights.com https://yastatic.net https://app.clearbit.io https://marketo.clearbit.com https://tag.clearbitscripts.com https://x.clearbitjs.com https://discover.clickhouse.com https://js.driftt.com https://widget.drift.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://boards.greenhouse.io https://widget.kapa.ai https://munchkin.marketo.net https://bam.nr-data.net https://js-agent.newrelic.com https://conversions-config.reddit.com https://pixel-config.reddit.com https://www.redditstatic.com https://cdn-prod.securiti.ai https://cookie-cdn.cookiepro.com https://embed.lu.ma https://platform.twitter.com https://js.stripe.com https://player.vimeo.com https://www.youtube.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn-prod.securiti.ai https://discover.clickhouse.com https://embed.lu.ma https://fonts.googleapis.com; img-src * 'self' data: https:; object-src 'self' https://blog-images.clickhouse.com; connect-src 'self' https://ads-twitter.com https://analytics.twitter.com https://bam.nr-data.net https://google.com/ccm/form-data/* https://google.com/pagead/form-data/* https://px.ads.linkedin.com https://*.google-analytics.com https://api.unifyintent.com/analytics/v1/* https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://hn.algolia.com https://cdn.ampproject.org https://cdn.linkedin.oribi.io https://cdn.plyr.io https://cdn.segment.com https://*.clickhouse.com https://*.clickhouse.cloud https://*.clickhouse-dev.com https://*.clickhouse-staging.com wss://js.driftt.com wss://widget.drift.com https://app.clearbit.com https://app.clearbit.io https://app.securiti.ai https://cdn-prod.securiti.ai https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com https://api.github.com https://www.google.com https://cdn.growthbook.io https://boards-api.greenhouse.io https://ipinfo.io https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app/proxy/ https://*.mktoresp.com https://*.mktoutil.com https://noembed.com https://yoast.com https://events.redditmedia.com https://pixel.redditmedia.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://www.reddit.com https://www.redditstatic.com https://*.ingest.sentry.io https://api.segment.io https://api.segment.io/v1/ https://cdn.segment.com/v1/projects/dZuEnmCPmWqDuSEzCvLUSBBRt8Xrh2el/settings https://cdn.segment.com/v1/projects/pYKX60InlEzX6aI1NeyVhSF3pAIRj4Xo/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* wss://api.segment.io https://api.vimeo.com https://vimeo.com https://api.cr-relay.com; frame-src 'self' blob: https://app.hex.tech https://bid.g.doubleclick.net https://boards.greenhouse.io https://js.driftt.com https://platform.twitter.com https://player.vimeo.com https://js.stripe.com https://luma.com https://webto.salesforce.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://*.clickhouse.com https://*.clickhouse-dev.com https://*.clickhouse-staging.com https://blog-images.clickhouse.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self' https://webto.salesforce.com; frame-ancestors 'self' https://*.clickhouse.com; worker-src 'self' blob:; 2
default-src *; style-src 'unsafe-inline' *; font-src 'self' data: blob: *; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src * data: blob:; media-src 'self' blob: * data: *; frame-src * webcompt: heybox: maxjia: 2
frame-ancestors 'self' https://www.einpresswire.com https://www.milesight.cn https://m.milesight.cn https://console-develop-debug.milesight.com https://console-test.milesight.com https://console-stress.milesight.com https://console-pre.milesight.com https://console.milesight.com https://good360vr.com  https://www.delmation.nl 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com  cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net  *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com *.rekai.se static.ws.apsis.one *.ws.apsis.one *.aspis.one static.ws.apsis.one *.contentsquare.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net  *.googletagmanager.com  *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src 'self' blob: data: *.mediaflow.com; frame-src 'self'  data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com *.static.ws.apsis.one static.ws.apsis.one; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com *.linkedin.com *.rekai.se audience.ws.apsis.one *.contentsquare.net; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self' tecnun.unav.edu www.isem.es 2
frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com aldianer.staffbase.com aldinord-custom.staffbase.com http://www.aldianer-nord.de https://www.aldianer-nord.de http://staffbase.com capacitor://aldianer-nord.de capacitor://staffbase.com cname-main-de1.staffbase.com magazine.aldi-nord.de 195.192.131.24 localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 2
font-src 'self' data: https://*.cipd.org https://*.hotjar.com https://*.typekit.net https://dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://*.cipd.org https://*.typekit.net https://cdn.jsdelivr.net https://cipd.my.site.com https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com https://p.typekit.net https://use.typekit.net https://web-sdk-eu.aptrinsic.com https://www.googletagmanager.com/debug/badge.css; style-src 'unsafe-inline' https://*.cipd.co.uk https://*.cipd.org https://*.hotjar.com https://*.typekit.net https://cipd.my.site.com https://fonts.googleapis.com/ https://googletagmanager.com https://tagmanager.google.com; script-src-attr 'unsafe-eval' 'unsafe-inline' https://cipd.my.site.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.collect.igodigital.com https://*.eventbrite.co.uk https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.idio.episerver.net https://*.infogram.com https://*.onetrust.com https://*.optimizely.com https://*.youtube.com https://7227074.collect.igodigital.com https://auth.cipd.co.uk https://bat.bing.com https://cdn-ukwest.onetrust.com https://cdn.evgnet.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com/ https://cipd.my.site.com https://code.jquery.com/ https://common.optimizely.com https://connect.facebook.net https://e.infogram.com https://infogram.com https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com https://metrics.responsetap.com https://s3.amazonaws.com https://siteimproveanalytics.com https://snap.licdn.com https://static-ssl.responsetap.com https://web-sdk-eu.aptrinsic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://zingtree.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.infogram.com https://cipd.my.site.com https://e.infogram.com https://googleads.g.doubleclick.net https://googletagmanager.com https://pagead2.googlesyndication.com https://tagmanager.google.com https://www.facebook.com https://www.facebook.com/tr https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com; style-src-attr 'unsafe-inline'; frame-src 'self' https://*.acast.com/ https://*.eventbrite.co.uk https://*.optimizely.com https://*.siteimprove.com https://cipd.my.site.com https://dashboard.find.episerver.net https://e.infogram.com https://infogram.com https://td.doubleclick.net https://w.soundcloud.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com https://zingtree.com; img-src 'self' data: https://*.ads.linkedin.com https://*.analytics.google.com https://*.cipd.co.uk https://*.cipd.org https://*.evbuc.com https://*.eventbrite.co.uk https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.global.siteimproveanalytics.io https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.idio.co https://*.idio.episerver.net https://*.linkedin.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://cdn-ukwest.onetrust.com https://cipd.my.salesforce-scrt.com https://cipd.my.site.com https://common.optimizely.com https://fonts.gstatic.com/s/i/googlematerialicons/label_off/v6/gm_grey-48dp/1x/gm_label_off_gm_grey_48dp.png https://fonts.gstatic.com/s/i/googlematerialicons/more/v6/gm_blue-48dp/1x/gm_more_gm_blue_48dp.png https://google.com https://googleads.g.doubleclick.net https://googletagmanager.com https://i.ytimg.com https://nova.collect.igodigital.com https://optimizely-public-design-assets.s3.amazonaws.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://region1.google-analytics.com https://ssl.gstatic.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com www.googletagmanager.com; connect-src 'self' http://10.43.17.25:15871 https://*.ads.linkedin.com https://*.analytics.google.com https://*.cipd.co.uk https://*.cipd.org https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.optimizely.com https://*.services.visualstudio.com https://*.siteimprove.com https://1752680588.rsc.cdn77.org https://ad.doubleclick.net https://cdn-ukwest.onetrust.com https://cdn.evgnet.com https://cdn.linkedin.oribi.io https://cipd.my.salesforce-scrt.com https://esp-eu.aptrinsic.com https://geolocation.onetrust.com https://google.com https://googleads.g.doubleclick.net https://js.monitor.azure.com https://l55685555563p3op3c43n3n3y2772529.germany-2.evergage.com https://pagead2.googlesyndication.com https://privacyportal-uk.onetrust.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googleadservices.com wss://*.hotjar.com www.google.com www.googletagmanager.com; default-src 'self' 'unsafe-eval' https://*.acast.com/ https://*.cipd.co.uk https://*.cipd.org https://*.idio.episerver.net https://auth.cipd.co.uk https://p.typekit.net https://use.typekit.net; form-action 'self'; 2
frame-ancestors 'self' https://app.contentstack.com; 2
frame-ancestors 'self' https://hq.3labs.it 2
frame-ancestors 'self' https://*.designcrowd.com; 2
frame-ancestors 'self' https://codepen.io https://cdpn.io https://qatarairways.com https://qatarairways.com.qa https://*.qatarairways.com https://*.qatarairways.com.qa https://www.katara.net https://genevamotorshow.com https://*.discoverqatar.qa https://discoverqatar.qa https://dq-staging-b2b.vibe.travel https://dq-staging-b2c.vibe.travel https://*.qf.org.qa https://staging-czg5cuhcbfd4a7fc.z01.azurefd.net https://educationcity.qa https://mappdev.educationcity.qa https://*.decc.qa https://www.the-afc.com https://www.katarahospitality.com https://qnb.com 2
default-src 'self' https://*.digitale-sammlungen.de 'unsafe-inline'; img-src * data:; media-src *; connect-src *; frame-src https://www.youtube.com; form-action 'self'; 2
default-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://noembed.com https://cdn.plyr.io https://*.privacyrequest.net https://privacyrequest.net https://*.fontawesome.com https://*.gstatic.com https://*.vimeo.com https://*.consentmanager.net https://*.performmedia.com https://*.wp.com https://*.google.com 'unsafe-eval' 'unsafe-inline'; 2
default-src 'self'; frame-src https://www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://beyondblue-npsp.my.salesforce-sites.com/ https://player.vimeo.com/ https://cdn.raisely.com https://remedy-bb.file.force.com/ https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://omny.fm https://donate.beyondblue.org.au/ https://8962396.fls.doubleclick.net/ https://td.doubleclick.net/ https://beyondblue.elmotalent.com.au/ https://www.youtube.com/iframe_api https://open.spotify.com/ https://australianunity.esaas.inmoment.com.au/cgi-bin/qwebcorporate?idx=QJYD2R https://beyondblue.tfaforms.net/ https://turningpoint.raiselysite.com/ https://turningpoint.raiselysite.com/downer https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.googletagmanager.com/ https://remedy-bb.my.site.com; font-src 'self' https://fonts.gstatic.com/ data:; img-src data: https: http: dam.beyondblue.org.au/ resources.beyondblue.org.au/; child-src dam.beyondblue.org.au/ resources.beyondblue.org.au/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://beyondblue.tfaforms.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://discover-apse2.sitecorecloud.io/ https://va.vercel-scripts.com/ https://cdn.raisely.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://static.lightning.force.com/ https://*.salesforceliveagent.com/ https://service.force.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/ https://www.youtube.com/ https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com https://b.static.lightning.force.com/ https://a.static.lightning.force.com https://bat.bing.com/ https://www.redditstatic.com/ads/ https://pixel.byspotify.com/ https://remedy-bb.my.site.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://beyondblue.tfaforms.net/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://*.salesforceliveagent.com/ https://remedy-bb.my.site.com; connect-src 'self' https://discover-apse2.sitecorecloud.io/ https://edge-platform.sitecorecloud.io/ https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://remedy-bb.my.salesforce-sites.com/ https://remedy-bb.my.salesforce-sites.com/ https://beyondblue.elmotalent.com.au/ https://www.facebook.com/ https://px.ads.linkedin.com/ https://api.stripe.com https://maps.googleapis.com https://www.google.com/ccm/ https://pixel-config.reddit.com/ https://www.redditstatic.com/ https://conversions-config.reddit.com/ https://pixels.spotify.com/ dam.beyondblue.org.au/ resources.beyondblue.org.au/ https://remedy-bb.my.salesforce-scrt.com; frame-ancestors 'self' pages.sitecorecloud.io https://remedy-bb.my.site.com/; 2
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https://forms.hsforms.com https://*.hubspot.com https://*.typeform.com; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://static.hotjar.com https://script.hotjar.com https://*.hotjar.com https://*.hotjar.io https://script.crazyegg.com https://tag.clearbitscripts.com https://*.clearbit.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hubspot.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsadspixel.net https://*.hsappstatic.net https://*.cookie3.co https://*.cookie3.io https://cdn.markfi.xyz https://storage.googleapis.com https://vercel.live https://googleads.g.doubleclick.net https://www.googleadservices.com https://sdk.absolutelabs.app https://embed.typeform.com https://*.typeform.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://js.hubspot.com; font-src 'self' data: https://fonts.gstatic.com https://js.hubspot.com https://script.hotjar.com https://*.hotjar.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.com.mx https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tag.clearbitscripts.com https://*.clearbit.com https://js.hs-scripts.com https://js.hs-banner.com https://api.hsforms.com https://forms.hsforms.com https://api.hubspot.com https://api.hubapi.com https://track.hubspot.com https://*.hubspot.com https://*.hsforms.com https://*.hsappstatic.net https://forms.hscollectedforms.net https://*.cookie3.co https://*.cookie3.io https://cdn.markfi.xyz https://a.markfi.xyz https://sdk.absolutelabs.app https://be.explorer.rootstock.io https://backend.stats.rsk.co https://stats.g.doubleclick.net https://content.hotjar.io https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com wss://*.hotjar.com wss://be.explorer.rootstock.io wss://backend.stats.rsk.co https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://blockchain.info https://api.typeform.com https://*.typeform.com; img-src 'self' data: blob: https://*.google.com https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.pl https://*.google.pt https://*.google.nl https://*.google.be https://*.google.ca https://*.google.com.au https://*.google.com.br https://*.google.co.in https://*.google.co.jp https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://i.ytimg.com https://img.youtube.com https://*.youtube.com https://*.hotjar.com https://*.hotjar.io https://js.hs-banner.com https://track.hubspot.com https://*.hubspot.com https://forms.hsforms.com https://*.hsforms.com https://cdn.markfi.xyz https://rsk-cms.flywheelstaging.com https://rsk-cms.flywheelsites.com https://images.typeform.com https://*.typeform.com https://bunny-wp-pullzone-y5gelci48r.b-cdn.net https://*.b-cdn.net https://images.mirror-media.xyz https://*.mirror-media.xyz; media-src 'self' https://*.b-cdn.net; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://tagassistant.google.com https://vars.hotjar.com https://duh4wie7tww0.cloudfront.net https://forms.hsforms.com https://*.hsforms.com https://js.hsforms.net https://*.hubspot.com https://vercel.live https://td.doubleclick.net https://form.typeform.com https://*.typeform.com https://rootstock-goldensats-leaderboard.replit.app https://*.replit.app https://replit.com https://*.replit.com https://*.repl.co https://*.b-cdn.net; worker-src 'self' blob:; object-src 'none'; upgrade-insecure-requests 2
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.aticdn.net cdn.askmonastudio.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com  cdnjs.cloudflare.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com tour-eiffel.sa cdnjs.cloudflare.com; img-src https: data: http:; media-src https: data: blob: http:; frame-ancestors 'self'; child-src 'self' blob: *.askmonastudio.com *.google.com *.youtube.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.askmonastudio.com data:; report-uri /report-csp-violation 2
frame-ancestors 'self' *.c3.ai *.folloze.com c3.ai folloze.com 2
: default-src 'self'; font-src 'self' *.tagbox.com *.gstatic.com *.fontawesome.com *.cloudflare.com data:; img-src 'self' mapsresources-pa.googleapis.com media.licdn.com maps.googleapis.com openhaus.app *.cloudfront.net s7d9.scene7.com i.ytimg.com *.google.ie maps.gstatic.com ui-avatars.com yt3.ggpht.com pbs.twimg.com *.taggbox.com cloud.tagbox.com  *.google-analytics.com *.prnewswire.com c212.net *.mathtag.com *.googletagmanager.com px.ads.linkedin.com *.simpleanalyticscdn.com *.cookielaw.org *.google.com *.cloudinary.com *.storepoint.co *.storepoint-icons.com media.igt.com *.vimeocdn.com linkedin.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' wlcdn.cstmapp.com transcend-cdn.com unpkg.com cdn.mxpnl.com *.igtjackpots.com *.googleapis.com cdn.datatables.net github.hubspot.com cdn.addevent.com platform.twitter.com widget.taggbox.com *.tagbox.com *.cookielaw.org a.usbrowserspeed.com *.smartenterprisewisdom.com *.usbrowserspeed.com plausible.io *.fontawesome.com *.jsdelivr.net *.jquery.com *.igt.com *.youtube.com scripts.simpleanalyticscdn.com *.remarketstats.com *.googletagmanager.com *.liadm.com *.doubleclick.net *.hotjar.com acsbapp.com *.hotjar.com *.doubleclick.net *.google-analytics.com *.clickcertain.com *.storepoint.co *.licdn.com blob:; connect-src *.igtjackpots.com cdn.jsdelivr.net scripts.simpleanalyticscdn.com api-js.mixpanel.com telemetry.us.transcend.io transcend-cdn.com api.openhaus.app igtjackpots.com maps.googleapis.com *.igt.com *.google-analytics.com *.cookielaw.org *.fontawesome.com plausible.io acsbapp.com *.liadm.com *.google.com *.acsbapp.com *.storepoint.co *.mapbox.com *.onetrust.com *.doubleclick.net px.ads.linkedin.com *.taggbox.com wss://ws.hotjar.com *.hotjar.io; style-src 'self' 'unsafe-inline' *.igtjackpots.com cdn.datatables.net *.fontawesome.com cdn.jsdelivr.net stackpath.bootstrapcdn.com *.taggbox.com *.tagbox.com *.typography.com transcend-cdn.com *.igt.com *.googleapis.com *.mapbox.com *.storepoint.co *.cloudflare.com; frame-ancestors 'self' igt.mediaroom.com; frame-src 'self' https://igt.mediaroom.com free.timeanddate.com a.cstmapp.com transcend-cdn.com *.googletagmanager.com *.openhaus.app platform.twitter.com *.vimeo.com *.youtube-nocookie.com *.youtube.com *.doubleclick.net; report-uri https://7qjmna92.uriports.com/reports/report; report-to default 2
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src-attr 'self' 'unsafe-inline' blob: https://*.sc-static.net https://sc-static.net https://*.kyc.red https://*.snapchat.com https://*.bazaarvoice.com https://*.bing.com https://*.cloudfront.net https://*.cookielaw.org https://*.cquotient.com https://*.crazyegg.com https://*.criteo.com https://*.facebook.net https://*.flippenterprise.net https://*.force.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.igodigital.com https://*.online-metrix.net https://*.pinimg.com https://*.pinterest.com https://*.postescanada-canadapost.ca https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.signifyd.com https://*.smarterhq.io https://*.syndigo.com https://*.toysrus.ca; script-src-elem 'self' 'unsafe-inline' blob: https://*.sc-static.net https://sc-static.net https://*.kyc.red https://*.snapchat.com https://*.bazaarvoice.com https://*.bing.com https://*.cloudfront.net https://*.cookielaw.org https://*.cquotient.com https://*.crazyegg.com https://*.criteo.com https://*.facebook.net https://*.flippenterprise.net https://*.force.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.iesnare.com https://*.igodigital.com https://*.jotfor.ms https://*.online-metrix.net https://*.paypal.com https://*.pinimg.com https://*.pinterest.com https://*.postescanada-canadapost.ca https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.signifyd.com https://*.smarterhq.io https://*.syndigo.com https://*.toysrus.ca https://*.typeform.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://*.cloudflare.com https://*.flippenterprise.net https://*.force.com https://*.googleapis.com https://*.postescanada-canadapost.ca https://*.salesforce-sites.com https://*.typeform.com https://*.typekit.net; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com https://*.bazaarvoice.com https://*.bing.com https://*.bing.net https://*.cookielaw.org https://*.demandware.net https://*.documentforce.com https://*.doubleclick.net https://*.facebook.com https://*.flippenterprise.net https://*.force.com https://*.google-analytics.com https://*.google.ca https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.igodigital.com https://*.online-metrix.net https://*.paypal.com https://*.paypalobjects.com https://*.postescanada-canadapost.ca https://*.salesforce.com https://*.signifyd.com https://*.smarterhq.io https://*.syndigo.cloud https://*.syndigo.com https://*.wishabi.com https://*.wishabi.net https://*.stickyadstv.com; font-src 'self' data: https://*.amazonaws.com https://*.cloudflare.com https://*.gstatic.com https://*.typekit.net https://*.walmartimages.com; connect-src 'self' https://*.bazaarvoice.com https://*.bing.com https://*.bing.net https://*.cookielaw.org https://*.crazyegg.com https://*.criteo.com https://*.doubleclick.net https://*.facebook.com https://*.flipp.com https://*.flippback.com https://*.flippenterprise.net https://*.google-analytics.com https://*.google.ca https://*.google.com https://*.googleapis.com https://*.jotfor.ms https://*.onetrust.com https://*.paypal.com https://*.pinterest.com https://*.postescanada-canadapost.ca https://*.salesforce-sites.com https://*.signifyd.com https://*.smarterhq.io https://*.snapchat.com https://*.syndigo.com https://*.typeform.com https://*.wishabi.net; frame-src 'self' https://*.gstatic.com https://*.bazaarvoice.com https://*.bing.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.facebook.com https://*.force.com https://*.google.com https://*.googletagmanager.com https://*.jotfor.ms https://*.jotform.com https://*.online-metrix.net https://*.opendns.com https://*.paypal.com https://*.pinterest.com https://*.realexpayments.com https://*.signifyd.com https://*.snapchat.com https://*.taggbox.com https://*.toysrus.ca https://*.typeform.com https://*.youtube.com https://*.zscloud.net https://*.wishabi.net; block-all-mixed-content; 2
frame-ancestors 'self' https://*.elal.com https://*.elal.co.il https://elal.clearmash.com https://experience.adobe.com https://*.amadeus.com; 2
frame-ancestors 'self' *.itslearning.com; upgrade-insecure-requests 2
frame-ancestors 'none'; report-uri https://prod-plk-csp-service.rbictg.com/csp; report-to csp-endpoint 2
default-src *.ewe.de *.delivery.consentmanager.net; script-src 'self' 'unsafe-inline' js.adsrvr.org osnatel.de *.ewe.de www.youtube.com *.intelliad.de price-finder-widget.production.wlp.cloud dzn97c6tb0xj.cloudfront.net d2gm32i8dgh326.cloudfront.net s.ytimg.com empfehlen-admin.pso-vertrieb.de ewe-journeys.production.wlp.cloud ewe-experiences-bff.production.wlp.cloud connect.facebook.net www.dwin1.com *.adform.net 9be340225ba0.eu-central-1.captcha-sdk.awswaf.com www.ewe-empfehlen.de *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.gstatic.com journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud experiences.ewe.de pub-6ab8a7ede2cb46eb872c4868a049f49c.r2.dev tracking-ewe.production.wlp.cloud pub-9e9b8076c1e04ada8d131e726daedf4b.r2.dev cdn.sitesearch360.com cdn.cai.tools.sap js.sitesearch360.com apps.mypurecloud.de lantern.roeyecdn.com cdn.consentmanager.net delivery.consentmanager.net *.criteo.com *.criteo.net *.delivery.consentmanager.net *.osnatel.de 9be340225ba0.bd016d34.eu-central-1.captcha.awswaf.com 9be340225ba0.bd016d34.eu-central-1.token.awswaf.com d1mg6zysadblio.cloudfront.net ewe.sabio.de *.epilot.io *.epilot.cloud; connect-src 'self' *.ewe.de 3k53vn4sgd.execute-api.eu-central-1.amazonaws.com/prod/address-autocomplete price-finder-widget.production.wlp.cloud api.luk.ewe-solar.de cdn.consentmanager.net api.luk.ewe-waerme.de ewe-journeys.production.wlp.cloud ewe-experiences-bff.production.wlp.cloud ewe-journeys.staging.wlp.cloud ewe-experiences-bff.staging.wlp.cloud global.sitesearch360.com *.g.doubleclick.net *.criteo.com *.criteo.net ewe-ckd-faq-bot-3q50idha.sapcai.eu10.hana.ondemand.com api.mypurecloud.de insights.sitesearch360.com *.adform.net api-cdn.mypurecloud.de wss://webmessaging.mypurecloud.de www.google.com/pagead/ ewe-journeys.production.wlp.cloud experiences.ewe.de ewe-gw.production.wlp.cloud ewe-experiences-bff.production.wlp.cloud experiences-bff.ewe.de ewe-journeys.staging.wlp.cloud ewe-gw.staging.wlp.cloud sentry.taktsoft.com mpgm8yfu.apicdn.sanity.io track.ewe.de www.facebook.com pub-6ab8a7ede2cb46eb872c4868a049f49c.r2.dev tracking-ewe.production.wlp.cloud *.delivery.consentmanager.net cdn.sitesearch360.com *.osnatel.de insight.adsrvr.org 9be340225ba0.bd016d34.eu-central-1.token.awswaf.com *.epilot.io *.epilot.cloud; img-src 'self' *.ewe.de *.intelliad.de *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.adform.net *.smartadserver.com adservice.google.com *.gstatic.com cdn.consentmanager.net a.delivery.consentmanager.net connect.facebook.net adservice.google.de cdn.cai.tools.sap blob: data: ewe-journeys.production.wlp.cloud experiences.ewe.de ewe-prices.production.wlp.cloud cdn.sanity.io ewe-journeys.staging.wlp.cloud *.criteo.com *.criteo.net *.tile.openstreetmap.org; style-src 'self' 'unsafe-inline' *.ewe.de cdnjs.cloudflare.com cdn.consentmanager.net ewe-journeys.production.wlp.cloud price-finder-widget.production.wlp.cloud experiences.ewe.de ewe-journeys.staging.wlp.cloud pub-6ab8a7ede2cb46eb872c4868a049f49c.r2.dev  tracking-ewe.production.wlp.cloud;  font-src 'self' *.ewe.de cdnjs.cloudflare.com data: ewe-journeys.production.wlp.cloud price-finder-widget.production.wlp.cloud experiences.ewe.de ewe-journeys.staging.wlp.cloud pub-6ab8a7ede2cb46eb872c4868a049f49c.r2.dev tracking-ewe.production.wlp.cloud cdn.consentmanager.net delivery.consentmanager.net d.delivery.consentmanager.net; frame-src ewe-journeys.production.wlp.cloud ewe-experiences-bff.production.wlp.cloud www.facebook.com widget.whappodo.com youtube.com www.youtube.com journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud apps.mypurecloud.de td.doubleclick.net *.ewe.de gum.criteo.com fledge.eu.criteo.com fledge.criteo.com cdn.consentmanager.net prod.d26yotydwxqhxn.amplifyapp.com staging.d26yotydwxqhxn.amplifyapp.com insight.adsrvr.org match.adsrvr.org d1mg6zysadblio.cloudfront.net *.epilot.io *.epilot.cloud prod.d4e2h3cyl61pd.amplifyapp.com; media-src 'self' data.ewe.de; 2
block-all-mixed-content; frame-ancestors 'self' *.tpa.com *.umr.com *.uhis.com *.uhc.com *.optum.com *.mygeha.com *.werally.com *.liveperson.net *.lpsnmedia.net 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amsoil.com *.amsoil.ca *.amsoilindustrial.com https://amsoilcontent.com https://www.amsoilcontent.com https://cdn.evgnet.com *.evergage.com https://amsoil.us-1.evergage.com https://analytics.amsoil.com https://analytics.amsoil.ca https://analytics.amsoilindustrial.com https://static.cloud.coveo.com https://www.google-analytics.com https://maps.googleapis.com https://assets.sitescdn.net https://realtimeanalytics.yext.com https://cdnjs.cloudflare.com/ *.doubleclick.net https://snap.licdn.com https://bat.bing.com *.microsoft.com *.facebook.net *.facebook.com *.criteo.com *.criteo.net https://www.googletagmanager.com *.linkedin.com *.google.com https://www.googleoptimize.com *.hotjar.com *.bc0a.com *.brightedge.com cdn.b0e8.com device.clearsale.com.br https://www.paypalobjects.com *.paypal.com https://www.gstatic.com https://www.googleadservices.com *.wistia.com *.wistia.net https://az124611.vo.msecnd.net https://cookie-cdn.cookiepro.com https://cdn-us.clickdimensions.com cdn.attn.tv *.attentivemobile.com *.googlesyndication.com *.powerobjects.net *.zoominfo.com *.convertlanguage.com *.docusign.com https://challenges.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://api.ipify.org https://appleid.cdn-apple.com https://*.trustarc.com https://cdn.cookielaw.org https://geolocation.onetrust.com *.niceincontact.com *.mountain.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://*.amazon-adsystem.com https://browser.sentry-cdn.com blob:; frame-src 'self' *.amsoil.com *.amsoil.ca https://amsoilcontent.com *.hotjar.com *.criteo.com *.criteo.net *.docusign.net *.docusign.com *.facebook.com *.google.com *.paypal.com *.doubleclick.net *.powerobjects.net *.googlesyndication.com *.wistia.com *.wistia.net creatives.attn.tv https://challenges.cloudflare.com https://a25683390326.cdn.optimizely.com https://a25683390326.cdn-pci.optimizely.com *.niceincontact.com https://*.trustarc.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://cdn.cookielaw.org; frame-ancestors 'self' https://sapcc.amsoil.com; report-uri /csp-report 2
frame-ancestors 'self' https://*.boditrax.com/ *.puregym.com/ s.pinimg.com/ ct.pinterest.com/ *.journify.io/; 2
object-src 'none'; base-uri 'none'; default-src https://isnic.is https://www.isnic.is/; style-src https://isnic.is https://www.isnic.is/; font-src https://isnic.is https://www.isnic.is/; script-src https://isnic.is https://www.isnic.is/; img-src https://isnic.is https://www.isnic.is/ https://www.rix.is; connect-src https://isnic.is https://www.isnic.is/; frame-ancestors 'none'; report-uri /default/csp; 2
frame-ancestors 'self' amadeus.com outpayce.com www.amadeus.com www.outpayce.com amadeus.seismic.com seismic.com liveshareeu1.seismic.com jobs.amadeus.com corporate.amadeus.com startups.amadeus.com hotels.amadeus.com opportunities.jobs.amadeus.com brand-marketing-center.internal.amadeus.com brandcenter.amadeus.com contentsourcing.amadeus.com partners.amadeus.com vdp.amadeus.com brand-guidelines.internal.amadeus.com cytric.amadeus.com amadeusitgroup.demdex.net cdn.cookielaw.org unpkg.com cdn.decibelinsight.net collection.decibelinsight.net www.googletagmanager.com ipapi.co tools.eurolandir.com flo.uri.sh www.buzzsprout.com resources.digital-cloud.medallia.eu www.google.com amadeusworkplace.sharepoint.com; frame-src https://corporate.amadeus.com https://www.youtube.com https://www.googletagmanager.com https://amadeusitgroup.demdex.net https://cdn.cookielaw.org https://unpkg.com https://cdn.decibelinsight.net https://collection.decibelinsight.net https://ipapi.co https://tools.eurolandir.com https://flo.uri.sh https://www.buzzsprout.com https://resources.digital-cloud.medallia.eu https://amadeus.com https://www.amadeus.com https://www.google.com/ https://amadeusworkplace.sharepoint.com/;  2
frame-ancestors 'self' https://support.turbovpn.com 2
frame-ancestors 'self' https://layout-cms.fox26houston.com; 2
default-src 'self' snowplow-web.wogaa.sg static.zdassets.com www.facebook.com cdn.syndication.twimg.com video.fsin8-1.fna.fbcdn.net video.fsin8-2.fna.fbcdn.net snowplow-web.wogaa.sg www.google-analytics.com ekr.zdassets.com flexanswer1654.zendesk.com onemap.gov.sg widget-mediator.zopim.com www.google.com www.gstatic.com static.elfsight.com;style-src 'self' 'unsafe-inline' www.lta.gov.sg www.mytransport.sg www.mytransport.lta.gov.sg webchat.vica.gov.sg lf16-tiktok-web.ttwstatic.com sf16-website-login.neutral.ttwstatic.com cdn.jsdelivr.net platform.twitter.com assets.dcube.cloud www.facebook.com fonts.googleapis.com assets.wogaa.sg www.gstatic.com;script-src 'self' https://dmuat.lta.gov.sg https://datamall.lta.gov.sg www.lta.gov.sg www.mytransport.sg www.mytransport.lta.gov.sg webchat.vica.gov.sg lf16-tiktok-web.ttwstatic.com sf16-website-login.neutral.ttwstatic.com www.tiktok.com static.elfsight.com assets-stage-elfsight-com.sfo2.cdn.digitaloceanspaces.com 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net d3pdo5aouiodr4.cloudfront.net zx54f7wti6.execute-api.ap-southeast-1.amazonaws.com googleads.g.doubleclick.net www.googleadservices.com www.google.com platform.twitter.com connect.facebook.net assets.dcube.cloud cdn.syndication.twimg.com www.facebook.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net app-script.monsido.com assets.wogaa.sg static.zdassets.com unpkg.com www.gstatic.com;font-src 'self' www.lta.gov.sg www.mytransport.sg www.mytransport.lta.gov.sg s3-us-west-2.amazonaws.com assets.dcube.cloud assets.wogaa.sg fonts.gstatic.com;img-src data: 'self' www.lta.gov.sg www.mytransport.sg www.mytransport.lta.gov.sg files.elfsightcdn.com bucket-common.vica.gov.sg dpm.demdex.net cm.everesttech.net d33wubrfki0l68.cloudfront.net www.google.com is4-ssl.mzstatic.com www.google.com.sg pbs.twimg.com syndication.twitter.com platform.twitter.com abs.twimg.com www.facebook.com scontent.fsin8-2.fna.fbcdn.net scontent.fsin8-1.fna.fbcdn.net maps-a.onemap.sg maps-b.onemap.sg maps-c.onemap.sg tracking.monsido.com www.google-analytics.com www.onemap.gov.sg docs.onemap.sg ncspteltd.sc.omtrdc.net cdn.jsdelivr.net;child-src blob: *;connect-src 'self' *;worker-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * 2
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' blob: *; img-src * 'self' blob: data:; connect-src *; font-src *; frame-src *; object-src 'none'; base-uri 'self' https://static-2c.gitbook.com; form-action 'self' https://static-2c.gitbook.com *; frame-ancestors https: ; 2
frame-src 'self' https://www.youtube.com; media-src 'self' https://www.youtube.com 2
default-src 'self' https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://sentry.stg.drchrono.dev/api/3/security/?sentry_key=214b3d414c5b49fda88012161318b1d1&sentry_environment=headers 2
default-src 'none'; img-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; connect-src 'self'; script-src 'self' 2
default-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.bundesfinanzministerium.de *.youtube.com https://medien.zoll.bund.de *.stage.bio; img-src 'self' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.bundesfinanzministerium.de *.openstreetmap.de data: *.stage.bio; script-src 'self' 'unsafe-inline' 'unsafe-eval' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com *.stage.bio 2
default-src 'self' *.plex.com *.rockwellautomation.com; img-src 'self' *.plex.com *.rockwellautomation.com rockwellautomation.scene7.com *.cookielaw.org data: cm.everesttech.net dpm.demdex.net s1284661142.t.eloqua.com s1748.t.eloqua.com tracking.plex.rockwellautomation.com secure.adnxs.com www.googletagmanager.com *.sharethis.com px.ads.linkedin.com www.linkedin.com ct.capterra.com *.qualtrics.com driftt.imgix.net blob: b.6sc.co bat.bing.com www.facebook.com www.google.com googleads.g.doubleclick.net; font-src 'self' *.plex.com *.rockwellautomation.com fonts.gstatic.com cdn.pathfactory.com data:; style-src 'self' 'unsafe-inline' *.plex.com *.rockwellautomation.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' *.plex.com *.rockwellautomation.com rockwellautomation.tt.omtrdc.net *.cookielaw.org assets.adobedtm.com js.driftt.com *.storylane.io zn5nlxjehfaopc9w6-rockwellxm.siteintercept.qualtrics.com siteintercept.qualtrics.com driftt.imgix.net blob: s.go-mpulse.net acsbapp.com www.googletagmanager.com googleads.g.doubleclick.net www.google-analytics.com j.6sc.co eloqua.plex.com img.en25.com s1748.t.eloqua.com tracking.plex.rockwellautomation.com vidyard.plex.com platform-api.sharethis.com cdn-app.pathfactory.com snap.licdn.com tracking.g2crowd.com connect.facebook.net bat.bing.com ws.zoominfo.com cdn-0.d41.co ecf.d41.co api1139.d41.co id.rlcdn.com buttons-config.sharethis.com *.sharethis.com 'unsafe-eval'; connect-src 'self' *.plex.com *.rockwellautomation.com *.cookielaw.org *.onetrust.com rockwellautomation.tt.omtrdc.net stats.g.doubleclick.net api1139.d41.co ff.d41.co rockwellautomation.scene7.com tracking.plex.rockwellautomation.com *.sharethis.com s7mbrstream.scene7.com *.vidyard.com data: dpm.demdex.net analytics.google.com www.google-analytics.com www.google.com www.googleadservices.com spcollector.pathfactory.com cdn.acsbapp.com accesswidget-log-receiver.acsbapp.com *.acsbapp.com acsbapp.com c.go-mpulse.net www.bing.com jukebox.pathfactory.com cdn-app.pathfactory.com j.6sc.co ipv6.6sc.co epsilon.6sense.com c.6sc.co *.akstat.io tracking-api.g2.com px.ads.linkedin.com www.facebook.com ws.zoominfo.com bat.bing.com siteintercept.qualtrics.com; frame-src 'self' *.plex.com *.rockwellautomation.com js.driftt.com rockwell.demdex.net play.vidyard.com *.sharethis.com *.storylane.io td.doubleclick.net www.googletagmanager.com; form-action 'self' *.plex.com *.rockwellautomation.com s1284661142.t.eloqua.com s1748.t.eloqua.com tracking.plex.rockwellautomation.com rockwellautomation.custhelp.com *.qualtrics.com; media-src 'self' *.plex.com *.rockwellautomation.com rockwellautomation.scene7.com *.vidyard.com s7mbrstream.scene7.com preview1.assetsadobe.com blob:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' app.koofr.net; navigate-to 'self' app.koofr.net; 2
frame-ancestors https://*.zscalertwo.net *.sick.com *.sickcn.net *.sickcn.com *.crm4.dynamics.com cdn.appdynamics.com; 2
default-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: 'wasm-unsafe-eval'; worker-src blob:; child-src blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com data: https:; img-src 'self' data: https: blob:; media-src 'self' video.tesa.com *.youtube.com *.zohocdn.com static.zdassets.com; connect-src 'self' https: blob: wss://*.hotjar.com wss://*.zohopublic.eu wss://*.zopim.com; frame-ancestors 'none' 2
font-src 'self' 2
frame-ancestors 'self' https://*.plugshare.com *.google-analytics.com *.analytics.google.com 2
frame-ancestors 'self' experience.adobe.com invescogroup.experiencecloud.adobe.com *.invesco.com *.invesco.net 2
frame-ancestors 'self' https://victorinox.studio.frontend.commercetools.com https://victorinox.my.site.com https://victorinox.lightning.force.com ; default-src 'self' ; media-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch static.zdassets.com https://*.cdn.imgeng.in; frame-src 'self' https: mailto: tel: assets.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com https://victorinox.my.site.com https://victorinox.lightning.force.com https://dem.mysingleromance.com https://euob.greencolumnart.com https://obseu.greencolumnart.com; worker-src 'self' blob: ; child-src 'self' blob: *.victorinox.com *.swissarmy.com *.wenger.ch *.tangiblee.com *.photorank.me *.pinterest.com https://web.facebook.com https://fbsbx.com https://*.google.com https://www.youtube.com https://www.facebook.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://emersya.com/ https://www.pinterest.com https://www.pinterest.co.uk https://www.pinterest.ch https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie https://secure.img-cdn.mediaplex.com *.fls.doubleclick.net *.doubleclick.net vars.hotjar.com victorinox-fr-affiliate-programme.sjv.io player.vimeo.com assets.bounceexchange.com assets.bounceexchange.com; img-src 'self' data: https: https://api.qrserver.com *.abtasty.com *.amazonaws.com https://cdn.optimizely.com assets.bounceexchange.com events.bouncex.net https://*.cdn.imgeng.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.victorinox.com *.swissarmy.com *.wenger.ch *.paypalobjects.com *.cloudfront.net *.cdn4.forter.com *.baidu.com *.onetrust.com *.getback.ch *.taboola.com *.yahoo.co.jp *.bazaarvoice.com *.cdn77.org *.zoovu.com *.tangiblee.com *.contentsquare.com *.zopim.com *.bdimg.com maps.google.com load.sumome.com load.sumo.com https://*.googletagmanager.com https://*.google-analytics.com www.googleadservices.com www.sc.pages03.net static.hotjar.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com tag.bounceexchange.com dash-staging.bounceexchange.com bat.bing.com snap.licdn.com t.contentsquare.net contentsquare.com static.ads-twitter.com analytics.tiktok.com analytics.twitter.com platform.twitter.com script.hotjar.com googleads.g.doubleclick.net s.yimg.jp px.adhigh.net assets.zendesk.com intljs.rmtag.com static.zdassets.com ut.rd.linksynergy.com br-victorinox.netmng.com tags.srv.stackadapt.com d.impactradius-event.com s.pinimg.com cdn.tangiblee.com cscoreproweustor.blob.core.windows.net js.monitor.azure.com api.channelsight.com cdn.channelsight.com *.klaviyo.com emersya.com cdn.emersya.com cdn.brcdn.com f.monetate.net se.monetate.net cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com photorankstatics-a.akamaihd.net https://*.google.com www.paypal.com www.gstatic.com www.gstatic.cn www.dwin1.com connect.facebook.net openpay.s3.amazonaws.com swissarmy.cardconnect.com:* vx.local:* *.clarity.ms *.openpay.mx *.googlesyndication.com https://services.postcodeanywhere.co.uk *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv www.googleoptimize.com https://eubroken.mysingleromance.com https://dem.mysingleromance.com https://euob.greencolumnart.com https://obseu.greencolumnart.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com *.dash-staging.bounceexchange.com *.dash.bounceexchange.com https://checkoutshopper-test.adyen.com https://live.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://applepay.cdn-apple.com https://contest.victorinox.com https://view.juneapp.com https://unpkg.com *.google-analytics.com *.netlify.app *.netlify.com https://emea02-nonprod.cluster.observability.cloud.sap:9999 *.youtube.com https://emea01.cluster.observability.cloud.sap:9999 https://victorinox-swiss-army.locally.com *.abtasty.com *.googleapis.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.affirm.com https://*.friendlycaptcha.com https://mpsnare.iesnare.com https://victorinox--uat.sandbox.my.site.com https://victorinox--uat.sandbox.lightning.force.com/ https://victorinox--uat.sandbox.my.salesforce-scrt.com https://victorinox.my.site.com https://victorinox.my.salesforce-scrt.com https://storage.emersya.com https://io.fusedeck.net https://*.collect.igodigital.com tag.wknd.ai tag.bounceexchange.com assets.bounceexchange.com api.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com; font-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch *.hotjar.com *.cdn77.org *.cloudfront.net *.tangiblee.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com emersya.com cdn.emersya.com fast.fonts.net cdnjs.cloudflare.com cdn.megabonus.com static3.avast.com cdn.honey.io netdna.bootstrapcdn.com assets.bounceexchange.com *.sprinklr.com *.channelsight.com *.abtasty.com *.gstatic.com *.googleapis.com assets.bounceexchange.com; form-action 'self' https: api.bounceexchange.com; connect-src 'self' ws: wss: *.victorinox.com *.swissarmy.com *.wenger.ch *.forter.com *.klaviyo.com *.amazonaws.com *.onetrust.com *.paypal.com *.paypalobjects.com *.openpay.mx *.taboola.com *.victorinox.com *.tangiblee.com *.contentsquare.net *.contentsquare.com *.bazaarvoice.com *.getback.ch *.hotjar.com *.zoovu.com *.facebook.com https://*.google.com *.instagram.com sumo.com api.openweathermap.org https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com emersya.com cdn.emersya.com ws.emersya.com cdn.cookielaw.org d2o5idwacg3gyw.cloudfront.net photorankstatics-a.akamaihd.net photorankapi-a.akamaihd.net https://*.g.doubleclick.net https://ad.doubleclick.net analytics.tiktok.com ekr.zdassets.com swissarmy.zendesk.com widget-mediator.zopim.com bat.bing.com px.adhigh.net hm.baidu.com tags.srv.stackadapt.com ct.pinterest.com api.channelsight.com dc.services.visualstudio.com vc.hotjar.io victorinox-fr-affiliate-programme.sjv.io events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net maps.googleapis.com *.clarity.ms https://services.postcodeanywhere.co.uk https://api.addressy.com *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv https://dem.mysingleromance.com https://euob.greencolumnart.com https://obseu.greencolumnart.com cdn.linkedin.oribi.io https://*.csftr.com *.googlesyndication.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com *.frontastic.rocks *.frontastic.live *.frontastic.io *.linkedin.com *.cloudflare.com *.adyen.com https://emea02-nonprod.cluster.observability.cloud.sap:9999 *.youtube.com *.youku.com https://emea01.cluster.observability.cloud.sap:9999 https://google.com/pay *.abtasty.com https://logx.optimizely.com https://*.optimizely.com https://*.affirm.com https://develop--b2cstore-victorinox.netlify.app https://*.friendlycaptcha.com https://victorinox--uat.sandbox.my.site.com https://victorinox--uat.sandbox.lightning.force.com/ https://victorinox--uat.sandbox.my.salesforce-scrt.com https://victorinox.my.site.com https://victorinox.my.salesforce-scrt.com events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net https://vxb2c-dev-fp-func001.azurewebsites.net; style-src 'self' 'unsafe-inline' *.victorinox.com *.swissarmy.com *.wenger.ch *.cdn77.org *.tangiblee.com assets-static.victorinox.com *.klaviyo.com photorankstatics-a.akamaihd.net fonts.googleapis.com emersya.com cdn.emersya.com api.map.baidu.com fast.fonts.net static.getback.ch cdnjs.cloudflare.com tags.srv.stackadapt.com cdn.channelsight.com tiger-cdn.zoovu.com translate.googleapis.com assets.bounceexchange.com https://services.postcodeanywhere.co.uk *.sprinklr.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com *.abtasty.com *.gstatic.com *.googleapis.com https://*.ugc.bazaarvoice.com https://victorinox--uat.sandbox.my.site.com https://victorinox--uat.sandbox.lightning.force.com/ https://victorinox--uat.sandbox.my.salesforce-scrt.com https://victorinox.my.site.com https://victorinox.my.salesforce-scrt.com assets.bounceexchange.com; report-to csp-endpoint; 2
base-uri 'self'; style-src 'self' 'unsafe-inline' *.ase-usw1-shared-prd.p.azurewebsites.net *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com *.twimg.com cdn.commonspirit.org cdn.cookielaw.org cookie-cdn.cookiepro.com fonts.googleapis.com gateway.foresee.com geolocation.onetrust.com privacyportal.onetrust.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.crazyegg.com *.dignityhealth.org *.evaliahealth.com *.evaliahealth.com *.everestjs.net *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.inquicker.com *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.mktoutil.com *.recaptcha.net/recaptcha/ *.recaptcha.net/recaptcha/ *.youtube-nocookie.com *.youtube.com adobedc.demdex.net ajax.googleapis.com ajax.microsoft.com assets.adobedtm.com assets.adobedtm.com bam-cell.nr-data.net bam.nr-data.net cdn.commonspirit.org cdn.commonspirit.org cdn.cookielaw.org cdn.jsdelivr.net/npm/twemoji@13 cdn1.commonspirit.org cdnjs.cloudflare.com code.jquery.com commonspirit.experiencecloud.adobe.com cookie-cdn.cookiepro.com decodedigital.s3.amazonaws.com dignityhealth.hrm.healthgrades.com experience.adobe.com gateway.foresee.com geolocation.onetrust.com google-analytics.com googleads.g.doubleclick.net hipaa.jotform.com js-agent.newrelic.com login.commonspirit.org maps.googleapis.com platform.twitter.com privacyportal.onetrust.com s.yimg.com solutions.invocacdn.com support.doctorpodcasting.com/widget/easyXDM.js twemoji.maxcdn.com unpkg.com use.typekit.net www.googletagmanager.com; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube-nocookie.com *.youtube.com calendar.google.com commonspirit.demdex.net dignityhealth.hrm.healthgrades.com docasap.com identityspa.dignityhealth.org support.doctorpodcasting.com www.cognitoforms.com www.google.com www.google.com www.recaptcha.net; img-src 'self' *.agkn.com *.ase-usw1-shared-prd.p.azurewebsites.net *.crazyegg.com *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.stackadapt.com *.twimg.com *.vimeocdn.com *.youtube.com apps.vmfh.org bam.nr-data.net cdn.cookielaw.org cdn.jotfor.ms d1ffafozi03i4l.cloudfront.net data: dpm.demdex.net i.ytimg.com login.commonspirit.org qvdt3feo.com s3.amazonaws.com s3.amazonaws.com/assets.gyant.com/ twemoji.maxcdn.com use.typekit.net www.google.com www.googletagmanager.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.ase-usw1-shared-prd.p.azurewebsites.net *.crazyegg.com *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.inquicker.com *.mktoresp.com *.mktoutil.com *.mktoutil.com *.omtrdc.net adobedc.demdex.net ajax.microsoft.com analytics.google.com api.ipify.org app-w2-owrapi-prd.azurewebsites.net assets.adobedtm.com bam-cell.nr-data.net bam.nr-data.net cdn.commonspirit.org cdn.cookielaw.org commonspirit.sc.omtrdc.net commonspirit.tt.omtrdc.net device.4seeresults.com dpm.demdex.net fid.agkn.com fonts.googleapis.com google-analytics.com identity-api.commonspirit.org identity-func.commonspirit.org lasteventf-tm.everesttech.net login.commonspirit.org maps.googleapis.com pnapi.invoca.net readaloud.googleapis.com s.yimg.com s3.amazonaws.com/assets.gyant.com/ telemetry.commonspirit.org translate.googleapis.com www.googletagmanager.com; default-src 'self' *.dignityhealth.org account.commonspirit.org analytics.foresee.com cdn1.commonspirit.org commonspirit.demdex.net identity-func.commonspirit.org login.commonspirit.org; font-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.gstatic.com *.slant.co cdn.jorfor.ms cdn1.commonspirit.org data: gateway.foresee.com s3.amazonaws.com/assets.gyant.com/ use.typekit.net www.commonspirit.org; 2
script-src blob:  'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' * *.googletagmanager.com *.google.com *.google-analytics.com *.googlesyndication.com *.interempresas.net *.doubleclick.net *.youtube.com *.flowplayer.org *.gstatic.com; img-src 'self' blob: data: *.interempresas.net *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net *.youtube.com *.gstatic.com *; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.googlesyndication.com *.interempresas.net *.doubleclick.net *.youtube.com *.gstatic.com *; object-src *.interempresas.net; media-src blob: * 2
default-src 'self' https:; connect-src https: wss:; font-src 'self' https: data:; frame-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: 'unsafe-inline' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; img-src 'self' https: data:; connect-src 'self' https:; media-src 'self' https:; frame-src https:; 2
default-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net ws://socket.spacehey.com wss://socket.spacehey.com; script-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; style-src 'unsafe-inline' 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net; img-src data: 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; frame-src https:; connect-src https: ws://socket.spacehey.com wss://socket.spacehey.com; form-action https:; object-src 'none'; 2
child-src 'self';frame-ancestors 'self' *.biltrewards.com *.activebuilding.com *.avalonaccess.com *.ct-prod.avalonbay.com *.henrihome.com avalonaccess.com www.hqo.co www.hqo.com www.hqoapp.com www.mrcooper.com *.loftliving.com mycommunity.americancampus.com americancampus.my.site.com portal.tkclients.com *.venn.city *.res.venn.city;frame-src 'self' https://*.bilt.com https://*.biltrewards.com https://www.datocms-assets.com/43819/ https://cdn.plaid.com https://dyscanweb.dyneti.com https://js.verygoodvault.com https://js3.verygoodvault.com https://www.google.com https://decagon.ai https://*.servisbot.com https://cardswitcher.knotapi.com https://alloysdk.alloy.co https://cdn.userway.org https://sync-transcend-cdn.com https://*.jamsadr.com https://*.soul-cycle.com mailto: https://assets.duffel.com https://*.spline.design https://esignature.bluemoonforms.com https://esignpdf.s3.amazonaws.com https://www.facebook.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://i.liadm.com https://ct.pinterest.com https://tr.snapchat.com https://www.youtube.com https://youtu.be https://checkoutshopper-live-us.adyen.com https://pay.google.com/ https://applepay.cdn-apple.com/ https://checkout.getflex.com https://checkout.int.getflex.com https://onboarding-embed.int.getflex.com https://onboarding-embed.getflex.com https://*.braintreegateway.com https://*.braintree-api.com https://*.paypal.com https://*.mastercard.com https://*.rsa3dsauth.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.abus.com https://www.youtube.com https://i.ytimg.com https://www.googletagmanager.com https://abus.containers.piwik.pro https://abus.piwik.pro https://*.google-analytics.com https://connect.facebook.net https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://service.excentos.com https://m.excentos.com https://image-scaler.excentos.com https://mycliplister.com https://*.mycliplister.com https://cdn.mycliplister.com https://letscast.fm https://*.letscast.fm https://*.hotjar.com https://*.hotjar.io https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://useruploads.vwo.io https://cdn.walls.io https://my.walls.io https://abus-privacy.my.onetrust.com https://api.friendlycaptcha.com https://*.go-mpulse.net https://abusbr.pi-asp.de https://cdn.eye-able.com data: blob: wss:; 2
upgrade-insecure-requests; frame-ancestors 'self' dotroll.com *.dotroll.com 2
default-src 'self' http://nginx-ingress-internal-ingress-nginx-controller.nginx-ingress.svc.cluster.local/cas-ing https://*.mpsv.cz https://*.uradprace.cz https://*.google-analytics.com https://*.hotjar.com/ https://*.hotjar.io/ https://stats.g.doubleclick.net/ https://*.mpsv.cz:9000 https://*.uradprace.cz:9000 https://nominatim.openstreetmap.org https://*.clarity.ms/collect wss://*.hotjar.com/ wss://*.mpsv.cz:9001 wss://*.uradprace.cz:9001 wss://*.predu.sk https://www.google.com https://nia.identita.gov.cz https://*.acesarchit.cz; img-src 'self' data: https://*.mpsv.cz https://*.gstatic.com https://www.google-analytics.com https://c.seznam.cz/retargeting https://www.google.com/ads/ https://www.google.cz/ads/ https://www.google.com/pagead/ https://www.google.cz/pagead/ https://*.mpsv.cz:9000/ https://*.uradprace.cz:9000/ https://*.predu.sk https://*.openstreetmap.org https://*.clarity.ms/c.gif https://c.bing.com https://*.mailerlite.com; frame-src 'self' data: formapps: https://www.google.com https://www.googletagmanager.com/ https://vars.hotjar.com/ https://www.youtube.com https://player.rss.com/ https://www.youtube-nocookie.com https://*.mpsv.cz:9000 https://*.uradprace.cz:9000 https://*.predu.sk https://*.mpsv.cz https://*.mailerlite.com; child-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://nginx-ingress-internal-ingress-nginx-controller.nginx-ingress.svc.cluster.local/cas-ing https://*.gstatic.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://c.seznam.cz/ https://googleads.g.doubleclick.net/ https://www.google.com https://www.google-analytics.com https://*.mpsv.cz:9000 https://*.uradprace.cz:9000 https://portal.gov.cz https://*.predu.sk https://*.mpsv.cz https://unpkg.com/leaflet/dist/leaflet.js https://unpkg.com/leaflet.markercluster/dist/leaflet.markercluster.js https://cdnjs.cloudflare.com/ajax/libs/proj4js/2.7.5/proj4.js https://www.clarity.ms/tag/ https://www.clarity.ms/s/ https://*.mailerlite.com https://assets.mlcdn.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://fonts.googleapis.com https://*.mpsv.cz:9000/ https://*.uradprace.cz:9000/ https://*.predu.sk https://*.mpsv.cz https://*.mailerlite.com https://assets.mlcdn.com; font-src 'self' data: https://*.mailerlite.com; frame-ancestors 'self' https://www.mpsv.cz https://www.uradprace.cz https://*.mpsv.cz; 2
frame-ancestors 'self' https://*.swansea.ac.uk https://*.swan.ac.uk https://app.myday.cloud myday://app.myday.cloud https://swanseauni.myday.cloud https://swansea-uk.libwizard.com; 2
frame-ancestors 'self' https://*.febas.de 2
base-uri 'self'; child-src * gap:; frame-src * gap:; connect-src *; default-src 'self' 'unsafe-inline' *.google-analytics.com *.hotjar.com *.googletagmanager.com *.dre.pt *.diariodarepublica.pt *.hotjar.io *.doubleclick.net *.knightlab.com *.google.com *.google.pt gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; img-src * data: blob:; script-src 'unsafe-inline' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.gstatic.com 'unsafe-inline'; frame-ancestors *.incm.pt *.dre.pt *.diariodarepublica.pt 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=B0pwy%2BA4cRk9o5Qyqw9kJrOYLIP3Bpk7q3zGS0CsjHSfM%2F0A7X47PwfCo9IO1JvtUUNgI7TUeERRdsVNz5ye8A%3D%3D; 2
default-src 'self'; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' aplo-evnt.com px.ads.linkedin.com *.google.com *.doubleclick.net; font-src 'self' *.gstatic.com data:; frame-src 'self' *.netsuite.com *.google.com *.googletagmanager.com; img-src 'self' data: px.ads.linkedin.com *.google.com.mx *.googletagmanager.com *.linkedin.com; manifest-src 'self'; media-src 'self'; form-action 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' *.apollo.io snap.licdn.com *.google.com *.googletagmanager.com *.gstatic.com *.google.com.mx data: blob: cdn.jsdelivr.net *.linkedin.com aplo-evnt.com; 2
default-src 'none';            connect-src 'self' https://8133842.fls.doubleclick.net https://dpm.demdex.net https://ingdirect.d1.sc.omtrdc.net https://*.au.ingdirect.intranet https://*.au.ing.net https://*.ingdirect.com.au https://*.biabau.ingdirect.intranet https://*.biab.au.ing.net https://ingdirectaustralia.tt.omtrdc.net http://www.ingdirect.com.au/ https://www.google.com/ccm/;           font-src 'self' data:;           frame-src 'self' 'unsafe-inline' https://8133842.fls.doubleclick.net https://www.googletagmanager.com/gtag/ https://www.youtube.com https://ad.doubleclick.net/ https://td.doubleclick.net/ https://ingbankaultd.demdex.net/ https://i.ytimg.com/ https://calculators.infochoice.com.au/ https://keyfactssheet.infochoice.com.au/ https://www.ratecity.com.au/;           img-src 'self' 'unsafe-inline' https://8133842.fls.doubleclick.net https://ad.doubleclick.net/ https://td.doubleclick.net/ https://cm.everesttech.net/ https://www.facebook.com/tr/ https://www.facebook.com/tr https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://ingdirect.d1.sc.omtrdc.net/ https://calculators.infochoice.com.au/Content/images/ https://i.ytimg.com/ https://dpm.demdex.net/ https://campaigns.ing.com.au/ data:;           manifest-src 'self';           media-src 'self';           object-src 'self';           script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtag/ https://assets.adobedtm.com https://ad.doubleclick.net/ https://td.doubleclick.net/ https://dpm.demdex.net https://ingdirectaustralia.tt.omtrdc.net/m2 https://calculators.infochoice.com.au/ https://www.ratecity.com.au/ https://connect.facebook.net/ https://campaigns.ing.com.au/;           style-src 'self' 'unsafe-inline';           worker-src 'self'  2
default-src 'self' *.joinsmarty.com *.google.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.googlesyndication.com *.stripe.com *.facebook.net *.facebook.com *.pinimg.com *.bing.com *.pinterest.com *.stripe.network *.clarity.ms cdn.ywxi.net *.gstatic.com *.trustedsite.com *.transactiongateway.com cdn.sitesasset.com smrty.s3.us-west-1.amazonaws.com smrty.s3.us-west-2.amazonaws.com smrty-qa.s3.us-west-1.amazonaws.com smrty-qa.s3.us-west-2.amazonaws.com smrty.s3-us-west-1.amazonaws.com smrty.s3-us-west-2.amazonaws.com smrty-qa.s3-us-west-1.amazonaws.com smrty-qa.s3-us-west-2.amazonaws.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.ladesk.com *.doubleclick.net *.shareasale.com *.shopify.com assets-global.website-files.com *.impact.com *.cloudfront.net *.awin.net *.awin.com *.bravodeal.com *.bravo-savings-network.com *.jquery.com *.digitaloceanspaces.com data: blob: 'unsafe-inline' 'unsafe-eval' *.amazon.com *.barcodelookup.com *.cookiepro.com *.here.com *.hereapi.com *.google.co.in *.ssl-images-amazon.com *.onetrust.com media.pepperjamnetwork.com *.sentry.io *.shipmentsfree.com *.gravitycybertech.com www.googletagmanager.com ad.doubleclick.net www.advconversion.com *.taboola.com post.adgatemedia.com bat.bing.com conversions.clickmeter.com liquidpch.go2cloud.org s.yimg.com servetrack.go2cloud.org trends.revcontent.com e9lak.endtrk.com klaymedia.servecvr.com events.pushtrack.co www.groovast.com trk.shophermedia.net go.shetrack.com amplify.outbrain.com rtb.mfadsrvr.com tracking.lifestylejournal.com www.googleadservices.com *.playgamesnow.org www.drcvr.com *.mediago.io s.pinimg.com secco.servecvr.com tracking.propelmedia.com appfocus.go2cloud.org wsdk.rokt.com r.financebuzz.com static.ads-twitter.com pubads.g.doubleclick.net pushpros.go2cloud.org *.liadm.com www.steadyhop.com securetracking.adsprotection.com www.tp88trk.com f.cstpersl.com t1.anytrack.io imtrk.go2cloud.org ad.propellerads.com www.imcounting.com serve.popads.net www.pbterra.com www.chant3rm1.com eng.trkcnv.com *.dergoodting.com *.cvrdomain.com traktum.com cdn1.decide.dev restersu.info *.zeeto.io *.pixelitooo.com *.conversionpx.com f.fluadv.com track.adspostx.com *.findshipmentsfree.com *.findsmartyplus.com *.free-shipments.com *.freeshipments.com *.freeshpmts.com *.getshipmentsfree.com *.getsmartrx.com *.getsmartyapp.com *.getsmartyoffers.com *.getsmartyplus.com *.getsmartysavings.com *.goshipmentsfree.com *.joinbeautyclub.com *.joinfansclub.com *.joinfreedelivery.com *.joinpetsclub.com *.joinsmartyplus.com *.lapost.com *.myshipmentsfree.com *.nocostshipping.com *.savewithsmarty.com *.savingsforthesavvy.com *.scour.com *.shipmentfree.com *.shipmentprotection.com *.shipmentsfreeclub.com *.shipmentsfreeinfo.com *.shipmentsfreenow.com *.shipmentsfreepro.com *.shipmentsfreezone.com *.smartyaffiliates.com *.smartycashback.com *.smartycoins.com *.smartyestsavings.com *.smartymoneysavings.com *.smartyplus.net *.smartyplusinfo.com *.smartyplusnow.com *.smartypluszone.com *.smartypremium.com *.travyclub.com *.try-smarty.com *.tryshipmentsfree.com *.trysmartyplus.com cdn.joinsmarty.com 2
default-src 'self'; default-src 'self'; script-src 'self' 'wasm-unsafe-eval' https://www.3lateral.com https://static.3lateral.com https://tracking.epicgames.com https://flackr.github.io https://static.elfsight.com https://talon-website-prod.ecosec.on.epicgames.com https://js.hcaptcha.com 'unsafe-inline'; style-src  'self' https://static.3lateral.com https://www.3lateral.com blob:https://www.3lateral.com 'unsafe-inline'; img-src    'self' https://static.3lateral.com https://tracking.epicgames.com data:; font-src   'self' https://static.3lateral.com https://fonts.gstatic.com; media-src  'self' https://static.3lateral.com; connect-src 'self' https://core.service.elfsight.com https://talon-website-prod.ecosec.on.epicgames.com https://talon-service-prod.ecosec.on.epicgames.com https://nelly-service-prod-fastly.ecosec.on.epicgames.com; object-src 'self' https://www.3lateral.com; frame-src https://newassets.hcaptcha.com 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 2
default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://js.hubspot.com https://app.hubspot.com https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hsleadflows.net https://js.usemessages.com https://snap.licdn.com https://tracking.g2crowd.com https://www.google-analytics.com https://www.googletagmanager.com https://js.hsforms.net https://www.google.com https://www.gstatic.com https://static.hsappstatic.net https://code.jquery.com https://sdk.affisemmp.com https://trk.affattr.com https://affattr.com https://affise.com; style-src 'unsafe-inline' 'report-sample' 'self' https://static.hsappstatic.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://static.hsappstatic.net https://cta-service-cms2.hubspot.com https://px.ads.linkedin.com https://api.hubapi.com https://app.hubspot.com https://cp.hubspot.com https://forms.hubspot.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://js.hs-banner.com https://cdn.linkedin.oribi.io https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://sdk.affisemmp.com https://trk.affattr.com https://affattr.com https://affise.com http://tracking.affattr.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net https://forms.hsforms.com https://app.hubspot.com https://www.google.com https://flo.uri.sh; frame-ancestors 'self'; img-src 'self' https://3426102.fs1.hubspotusercontent-na1.net https://3ma79ae7cua.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://perf-na1.hsforms.com https://static.hsappstatic.net https://track.hubspot.com https://www.linkedin.com https://www.google.com https://www.google.co.in https://forms.hsforms.com https://forms-na1.hsforms.com https://sdk.affisemmp.com https://trk.affattr.com https://affattr.com https://affise.com http://tracking.affattr.com; media-src 'self' https://3426102.fs1.hubspotusercontent-na1.net; form-action 'self' https://forms.hsforms.com https://app.hubspot.com; manifest-src 'self'; child-src 'self'; worker-src 'none';; upgrade-insecure-requests 2
default-src 'self' https://*.stan.com.au; child-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube.com.au; connect-src 'self' blob: https://*.akamaihd.net https://*.analytics.google.com https://*.braintreegateway.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.au https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://*.paypalobjects.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://ad.doubleclick.net https://ads.tiktok.com https://analytics-ipv6.tiktokw.us https://analytics.pangle-ads.com https://analytics.tiktok.com https://api.ipify.org https://app.vwo.com https://ara.paa-reporting-advertising.amazon https://bat.bing.com https://c.amazon-adsystem.com https://conversions-config.reddit.com https://evnt.byspotify.com https://google.com https://insight.adsrvr.org https://ipv4.podscribe.com https://match.adsrvr.org https://moda-cdp-message-prd-7jirubb0.uc.gateway.dev https://pagead2.googlesyndication.com https://payments.braintree-api.com https://pixel-config.reddit.com https://pixel.tapad.com https://pixels.spotify.com https://s.amazon-adsystem.com https://sink.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://verifi.podscribe.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.redditstatic.com; form-action 'self' https://*.stan.com.au https://www.facebook.com https://www.paypal.com; font-src 'self' data: https://www.stan.com.au https://fonts.gstatic.com; frame-ancestors none; frame-src 'self' https://*.amazon-adsystem.com https://*.paypal.com https://*.paypalobjects.com https://*.stripe.com https://*.visualwebsiteoptimizer.com https://4913904.fls.doubleclick.net https://app.vwo.com https://apps.rokt.com https://insight.adsrvr.org https://match.adsrvr.org https://servedby.flashtalking.com https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' blob: data: https://*.akamaihd.net https://*.analytics.google.com https://*.bing.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.au https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://*.paypalobjects.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://ad.doubleclick.net https://ade.googlesyndication.com https://ads.tiktok.com https://alb.reddit.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com https://app.vwo.com https://chart.googleapis.com https://google.com https://googletagmanager.com https://i.ytimg.com https://pagead2.googlesyndication.com https://ssl.gstatic.com https://verifi.podscribe.com https://wingify-assets.s3.amazonaws.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.paypal.com https://*.paypalobjects.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://ads.tiktok.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com https://app.vwo.com https://apps.rokt.com https://bat.bing.com https://c.amazon-adsystem.com https://cdn.pdst.fm https://connect.facebook.net https://d34r8q7sht0t9k.cloudfront.net https://googletagmanager.com https://js.adsrvr.org https://pagead2.googlesyndication.com https://pixel.byspotify.com https://redditstatic.s3.amazonaws.com https://sdk.lifesight.io https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypalobjects.com https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.test.streamco.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com; worker-src 'self' blob:; report-uri https://api.stan.com.au/features/v1/collect-csp; 2
frame-ancestors 'self' https://*.aliyun.com https://dev.aliyun.com:8000; 2
default-src 'self' 'unsafe-inline' blob:; font-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.visualwebsiteoptimizer.com *.vwo.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.googletagmanager.com *.vwo.com *.visualwebsiteoptimizer.com *.google.com; frame-ancestors 'self' *.pennymac.com *.adobe.com *.google.com *.googletagmanager.com *.vwo.com *.visualwebsiteoptimizer.com; frame-src 'self' *.pennymac.com *.youtube.com *.instagram.com *.vimeo.com *.youtube-nocookie.com *.googletagmanager.com *.doubleclick.net *.adsrvr.org *.google.com *.leadid.com *.cloudfront.net *.vwo.com *.visualwebsiteoptimizer.com app.vwo.com; connect-src 'self' *.reddit.com *.onetrust.com *.google.com *.play.google.com *.googleapis.com *.bing.com *.nr-data.net *.cookielaw.org *.reson8.com *.visualwebsiteoptimizer.com *.pennymac.com *.tealiumapis.com *.doubleclick.net *.tealiumiq.com *.yimg.com *.linkedin.com *.adsrvr.org *.leadid.com *.googleadservices.com *.googletagmanager.com *.facebook.com *.facebook.net *.exacttarget.com *.yahoo.com *.trcknow.com *.vwo.com app.vwo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com *.redditstatic.com *.googletagmanager.com *.pennymac.com *.vwo.com *.visualwebsiteoptimizer.com *.google.com *.googleapis.com; script-src-elem 'self' 'unsafe-inline' *.instagram.com *.redditstatic.com *.tailwindcss.com *.gstatic.com *.googletagmanager.com *.visualwebsiteoptimizer.com *.newrelic.com *.lidstatic.com *.vimeo.com *.google.com *.googleapis.com *.cookielaw.org *.youtube.com *.tiqcdn.com *.facebook.com *.facebook.net *.bing.com *.licdn.com *.yimg.com *.adsrvr.org *.tealiumiq.com *.resonate.com *.doubleclick.net *.nr-data.net *.vwo.com *.exacttarget.com *.trcknow.com *.pennymac.com; img-src 'self' data: *.townsgateservicing.com *.reddit.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.visualwebsiteoptimizer.com *.vimeocdn.com *.adsvr.org *.google.com *.yahoo.com *.linkedin.com *.bing.com *.facebook.com *.facebook.net *.cloudinary.com *.cookielaw.org *.pennymac.com *.googleadservices.com *.resonate.com *.doubleclick.net *.reson8.com *.yimg.com *.leadid.com *.exacttarget.com *.trcknow.com *.vwo.com *.vwo.io app.vwo.com; worker-src 'self' blob:; 2
frame-ancestors 'self' https://microapps.google.com/ 2
frame-ancestors 'self' https://app.contentful.com https://courses.td.org; 2
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.jp flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.eu flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.kr flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.grabaseat.co.nz govtbookings.airnewzealand.co.nz txn.apac.paywithpoli.com online.asb.co.nz bank.westpac.co.nz checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com test.adyen.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.airnewzealand.co.nz musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com www.newzealand.com *.demdex.net www.everestjs.net oc-cdn-public-oce.azureedge.net https://unpkg.com/acs_webchat-chat-adapter@0.0.35-beta.20/dist/chat-adapter.js www.googleadservices.com www.google.com www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com www.google-analytics.com analytics.google.com tagmanager.google.com *.doubleclick.net static.hotjar.com script.hotjar.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au cdn-au.onetrust.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com upgrade.plusgrade.com s.swiftypecdn.com s.wayin.com xd.wayin.com x.wayin.com eu-x.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com yourir.info www.youtube.com s.ytimg.com; style-src 'unsafe-inline' p-airnz.com 'self' oc-cdn-public-oce.azureedge.net fonts.googleapis.com tagmanager.google.com static.hotjar.com script.hotjar.com upgrade-cdn-prd.plusgrade.com upgrade-prod-cdn.plusgrade.com s.swiftypecdn.com yourir.info; img-src https: data: blob: ad.doubleclick.net ade.googlesyndication.com adservice.google.com www.googletagmanager.com www.google.com static.hotjar.com script.hotjar.com *.kampyle.com i.ytimg.com; font-src p-airnz.com 'self' *.cdn.office.net fonts.googleapis.com fonts.gstatic.com script.hotjar.com data: dhm5hy2vn8l0l.cloudfront.net; media-src 'self' p-airnz.com data:; frame-src 'self' txn.apac.paywithpoli.com online.asb.co.nz bank.westpac.co.nz sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com test.adyen.com airnz-cargo.chooose.today airnz-corporate.chooose.today emissions-platform.airnewzealand.co.nz airpointscalculator.co.nz *.airnewzealand.co.nz hotels.airnewzealand.co.nz *.demdex.net www.everestjs.net pixel.everesttech.net au-connect.authsignal.com auth.identity.airnewzealand.com identity.airnewzealand.com oc-cdn-public-oce.azureedge.net blob: comms.omnichannelengagementhub.com customervoice.microsoft.com www.googletagmanager.com td.doubleclick.net *.google.com *.doubleclick.net vars.hotjar.com nebula-cdn.kampyle.com *.cdn-pci.optimizely.com nz.fltmaps.com xd.wayin.com x.wayin.com eu-x.wayin.com display.engagesciences.com airnz.wufoo.com www.youtube.com; worker-src blob:; connect-src 'self' api.airnz.io api.airnz.ai p-airnz.com sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com muscula.herokuapp.com tourismnz.sc.omtrdc.net *.demdex.net *.tt.omtrdc.net identity.airnewzealand.com unq0355446423e84eb397bc71189d78d-crm6.omnichannelengagementhub.com browser.pipe.aria.microsoft.com *.omnichannelengagementhub.com *.au.omnichannelengagementhub.com https://*.trouter.skype.com wss://*.trouter.skype.com edge.skype.com *.communication.azure.com ocsdk-prod.azureedge.net blob: pagead2.googlesyndication.com www.googleadservices.com www.google.com google.com ad.doubleclick.net *.googleapis.com *.google.com *.gstatic.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://widget.timatic.iata.org/api/ md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au cdn-au.onetrust.com geolocation.onetrust.com privacyportal-au.onetrust.com *.optimizely.com https://*.sentry.io s.swiftypecdn.com search-api.swiftype.com yourir.info; object-src 'none'; frame-ancestors 'self' www.airnewzealand.com.au www.airnewzealand.com www.airnewzealand.ca www.airnewzealand.co.uk www.airnewzealand.eu www.airnewzealand.co.jp www.airnewzealand.jp www.airnewzealand.com.sg www.airnewzealand.pf www.airnewzealand.cn www.airnewzealand.com.cn www.airnewzealand.hk www.airnewzealand.com.hk www.airnewzealand.tw www.airnewzealand.com.tw www.airnewzealand.co.kr www.airnewzealand.kr www.grabaseat.co.nz flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.jp flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.co.nz govtbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.eu flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.kr flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.grabaseat.co.nz; report-uri /csp-report 2
base-uri 'self'; style-src 'self' 'unsafe-inline' https: https://fast.wistia.com blob:; default-src 'self' data: https: https://*.wistia.com https://*.wistia.net https://*.clarity.ms https://c.bing.com; script-src 'self' 'unsafe-inline' https://www.redditstatic.com https://cdn.jsdelivr.net https://*.pardot.com https://*.wpmucdn.com https://tracking-api.g2.com https://www.youtube.com https://s.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com https://px.ads.linkedin.com https://dc.ads.linkedin.com https://snap.licdn.com https://platform.twitter.com https://analytics.twitter.com https://t.co https://cdn.cookielaw.org https://utt.impactcdn.com https://www.redditstatic.com https://vyond.widget.insent.ai https://think.vyond.com https://js.partnerstack.com https://cdn.amplitude.com https://bat.bing.com https://*.vyond.com https://*.g2.com https://*.6sc.co https://j.6sc.co https://www.y.ms https://*.wistia.net https://*.wistia.com https://src.litix.io https://*.sentry-cdn.com https://*.clarity.ms https://c.bing.com; connect-src 'self' wss: https: https://alb.reddit.com https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net https://*.clarity.ms https://c.bing.com https://*.g2.com; font-src 'self' data: https: https://*.wistia.com; frame-src 'self' https: https://fast.wistia.net https://fast.wistia.com https://www.youtube.com https://youtube.com https://www.facebook.com https://platform.twitter.com https://vars.hotjar.com https://script.hotjar.com https://consent.trustarc.com https://bat.bing.com https://www.clarity.ms; img-src http: https: data: https://alb.reddit.com https://www.reddit.com https://*.wistia.com https://*.wistia.net https://*.clarity.ms https://c.bing.com https://*.g2.com; manifest-src 'self'; media-src 'self' data: blob: https: https://*.wistia.com https://*.wistia.net https://www.youtube.com *; worker-src 'self' blob:; child-src 'self' blob:; object-src 'self' https://*.wistia.com https://*.wistia.net; 2
default-src 'self' blob:; img-src 'self' *.ecpay.com.tw *.boxcdn.net *.maropost.com *.amazonaws.com *.adyen.com *.cloudfront.net *.userlike.com flp-service.zendesk.com static.zdassets.com consent.cookiefirst.com *.ytimg.com *.livehelpnow.net *.pcdn.co *.sharethis.com  *.contentsquare.net *.content-square.fr *.contentsquare.com *.googleapis.com *.s3.us-east-1.amazonaws.com *.s3.us-east-2.amazonaws.com  *.gstatic.com *.clicktale.net pixy.org *.chargebee.com *.nextsphere.com *.ppipe.net *.myecheck.com *.oppwa.com  *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com  stats.g.doubleclick.net *.google.com www.google.com.sg data:  www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com x1.xingassets.com  blob:  oppwa.com *.google-analytics.com s3-us-west-2.amazonaws.com *.facebook.com *.googletagmanager.com  *.boxcloud.com app.tlinky.com *.fedex.com tile.openstreetmap.org *.basemaps.cartocdn.com *.google.co.uk sp.tinymce.com *.r2.dev *.tinymce.com *.google.ie ecpg-stage.ecpay.com.tw widgets.trustedshops.com *.google.com.mm; script-src 'self' *.forever-giving.org *.cdn-apple.com *.ecpay.com.tw *.userlike.com *.cdn01.boxcdn.net api.smooch.io *.adyen.com *.nexiopay.com *.cdn.jsdelivr.net *.jsdelivr.net *.amazonaws.com *.worldpay.com *.cloudfront.net *.mgipayments.com *.boxcdn.net *.boxcloud.com *.box.com *.s3-eu-west-1.amazonaws.com *.payvision.com *.siteprerender.com siteprerender.com *.google.com *.mgr.consensu.org *.livehelpnow.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com walls.io  *.facebook.net *.cdn-javascript.net cdn-javascript.net x-apple-ql-id *.static-resource.com static-resource.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.clicksapp.net clicksapp.net *.s3.us-east-1.amazonaws.com *.clicktale.net *.chargebee.com *.authorize.net *.ppipe.net www.youtube.com *.oppwa.com  *.s3-us-west-2.amazonaws.com *.myecheck.com *.googleapis.com *.flptitan.com foreverliving.com *.foreverliving.com *.flpi.com *.cloudflare.com *.bootstrapcdn.com  *.s3.amazonaws.com  *.dropbox.com *.nextsphere.com  www.googletagmanager.com *.google-analytics.com blob: *.gstatic.com test.acaptureservices.com   *.clicksafe.lloydstsb.com oppwa.com acaptureservices.com  consent.cookiefirst.com   dl.dropboxusercontent.com graph.microsoft.com static.zdassets.com js.live.net cdn.tiny.cloud *.paypal.com *.b-cdn.net ecpg-stage.ecpay.com.tw js.hs-scripts.com  clickapp.net *.nexiopaysandbox.com *.tiny.cloud *.paypalobjects.com app.tlinky.com *.r2.dev widgets.trustedshops.com  flp-service.zendesk.com applepay.cdn-apple.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ecpay.com.tw  *.livehelpnow.net *.adyen.com *.cookiefirst.com *.clicktale.net *.chargebee.com *.cdn.jsdelivr.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.google-analytics.com *.nextsphere.com x-apple-ql-id *.s3-us-west-2.amazonaws.com *.ppipe.net *.typekit.net *.oppwa.com *.myecheck.com sp.tinymce.com *.tinymce.com cdn.tiny.cloud *.tiny.cloud *.acaptureservices.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com *.google.com fonts.googleapis.com cdnjs.cloudflare.com ecpg-stage.ecpay.com.tw oppwa.com *.s3.amazonaws.com maxcdn.bootstrapcdn.com *.r2.dev  app.tlinky.com *.nexiopaysandbox.com *.nexiopay.com  *.boxcdn.net googletagmanager.com cdn.honey.io 'unsafe-inline'; font-src 'self' applepay.cdn-apple.com *.cdn-apple.com *.ecpay.com.tw *.boxcdn.net *.cdn01.boxcdn.net *.nexiopay.com *.box.com *.cdn.jsdelivr.net *.cloudfront.net *.livehelpnow.net *.clicktale.net *.chargebee.com *.nextsphere.com *.ppipe.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.typekit.net *.myecheck.com  flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.bootstrapcdn.com *.oppwa.com *.flptitanqa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com ecpg-stage.ecpay.com.tw data: cdnjs.cloudflare.com fonts.gstatic.com *.b-cdn.net *.s3.amazonaws.com oppwa.com 'unsafe-inline'; connect-src 'self' applepay.cdn-apple.com *.cdn-apple.com wss://umd.userlike.com wss://chat.userlike.com *.nexiopay.com *.s3.us-east-2.amazonaws.com v2.zopim.com ekr. flp-service.zendesk.com *.1drv.com *.cloudfront.net *.cookiefirst.com *.adyen.com *.userlike.com *.box.com *.boxcloud.com api.ipify.org *.livehelpnow.net *.consensu.org *.vimeocdn.com cdn.tiny.cloud *.tiny.cloud *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com *.googleapis.com www.google.com.sg stats.g.doubleclick.net www.facebook.com *.s3.us-west-2.amazonaws.com *.socialsales.io *.clicktale.net sp.tinymce.com *.tinymce.com *.nextsphere.com  *.ppipe.net vimeo.com *.authorize.net  *.myecheck.com *.oppwa.com *.flpi.com   s3-us-west-2.amazonaws.com *.s3.amazonaws.com *.acaptureservices.com *.s3-us-west-2.amazonaws.com *.chargebee.com *.google.com oppwa.com *.mgipayments.com *.google-analytics.com www.googletagmanager.com graph.microsoft.com google.com *.worldpay.com *.zdassets.com *.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com  dl.dropboxusercontent.com *.google.co.in youtube.com  *.boxcdn.net *.youtube.com wss://api.smooch.io *.s3-eu-west-1.amazonaws.com js.live.net  connect.facebook.net js.hs-scripts.com *.gstatic.com  clickapp.net cdn.jsdelivr.net static-resource.com cdn-javascript.net  *.nexiopaysandbox.com  *.flptitan.com ecpg-stage.ecpay.com.tw tile.openstreetmap.org *.basemaps.cartocdn.com flptitan.com *.r2.dev  foreverliving.com app.tlinky.com *.fbo.flptitan.com *.foreverliving.com *.fbo.foreverliving.com  www.dropbox.com *.ecpay.com.tw  zendesk-eu.my.sentry.io data: blob:; media-src 'self' *.forever-giving.org *.boxcdn.net *.amazonaws.com *.userlike.com *.flptitan.com app.tlinky.com *.cloudfront.net *.youtube.com *.youtu.be *.foreverliving.com *.s3-us-west-2.amazonaws.com *.s3.us-west-2.amazonaws.com  blob:; frame-src 'self' *.forever-giving.org forever-giving.org applepay.cdn-apple.com *.cdn-apple.com *.datatrans.com *.mfgroup.ch *.nexiopay.com *.ngenius-payments.com *.boxcdn.net  *.flpqa.com *.userlike.com *.adyen.com *.amazonaws.com *.cloudfront.net *.facebook.com *.mgipayments.com *.livehelpnow.net *.sandbox.ngenius-payments.com *.acehubpaymentservices.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com *.mgr.consensu.org  walls.io *.chargebee.com x-apple-ql-id *.youtube.com *.ppipe.net *.socialsales.io socialsales.io *.worldpay.com *.nextsphere.com  vimeo.com *.oppwa.com *.myecheck.com *.acaptureservices.com *.flptitan.com *.foreverliving.com *.clicksafe.lloydstsb.com foreverliving.com flptitan.com *.boxcloud.com *.flpi.com *.google.com *.vimeo.com oppwa.com  dl.dropboxusercontent.com graph.microsoft.com  acs-public.tp.mastercard.com content.googleapis.com *.nexiopaysandbox.com app.tlinky.com *.r2.dev youtu.be youtube.com www.googletagmanager.com *.cardinalcommerce.com; frame-ancestors 'self' *.socialsales.io socialsales.io *.nexiopay.com foreverliving.com *.foreverliving.com *.flptitan.com flptitan.com *.contentsquare.net *.flptitan.com:8080 *.content-square.fr *.contentsquare.com *.chargebee.com  youtu.be app.tlinky.com flpqa.com flp.com flp360.social *.flpqa.com *.nexiopaysandbox.com *.boxcdn.net *.flp.com *.flp360.social vimeo.com *.vimeo.com *.youtube.com youtube.com *.worldpay.com 2
connect-src https://*.adtrafficquality.google https://www.adtrafficquality.google https://*.googlesyndication.com https://googlesyndication.com https://*.hotjar.io 'self' webpack: https://*.google.com https://region1.google-analytics.com https://www.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://*.clarity.ms https://*.cookiebot.com https://*.linkedin.com https://*.doubleclick.net https://*.facebook.com https://*.riba.org;frame-src https://*.adtrafficquality.google https://www.googleadservices.com/ https://*.doubleclick.net/ https://*.googlesyndication.com https://*.adtrafficquality.google/ https://www.ribacpd.com/ 'self' https://www.googletagmanager.com https://www.youtube.com https://consentcdn.cookiebot.com https://*.vimeo.com https://*.powerbi.com https://*.soundcloud.com https://*.canva.com https://*.wufoo.eu https://*.wufoo.com https://*.google.co.uk https://*.google.com https://*.office.com https://*.riba.org https://*.castr.com https://*.heyzine.com https://heyzine.com;img-src https://*.doubleclick.net https://*.googlesyndication.com https://www.google.com https://*.google.com https://*.adtrafficquality.google 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://*.cookiebot.com https://*.ytimg.com https://*.linkedin.com https://*.facebook.com https://*.clarity.ms https://*.bing.com https://connect.facebook.net https://www.google.md https://www.google.co.uk https://darkroom.ribaj.com https://*.t.co https://*.twitter.com https://t.co;media-src https://*.doubleclick.net https://*.googlesyndication.com https://www.google.com https://*.google.com https://*.adtrafficquality.google 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://*.cookiebot.com https://*.ytimg.com https://*.linkedin.com https://*.facebook.com https://*.clarity.ms https://*.bing.com https://connect.facebook.net https://www.google.md https://www.google.co.uk https://darkroom.ribaj.com https://*.t.co https://*.twitter.com https://t.co;script-src https://*.googlesyndication.com https://www.googlesyndication.com https://*.adtrafficquality.google https://securepubads.g.doubleclick.net/tag/js/gpt.js https://*.doubleclick.net https://*.vimeo.com https://*.getsitecontrol.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://www.googletagmanager.com https://*.cookiebot.com https://*.clarity.ms https://www.youtube.com https://www.google-analytics.com https://static.ads-twitter.com https://snap.licdn.com https://connect.facebook.net https://*.adform.net https://*.oastify.com;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; frame-ancestors 'self'; object-src 'none'; base-uri 'self' 2
default-src 'self'; base-uri 'self'; frame-ancestors 'self' https://www.zerobounce.net https://impact.com https://*.impact.com; form-action 'self' https://forms.hsforms.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://try.abtasty.com *.abtasty.com https://www.zerobounce.net https://ingest.promptwatch.com https://extension-api.zerobounce.net https://gtm.zerobounce.net https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.net https://bat.bing.com https://static.hsappstatic.net https://accounts.google.com https://apis.google.com https://www.google.com https://www.gstatic.com https://cdn.lgrckt-in.com https://global.oktacdn.com https://static.zdassets.com https://js.hs-scripts.com https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js-na1.hscollectedforms.net https://*.clarity.ms https://www.youtube.com https://hcaptcha.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://try.abtasty.com https://*.abtasty.com https://gtm.zerobounce.net https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.net https://bat.bing.com https://static.hsappstatic.net https://accounts.google.com https://apis.google.com https://www.google.com https://www.gstatic.com https://ingest.promptwatch.com https://cdn.lgrckt-in.com https://global.oktacdn.com https://static.zdassets.com https://js.hs-scripts.com http://js.hs-scripts.com https://js-na1.hs-scripts.com http://js-na1.hs-scripts.com https://js.hscollectedforms.net http://js.hscollectedforms.net https://js-na1.hscollectedforms.net http://js-na1.hscollectedforms.net https://*.clarity.ms https://scripts.clarity.ms https://js.usemessages.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hsforms.net http://js.hsforms.net https://snap.licdn.com https://www.zerobounce.net https://zerobounce.net https://web-vitals-script.leaderint.workers.dev https://test-next-worker.zerobounce.net https://next-worker.zerobounce.net https://next-worker.zerobounce.xyz https://*.zerobounce.net https://*.zerobounce.xyz; connect-src 'self' https://raw.githubusercontent.com/zerobounce/ *.abtasty.com https://*.mixpanel.com https://api.mixpanel.com https://members-api.zerobounce.xyz https://global.oktacdn.com https://okta.zerobounce.net https://okta.zerobounce.xyz https://www.googleadservices.com https://static.hsappstatic.net https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://modules.zerobounce.net https://test-modules.zerobounce.net https://members-api.zerobounce.net https://test-members-api.zerobounce.net https://test-members-api.zerobounce.net/api/promotions/validate/zbone/ https://*.clarity.ms https://ingest.promptwatch.com https://bat.bing.net https://bat.bing.com https://www.zerobounce.net https://zerobounce.net https://extension-api.zerobounce.net https://apiassistant.zerobounce.net https://www.zerobounce.net/blog https://ekr.zdassets.com https://stats.g.doubleclick.net https://stats.gdoubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://www.zbapis.net https://zerobounce.zendesk.com https://*.hubspot.com https://api.hubapi.com wss://widget-mediator.zopim.com https://accounts.google.com https://oauth2.googleapis.com https://gtm.zerobounce.net https://www.googletagmanager.com https://www.google.com https://r.lgrckt-in.com https://px.ads.linkedin.com https://rum-collector.leaderint.workers.dev; style-src 'self' 'unsafe-inline' *.abtasty.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://cdn.jsdelivr.net https://gc.kis.v2.scr.kaspersky-labs.com https://decision.etc4.com https://js-c.etc4.com https://accounts.google.com https://common-fonts.abtasty.com https://editor.abtasty.com https://teddytor.abtasty.com https://test-next-worker.zerobounce.net https://next-worker.zerobounce.net https://next-worker.zerobounce.xyz https://*.zerobounce.net https://*.zerobounce.xyz; img-src 'self' data: *.abtasty.com https://zerobounce.net https://v2assets.zopim.io https://bat.bing.net https://bat.bing.com https://www.facebook.com https://www.google-analytics.com https://www.googleadservices.com https://*.google.com https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.com.ar https://*.google.com.au https://*.google.at https://*.google.be https://*.google.com.bd https://*.google.bg https://*.google.com.bh https://*.google.com.bo https://*.google.com.br https://*.google.ca https://*.google.cl https://*.google.cn https://*.google.com.co https://*.google.co.in https://*.google.co.id https://*.google.co.jp https://*.google.co.kr https://*.google.com.mx https://*.google.co.nz https://*.google.com.ph https://*.google.pl https://*.google.ru https://*.google.com.sa https://*.google.com.sg https://*.google.co.th https://*.google.co.uk https://*.google.com.vn https://*.google.co.za https://*.google.ro https://www.googletagmanager.com https://googleads.g.doubleclick.net https://editor-assets.abtasty.com https: https://*.gravatar.com; font-src 'self' data: *.abtasty.com https://fonts.gstatic.com https://use.typekit.net https://common-fonts.abtasty.com https://teddytor.abtasty.com https://www.cdn-tinkoff.ru https://cdn.scite.ai https://account.affilitizer.com chrome-extension: moz-extension:; worker-src 'self' blob:; frame-src 'self' *.abtasty.com https://accounts.google.com https://bat.bing.net https://bat.bing.com https://app.hubspot.com https://gtm.zerobounce.net https://www.googletagmanager.com https://meetings.hubspot.com https://*.hubspot.com https://*.googletagmanager.com https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.youtube.com https://competitivecomparisons.capterra.com https://competitivecomparisons.getapp.com https://competitivecomparisons.softwareadvice.com https://www.trustpilot.com https://widget.trustpilot.com https://registration.events.ringcentral.com/ https://streamyard.com https://app.livestorm.co https://i.zerobounce.net https://datainsights-cdn.dm.aws.gartner.com https://feedback-pa.clients6.google.com https://forms.hsforms.com; report-uri https://zero.report-uri.com/r/t/csp/enforce; report-to default; 2
frame-ancestors https://engage.bruker.com https://tongji.baidu.com 'self'; object-src 'none'; 2
frame-ancestors 'self' https://hullfilm360.com; 2
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:;; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 2
frame-ancestors 'self' https://thesource.amcnetworks.com https://www.amcnetworks.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: * ; frame-ancestors 'self'; form-action 'self' https://*.facebook.com https://*.azureedge.net https://*.dynamics.com; 2
frame-ancestors 'self' https://www.99.co; 2
frame-ancestors 'self' https://cms.aws.newsmatics.com 2
default-src 'self' data: assets.azblue.com *.assets.azblue.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com edge.sitecorecloud.io *.edge.sitecorecloud.io *.siteimproveanalytics.io siteimproveanalytics.io google.com *.google.com *.youtube.com youtube.com *.vimeo.com vimeo.com *.ytimg.com *.vimeocdn.com gateway.id.swg.umbrella.com *.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.facebook.com *.my.salesforce-sites.com *.screenmeet.com *.ceros.com ceros.com *.ceros.site ceros.site *.amazonaws.com amazonaws.com azblue.my.site.com *.azblue.my.site.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com *.googletagmanager.com googletagmanager.com healthchoiceaz.com *.healthchoiceaz.com fonts.googleapis.com fonts.gstatic.com *.formstack.com formstack.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimproveanalytics.com siteimproveanalytics.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com *.formstack.com formstack.com *.google-analytics.com google-analytics.com googletagmanager.com *.googletagmanager.com ajax.googleapis.com http://ajax.googleapis.com *.ajax.googleapis.com *.google.com google.com vercel.live *.vercel.live gateway.id.swg.umbrella.com tockify.com *.tockify.com client.formularynavigator.com *.client.formularynavigator.com netreturns.biz *.netreturns.biz player.vimeo.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com static.cloudflareinsights.com connect.facebook.net *.dynatrace.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com *.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.cdnjs.cloudflare.com *.ceros.com ceros.com *.ceros.site ceros.site azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com youtube.com *.youtube.com googleads.g.doubleclick.net *.googleads.g.doubleclick.net azblue.my.site.com *.azblue.my.site.com healthchoiceaz.com *.healthchoiceaz.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fonts.googleapis.com *.formstack.com formstack.com *.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com *.ceros.com ceros.com *.ceros.site ceros.site azblue.my.site.com *.azblue.my.site.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com healthchoiceaz.com *.healthchoiceaz.com; connect-src 'self' assets.azblue.com *.assets.azblue.com edge.sitecorecloud.io *.edge.sitecorecloud.io *.google-analytics.com google-analytics.com *.doubleclick.net doubleclick.net *.siteimproveanalytics.io siteimproveanalytics.io *.cloudflare.com cloudflare.com *.coveo.com coveo.com analytics.google.com siteintercept.qualtrics.com vitals.vercel-insights.com gateway.id.swg.umbrella.com *.dynatrace.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com bcbsarizona.formstack.com *.ceros.com ceros.com *.ceros.site ceros.site vimeo.com *.vimeo youtube.com *.youtube.com *.sandbox.my.site.com *.sandbox.my.salesforce-scrt.com *.google.com google.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com; media-src 'self' assets.azblue.com *.assets.azblue.com *.youtube.com youtube.com *.vimeo.com vimeo.com *.ceros.com ceros.com *.ceros.site ceros.site http://commondatastorage.googleapis.com commondatastorage.googleapis.com *.commondatastorage.googleapis.com; frame-src 'self' *.doubleclick.net *.google.com *.googletagmanager.com tockify.com *.tockify.com client.formularynavigator.com *.client.formularynavigator.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com *.youtube.com youtube.com *.vimeo.com vimeo.com azblue.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.facebook.com *.ceros.com ceros.com *.ceros.site ceros.site vercel.live azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com azblue.my.site.com *.azblue.my.site.com healthchoiceaz.com *.healthchoiceaz.com 2
frame-ancestors 'self' https://*.autoalert.com https://service.force.com https://whatfix.com https://cdn.whatfix.com https://addons.whatfix.com https://events.whatfix.com https://videos.whatfix.com 2
img-src 'self' data: *.cookielaw.org *.6sc.co *.google.com *.linkedin.com *.reddit.com *.hubspot.com *.facebook.com *.sanity.io *.fontawesome.com *.hsforms.com *.wistia.com *.mutinyhq.io https://*.mutinycdn.com https://*.doubleclick.net https://*.googletagmanager.com https://c.clarity.ms https://*.bing.com https://*.greencolumnhealth.com https://*.getdbt.com https://impartner.blob.core.windows.net; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://*.googleapis.com https://packages.prmcdn.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.hs-scripts.com js.hsforms.net *.6sc.co *.mutinyhq.io https://*.mutinycdn.com blob: https:; object-src 'none'; base-uri 'self'; form-action 'self' https://*.hsforms.com https://cloud.getdbt.com https://*.cloud.getdbt.com https://*.dbt.com https://www.facebook.com; frame-ancestors 'self' https://*.youtube.com https://*.wistia.com https://app.mutinyhq.com *.getdbt.com *.vercel.app http://localhost:3000 http://localhost:3333; 2
default-src 'self' blob:; script-src  'self' 'unsafe-inline' 'unsafe-eval' www.googleoptimize.com www.google-analytics.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com mimo84.github.io bpaid.unfyd.com bpost2.unfyd.com www.google.com www.gstatic.com cdn.rawgit.com *.googletagmanager.com optanon.blob.core.windows.net cdn.cookielaw.org code.jquery.com ajax.googleapis.com w.usabilla.com www.bpost2.be http://bpost2.be maps.googleapis.com connect.facebook.net s.pinimg.com img.en25.com api.usabilla.com d6tizftlrpuof.cloudfront.net bpost.wikafi.be bat.bing.com geolocation.onetrust.com static.addtoany.com *.licdn.com *.linkedin.com hello.bpost.be static.zdassets.com unpkg.com mktdplp102cdn.azureedge.net oc-cdn-public-eur.azureedge.net msft-lcw-trial.azureedge.net *.urlgeni.us *.clarity.ms *.google.com cxppeur1rdrect01sa02cdn.blob.core.windows.net 2uqtsoukg0.kameleoon.io *.kameleoon.io *.kameleoon.eu *.kameleoon.com www.recaptcha.net https://googleads.g.doubleclick.net https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/eur/FormCapture/FormCapture.bundle.js https://gateway.zscalerthree.net/ *.dante-ai.com; object-src 'self' bpaid.unfyd.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com mimo84.github.io fonts.googleapis.com bpaid.unfyd.com bpost2.unfyd.com bpost2.unfyd.com www.google.com optanon.blob.core.windows.net www.bpost2.be bpost2.be cdn.cookielaw.org d6tizftlrpuof.cloudfront.net bpost.wikafi.be bat.bing.com static.addtoany.com oc-cdn-public-eur.azureedge.net msft-lcw-trial.azureedge.net 'self' 'unsafe-inline' *.googletagmanager.com https://unpkg.com; img-src 'self' www.google-analytics.com cdnjs.cloudflare.com *.googletagmanager.com www.w3.org bpaid.unfyd.com bpost2.unfyd.com www.bpost.be faq.bpost.cloud www.google.com cdn.rawgit.com raw.githubusercontent.com ssl.gstatic.com www.gstatic.com lh3.googleusercontent.com www.bpost2.be bpost2.be fonts.gstatic.com d6tizftlrpuof.cloudfront.net ct.pinterest.com www.facebook.com www.google.be cdn.cookielaw.org w.usabilla.com hello.bpost.be www.w3.org cdn.cookielaw.org maps.gstatic.com maps.googleapis.com data: d6tizftlrpuof.cloudfront.net www.facebook.com hello.bpost.be bpost.wikafi.be bat.bing.com *.linkedin.com static.addtoany.com bgt.bpost.be 538835779d824008aefa55a061aa72cc.svc.dynamics.com svc.dynamics.com dynamics.com dynamics.com/t/v/ 538835779d824008aefa55a061aa72cc.svc.dynamics.com/t/v/ oc-cdn-public-eur.azureedge.net msft-lcw-trial.azureedge.net *.clarity.ms *.google.com *.gstatic.com https://c.bing.com https://www.google.co.in *.kameleoon.io; frame-src 'self' bpaid.unfyd.com www.google.com www.bpost2.be pass.bpost.be preprints.taxipost.net maf.taxipost.net www.youtube.com youtube.com www.bpost.be campaigns.bpost2.be www.facebook.com bpost2.be d6tizftlrpuof.cloudfront.net http://www.bpost.be www.facebook.com bpost.wikafi.be d30o8tpw3q5jvi.cloudfront.net dmc.bpost.cloud news.bpost.be player.vimeo.com static.addtoany.com 11319605.fls.doubleclick.net oc-cdn-public-eur.azureedge.net msft-lcw-trial.azureedge.net *.dynamics.com *.surveysparrow.com youtu.be *.usabilla.com *.googletagmanager.com syndicatedsearch.goog bpostresearch.chkmkt.com www.recaptcha.net https://gateway.zscalerthree.net/ *.dante-ai.com; frame-ancestors 'self' http://oas-pr.netpost; child-src 'self' blob:; font-src 'self' fonts.gstatic.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com bpaid.unfyd.com bpost2.unfyd.com maxcdn.bootstrapcdn.com www.bpost2.be bpost2.be bpost.wikafi.be; connect-src 'self' www.google-analytics.com s1833705806.t.eloqua.com chatbot.bpost.be bpaid.unfyd.com bpost2.unfyd.com cdn.cookielaw.org ct.pinterest.com stats.g.doubleclick.net api.usabilla.com cdn.cookielaw.org stats.g.doubleclick.net bpost.wikafi.be privacyportal-de.onetrust.com ekr.zdassets.com elkezaakonline.zendesk.com static.addtoany.com stats.addtoany.com geolocation.onetrust.com *.google-analytics.com api.gcm-pr.bpost.cloud maps.googleapis.com www.google-analytics.com region1.analytics.google.com analytics.google.com *.dynamics.com *.screeb.app *.surveysparrow.com https://prod-162.westeurope.logic.azure.com https://urlgeni.us https://mdy.api.bpost.be youtube.com www.google.com *.clarity.ms nominatim.openstreetmap.org mobile.events.data.microsoft.com eu-data.kameleoon.io *.kameleoon.io *.kameleoon.eu *.kameleoon.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://unpkg.com https://googleads.g.doubleclick.net www.recaptcha.net https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/eur/FormCapture/FormCapture.bundle.js.map https://eu-mobile.events.data.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self' https://*.quikr.com; frame-src 'self' https://*.doubleclick.net https://www.googletagmanager.com https://*.adtrafficquality.google https://*.safeframe.googlesyndication.com https://*.google.com https://www.youtube.com https://*.facebook.com https://www.googleadservices.com https://api.juspay.in https://sender.cleverwebserver.com https://*.clvrads.com https://console.googletagservices.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.migros.com.tr exchange.mediavine.com e1.emxdgt.com *.analytics.yahoo.com sync.outbrain.com trends.revcontent.com match.sharethrough.com criteo-partners.tremorhub.com trends.revcontent.com tazedirekt.webinstats.com macro.webinstats.com *.facebook.com maps.googleapis.com https://*.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.googlesyndication.com https://*.googletagservices.com https://www.google-analytics.com www.googletagmanager.com https://tagmanager.google.com https://googletagmanager.com *.googleapis.com *.googleadservices.com https://*.masterpassturkiye.com https://api-dev.moneypay.com.tr https://challenges.cloudflare.com app.vwo.com *.visualwebsiteoptimizer.com https://js.go2sdk.com https://cdn.adjust.com https://sdk.adjust.com https://live.maytap.me https://creativecdn.com https://*.cloudfront.net https://tags.bkrtx.com https://static.criteo.net https://connect.facebook.net https://cdn.yapaytech.com https://cdnjs.cloudflare.com https://*.criteo.com *.doubleclick.net affiliate.migros.com.tr *.bluekai.com *.mncdn.com *.adform.net *.storyly.io cdn.jsdelivr.net https://digiavantaj.cake.aclz.net *.efilli.com https://analytics.tiktok.com *.cloudflareinsights.com https://browser-intake-datadoghq.eu https://assets.migrosone.com https://*.adtrafficquality.google https://media.flixcar.com/ https://cdn.mlink.com.tr https://analytics.pangle-ads.com ; connect-src 'self' analytics.google.com macro.webinstats.com tazedirekt.webinstats.com *.gstatic.com logs.browser-intake-datadoghq.eu *.adjust.com app.adjust.net.in app.adjust.world *.dahi.ai *.adrttt.com https://*.migrosone.com *.facebook.com www.google.com www.google.com.tr magaza-iphone.migros.com.tr *.rubiconproject.com *.m1grocery.com https://*.mlink.com.tr https://img.youtube.com https://documents.colendilabs.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://*.googlesyndication.com https://*.googletagservices.com https://www.google-analytics.com www.googletagmanager.com https://tagmanager.google.com https://googletagmanager.com *.googleapis.com *.googleadservices.com https://*.masterpassturkiye.com https://api-dev.moneypay.com.tr https://challenges.cloudflare.com app.vwo.com *.visualwebsiteoptimizer.com https://js.go2sdk.com https://cdn.adjust.com https://sdk.adjust.com https://live.maytap.me https://creativecdn.com https://*.cloudfront.net https://tags.bkrtx.com https://static.criteo.net https://connect.facebook.net https://cdn.yapaytech.com https://cdnjs.cloudflare.com https://*.criteo.com *.doubleclick.net affiliate.migros.com.tr *.bluekai.com *.mncdn.com *.adform.net *.storyly.io cdn.jsdelivr.net https://digiavantaj.cake.aclz.net *.efilli.com https://analytics.tiktok.com *.cloudflareinsights.com https://browser-intake-datadoghq.eu https://assets.migrosone.com https://*.adtrafficquality.google https://media.flixcar.com/ https://cdn.mlink.com.tr https://analytics.pangle-ads.com ; font-src 'self' data: https://fonts.gstatic.com ; img-src data: blob: 'self' 'unsafe-inline' https://*.migrosone.com www.google.com www.google.com.tr maps.googleapis.com *.gstatic.com *.googleadservices.com *.visualwebsiteoptimizer.com *.facebook.com www.google-analytics.com *.googlesyndication.com img.youtube.com matching.ivitrack.com stags.bluekai.com x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com criteo-sync.teads.tv *.criteo.com eb2.3lift.com visitor.omnitagjs.com simage2.pubmatic.com *.ads.yieldmo.com *.doubleclick.net *.taboola.com cm.adform.net c1.adform.net *.casalemedia.com id5-sync.com ad.360yield.com jadserve.postrelease.com eb2.3lift.com x.bidswitch.net match.sharethrough.com jadserve.postrelease.com *.emxdgt.com ups.analytics.yahoo.com exchange.mediavine.com sync.outbrain.com trends.revcontent.com https://sync.1rx.io criteo-partners.tremorhub.com ad.yieldlab.net *.migros.com.tr magaza-iphone.migros.com.tr *.demdex.net *.krxd.net *.cloudfront.net *.thebrighttag.com *.semasio.net *.dmxleo.com https://googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://digiavantaj.cake.aclz.net https://documents.colendilabs.com https://uploads-ssl.webflow.com *.efilli.com https://analytics.tiktok.com *.adjust.com https://assets.migrosone.com https://*.adtrafficquality.google https://media.flixcar.com *.m1grocery.com https://*.mlink.com.tr ; frame-src https://*.youtube.com https://tr.rdrtr.com https://stags.bluekai.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.api.sociaplus.com https://*.webinstats.com https://sanalmarket.api.useinsider.com https://www.linkadoo.co https://linkadoo.co https://channelconnector.smartmessage-connect.com https://*.poltio.com https://*.googlesyndication.com https://console.googletagservices.com https://digiavantaj.cake.aclz.net https://creativecdn.com https://documents.colendilabs.com https://challenges.cloudflare.com https://cdnjs.cloudflare.com app.vwo.com *.visualwebsiteoptimizer.com https://*.adjust.com maps.googleapis.com *.adform.net https://wallet.moneypay.com.tr *.googleadservices.com *.facebook.com https://analytics.tiktok.com https://www.googletagmanager.com https://*.adtrafficquality.google https://media.flixcar.com ; frame-ancestors 'self' https://*.migros.com.tr ; style-src 'self' 'unsafe-inline' *.googlesyndication.com www.googletagservices.com www.googletagmanager.com fonts.googleapis.com *.visualwebsiteoptimizer.com maps.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://assets.migrosone.com ;manifest-src 'self' ; worker-src 'self' blob: ;object-src 'none' ; 2
frame-ancestors 'self' *.translate.goog translate.google.com; 2
frame-ancestors 'self' https://investors.sgx.com/ https://investors.qasgx.com/; default-src 'none'; connect-src 'self' https://api.sgx.com https://api2.sgx.com https://api3.sgx.com https://api.qasgx.com https://api3.qasgx.com https://api2.qasgx.com https://api-dev.qasgx.com https://securepubads.g.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com; frame-src 'self' https://swtools.sgx.com/ https://t1.trkd-hs.com/ https://www.youtube-nocookie.com https://www.google.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com/; font-src 'self' https://api2.sgx.com https://api2.qasgx.com https://cdn.jsdelivr.net; img-src 'self' data: https://api2.sgx.com https://api2.qasgx.com https://i.ytimg.com https://www.google-analytics.com https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.googletagservices.com https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://tpc.googlesyndication.com; style-src 'self' 'unsafe-inline'; 2
frame-ancestors 'self' *.applytojob.com 2
frame-ancestors 'self' https://flock.com/; upgrade-insecure-requests 2
frame-ancestors demdex.net *.demdex.net storyblok.com *.storyblok.com iq.com.br *.iq.com.br azulis.com.br *.azulis.com.br salveospequenos.com.br *.salveospequenos.com.br br.originhosting.io *.br.originhosting.io itau.com.br *.itau.com.br credicard.com.br *.credicard.com.br acordocerto.com.br *.acordocerto.com.br consumidorpositivo.com.br *.consumidorpositivo.com.br acordocerto.net cdn.acordocerto.net supersim.com.br *.supersim.com.br 2
upgrade-insecure-requests; default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src *; media-src *; object-src *; frame-src *; 2
connect-src 'self' *.google-analytics.com *.visualwebsiteoptimizer.com app.vwo.com *.doubleclick.net *.addthis.com *.addthisedge.com *.dataweavers.io *.contently.com cdn.cookielaw.org *.facebook.net *.facebook.com *.onetrust.com *.google.com *.mktoresp.com *.google-analytics.com *.zoominfo.com *.g.doubleclick.net adservice.google.com *.googletagmanager.com *.analytics.google.com *.bing.com *.cookielaw.org *.dataweavers.io *.raygun.io app.vwo.com *.facebook.com *.sharethis.com *.vidyard.com *.botframework.com wss://directline.botframework.com cdn.linkedin.oribi.io *.clarity.ms px.ads.linkedin.com *.vwo.com *.visualwebsiteoptimizer.com *.globalpayments.com *.omappapi.com t.clarity.ms tars-data.s3.amazonaws.com *.googleadservices.com insight.adsrvr.org *.visualwebsiteoptimizer.com app.vwo.com https://js.zi-scripts.com pixel-config.reddit.com conversions-config.reddit.com *.redditstatic.com *.reddit.com c.6sc.co ipv6.6sc.co; default-src 'self' *.google-analytics.com fonts.gstatic.com 'unsafe-inline' pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com cdn.cookielaw.org 'unsafe-eval' *.doubleclick.net *.googleadservices.com *.googleapis.com www.googletagmanager.com *.licdn.com static.ads-twitter.com platform.twitter.com *.visualwebsiteoptimizer.com *.mktoresp.com bid.g.doubleclick.net *.omappapi.com *.globalpaymentsintegrated.com *.ads.linkedin.com *.twitter.com *.google.com ws.zoominfo.com px.ads.linkedin.com; font-src 'self' fonts.gstatic.com *.dataweavers.io; frame-ancestors 'none'; img-src 'self' *.adsymptotic.com *.dataweavers.io *.visualwebsiteoptimizer.com app.vwo.com *.google-analytics.com static.ads-twitter.com platform.twitter.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' t.co www.facebook.com px.ads.linkedin.com www.google.com www.google.com.au *.twitter.com *.linkedin.com data: www.google.co.in gateway.zscloud.net cdn.cookielaw.org b.6sc.co j.6sc.co; script-src-elem 'self' www.googletagmanager.com static.ads-twitter.com platform.twitter.com *.licdn.com pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com 'unsafe-inline' *.google-analytics.com cdn.cookielaw.org *.facebook.net *.facebook.com *.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.dataweavers.io 'unsafe-eval' www.googleadservices.com munchkin.marketo.net analytics.twitter.com ws.zoominfo.com *.omappapi.com *.globalpaymentsintegrated.com gateway.zscloud.net j.6sc.co; style-src-elem 'self' *.dataweavers.io 'unsafe-inline' *.omappapi.com; worker-src 'self' px.ads.linkedin.com blob:; 2
default-src 'self' a.storyblok.com blob:; base-uri 'self'; form-action 'self' pages.scandit.com; frame-ancestors www.scandit.com; connect-src 'self' wss://interactive-demo.scandit.com cdn.jsdelivr.net a.storyblok.com edge.meilisearch.com newassets.hcaptcha.com data.hockeystack.com app.id-scanning.com cdn.linkedin.oribi.io *.scandit.com analytics.google.com 605-exc-034.mktoutil.com vimeo.com www.google-analytics.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com c.ba.contentsquare.net 605-exc-034.mktoresp.com stats.g.doubleclick.net script.google.com bat.bing.com region1.google-analytics.com region1.analytics.google.com www.googletagmanager.com www.google.com www.google.co.uk www.google.ch www.google.co.in www.google.co.jp www.google.pl www.google.ca www.google.de www.google.fr googleads.g.doubleclick.net/pagead/landing pagead2.googlesyndication.com adservice.google.com px.ads.linkedin.com conversions-config.reddit.com www.redditstatic.com pixel-config.reddit.com www.googleadservices.com ds.cookiehub.net consent.cookiehub.net region-eu.cookiehub.net consent-eu.cookiehub.net cookiehub.net cdn.cookiehub.eu *.clarity.ms bat.bing.net cdn.plyr.io *.convertexperiments.com tags.srv.stackadapt.com; font-src 'self' data: fonts.gstatic.com boards.cdn.greenhouse.io; frame-src challenges.cloudflare.com www.google.com open.spotify.com embed-standalone.spotify.com boards.greenhouse.io www.youtube.com *.scandit.com *.vimeo.com vimeo.com app-ab02.marketo.com www.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.hotjar.com vc.hotjar.io app.id-scanning.com id-service.scandit.com job-boards.greenhouse.io; img-src 'self' assets.scandit.com a.storyblok.com https: data: www.google-analytics.com www.googletagmanager.com chart.googleapis.com wingify-assets.s3.amazonaws.com; manifest-src 'self'; media-src 'self' data: mediastream: assets.scandit.com a.storyblok.com download-video.akamaized.net vimeo.com *.vimeo.com *.vimeocdn.com vod-progressive.akamaized.net; object-src *.scandit.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' challenges.cloudflare.com s.yimg.jp *.scandit.com *.hotjar.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com ssl.google-analytics.com tagmanager.google.com www.googletagmanager.com www.gstatic.com pagead2.googlesyndication.com www.google.com boards.greenhouse.io *.vimeo.com *.vimeocdn.com app-ab02.marketo.com cdn.jsdelivr.net unpkg.com cookiehub.net cdn.cookiehub.eu munchkin.marketo.net snap.licdn.com *.terminus.services bat.bing.com www.redditstatic.com *.clarity.ms *.convertexperiments.com tags.srv.stackadapt.com qvdt3feo.com *.cloudfront.net *.oktopost.com okt.to open.spotify.com embed-cdn.spotifycdn.com; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' challenges.cloudflare.com s.yimg.jp *.scandit.com *.hotjar.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com ssl.google-analytics.com tagmanager.google.com www.googletagmanager.com www.gstatic.com pagead2.googlesyndication.com www.google.com boards.greenhouse.io *.vimeo.com *.vimeocdn.com app-ab02.marketo.com cdn.jsdelivr.net unpkg.com cookiehub.net cdn.cookiehub.eu munchkin.marketo.net snap.licdn.com *.terminus.services bat.bing.com www.redditstatic.com *.clarity.ms *.convertexperiments.com tags.srv.stackadapt.com qvdt3feo.com *.cloudfront.net *.oktopost.com okt.to open.spotify.com embed-cdn.spotifycdn.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.scandit.com pages.scandit.com app-ab02.marketo.com tagmanager.google.com fonts.googleapis.com tagmanager.google.com fonts.googleapis.com www.googletagmanager.com s3.amazonaws.com cdn.jsdelivr.net cookiehub.net cdn.cookiehub.eu tags.srv.stackadapt.com; worker-src 'self' unpkg.com blob: data: www.googletagmanager.com; report-uri https://eu.i.posthog.com/report/?token=phc_4EjMvxAeDz5h2LBfu1oYKVxTG9ipd5MwkbC9DNru1J5&sample_rate=0.1; report-to posthog 2
script-src 'strict-dynamic' 'nonce-7kxVzqpQUTGFnv76iyQoiA==' https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.facebook.com https://*.linkedin.com https://*.demandbase.com https://*.stackadapt.com https://*.outbrain.com https://*.taboola.com https://*.clarity.ms https://*.bing.com https://*.segment.com https://*.segment.io https://*.zi-scripts.com https://*.zoominfo.com https://*.clickagy.com https://*.company-target.com https://*.avocet.io https://tsdtocl.com https://*.jsdelivr.net https://*.gstatic.com https://*.broadridge.com https://www-dev.broadridge.com https://www-stage.broadridge.com https://www-live.broadridge.com https://www.broadridge.com https://broadridge.com https://*.mouseflow.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://aorta.clickagy.com https://*.onetrust.com;style-src 'self' 'unsafe-inline' https: https://*.gstatic.com https://*.jsdelivr.net; frame-src 'self' https://*.vimeo.com https://*.youtube.com https://*.facebook.com https://*.linkedin.com https://*.instagram.com https://*.adsrvr.org https://*.google.com https://*.googletagmanager.com https://vimeo.com https://*.onetrust.com;  sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation;   frame-ancestors 'self';  form-action 'self' https:; img-src 'self' data: https://*.google.com https://*.google.co.in https://*.google.nl https://*.google.co.uk https://*.google.ca https://*.google.com.au https://*.google.co.nz https://*.google.co.za https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.se https://*.google.no https://*.google.dk https://*.google.fi https://*.google.pt https://*.google.pl https://*.google.ru https://*.google.com.br https://*.google.com.mx https://*.google.com.ar https://*.google.cl https://*.google.co.jp https://*.google.com.sg https://*.google.co.kr https://*.google.com.hk https://*.google.com.tw https://*.google.com.tr https://*.google.ae https://*.gstatic.com https://*.vimeocdn.com https://*.vimeo.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com https://*.linkedin.com https://*.rlcdn.com https://*.facebook.com https://*.instagram.com https://*.youtube.com https://*.crownpeak.net https://*.broadridge-ir.com https://*.broadridge.com https://www-dev.broadridge.com https://www-stage.broadridge.com https://www-live.broadridge.com https://www.broadridge.com https://broadridge.com https://*.crownpeak.com https://*.sitescout.com https://*.openx.net https://*.bing.com https://*.bing.net https://*.clickagy.com https://*.demdex.net https://cm.g.doubleclick.net https://*.typekit.net https://*.agkn.com https://searchg2.crownpeak.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net;font-src 'self' data: https://*.google.com https://*.google.co.in https://*.google.nl https://*.google.co.uk https://*.google.ca https://*.google.com.au https://*.google.co.nz https://*.google.co.za https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.se https://*.google.no https://*.google.dk https://*.google.fi https://*.google.pt https://*.google.pl https://*.google.ru https://*.google.com.br https://*.google.com.mx https://*.google.com.ar https://*.google.cl https://*.google.co.jp https://*.google.com.sg https://*.google.co.kr https://*.google.com.hk https://*.google.com.tw https://*.google.com.tr https://*.google.ae https://*.gstatic.com https://*.vimeocdn.com https://*.vimeo.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com https://*.linkedin.com https://*.rlcdn.com https://*.facebook.com https://*.instagram.com https://*.youtube.com https://*.crownpeak.net https://*.broadridge-ir.com https://*.broadridge.com https://www-dev.broadridge.com https://www-stage.broadridge.com https://www-live.broadridge.com https://www.broadridge.com https://broadridge.com https://*.crownpeak.com https://*.sitescout.com https://*.openx.net https://*.bing.com https://*.bing.net https://*.clickagy.com https://*.demdex.net https://cm.g.doubleclick.net https://*.typekit.net https://*.agkn.com https://searchg2.crownpeak.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net;connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.facebook.com https://*.linkedin.com https://*.segment.com https://*.segment.io https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.crownpeak.net https://*.crownpeak.com https://*.adsrvr.org https://*.sitescout.com https://*.openx.net https://*.broadridge-ir.com https://*.broadridge.com https://www-dev.broadridge.com https://www-stage.broadridge.com https://www-live.broadridge.com https://www.broadridge.com https://broadridge.com https://*.cookielaw.org https://*.onetrust.com https://*.zi-scripts.com https://*.google.com https://*.zoominfo.com https://www.google.com https://ws.zoominfo.com https://*.clickagy.com https://*.demdex.net https://cm.g.doubleclick.net https://*.agkn.com https://searchg2.crownpeak.net https://*.vimeo.com https://vimeo.com https://www.googleadservices.com https://googleads.g.doubleclick.net;  object-src 'none'; base-uri 'none'; report-to api/csp-reports; 2
default-src 'self' *.antwerpen.be undefined;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self' perceleninfoplatform-o.antwerpen.be perceleninfoplatform-a.antwerpen.be perceleninfoplatform.antwerpen.be;img-src 'self' *.antwerpen.be *.google-analytics.com acpaasui.s3.amazonaws.com data: server.arcgisonline.com geo.api.vlaanderen.be tiles.arcgis.com clarity.ms *.clarity.ms ytimg.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.antwerpen.be www.google-analytics.com www.googletagmanager.com googlesyndication.com *.googlesyndication.com facebook.com *.facebook.com *.facebook.net instagram.com *.instagram.com soundcloud.com *.soundcloud.com spotify.com *.spotify.com tiktok.com https://sf16-website-login.neutral.ttwstatic.com *.tiktok.com twitframe.com *.twitter.com vimeo.com *.vimeo.com youtube.com *.youtube.com https://cdn.antwerpen.be/mtn/5.1.2/metanav.min.js enquete.agconsult.com *.enquete.agconsult.com clarity.ms *.clarity.ms hotjar.com *.hotjar.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' *.antwerpen.be *.google-analytics.com acpaasui.s3.amazonaws.com perceleninfoplatform-o.antwerpen.be perceleninfoplatform-a.antwerpen.be perceleninfoplatform.antwerpen.be soundcloud.com clarity.ms *.clarity.ms vimeo.com;frame-src 'self' facebook.com *.facebook.com googletagmanager.com *.googletagmanager.com instagram.com *.instagram.com soundcloud.com *.soundcloud.com spotify.com *.spotify.com tiktok.com *.tiktok.com twitframe.com *.twitter.com vimeo.com *.vimeo.com youtube.com *.youtube.com survey.alchemer.eu 2
default-src 'self' misc.poalim-site.co.il fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.co.il/ads/ga-audiences https://ad.doubleclick.net misc.poalim-site.co.il *.bcodes.co.il bcodes.bankhapoalim.co.il bcodes.bankhapoalim.biz bcodes.fingrow.co.il https://*.googletagmanager.com www.googletagmanager.com https://www.googleadservices.com  https://www.google.com/pagead/ www.google-analytics.com googleads.g.doubleclick.net maps.googleapis.com www.youtube.com tagmanager.google.com connect.facebook.net https://cdn.taboola.com https://trc-events.taboola.com https://wave.outbrain.com https://tr.outbrain.com https://amplify.outbrain.com https://analytics.tiktok.com https://snap.licdn.com https://amplify.outbrain.com/cp/obtp.js https://cdn.taboola.com/libtrc/unip/1606574/tfa.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://analytics.tiktok.com/i18n/pixel/sdk.js https://trc.taboola.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; img-src 'self' data: connect.facebook.net https://*.googletagmanager.com www.googletagmanager.com www.facebook.com www.google.co.il www.google.com https://*.g.doubleclick.net https://*.google-analytics.com www.google-analytics.com maps.googleapis.com https://*.gstatic.com maps.gstatic.com misc.poalim-site.co.il https://*.ads.linkedin.com https://px.fls.doubleclick.net https://ad.doubleclick.net https://www.linkedin.com/px/li_sync; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; connect-src 'self' https://trc-events.taboola.com https://www.google.com/pagead/ https://www.googleadservices.com https://www.google.com/ccm/collect https://ad.doubleclick.net misc.poalim-site.co.il stats.g.doubleclick.net https://*.google-analytics.com www.google-analytics.com maps.googleapis.com www.youtube.com youtu.be https://*.analytics.google.com https://*.googletagmanager.com www.facebook.com analytics.google.com https://wave.taboola.com https://tr.outbrain.com https://amplify.outbrain.com https://px.ads.linkedin.com https://analytics.tiktok.com https://amplify.outbrain.com/topics https://psb.taboola.com https://pips.taboola.com https://cds.taboola.com https://trc.taboola.com; frame-src 'self' www.facebook.com connect.facebook.net https://mortgage.bankhapoalim.co.il https://www.googletagmanager.com https://14947322.fls.doubleclick.net open.spotify.com tools.bizportal.co.il bid.g.doubleclick.net https://td.doubleclick.net *.bcodes.co.il bcodes.bankhapoalim.co.il bcodes.bankhapoalim.biz bcodes.fingrow.co.il www.youtube.com poalimcalculator.kavmanche.co.il www.facebook.com https://butterfly-button.web.app https://13053220.fls.doubleclick.net; frame-ancestors https://konimmkan.com https://ymag.ynet.co.il https://x.calcalist.co.il https://lp-im.com https://mylp.co.il https://brands.n12.co.il 2
default-src 'self' blob: *.fineco.it *.finecobank.com finecobank.com *.promotorifinecobank.it www.youtube.com responder.wt-safetag.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com js.omg.neodatagroup.com trz.neodatagroup.com www.google.com g.microsoft.com s2.adform.net googLeads.g.doubLeclick.net static.opentok.com cdn.cookielaw.org cdn.evgnet.com beacon.krxd.net *.evergage.com widget.trustpilot.com ajax.googleapis.com js-agent.newrelic.com bam.nr-data.net fonts.googleapis.com fonts.gstatic.com maps.google.com maps.googleapis.com tag.upflowadv.com ethn.io utt.impactcdn.com finecobank.sjv.io data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors finecobank.com *.finecobank.com *.fineco.it *.promotorifinecobank.it https://app.contentful.com; frame-src blob: finecobank.com *.finecobank.com *.fineco.it *.promotorifinecobank.it https://www.googletagmanager.com *.fls.doubleclick.net www.youtube.com *.mateti.net widget.trustpilot.com finecobank.sjv.io https://td.doubleclick.net https://widget.spreaker.com; img-src 'self' data: blob: *.fineco.it https://finecobank.com https://*.finecobank.com https://www.googletagmanager.com https://jslog.krxd.net https://analytics.google.com https://t.mateti.net https://lt.morningstar.com https://www.morningstar.it https://secure.morningstareurope.com https://t.co https://www.linkedin.com https://px.ads.linkedin.com https://beacon.krxd.net https://d.omg.neodatagroup.com https://www.youronlinechoices.com https://uip.semasio.net https://server.seadform.net https://aax-eu.amazon-adsystem.com https://tracker.neodatagroup.com https://www.google-analytics.com https://*.twimg.com https://finecoitalia01.wt-eu02.net https://bat.bing.com https://www.facebook.com https://cm.g.doubLeclick.net https://match.adsrvr.org https://dmp.adform.net https://secure.adnxs.com https://b1sync.zemanta.com https://cms.anaLytics.yahoo.com https://trz.neodatagroup.com https://www.googLe.com https://www.googLe.it https://*.fls.doubleclick.net https://cdn.evergage.com https://cdn.cookielaw.org https://*.analytics.google.com https://ad.360yield.com https://ad.sxp.smartclip.net https://ad.yieldlab.net https://cm.adform.net https://contextual.media.net https://criteo-sync.teads.tv https://eb2.3lift.com https://exchange.mediavine.com https://ib.adnxs.com https://id5-sync.com https://ih.adscale.de https://i.liadm.com https://match.sharethrough.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://simage2.pubmatic.com https://sync-criteo.ads.yieldmo.com https://sync.outbrain.com https://sync-t1.taboola.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com https://x.bidswitch.net https://criteo-partners.tremorhub.com https://s.thebrighttag.com https://dis.criteo.com https://dpm.demdex.net https://cotads.adscale.de https://dis.criteo.com https://i6.liadm.com https://idsync.rlcdn.com https://*.ytimg.com https://*.googlesyndication.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://ad.doubleclick.net https://*.awin1.com https://*.dwin1.com https://*.financeads.net https://leadkongltd.go2cloud.org https://tradedoubler.com https://tbl.tradedoubler.com https://trackads.eu https://upflowadv.com https://vf.r3f.technology https://adservice.google.com; connect-src wss://*.finecobank.com https://finecobank.it https://*.fineco.it https://*.finecobank.com https://finecobank.com https://privacyportal-de.onetrust.com https://www.google.it https://www.google.com https://googleads.g.doubleclick.net https://beacon.krxd.net https://jslog.krxd.net https://ad.doubleclick.net https://aax-eu.amazon-adsystem.com https://c.amazon-adsystem.com https://s.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon https://*.evergage.com https://bat.bing.com https://analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://vc.hotjar.io https://r.mateti.net wss://*.tokbox.com https://www.google-analytics.com https://*.tokbox.com https://config.opentok.com https://anvil.opentok.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.trustpilot.com https://*.analytics.google.com https://*.google-analytics.com https://*.googlesyndication.com https://geolocation.onetrust.com https://bam.nr-data.net https://maps.googleapis.com https://finecobank.sjv.io https://www.facebook.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.fineco.it *.finecobank.com finecobank.com  geolocation.onetrust.com responder.wt-safetag.com static.opentok.com www.google-analytics.com s2.adform.net trz.neodatagroup.com d.omg.neodatagroup.com js.omg.neodatagroup.com www.googleadservices.com www.googletagmanager.com bat.bing.com https://widget.spreaker.com connect.facebook.net googleads.g.doubleclick.net cdn.mateti.net static.hotjar.com static.ads-twitter.com snap.licdn.com ethn.io script.hotjar.com analytics.twitter.com www.youtube.com widget.trustpilot.com cdn.cookielaw.org cdn.evgnet.com consumer.krxd.net beacon.krxd.net ajax.googleapis.com js-agent.newrelic.com bam.nr-data.net maps.google.com maps.googleapis.com tag.upflowadv.com utt.impactcdn.com amazon-adsystem.com *.amazon-adsystem.com 'unsafe-eval' 'unsafe-inline' https://cdn.evergage.com; base-uri none; form-action 'self' blob: *.finecobank.com *.namirialtsp.com; object-src blob: finecobank.com *.finecobank.com *.fineco.it *.promotorifinecobank.it *.fls.doubleclick.net www.youtube.com *.mateti.net widget.trustpilot.com finecobank.sjv.io; report-uri https://www.fineco.it/_csp-report 2
upgrade-insecure-requests; frame-ancestors 'self' *.pathfactory.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://js-eu1.hs-scripts.com https://snippets.freshchat.com https://wchat.freshchat.com https://www.clarity.ms https://chat.1grid.co.za https://bat.bing.com; frame-src 'self' https://chat.1grid.co.za; child-src 'self' https://chat.1grid.co.za; 2
frame-ancestors 'self' https://*.crsadmin.com; 2
frame-ancestors 'self' *.pucv.cl; 2
frame-ancestors 'self' https://lucid.app 2
frame-ancestors 'self' https://deco.cx https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ https://admin-cx.deco.page/ https://deco.chat https://admin.decocms.com https://decocms.com frame-ancestors *.emarsys.net; worker-src 'self' blob: 2
frame-ancestors https://www.iway.ch https://www.sak-digital.ch https://freerideict.ch https://www.crossdata.ch https://www.telcomnet.ch https://www.rhone.ch https://www.uli-l.ch https://www.pc-zbinden.ch https://www.2com.ch https://www.jpag.ch https://www.bluenetsys.ch https://www.bluenetworksystems.ch https://www.agiba.ch https://agiba.ch https://www.ewh.ch https://isptv.ch https://www.isptv.ch https://profifon.ch https://starnet24.com https://www.jobs.ch https://login.ispvoip.ch 2
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.golfgalaxy.com golfgalaxy2.btttag.com *.dickssportinggoods.com *.cardinalcommerce.com *.akamaihd.net *.scene7.com app.link *.bazaarvoice.com *.radar.com *.googleapis.com *.certona.net *.certona.com res-x.com *.attn.tv *.res-x.com maxcdn.bootstrapcdn.com *.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com *.branch.io qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com utt.impactcdn.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net *.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com *.nextdoor.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com static.ads-twitter.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com *.criteo.com cdn.hlserve.com b.hlserve.com www.google.com *.g.doubleclick.net *.googlesyndication.com adservice.google.com c.riskified.com www.googleadservices.com dsg2m.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net *.braintreegateway.com www.paypal.com *.paypalobjects.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.afterpay.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.zoovu.com *.curalate.com assets-barracuda-runner.azureedge.net *.liveperson.net *.lpsnmedia.net *.adoberesources.net *.adobedc.net *.attn.tv analytics.tiktok.com *.quantummetric.com *.bambuser.com *.mycustomizer.com *.flippenterprise.net *.collectivevoice.com ln-rules.rewardstyle.com accounts.google.com *.rokt.com *.monetate.net creatives.attn.tv *.monetate.net ep2.adtrafficquality.google mczbf.com sjwoe.com cj.dotomi.com emjcd.com idsync.rlcdn.com *.mczbf.com *.cj.com *.tnapplications.com *.minionplatform.com blob:; worker-src *.golfgalaxy.com  *.dickssportinggoods.com *.techlab-cdn.com  blob:; frame-ancestors *.golfgalaxy.com *.dickssportinggoods.com *.tt.omtrdc.net; child-src *.golfgalaxy.com *.dickssportinggoods.com *.quantummetric.com *.adyen.com *.afterpay.com *.paypal.com *.paypalobjects.com *.cj.com *.cardinalcommerce.com *.liveperson.net *.lpsnmedia.net dickssportinggoods.demdex.net *.criteo.com *.criteo.net *.minionplatform.com maps.google.com hosted.where2getit.com mobile.where2getit.com fit.dksxchange.com www.thinglink.com dicks-cti.gvcommerce.com www.youtube.com *.truefitcorp.com *.affirm.com *.g.doubleclick.net *.pinterest.com *.googleapis.com tr.snapchat.com resources.digital-cloud.medallia.com *.hlserve.com *.facebook.com static.ads-twitter.com *.tagdelivery.com *.fls.doubleclick.net prod.accdab.net www.cdn-net.com *.doubleclick.net *.googlesyndication.com *.safeframe.googlesyndication.com www.google.com *.anyroad.com *.mycustomizer.com *.collectivevoice.com ln-rules.rewardstyle.com display.ugc.bazaarvoice.com api.bazaarvoice.com *.bazaarvoice.com *.bambuser.com golfgalaxy-cti.gvcommerce.com *.rokt.com creatives.attn.tv *.tt.omtrdc.net *.monetate.net www.googletagmanager.com ep2.adtrafficquality.google *.techlab-cdn.com blob:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.portland.gov *.ssl.fastly.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net unpkg.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com fontlibrary.org use.fontawesome.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.portlandoregon.gov *.portlandmaps.com *.arcgis.com server.arcgisonline.com *.openstreetmap.org *.opentopomap.org *.tiles.wmflabs.org *.loop11.com *.rawgit.com api.mapbox.com *.recollect.net coolingsearch.org cdn.ckeditor.com; frame-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com https://www.google.com/maps/ https://www.portlandoregon.gov/ https://www.portlandmaps.com/ *.arcgis.com arcg.is https://online.tableau.com/ https://public.tableau.com/ *.recollect.net https://app.smartsheet.com/ https://publish.smartsheet.com/ https://app.rankedvote.co/ 2
base-uri 'self' *.google.com *.onelink.me; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.c6bank.info/* *.handtalk.me/* https://plugin.handtalk.me/web/11.21.1/handtalk.min.js https://plugin.handtalk.me/remote-config/* https://plugin.handtalk.me/* https://plugin.handtalk.me/web/11.21.1/PromptLink.ac4a2d50.js https://plugin.handtalk.me/web/latest/PromptLink.* https://plugin.handtalk.me/web/latest/PromptLink.9efcf8da.js https://plugin.handtalk.me/web/11.21.1/sign.b445fcf0.js https://plugin.handtalk.me/web/11.21.1/sign.8d62c164.js https://plugin.handtalk.me/web/latest/sign.* https://plugin.handtalk.me/web/latest/sign.28bfb36f.js https://plugin.handtalk.me/web/latest/sign.cb547046.js https://plugin.handtalk.me/corejs/2.2.3/core.min.js https://plugin.handtalk.me/web/latest/handtalk.min.js https://plugin.handtalk.me/remote-config/* *.c6bank.com/* *.c6bank.com.br/* *.googletagmanager.com *.youtube.com *.doubleclick.net *.googleadservices.com *.linkedin.com *.facebook.com *.facebook.net *.google.com *.appsflyer.com *.licdn.com *.pinimg.com *.c6bank.onelink.me *.pinterest.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com *.criteo.net *.criteo.com ajax.cloudflare.com analytics.tiktok.com *.bing.com *.clarity.ms *.amazon-adsystem.com; style-src 'self' 'unsafe-inline' *.google.com *.c6bank.com/* *.c6bank.com.br/* *.c6bank.info/* *.googleapis.com *.googleadservices.com *.doubleclick.net *.c6bank.com.br *.googletagmanager.com *.appsflyer.com *.clarity.ms *.licdn.com *.pinimg.com *.c6bank.onelink.me   *.pinterest.com; font-src 'self' data: *.gstatic.com *.c6bank.com/* *.c6bank.com.br/* *.google.com *.c6bank.info *.c6bank.info/* *.c6fest.com *.c6bank.info *.c6bank.com *.c6bank.com.br *.appsflyer.com *.googletagmanager.com *.google-analytics.com; object-src 'none'; form-action 'self'; img-src 'self' blob: https://handtalk.me/ data: * *.onelink.me *.apple.com *.c6bank.com/* *.c6bank.com.br/* *.c6bank.info *.c6bank.info/* *.googleapis.com *.instagram.com *.facebook.com *.google.com *.c6bank.com *.c6bank.com.br *.clarity.ms *.googletagmanager.com *.g.doubleclick.net *.facebook.net analytics.tiktok.com *.google-analytics.com; report-uri /api/csp 2
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; child-src 'self'; frame-src 'none'; script-src 'self' 'sha256-ieoeWczDHkReVBsRBqaal5AFMlBtNjMzgwKvLqi/tSU='; style-src 'self' 'sha256-c7UXWUzN0H2d6Esy8XO3YkQZDAZlKfdWIsW1bupteNY=' 'sha256-De7agAeYqm6ANIVvRRW6HFWi52AJW8inhFE0gSdgXnI=' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-hMEnt2qMHAmQZgCjWJ4hweKuzi+3YEdUo00f8k/ebMo=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self'; img-src 'self'; object-src 'none'; base-uri 'self'; worker-src 'self'; form-action 'self' 2
font-src 'self' data:; 2
frame-ancestors 'self' login.microsoftonline.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft 2
frame-ancestors 'self' https://app.storyblok.com https://www.pinterest.com 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com; img-src 'self' https: data: https://www.google-analytics.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.google.com; connect-src 'self' https: https://www.google-analytics.com https://region1.google-analytics.com https://www.google.com https://www.gstatic.com; font-src 'self' https: data: https://fonts.gstatic.com data:; frame-ancestors 'self' https://mundoconnect.tumundo.cl;; object-src 'none'; frame-src 'self' https://www.youtube.com https://www.google.com https://www.gstatic.com https://tumundo.cl https://*.tumundo.cl https://mundoconnect.tumundo.cl https://ww2.movistar.cl https://tagmanager.google.com https://www.googletagmanager.com blob:; base-uri 'self'; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' https://px.ads.linkedin.com/ https://www.google-analytics.com https://content.hotjar.io wss://ws.hotjar.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://analytics.google.com/ https://metrics.hotjar.io https://www.youtube.com/ https://www.google.com https://www.gstatic.com https://www.youtube.com https://js.hs-banner.com https://js.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://www.w3.org https://*.addtoany.com https://www.google-analytics.com/ https://content.hotjar.io/ https://analytics.google.com https://stats.g.doubleclick.net/ www-widgetapi.js;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.crazyegg.com/ https://go.toppanmerrill.com/ https://api.livechatinc.com https://cdn.livechatinc.com/ https://connect.facebook.net https://cdn.semrush.com https://yoast.com https://www.semrush.com https://pi.pardot.com https://unpkg.com/@lottiefiles/lottie-interactivity@latest/dist/lottie-interactivity.min.js https://cdn.livechat-static.com https://go.toppanmerrill.com https://api.livechatinc.com https://cdn.livechatinc.com/ https://connect.livechatinc.com/ https://consent.cookiefirst.com/ https://script.hotjar.com/ https://snap.licdn.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com https://www.googletagmanager.com/ https://cdn.jsdelivr.net/ https://maxcdn.bootstrapcdn.com https://js.hs-banner.com https://js.hsforms.net https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsleadflows.net https://static.addtoany.com https://*.gstatic.com https://www.youtube.com https://www.google.com https://googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://snap.licdn.com https://static.hotjar.com/ https://snap.licdn.com/li.lms-analytics/ https://snap.licdn.com/ https://www.googletagmanager.com/ https://script.hotjar.com wss://ws.hotjar.com/ https://content.hotjar.io https://px.ads.linkedin.com/ https://cdnjs.cloudflare.com/;  style-src 'self' 'unsafe-inline' https://cdn.livechat-static.com https://fonts.googleapis.com https://consent.cookiefirst.com https://www.w3.org https://maxcdn.bootstrapcdn.com/;  img-src 'self' 'unsafe-inline' data: https://cdn.livechat-static.com https://i.ytimg.com https://api.text.com https://yoast.com https://yoa.st https://ps.w.org https://px4.ads.linkedin.com https://www.linkedin.com https://www.googletagmanager.com/ https://forms-na1.hsforms.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.s.w.org https://www.google-analytics.com/ https://forms.hsforms.com https://track.hubspot.com forms-na1.hsforms.com https://px.ads.linkedin.com;  connect-src 'self' data: https://cdn.jsdelivr.net/npm/ https://cdnjs.cloudflare.com/ajax/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://www.googletagmanager.com https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://stats.addtoany.com/menu https://www.semrush.com https://my.yoast.com https://cdn.livechatinc.com https://api.cookiefirst.com https://vc.hotjar.io https://yoast.com https://metrics.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://googleads.g.doubleclick.net https://content.hotjar.io/ wss://ws.hotjar.com https://px.ads.linkedin.com https://www.google.com https://consent.cookiefirst.com https://edge.cookiefirst.com;  font-src 'self' 'unsafe-inline' data: https://s0.wp.com https://fonts.gstatic.com;  frame-ancestors 'self' toppanmerrill.my.salesforce.com toppanmerrill.lightning.force.com content.toppanmerrill.com toppanmerrill.seismic.com;  frame-src 'self' 'unsafe-inline' https://cdn.semrush.com https://www.googletagmanager.com/ https://connect.livechatinc.com https://secure.livechatinc.com https://www.youtube-nocookie.com/ https://go.toppanmerrill.com/ https://w.soundcloud.com/ https://www.google.com/ https://www.youtube.com/ https://static.addtoany.com/;  worker-src blob: 'self' 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://www.mczbf.com https://www.emjcd.com *.fontawesome.com https://fonts.bunny.net *.adyen.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com meetanshi.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * https://www.mczbf.com https://www.emjcd.com *.meetanshi.com meetanshi.com *.adyen.com *.weltpixel.com api.razorpay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://www.mczbf.com https://www.emjcd.com https://firebasestorage.googleapis.com *.meetanshi.com meetanshi.com https://meetanshi.com/media/logo.png *.adyen.com cdn.razorpay.com www.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://www.mczbf.com https://www.emjcd.com *.avada.io *.shopify.com *.meetanshi.com meetanshi.com https://quickheal.verloop.io checkout.razorpay.com cdn-ops.verloop.io bat.bing.com connect.facebook.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://www.mczbf.com https://www.emjcd.com *.fontawesome.com https://fonts.bunny.net *.adyen.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn-ops.verloop.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * https://www.mczbf.com https://www.emjcd.com https://get.geojs.io *.avada.io *.meetanshi.com meetanshi.com *.adyen.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src *.adyen.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self' *.webflow.com *.webflow.io *.jobleads.com; img-src 'self' https: data: blob:; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval' *.optimizely.com *.optimizely.io *.adyen.com; upgrade-insecure-requests; frame-src 'self' https: data:; child-src 'self' https: data: blob:; connect-src 'self' https: wss: *.optimizely.com *.optimizely.io *.adyen.com; worker-src 'self' blob: https:; 2
frame-ancestors 'self' https://zeroheight.com https://akira.ninjavan.dev https://*.myshopify.com https://app.zeplin.io https://ninjavansg.zendesk.com https://*.ninjavan.cn https://*.ninjavan.co; 2
frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; 2
default-src 'self' data: blob: ws: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.sentry.io *.facebook.com *.facebook.net *.everesttech.net *.hotjar.com *.cloudflare.com *.bing.com *.arcot.com *.ondemand.com *.fontawesome.com *.auth0.com *.creditmutuel.fr *.bioz.com *.vwr.com *.lfeeder.com *.leadfeeder.com *.doubleclick.net *.avantorsciences.com *.avantorsciences.cn *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com  *.worldpay.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk ahpp2.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.chatlayer.ai *.sinch.com *.ably-realtime.com *.ably.io *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.pantheonsite.io; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.everesttech.net *.cloudflare.com *.bing.com *.avantorsciences.com *.avantorsciences.cn *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.vwr.com *.lfeeder.com *.leadfeeder.com *.googleapis.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.facebook.com *.facebook.net *.everesttech.net *.cloudflare.com *.bing.com *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.sinch.com *.ably-realtime.com *.ably.io *.chatlayer.ai *.sentry.io *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.lfeeder.com *.leadfeeder.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.worldpay.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.everesttech.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.pinimg.com *.avantorsciences.com *.avantorsciences.cn *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; 2
default-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.dwin1.com https://*.trustpilot.com https://www.google-analytics.com https://*.heartinternet.uk http://*.doubleclick.net https://*.doubleclick.net https://*.twitter.com http://static.ads-twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.googletagmanager.com https://t.co https://www.facebook.com https://www.google.com http://www.google.com https://www.google.co.uk https://www.google.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.dwin1.com https://*.awin1.com https://the.sciencebehindecommerce.com https://static.cloudflareinsights.com https://googleads.g.doubleclick.net https://*.termly.io https://adac.api.yoursrs.com/static/client.js https://adac.api.yoursrs.com/ajax https://*.cloudstorage.secureserver.net https://snap.licdn.com https://*.trustpilot.com https://*.googleapis.com https://code.jquery.com http://img1.wsimg.com https://analytics.twitter.com https://*.heartinternet.uk https://img1.wsimg.com https://*.twitter.com http://static.ads-twitter.com https://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://cdn.polyfill.io http://*.tiqcdn.com https://*.tiqcdn.com https://*.cloudflare.com https://*.trustpilot.com https://*.bootstrapcdn.com https://*.heg-cp.com; style-src 'self' 'unsafe-inline' https://*.heartinternet.uk http://*.googleapis.com https://*.googleapis.com https://*.bootstrapcdn.com https://*.jsdelivr.net; font-src 'self' 'unsafe-inline' https://*.heartinternet.uk https://releases.flowplayer.org https://*.bootstrapcdn.com; img-src 'self' data: https://*.awin1.com https://www.googletagmanager.com https://*.ads.linkedin.com https://www.google.co.uk https://*.heartinternet.uk http://googleads.g.doubleclick.net http://t.co https://t.co http://www.google.com https://www.google.co.uk https://www.google.de https://www.facebook.com https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://*.akstat.io https://*.akamaihd.net https://analytics.twitter.com; frame-src 'self' https://*.awin1.com https://*.trustpilot.com https://www.google-analytics.com https://*.heartinternet.uk http://*.doubleclick.net https://*.doubleclick.net https://*.twitter.com http://static.ads-twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.googletagmanager.com https://t.co https://www.facebook.com https://www.google.com http://www.google.com https://www.google.co.uk https://www.google.de; connect-src 'self' https://*.awin1.com https://www.wepowerconnections.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://www.google.com https://customer.heartinternet.uk/cp/public/v1.0/prices/domains https://customer.heartinternet.uk/cp/public/v1.0/subscriptions https://wwws.heartinternet.uk https://*.termly.io https://customer.heartinternet.uk/manage/basket.cgi https://customer.heartinternet.uk/manage/domain-search-data.cgi https://adac.api.yoursrs.com/ajax wss://adac.api.yoursrs.com/ws https://*.akstat.io https://*.go-mpulse.net https://cdn.linkedin.oribi.io https://*.akamaihd.net https://region1.google-analytics.com https://stats.g.doubleclick.net https://region1.analytics.google.com; 2
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' https: data: blob:; connect-src 'self' https:; style-src 'self' 'unsafe-inline' https:; form-action 'self'  https:; frame-src 'self' https: blob: 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.googletagmanager.com always 2
frame-ancestors 'self' https://*.nd-aktuell.de https://*.nd-online.de https://*.warenform.de; 2
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: https://was-nam-us-prd-bhapi.azurewebsites.net wss://*.qualified.com wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bhgateway.azurewebsites.net; font-src 'self' https:; frame-ancestors 'self' https; 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: https:; object-src 'none'; connect-src 'self' https: wss:; script-src 'unsafe-inline' https: 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; media-src 'self' blob: data: https:; font-src 'self' data: https://use.typekit.net https://cdnjs.cloudflare.com https://fonts.gstatic.com; base-uri 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://dynacrems-stage.wp.pl https://challenges.cloudflare.com grid.grupawp.pl adssettings.google.com https://fpnpmcdn.net https://fpjscdn.net wpext.pl *.wpext.pl *.survicate.com *.survicate-cdn.com *.abtshield.com fpx.o2.pl *.doubleverify.com s1.adform.net track.adform.net rt.inistrack.net *.sensic.net system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpimg.pl pocztanh.wpcdn.pl *.wpcdn.pl *.tradedoubler.com *.hit.gemius.pl *.salesmore.pl onapi.o2.pl *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.2mdn.net *.googleadservices.com d.rxthdr.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google-analytics.com *.moatads.com ib.adnxs.com adservice.google.pl adservice.google.com *.meetrics.net *.mxcdn.net *.criteo.com static.criteo.net imasdk.googleapis.com cdn.netsco.re 3p.ampproject.net *.payu.com *.doubleverify.com ho.novem.pl; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://dynacrems-stage.wp.pl adssettings.google.com *.survicate.com *.survicate-cdn.com pocztanh.wpcdn.pl s1.adform.net track.adform.net rt.inistrack.net system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpimg.pl; img-src 'self' data: blob: *.wpcdna.pl https://dynacrems-stage.wp.pl res.cloudinary.com *.nsaudience.pl *.survicate.com events.mediarithmics.com s1.adform.net track.adform.net rt.inistrack.net *.exactag.com  zasobygwp.pl zasoby.tlen.pl pl-gmtdmp.mookie1.com system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl rek.www.wp.pl *.wpimg.pl *.wpcdn.pl *.moatads.com *.tradedoubler.com ads.salesmore.pl *.doubleclick.net *.2mdn.net bs.serving-sys.com *.googlesyndication.com *.google.com delivery.way2traffic.com *.hit.gemius.pl t.qservz.com cdn.qservz.com beta.pocketads.pl ssl.google-analytics.com dmp.adform.net asa.allegro.pl ad.atdmt.com ads.businessclick.com/mailing/ *.meetrics.net *.mxcdn.net *.criteo.com *.criteo.net stags.bluekai.com www.ojrq.net/p/ secure-gl.imrworldwide.com www.facebook.com *.payu.com *.doubleverify.com ho.novem.pl; media-src 'self' v.wpimg.pl adv.wp.pl *.wpcdn.pl data:; child-src 'self' blob: *.hit.gemius.pl system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl config.sensic.net *.tagcdn.com *.googlesyndication.com ads.salesmore.pl ad.doubleclick.net *.2mdn.net *.bing.com adexa.me googleads.g.doubleclick.net; frame-src 'self' blob: https://dynacrems-stage.wp.pl https://challenges.cloudflare.com adssettings.google.com *.survicate.com *.wpext.pl wpext.pl *.wpimg.pl *.hit.gemius.pl system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl stg.wp.pl *.wpcdn.pl config.sensic.net *.tagcdn.com *.googlesyndication.com ads.salesmore.pl ad.doubleclick.net *.2mdn.net *.bing.com adexa.me www.google.com/recaptcha/ *.criteo.com googleads.g.doubleclick.net masscdn.com *.payu.com *.doubleverify.com ho.novem.pl gwp.typeform.com *.doubleclick.net *.googletagservices.com; font-src 'self' data: *.survicate.com *.survicate-cdn.com *.wpimg.pl *.wpcdn.pl; connect-src 'self' https://dynacrems-stage.wp.pl https://fpnpmcdn.net https://api.fpjs.io https://*.api.fpjs.io *.survicate.com *.abtshield.com fpx.o2.pl *.wpext.pl wpext.pl *.sensic.net *.hit.gemius.pl imppl.tradedoubler.com secure.espago.com wp.tv csi.gstatic.com *.criteo.com static.criteo.net bidder.criteo.com *.moatads.com *.meetrics.net wss://poczta.o2.pl wss://poczta.wp.pl system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpcdn.pl *.money.pl www.google.com pubs2-eu.creativecdn.com *.wpimg.pl profil.o2.pl *.netscore.eu/v2/api/adinfo/ ib.adnxs.com/ptv *.googlesyndication.com *.payu.com *.doubleverify.com ho.novem.pl *.doubleclick.net *.googletagservices.com grid.grupawp.pl; report-uri /csp-reports; manifest-src 'self' 'unsafe-eval' 2
default-src 'self' images.salzburg-ag.at *.salzburg-ag.tech; object-src 'self' app.usercentrics.eu/latest/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at maps.googleapis.com; script-src 'self' *.salzburg-ag.at https://cdn-api-weglot.com https://*.weglot.com https://*.sitesearch360.com snap.licdn.com *.mouseflow.com *.pinimg.com maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ assets.adobedtm.com sc-static.net app.usercentrics.eu/latest/ images.salzburg-ag.at js.monitor.azure.com/scripts/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at www.googleadservices.com *.g.doubleclick.net ad.doubleclick.net tr.snapchat.com www.google-analytics.com *.usercentrics.eu www.youtube.com snap.licdn.com/li.lms-analytics/insight.min.js connect.facebook.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.queue.core.windows.net https://cdn-api-weglot.com https://*.weglot.com https://*.sitesearch360.com *.cablelink.at https://www.google.com/recaptcha/  *.salzburg-ag.tech px.ads.linkedin.com  api.storyblok.com cdn.linkedin.oribi.io *.mouseflow.com https://speedy.cablelink.at:8043/ https://www.google.com/recaptcha/ *.google-analytics.com *.analytics.google.com *.salzburg-ag.at ct.pinterest.com tr.snapchat.com *.g.doubleclick.net ad.doubleclick.net sc-static.net maps.googleapis.com *.usercentrics.eu dc.services.visualstudio.com/v2/track  *.omtrdc.net *.demdex.neti data: wss:; img-src 'self' *.salzburg-ag.at https://*.sitesearch360.com *.pinimg.com a.storyblok.com ct.pinterest.com www.google-analytics.com www.google.com www.google.at p.adsymptotic.com *.fls.doubleclick.net *.linkedin.com *.facebook.com *.youtube.com *.g.doubleclick.net ad.doubleclick.net adservice.google.com tr.snapchat.com maps.gstatic.com maps.googleapis.com www.googletagmanager.com app.usercentrics.eu *.usercentrics.eu www.familieundberuf.at *.everesttech.net *.demdex.net *.omtrdc.net data:; style-src 'self' 'unsafe-inline' *.salzburg-ag.at https://cdn-api-weglot.com https://*.weglot.com app.usercentrics.eu/latest/ www.googletagmanager.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com maps.googleapis.com data:; frame-src 'self' forms.office.com reglist24.com *.reglist24.com  my.matterport.com *.svc.dynamics.com assets-eur.mkt.dynamics.com *.cablelink.at sag.viewer.cit-fusion.com ct.pinterest.com www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://at.eturnity.eu/ ocilion.com p.artworx.at form.typeform.com *.microsoftonline.com login.microsoftonline.com cablelink.preview.speedtestcustom.com cablelink.speedtestcustom.com energie-effizienz-iframe.smartricity.de outlook.office365.com *.fls.doubleclick.net ad.doubleclick.net www.youtube.com maps.googleapis.com tr.snapchat.com *.facebook.com *.demdex.net;media-src 'self' maps.googleapis.com data:; frame-ancestors 'self' app.usercentrics.eu; form-action 'self' tr.snapchat.com www.facebook.com app.usercentrics.eu; 2
frame-ancestors 'self' *.tabby.ai *.tabby.dev 2
script-src 'nonce-af41e9ebfb9588f54779eba0696dcfce' 'strict-dynamic' 'self' https://*.googletagmanager.com https://cdn.jsdelivr.net/npm/hockeystack@latest/ https://data.hockeystack.com/ https://cdn.ketchjs.com https://global.ketchcdn.com https://js.stripe.com https://ngrok.zendesk.com https://pod-13.zendesk.com https://pod-13-sunco-ws.zendesk.com https://ssl.google-analytics.com https://static.zdassets.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hubspot.com https://scripts.clarity.ms https://us-assets.i.posthog.com 'wasm-unsafe-eval'; base-uri 'self';; object-src 'none';; worker-src blob:;; frame-ancestors 'self' https://us.posthog.com; 2
default-src 'self' localhost:* cabify.website *.cabify.com *.cabifil.es; manifest-src 'self' localhost:* cabify.website *.cabify.com *.cabifil.es; style-src 'self' localhost:* 'unsafe-inline' cabify.website *.cabify.com *.cabifil.es *.youtube.com *.calendly.com calendly.com *.stackadapt.com; script-src 'self' localhost:* 'unsafe-inline' 'unsafe-eval' cabify.website *.cabify.com *.cabifil.es rum.browser-intake-datadoghq.com *.datadoghq.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.jotform.com *.google-analytics.com *.youtube.com *.google.com *.gstatic.com *.licdn.com *.facebook.net *.amplitude.com *.outbrain.com *.taboola.com *.talent.com *.tiktok.com *.linkedin.com *.stackadapt.com qvdt3feo.com *.calendly.com calendly.com *.criteo.com *.criteo.net unpkg.com; img-src * data:; connect-src 'self' localhost:* ws://localhost:* cabify.website *.cabify.com *.cabifil.es *.oribi.io *.jotform.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.google.com *.googleapis.com *.youtube.com translate.googleapis.com *.googlesyndication.com rum.browser-intake-datadoghq.com *.datadoghq.com *.clarity.ms *.outbrain.com *.googletagmanager.com *.amplitude.com *.facebook.com *.facebook.net *.linkedin.com *.stackadapt.com *.calendly.com calendly.com *.tiktok.com *.pangle-ads.com *.criteo.com *.criteo.net unpkg.com; frame-src 'self' localhost:* cabify.website *.cabify.com *.cabifil.es *.oribi.io *.jotform.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.google.com *.googleapis.com *.youtube.com translate.googleapis.com *.googlesyndication.com rum.browser-intake-datadoghq.com *.datadoghq.com *.clarity.ms *.googletagmanager.com *.amplitude.com *.facebook.com *.facebook.net *.linkedin.com *.stackadapt.com *.calendly.com calendly.com *.whatsapp.com *.criteo.com *.criteo.net unpkg.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub57d126e9dea45259c0e69381468deb10&dd-evp-origin=content-security-policy&ddsource=csp-report 2
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; img-src 'self'; frame-src 'self'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 2
upgrade-insecure-requests; object-src https://www.datocms-assets.com; block-all-mixed-content; frame-ancestors 'self' https://plugins-cdn.datocms.com; 2
frame-ancestors https://platform.nexo.io https://platform.nexo.com https://support.nexo.io https://support.nexo.com https://nexosurvey.force.com https://nexoio.lightning.force.com https://nexoio--c.visualforce.com https://nexoio.my.site.com 2
child-src 'self'; frame-src 'self' apis.google.com accounts.google.com staticxx.facebook.com badge.stumbleupon.com www.googletagmanager.com ad.ipredictive.com go.myflvs.net player.vimeo.com www.google.com *.doubleclick.net *.adtrafficquality.google flvs.my.site.com forms.flvs.net myflvs.net syndicatedsearch.goog ciqtracking.com correlation.edgate.com go.flexpointeducation.com go.flexpointvirtualschool.com *.facebook.com *.snapchat.com *.youtube-nocookie.com *.youtube.com platform.twitter.com syndication.twitter.com flvs.jotform.com www.myflvs.net pci.jotform.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com use.typekit.net cdn.jsdelivr.net p.typekit.net 'unsafe-inline' flvs.jotform.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net cdn.jsdelivr.net flvs.jotform.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com i.ytimg.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: ep1.adtrafficquality.google gwmtracking.com clients1.google.com www.google.com googleads.g.doubleclick.net connect.facebook.net px.ads.linkedin.com syndicatedsearch.goog pixel.tapad.com dpm.demdex.net flvs1.sharepoint.com *.vimeocdn.com flvs.net flvsprd.service-now.com *.facebook.com *.flvs.net *.google.com *.googletagmanager.com *.linkedin.com ad.doubleclick.net bh.contextweb.com ce.lijit.com cm.g.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com fei.pro-market.net fonts.gstatic.com idsync.rlcdn.com image2.pubmatic.com lh7-rt.googleusercontent.com match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net rtb-csync.smartadserver.com s.ad.smaato.net stags.bluekai.com static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png stats.g.doubleclick.net sync.1rx.io sync.crwdcntrl.net sync.navdmp.com syndication.twitter.com us-u.openx.net x.bidswitch.net *.taboola.com cs.admanmedia.com jadserve.postrelease.com *.adnxs.com *.acuityplatform.com flvs.jotform.com; media-src 'self' data: blob:; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com www.googleadservices.com *.snapchat.com www.google.com analytics.google.com ad.doubleclick.net www.google-analytics.com px.ads.linkedin.com ep1.adtrafficquality.google vimeo.com *.vimeo.com *.doubleclick.net fa-aichatbot-prod.azurewebsites.net directline.botframework.com www.flvs.net cdn.jsdelivr.net *.facebook.com *.googletagmanager.com fa-flvscsbot-uat.azurewebsites.net *.elfsight.com wss://directline.botframework.com; script-src 'self' *.googleapis.com *.gstatic.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com cdn.botframework.com cse.google.com googleads.g.doubleclick.net pi.pardot.com sc-static.net e.acuityplatform.com js.ipredictive.com code.jquery.com ep2.adtrafficquality.google cdn.jsdelivr.net snap.licdn.com origin.acuityplatform.com tr.snapchat.com go.flvs.net player.vimeo.com *.elfsight.com 'unsafe-inline' 'unsafe-eval' cdn.pardot.com cdn.ampproject.org *.facebook.com *.flvs.net *.google.com *.googletagmanager.com *.youtube.com ad.doubleclick.net bh.contextweb.com ce.lijit.com cm.g.doubleclick.net dpm.demdex.net dsum-sec.casalemedia.com eb2.3lift.com fei.pro-market.net fonts.gstatic.com idsync.rlcdn.com image2.pubmatic.com lh7-rt.googleusercontent.com match.adsrvr.org pixel.rubiconproject.com pixel.tapad.com ps.eyeota.net publish.twitter.com rtb-csync.smartadserver.com s.ad.smaato.net s.ytimg.com secure.adnxs.com stags.bluekai.com stats.g.doubleclick.net sync.1rx.io sync.crwdcntrl.net sync.navdmp.com syndication.twitter.com us-u.openx.net x.bidswitch.net *.byspotify.com flvs.jotform.com; default-src 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' script.crazyegg.com bat.bing.com connect.facebook.net *.marketo.com munchkin.marketo.net googleads.g.doubleclick.net consentcdn.cookiebot.com assets.adoberesources.net consent.cookiebot.com scout-cdn.salesloft.com www.google.com www.gstatic.com www.googletagmanager.com www.googleoptimize.com www.google-analytics.com *.bugherd.com cdnjs.cloudflare.com assets.revenuehero.io app.revenuehero.io play.vidyard.com info.signiant.com j.6sc.co; connect-src 'self' sockjs.pusher.com ws-mt1.pusher.com tracking.crazyegg.com *.marketo.com *.mktoresp.com script.crazyegg.com bat.bing.com www.google.com consentcdn.cookiebot.com stats.g.doubleclick.net *.analytics.google.com www.facebook.com assets.adoberesources.net *.cloud.adobe.io scout.salesloft.com cdnjs.cloudflare.com *.google-analytics.com *.bugherd.com www.google-analytics.com www.googletagmanager.com assets.revenuehero.io play.vidyard.com info.signiant.com app.revenuehero.io c.6sc.co ipv6.6sc.co epsilon.6sense.com; img-src 'self' data: secure.gravatar.com www.facebook.com bat.bing.com www.google.es www.google.com www.google.co.uk www.google.ro www.google.de imgsct.cookiebot.com *.gstatic.com www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com *.bugherd.com play.vidyard.com cdn.vidyard.com cdnjs.cloudflare.com info.signiant.com b.6sc.co; style-src 'self' 'unsafe-inline' rtp-static.marketo.com www.googletagmanager.com www.google.com www.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com info.signiant.com; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self' info.signiant.com; frame-src www.facebook.com signiant.lodago.app popup.schedulehero.io consentcdn.cookiebot.com www.google.com www.googletagmanager.com play.vidyard.com info.signiant.com www.youtube.com youtube.com sjrtp8.marketo.com; object-src 'none'; 2
object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 2
default-src 'self'; base-uri 'self'; object-src 'none'; upgrade-insecure-requests; form-action 'self' https://*.hsforms.com https://*.hubspot.com https://forms.hsforms.com https://www.facebook.com; frame-ancestors 'self' https://*.vwo.com https://*.visualwebsiteoptimizer.com https://*.hubspot.com https://*.shopware.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://ssl.google-analytics.com https://a.clarity.ms https://dev.visualwebsiteoptimizer.com https://js.hs-scripts.com https://js.hsforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.usemessages.com https://js.hubspot.com https://js.hubspotfeedback.com https://*.usercentrics.eu https://connect.facebook.net https://sst.shopware.com https://static.oktopost.com https://okt.to https://bat.bing.com https://snap.licdn.com https://tracking.g2crowd.com https://cdn.dreamdata.cloud https://www.clarity.ms https://scripts.clarity.ms; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.usercentrics.eu; font-src 'self' data: https://fonts.gstatic.com https://*.usercentrics.eu; img-src 'self' data: blob: https:; media-src 'self' https:; frame-src 'self' https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.vwo.com https://*.visualwebsiteoptimizer.com https://*.hubspot.com https://forms.hubspot.com https://forms.hsforms.com https://share.hsforms.com https://meetings.hubspot.com https://*.usercentrics.eu https://player.simplecast.com https://sst.shopware.com https://www.googletagmanager.com https://www.facebook.com https://tv.shopware.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net https://*.doubleclick.net https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://i.ytimg.com https://s.ytimg.com https://cdn.contentful.com https://graphql.contentful.com https://images.ctfassets.net https://downloads.ctfassets.net https://dev.visualwebsiteoptimizer.com https://wingify.com https://*.hubspot.com https://api.hsforms.com https://track.hubspot.com https://*.usercentrics.eu https://aggregator.service.usercentrics.eu https://privacy-proxy.usercentrics.eu https://*.pusher.com https://*.oktopost.com https://bat.bing.com https://snap.licdn.com https://tracking.g2crowd.com https://cdn.dreamdata.cloud https://www.clarity.ms https://scripts.clarity.ms wss: https:; worker-src 'self' blob:; child-src 'self' blob: https:; manifest-src 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://plausible.io https://js.hs-scripts.com https://js.hs-banner.com https://js.hsleadflows.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hsadspixel.net/fb.js https://googleads.g.doubleclick.net; frame-src https://consentcdn.cookiebot.com https://www.youtube.com https://td.doubleclick.net https://www.googletagmanager.com https://hub.n3mus.com https://n3mus.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://raw.githubusercontent.com https://cdn.sanity.io/images/76lym2dp/mb-production/ https://imgsct.cookiebot.com https://track.hubspot.com https://forms.hsforms.com https://avatars.githubusercontent.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://plausible.io; media-src 'self' https://cdn.sanity.io/files/76lym2dp/mb-production/; connect-src 'self' https://76lym2dp.api.sanity.io/ https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/subscan https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/hubspot/submitform https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.hscollectedforms.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://api.hubapi.com https://forms.hubspot.com https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/hubspot/getform https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/form/submit https://plausible.io; form-action 'self'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.trustedform.com *.cfringctr.com *.cohesionapps.com *.lytics.io *.salesforce.com *.tvpixel.com *.cfdomains.com *.lytics.io *.userway.org *.cloudfront.net *.cloudflareinsights.com unpkg.com rum.hlx.page *.kampyle.com *.trustarc.com *.dynatrace.com *.cquotient.com *.clarity.ms *.salesforceliveagent.com *.affirm.com *.adt.com *.taboola.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.bing.com *.facebook.net *.tiktok.com *.pinterest.com *.pinimg.com *.licdn.com *.ads-twitter.com *.nextdoor.com *.adnxs.com *.adsrvr.org *.teads.tv *.kargo.com *.go-mpulse.net *.hrzn-nxt.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com *.abtasty.com *.findly.com *.nagich.com *.oktacdn.com *.typekit.net *.redditstatic.com *.addtoany.com *.adobe.com *.adobe.io *.adobedtm.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.bbb.org service.force.com sierra.chat; style-src 'self' 'unsafe-inline' *.userway.org *.abtasty.com *.userway.org *.lytics.io unpkg.com *.findly.com *.oktacdn.com *.adt.com *.salesforceliveagent.com *.trustarc.com *.doubleclick.net *.bbb.org *.googleapis.com *.jsdelivr.net *.bootstrapcdn.com *.typekit.net service.force.com sierra.chat; font-src 'self' data: *.userway.org sierra.chat *.salesforceliveagent.com *.bootstrapcdn.com adt.com *.adt.com *.trustarc.com fonts.gstatic.com *.typekit.net; img-src 'self' data: *.userway.org *.abtasty.com *.tvpixel.com *.lytics.io *.cloudfront.net *.abmr.net *.liadm.com *.affirm.com *.doubleclick.net *.teads.tv *.salesforce.com *.clarity.ms *.truste.com *.trustarc.com *.krxd.net *.googleapis.com *.googleadservices.com trc.taboola.com servedby.flashtalking.com insight.adsrvr.org maps.gstatic.com *.google.com adt.com *.adt.com t.co analytics.twitter.com *.day.com *.linkedin.com www.googletagmanager.com ad.doubleclick.net flask.nextdoor.com px.ads.linkedin.com *.doubleclick.net www.facebook.com *.teads.tv *.hrzn-nxt.com *.reddit.com *.rlcdn.com trkn.us arttrk.com *.gstatic.com arttrk.com ib.adnxs.com *.google-analytics.com *.bing.com *.taboola.com; connect-src 'self' *.akamaihd.net *.cfringctr.com *.leadconduit.com *.cohesionapps.com adt.mymove.com *.rvapps.io *.tvpixel.com *.cloudfront.net *.userway.org *.trustedform.com *.amazonaws.com *.salesforce.com *.centerfield.com *.googletagmanager.com *.cfdomains.com *.facebook.com unpkg.com *.akstat.io *.adt.com *.pinterest.com *.abtasty.com *.affirm.com *.trustarc.com *.taboola.com *.cquotient.com *.clarity.ms *.google.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.teads.tv *.kargo.com *.go-mpulse.net *.tiktok.com *.tiktokw.us *.bing.com *.adsrvr.org *.linkedin.com *.reddit.com *.dynatrace.com *.nagich.com *.nextdoor.com *.kaptcha.com *.adnxs.com *.jsdelivr.net *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com ipinfo.io *.ipify.org prodregistryv2.org featureassets.org service.force.com sierra.chat; frame-src 'self' *.cohesionapps.com *.userway.org *.abtasty.com *.affirm.com www.youtube.com s.go-mpulse.net sierra.chat *.adt.com adt.com *.trustarc.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com *.kaptcha.com www.facebook.com *.pinterest.com www.googletagmanager.com www.google.com maps.googleapis.com *.fls.doubleclick.net insight.adsrvr.org service.force.com; frame-ancestors 'self' *.go-mpulse.net sierra.chat *.adt.com *.trustarc.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; object-src 'none'; base-uri 'self'; worker-src 'self' blob: data:; 2
default-src 'self' *.targetfirst.com *.hsforms.com heeet.io *.heeet.io 'unsafe-inline' *.googleadservices.com webcdn.ringover.com *.schedulehero.io *.revenuehero.io; img-src user-images.crazyeggcdn.com *.crazyegg.com *.albacross.com *.targetfirst.com http://watcheebox.net http://*.watcheebox.net *.reddit.com *.bing.net tag.nrich.ai audience.nrich.ai storage.googleapis.com fonts.gstatic.com *.hsforms.com *.hubspot.com *.linkedin.com *.liadm.com 'self' data: *.clarity.ms *.google.com *.bing.com *.rlcdn.com *.sitescout.com *.clickagy.com www.google.fr webcdn.ringover.com ct.capterra.com *.ytimg.com ytimg.com www.google.com www.facebook.com google-analytics.com *.google-analytics.com *.googletagmanager.com *.ads.linkedin.com cdn.livechat-files.com; script-src 'self' *.crazyegg.com *.guideflow.com *.athenahq.ai *.albacross.com www.redditstatic.com *.nrich.ai appvizer.one *.hsforms.net *.heeet.io cdn.heeet.io/js/localstorage-gau.js *.snitcher.com *.amazonaws.com *.liadm.com *.hsforms.com *.hs-scripts.com *.hubspot.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.clarity.ms *.targetfirst.com http://watcheebox.net http://*.watcheebox.net 'unsafe-inline' 'unsafe-eval' 'self' *.tapfiliate.com *.hs-scripts.com *.googleoptimize.com bat.bing.com *.clickagy.com *.cloudflare.com *.googleadservices.com *.rsc.cdn77.org cdn77.ringover.com cdn.jsdelivr.net *.algolianet.com *.algolia.net *.googlesyndication.com *.g.doubleclick.net *.welcomekit.co welcomekit.co facebook.com linkedin.com *.link-page.info snippets.freshchat.com snap.licdn.com dc.ads.linkedin.com storage.googleapis.com px.ads.linkedin.com ct.capterra.com google.com google.fr *.trustpilot.com embed.tawk.to *.gotolstoy.com youtube.com pi.pardot.com redirectmail.ringover.com static-v.tawk.to *.google-analytics.com *.googleadservices.com *.googletagmanager.com gstatic.com *.g.doubleclick.net *.gstatic.com *.facebook.net *.gotolstoy.com redirectmail.ringover.com *.google.com *.hotjar.com *.lfeeder.com *.zoominfo.com *.livechatinc.com *.googleanalytics.com *.schedulehero.io *.revenuehero.io; style-src 'self' *.crazyegg.com *.rsc.cdn77.org *.google.com *.googleapis.com *.ringover.com https://fonts.googleapis.com fonts.gstatic.com *.targetfirst.com http://watcheebox.net http://*.watcheebox.net 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; connect-src *.crazyegg.com *.athenahq.ai wss://*.watcheebox.net http://watcheebox.net http://*.watcheebox.net *.targetfirst.com *.appvizer.one appvizer.one *.redditstatic.com *.reddit.com *.bing.net *.ringover.net wss://*.ringover.net ipapi.co/json *.hsforms.com *.heeet.io *.snitcher.com *.amazonaws.com alocdn.com *.ip-api.com 'self' *.hscollectedforms.net *.hubapi.com *.hubspot.com *.statuspage.io *.liadm.com *.oribi.io *.ads.linkedin.com *.clickagy.com *.clarity.ms *.zoominfo.com *.rsc.cdn77.org cdn.jsdelivr.net *.lfeeder.com *.googleusercontent.com *.algolia.net *.algolianet.com *.googlesyndication.com *.welcomekit.co welcomekit.co *.ringover.com va.tawk.to *.googleadservices.com *.hotjar.com wss://*.hotjar.com *.gotolstoy.com *.google.com *.google-analytics.com *.google.fr *.g.doubleclick.net *.schedulehero.io *.revenuehero.io; font-src 'self' data: http://watcheebox.net http://*.watcheebox.net 'unsafe-inline' *.rsc.cdn77.org *.gstatic.com fonts.googleapis.com fonts.gstatic.com; media-src 'self' *.targetfirst.com *.rsc.cdn77.org *.ringover.com cdn.livechatinc.com; frame-src 'self' *.crazyegg.com *.guideflow.com *.appspot.com *.googletagmanager.com *.ringover.com *.hsforms.com *.cloudflare.com *.google.com *.youtube-nocookie.com *.google.com *.hotjar.com *.gotolstoy.com *.youtube.com youtube-nocookie.com *.livestorm.co calendly.com *.facebook.com *.trustpilot.com *.doubleclick.net *.livechatinc.com *.schedulehero.io; child-src 'self' blob: *.rsc.cdn77.org *.ringover.com; form-action 'self' *.hsforms.com *.rsc.cdn77.org *.facebook.com; frame-ancestors 'self' *.rsc.cdn77.org *.schedulehero.io; object-src 'none'; base-uri 'self' *.rsc.cdn77.org; worker-src 'self' blob: *.rsc.cdn77.org *.ringover.com; manifest-src 'self' *.rsc.cdn77.org; 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://vtm-test.cutm.nfrance.com/libraries/jstree/dist/jstree.min.js https://tmcsi.widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://tmcsi.pp-widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://www.google.com/recaptcha/api.js https://public.message-business.com/Javascript/form/MB_Form_JsApp.js https://stx-gravity-p1-widgets.quantum.secutix.com https://stx-gravity-p1-widgets.quantum.secutix.com/stx-widgets/v2/Widgets.js https://player.ausha.co/ausha-player.js cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://matomo-pp.cutm.nfrance.net matomo-pp.cutm.nfrance.net connect.facebook.net cdn.onesignal.com platform.twitter.com www.youtube.com www.recaptcha.net www.gstatic.com onesignal.com https://stx-gravity-p1-widgets.quantum.secutix.com https://player.ausha.co player.ausha.co cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://stx-gravity-p1-widgets.quantum.secutix.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://cdn.jsdelivr.net cdn.jsdelivr.net https://stx-gravity-p1-widgets.quantum.secutix.com; report-uri https://metropole.toulouse.fr/report-uri/enforce; report-to default 2
report-to slardar-endpoint; upgrade-insecure-requests ; 2
frame-ancestors 'self' https://*.bidorbuy.co.za https://*.bobshop.co.za https://*.bob.co.za https://*.qa.bobshop.co.za; 2
default-src 'self'; connect-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com  https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://px.ads.linkedin.com https://assets.adobedtm.com https://safgtechnologies.demdex.net https://cdn2.gbqofs.com https://connect.facebook.net https://snap.licdn.com https://assets.corebridgefinancial.com https://live.cloud.api.corebridgefinancial.com https://uat.cloud.api.corebridgefinancial.com https://my.valic.com https://edge.api.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://metrics.brightcove.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://safgtechnologiescbf.112.2o7.net https://cm.everesttech.net https://pdfgen.dmp.corebridgefinancial.com https://pdfgen-prod.dmp.corebridgefinancial.com https://americangenerallife.us-5.evergage.com https://fonts.googleapis.com https://fonts.gstatic.com https://corebridgefinancial.onlineprospectus.net https://reporting.mobular.net https://apis.sundaysky.com https://safgtechnologiescbfdev.112.2o7.net  https://streams-edge.web.sundaysky.com https://www.facebook.com https://adobedc.demdex.net https://edge.adobedc.net https://www.google.com https://dmp.uat.connector.corebridgefinancial.com https://dmp.live.connector.corebridgefinancial.com https://viewlicense.adobe.io https://cloud.rs.corebridgefinancial.com https://cloud.life.corebridgefinancial.com https://siteintercept.qualtrics.com https://cloud.ir.corebridgefinancial.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://alb.reddit.com https://www.corebridgefinancial.com https://ad.doubleclick.net https://insight.adsrvr.org; script-src https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://assets.adobedtm.com https://cdn.evgnet.com https://cdn2.gbqofs.com https://px.ads.linkedin.com https://report.corebridge.gbqofs.io https://safgtechnologies.demdex.net https://connect.facebook.net https://snap.licdn.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://assets.corebridgefinancial.com https://cdn.gbqofs.com https://players.brightcove.net https://assets.map.brightcove.com https://map.brightcove.com https://platform.twitter.com https://aig.onlineprospectus.net https://corebridgefinancial.onlineprospectus.net https://valic.onlineprospectus.net https://play.sundaysky.com https://americangenerallife.us-5.evergage.com https://unpkg.com https://acrobatservices.adobe.com https://znbd5u06jodgh7tkj-crbg.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://www.redditstatic.com https://www.corebridgefinancial.com https://js.adsrvr.org https://zn6fiam0gry5fx5r0-crbg.siteintercept.qualtrics.com 'unsafe-inline' 'unsafe-eval' blob:; style-src https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com   https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://assets.adobedtm.com https://cdn.evgnet.com https://cdn2.gbqofs.com https://px.ads.linkedin.com https://report.corebridge.gbqofs.io https://safgtechnologies.demdex.net https://connect.facebook.net https://snap.licdn.com https://assets.corebridgefinancial.com https://fonts.googleapis.com https://americangenerallife.us-5.evergage.com https://www.corebridgefinancial.com 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; frame-src 'self' https://safgtechnologies.demdex.net https://www.google.com https://platform.twitter.com https://players.brightcove.net https://14505161.fls.doubleclick.net https://td.doubleclick.net https://cbf.instech-app.com https://view.ceros.com https://acrobatservices.adobe.com https://player.vimeo.com https://hackerone.com https://www.corebridgefinancial.com https://insight.adsrvr.org https://match.adsrvr.org https://www.facebook.com; img-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com  https://cdn.cookielaw.org https://px.ads.linkedin.com https://safgtechnologiescbf.112.2o7.net https://cm.everesttech.net https://dpm.demdex.net https://safgtechnologiesdev1cbf.112.2o7.net https://www.linkedin.com https://www.facebook.com https://assets.corebridgefinancial.com https://metrics.brightcove.com https://map.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://hdr.sundaysky.com https://d21o24qxwf7uku.cloudfront.net https://play.sundaysky.com https://safgtechnologiescbfdev.112.2o7.net https://ad.doubleclick.net https://alb.reddit.com https://www.corebridgefinancial.com https://www.googletagmanager.com https://insight.adsrvr.org data:; media-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://bcbolt446c5271-a.akamaihd.net https://streams-edge.web.sundaysky.com https://www.corebridgefinancial.com blob:; font-src 'self' https://fonts.gstatic.com https://americangenerallife.us-5.evergage.com https://www.corebridgefinancial.com data:; 2
default-src 'self' blob: *.tricentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com *.adsrvr.org *.bing.com *.bizible.com *.cookielaw.org *.demandbase.com *.doubleclick.net *.facebook.net *.googleoptimize.com *.googletagmanager.com *.licdn.com *.marketo.net *.mountain.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com *.tricentis.com *.trustradius.com *.vimeo.com *.wistia.com *.youtube.com *.zoominfo.com https://js.adsrvr.org https://bat.bing.com https://cdn.bizible.com https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.js https://api.company-target.com https://cdn.cookielaw.org https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://*.google-analytics.com https://www.googleadservices.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net/npm/countup@1.8.2/dist/countUp.min.js https://snap.licdn.com https://munchkin.marketo.net https://cdn.mouseflow.com https://eu.mouseflow.com https://netlify-cdp-loader.netlify.app https://*.tricentis.com https://affiliates.tricentis.com https://fast.wistia.com https://fast.wistia.net https://ws.zoominfo.com https://www.youtube.com/iframe_api https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net/trustquotes https://b.6sc.co https://j.6sc.co https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.onetrust.com https://js.sentry-cdn.com https://www.redditstatic.com/ads/pixel.js https://browser.sentry-cdn.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://bat.bing-int.com https://static.ads-twitter.com/uwt.js https://connect.facebook.net/en_US/fbevents.js https://*.quora.com; style-src 'self' 'unsafe-inline' 'report-sample' *.marketo.net *.tricentis.com https://www.tricentis.com https://api.company-target.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://pages.tricentis.com https://lps.tricentis.com https://www.trustradius.com https://*.typekit.net https://d30ia583fbtg8i.cloudfront.net https://*.onetrust.com; object-src 'none'; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com  https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu  https://uploads.au.intercomcdn.com  https://uploads.intercomusercontent.com *.doubleclick.net http://ad.doubleclick.net *.mktoresp.com *.mktoutil.com *.google.com https://analytics.google.com https://adservice.google.com https://www.googleadservices.com https://region1.analytics.google.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io *.company-target.com https://ws.zoominfo.com bat.bing.com *.google-analytics.com *.demandbase.com *.wistia.com *.onetrust.com *.facebook.com pages.tricentis.com lps.tricentis.com be.tricentis.com *.googlesyndication.com *.googletagmanager.com *.mouseflow.com https://eu.mouseflow.com https://o2.mouseflow.com https://www.trustradius.com https://dudodiprj2sv7.cloudfront.net dx.mountain.com px.mountain.com gs.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.litix.io https://px.ads.linkedin.com https://ipv6.6sc.co https://c.6sc.co https://logx.optimizely.com https://*.optimizely.com https://*.6sense.com https://eps.6sc.co https://v.eps.6sc.co https://bat.bing.net https://pagead2.googlesyndication.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://www.redditstatic.com https://controltower.ml-optimizely.com https://cdn.optimizely.com https://cdn.bizible.com https://bat.bing-int.com https://*.ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://amplify.outbrain.com https://tr.outbrain.com https://in.logs.betterstack.com https://*.quora.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bt https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gl https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.tg https://www.google.tn https://www.google.tt https://google.com; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com data: https://cdn.mouseflow.com https://fast.wistia.com https://fonts.gstatic.com https://use.typekit.net https://dudodiprj2sv7.cloudfront.net/font/glyphicons/ https://*.onetrust.com; frame-ancestors 'self' https://www.tricentis.com https://be-develop.tricentis.com https://be-test.tricentis.com https://be.tricentis.com; frame-src *.adsrvr.org *.facebook.com *.tricentis.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://bid.g.doubleclick.net https://datainsights-cdn.dm.aws.gartner.com https://td.doubleclick.net https://tpc.googlesyndication.com https://www.buzzsprout.com https://www.google.com https://player.vimeo.com https://fast.wistia.net *.wistia.com https://www.youtube.com https://app.netlify.com https://s.company-target.com https://capture.navattic.com https://tricentis.navattic.com https://a26508490611.cdn.optimizely.com https://a26508490611.cdn-pci.optimizely.com; img-src 'self' blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.doubleclick.net http://ad.doubleclick.net https://pubads.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://adservice.google.com https://*.googletagmanager.com https://fonts.gstatic.com *.tricentis.com https://www.tricentis.com https://cdn.bizible.com https://cdn.bizibly.com *.capterra.com *.wistia.com *.linkedin.com https://px.ads.linkedin.com *.cookielaw.org *.googlesyndication.com https://www.google.com www.googletagmanager.com https://bat.bing.com https://id.rlcdn.com https://www.facebook.com https://segments.company-target.com https://capterra.s3.amazonaws.com https://eu.mouseflow.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://media.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://px.ads.linkedin.com https://b.6sc.co https://cdn.optimizely.com https://alb.reddit.com https://px.ads.linkedin.com https://bat.bing.net https://*.tricentis.com https://be.tricentis.com https://*.ads-twitter.com https://ads-api.twitter.com https://t.co https://analytics.twitter.com https://www.googleadservices.com https://tr.outbrain.com https://*.quora.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bt https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gl https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.tg https://www.google.tn https://www.google.tt https://google.com; media-src 'self' https://js.intercomcdn.com blob: https://*.wistia.com https://embedwistia-a.akamaihd.net; report-uri https://65eb3282bc57ae1120bf66ab.endpoint.csper.io?v=55; worker-src 'self' blob:; 2
frame-ancestors 'self' https://minhaclaro.claro.com.br https://www.clarocadastro.com.br https://clarocadastro.com.br; upgrade-insecure-requests; 2
default-src 'self' https: http:; base-uri 'self' *.cloudfront.net; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https: data:; frame-src 'self' https: data:; img-src   'self' data: blob: *.newrelic.com   *.commercecloud.salesforce.com *.lumens.com *.signifyd.com *.online-metrix.net   s7d1.scene7.com s7d5.scene7.com images.ctfassets.net storage.googleapis.com   cdn.ywxi.net www.gstatic.com *.google.com *.paypal.com *.bing.com *.facebook.com   *.everesttech.net *.omtrdc.net *.ydesigngroup.com *.listrakbi.com *.doubleclick.net   *.liadm.com *.agkn.com *.rtactivate.com *.dtstmio.com *.cloudfront.net *.datasteam.io   *.equalweb.com *.cookielaw.org *.googletagmanager.com *.demdex.net *.espssl.com   *.powerreviews.com sdk.helloextend.com api.helloextend.com api-demo.helloextend.com   *.cloudinary.com *.facebook.net *.clarity.ms *.modernimpact.com *.amazonaws.com    *.adnxs.com *.ojrq.net *.gladly.com *.smooch.io; manifest-src 'self' https: http:; media-src 'self' https: http: data: blob:; object-src 'self' https: http:; script-src   'self' 'unsafe-inline' 'unsafe-eval' blob: *.online-metrix.net *.newrelic.com *.nr-data.net   runtime.commercecloud.com *.googleapis.com *.lumens.com cdn.gladly.qa *.gladly.com *.smooch.io   d1fc8wv8zag5ca.cloudfront.net cdnjs.cloudflare.com www.googlecommerce.com *.curalate.com   *.google.com *.googletagmanager.com *.google-analytics.com js.cnnx.link   *.paypal.com *.datasteam.io *.facebook.net *.impactradius-event.com *.pinimg.com   *.googleadservices.com *.usabilla.com *.zi-scripts.com *.bing.com *.taboola.com   *.adobedtm.com cnstrc.com *.cnstrc.com *.listrakbi.com *.omtrdc.net *.listrak.com   *.equalweb.com tags.pw.adn.cloud www.paypalobjects.com *.stape.ma *.pinterest.com   *.agkn.com *.zoominfo.com *.adn.cloud *.facebook.com *.cookielaw.org *.bing-int.com   *.powerreviews.com sdk.helloextend.com api.helloextend.com api-demo.helloextend.com   *.signifyd.com *.iesnare.com *.doubleclick.net *.gladly.chat *.clarity.ms *.kyc.red   *.tintup.com *.publitas.com *.cquotient.com *.newrelic.com *.scene7.com *.verygoodvault.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' https: http:; style-src 'self' https: 'unsafe-inline'; connect-src   'self' runtime.commercecloud.com *.lumens.com *.signifyd.com *.newrelic.com *.nr-data.net   cdn.gladly.qa *.gladly.com *.smooch.io d1fc8wv8zag5ca.cloudfront.net cdnjs.cloudflare.com   www.googlecommerce.com *.google.com *.googletagmanager.com *.google-analytics.com js.cnnx.link   *.paypal.com *.datasteam.io *.facebook.net *.impactradius-event.com *.pinimg.com   *.googleadservices.com *.usabilla.com *.zi-scripts.com *.bing.com *.taboola.com *.adn.cloud   *.demdex.net *.omtrdc.net *.doubleclick.net *.listrak.com *.cnstrc.com *.listrakbi.com   *.mobify-storefront.com *.evyy.net *.impct.site *.pinterest.com *.stape.ma *.zoominfo.com   *.equalweb.com *.facebook.com *.run.app *.cookielaw.org *.onetrust.com *.powerreviews.com   sdk.helloextend.com api.helloextend.com api-demo.helloextend.com *.cloudinary.com   *.gladly.chat wss://*.gladly.chat *.clarity.ms *.ydesigngroup.com *.sinter-collect.com   *.verygoodvault.com; upgrade-insecure-requests 2
report-uri /csp-report.php; default-src 'none'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://www.fio.cz https://www.fio.sk https://www.gstatic.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.cz https://www.google.sk https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.bankid.cz; connect-src 'self' *.analytics.google.com *.google-analytics.com https://ajax.googleapis.com https://pagead2.googlesyndication.com  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://maps.google.cz https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; base-uri 'self' 2
frame-ancestors 'self' sosafeawareness.matomo.cloud https://sosafe.local *.sosafe-stage.de *.sosafe-dev.de *.sosafe.de *.sosafe-awareness.com *.sosafe-security.com *.sosafe-security-dev.com *.sosafe-security-stage.com; script-src 'unsafe-inline' 'unsafe-eval' blob: data: localhost localhost:3000 cdn.matomo.cloud sosafeawareness.matomo.cloud apis.google.com www.googletagmanager.com sosafe.local huficon.local *.sosafe-awareness.com sosafe-awareness.com www.google-analytics.com snap.licdn.com bat.bing.com px.ads.linkedin.com adservice.google.com *.doubleclick.net *.gravatar.com boards-api.greenhouse.io boards.eu.greenhouse.io js.hsforms.net *.hubspot.com play.google.com www.googleadservices.com *.hotjar.com *.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net *.hs-banner.com js.hsleadflows.net connect.facebook.net cdn.transifex.com *.wistia.com *.wistia.net *.requestmetrics.com humanfirewallconference.kinsta.cloud humanfirewallconference.com *.humanfirewallconference.com human-firewall-conference.com *.podigee-cdn.net *.cookiebot.com cookiebot.com *.reddit.com *.redditstatic.com *.clearbitscripts.com *.clearbitjs.com *.lfeeder.com *.g2crowd.com *.demandbase.com *.company-target.com *.buzzfufighter.com *.outbrain.com *.usemessages.com *.xingcdn.com *.xing.com *.sentry-cdn.com *.sosafe-security.com *.sosafe-security-dev.com *.sosafe-security-stage.com *.withflowersea.com *.clarity.ms *.posthog.com *.contentsquare.net *.googlesyndication.com *.google.com *.megaphone.fm *.hsappstatic.com *.hsappstatic.net *.hubspotusercontent-na1.net *.oktopost.com *.okt.to okt.to 2
frame-ancestors 'self' https://*.tsum.ru https://*.tsum.com; report-uri https://sentry.tsum.com/api/14/security/?sentry_key=009c465ac17e4f3fb722940ac763c938 2
frame-ancestors 'self' https://sites.ncleg.gov 2
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fleet.zone https://*.tallink.com https://*.adcell.com https://*.adform.net https://*.bing.com https://*.clarity.ms http://*.crazyegg.com https://*.facebook.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.licdn.com https://*.noknok.ee http://*.typeform.com https://vercel.live; style-src 'self' 'unsafe-inline' https://*.fleet.zone https://*.tallink.com https://*.googleapis.com https://*.googletagmanager.com https://*.linkedin.com https://*.typeform.com; img-src 'self' blob: data: https://*.tallink.com https://*.bing.com https://*.chatlayer.ai https://*.cision.com https://*.clarity.ms https://*.cloudinary.com https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.ee https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://*.seadform.net https://*.windows.net https://*.ytimg.com; font-src 'self' https://*.fleet.zone https://*.tallink.com https://*.gstatic.com; connect-src 'self' blob: data: https://*.fleet.zone https://*.fleet.zone:8443 https://*.tallink.com https://*.ably.io wss://*.ably.io https://*.ably-realtime.com wss://*.ably-realtime.com https://*.adcell.com https://*.algolia.net https://*.bing.com https://*.bing.net https://*.chatlayer.ai https://*.clarity.ms https://*.cloudinary.com https://*.crazyegg.com https://*.demdex.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.linkedin.com https://*.noknok.ee https://*.reachmee.com https://*.rik.ee https://*.sentry.io https://*.typeform.com; manifest-src 'self'; frame-src 'self' https://*.fleet.zone https://*.tallink.com https://*.adform.net https://*.demdex.net https://*.facebook.com https://*.google.com https://infogram.com https://nasdaqbaltic.com https://*.noknok.ee https://*.typeform.com https://vercel.live https://*.youtube.com; frame-ancestors 'self' https://*.typeform.com; worker-src 'self' blob:; object-src 'self' data:; media-src 'self' blob: https://*.cloudinary.com https://*.googleapis.com; 2
frame-ancestors  trustseal.enamad.ir;; upgrade-insecure-requests 2
form-action 'self' *.facebook.com; frame-ancestors 'self' app.contentful.com; frame-src 'self' *.workhuman.com *.workhumanpreprod.com vercel.app *.googletagmanager.com *.doubleclick.net *.cdn.optimizely.com pixel.mathtag.com cdn.useproof.com *.cookiebot.com *.ceros.com *.facebook.com 862-jiq-698.mktoweb.com cookie.havasedge.com fast.wistia.net youtube.com www.youtube.com *.twitter.com bat.bing.com *.lightning.force.com *.salesforce.com vercel.live; base-uri 'none'; object-src 'self'; child-src 'self' *.fls.doubleclick.net; upgrade-insecure-requests; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self' login.transporeon.com login.int.transporeon.com login.dev.transporeon.com login.test.transporeon.com www.transporeon.com; 2
frame-src https://td.doubleclick.net https://web-widget.gupshup.io/ https://www.youtube.com/ https://*.partners.gupshup.io https://ssl-proxy.quickwork.co https://api.gupshup.io https://console.gupshup.io https://www.gupshup.io https://go.gupshup.io/ https://business.facebook.com https://www.googletagmanager.com;frame-ancestors self https://web-widget.gupshup.io/ https://console.gupshup.io https://www.gupshup.io https://api.gupshup.io https://ssl-proxy.quickwork.co https://*.partners.gupshup.io https://www.youtube.com/ https://go.gupshup.io/ https://business.facebook.com https://www.googletagmanager.com https://td.doubleclick.net/ 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://policy.app.cookieinformation.com https://vercel.live https://*.google.com https://googleads.g.doubleclick.net https://s2.adform.net https://track.adform.net https://connect.facebook.net https://*.gstatic.com https://*.googletagmanager.com https://*.piwik.pro https://core.sanity-cdn.com api.vercel.com ; connect-src 'self' ws: *.api.sanity.io https://feed.jobylon.com policy.app.cookieinformation.com https://consent.app.cookieinformation.com https://vercel.live https://sanity-cdn.com https://*.piwik.pro api.vercel.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com ; style-src 'self' 'unsafe-inline' policy.app.cookieinformation.com https://*.piwik.pro ; img-src 'self' blob: data: cdn.sanity.io policy.app.cookieinformation.com i.ytimg.com img.youtube.com avatars.githubusercontent.com www.gstatic.com https://www.google.com https://www.google.no https://www.facebook.com www.googletagmanager.com https://*.piwik.pro https://googleads.g.doubleclick.net https://*.googlesyndication.com ; font-src 'self' https://*.piwik.pro ; object-src 'none'; frame-src 'self' *; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://www.sanity.io https://*.bankid.no https://*.klarna.com https://*.nordea.com https://*.folio.no; upgrade-insecure-requests; 2
default-src 'self' https://backend.cld.bz *.bam.nr-data.net *.bam-cell.nr-data.net; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' https://dzl2wsuulz4wd.cloudfront.net https://cld.bz malsup.github.io mportal.maf.ae *.github.io https://code.highcharts.com analytics.google.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net https://bugcrowd.com/ assets.bugcrowdusercontent.com https://www.googletagmanager.com https://snap.licdn.com https://s.go-mpulse.net https://static.ads-twitter.com https://rec.smartlook.com https://web-sdk.smartlook.com https://cdn.cookielaw.org https://cdn-app5.securiti.ai *.securiti.ai https://js-agent.newrelic.com *.bam.nr-data.net *.bam-cell.nr-data.net cdnjs.cloudflare.com https://dec.azureedge.net https://player.vimeo.com/api/player.js; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.insight.sitefinity.com https://dec.azureedge.net https://cdn-app5.securiti.ai *.securiti.ai; img-src data: blob: * 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://gp-prod.maf.ae https://gp-prod.maf.ae/v1/share/hvoptin https://pbs.twimg.com https://pbs.twimg.com/* *.visualstudio.com *.googleapis.com https://www.google-analytics.com https://analytics.google.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://c.go-mpulse.net https://manager.eu.smartlook.cloud https://*.akstat.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://gp-dev.maf.ae https://cdn.cookielaw.org https://geolocation.onetrust.com *.onetrust.com https://cdn-app5.securiti.ai *.securiti.ai https://bam.nr-data.net/; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://user-vaful7g.cld.bz mportal.maf.ae *.google.com google.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com view.officeapps.live.com/ https://bugcrowd.com/ *.googleapis.com https://backend.cld.bz forms-prod2.sprinklr.com 2
frame-ancestors 'self' https://airmail.news https://*.airmail.news https://*.airmailmedia.com https://puzzlist.com https://*.puzzlist.com https://waffleclub.com https://*.waffleclub.com https://waffle.dev http://localhost:5173; 2
img-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.facebook.com *.linkedin.com *.ytimg.com secure.gravatar.com data: https: 'self'; style-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.vimeocdn.com *.vimeo.com data: https: 'unsafe-inline' 'self'; object-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-inline' 'self'; script-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-eval' 'unsafe-inline' 'self'; 2
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/corplogin 2
img-src *.google.com *.google.ca *.google.co.uk *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw 'self' *.commercecloud.salesforce.com *.mobify-storefront.com data: *.doubleclick.net *.collect.igodigital.com ct.pinterest.com ib.adnxs.com images.ctfassets.net *.images.ctfassets.net p.yotpo.com zoundindustries--int.sandbox.my.site.com zoundindustries--int.sandbox.my.salesforce-scrt.com zoundindustries.my.salesforce.com zoundindustries.my.site.com zoundindustries.my.salesforce-scrt.com yotpo-editor-production.s3.amazonaws.com marshallheadphones-development.improove.tv marshallheadphones-ondemand02.improove.tv *.gstatic.com *.analytics.google.com *.google-analytics.com www.google.com maps.googleapis.com maps.google.com *.staging-marshall.com *.qa-marshall.com *.marshall.com i.ytimg.com i.vimeocdn.com *.facebook.com www.mczbf.com *.hotjar.com idsync.rlcdn.com ade.googlesyndication.com www.googleadservices.com services.sheerid.com *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu eclubcdntest.blob.core.windows.net cdn.voyado.com *.clarity.ms services.postcodeanywhere.co.uk;media-src assets.ctfassets.net *.assets.ctfassets.net *.akamaized.net player.vimeo.com *.vimeocdn.com download-video-ak.vimeocdn.com *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'self' blob: storage.googleapis.com www.googletagmanager.com action.dstillery.com s.pinimg.com connect.facebook.net acdn.adnxs.com static.hotjar.com 100016846.collect.igodigital.com js.adsrvr.org analytics.tiktok.com www.google-analytics.com action.media6degrees.com *.pingdom.net api.cquotient.com staticw2.yotpo.com widgetsrepository.yotpo.com cdn-widgetsrepository.yotpo.com maps.googleapis.com player.vimeo.com *.youtube.com/ *.youtube-nocookie.com/ *.my.salesforce.com service.force.com *.salesforceliveagent.com *.my.site.com static.lightning.force.com www.google.com www.gstatic.com zoundindustries.my.site.com zoundindustries.my.salesforce-scrt.com zoundindustries--int.sandbox.my.site.com zoundindustries--int.sandbox.my.salesforce-scrt.com connect.facebook.net www.mczbf.com *.hotjar.com cdn.jsdelivr.net assets.voyado.com js.klarna.com static.redeal.se static.onsite.voyado.com *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu members.cj.com track.marshall.com api.onsite js.playground.klarna.com *.ada.support googleads.g.doubleclick.net js.playground.klarna.com www.clarity.ms scripts.clarity.ms api.addressy.com *.addressy.com;script-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https: staticw2.yotpo.com *.hotjar.com cdn.jsdelivr.net *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu api.addressy.com *.addressy.com;connect-src 'self' api.cquotient.com *.doubleclick.net *.analytics.google.com analytics.google.com *.google-analytics.com www.google-analytics.com analytics.tiktok.com ct.pinterest.com *.pingdom.net preview.contentful.com cdn.contentful.com staticw2.yotpo.com api.yotpo.com api-cdn.yotpo.com maps.googleapis.com privacyportal.cookiepro.com geolocation.onetrust.com webto.salesforce.com test.salesforce.com *.my.site.com zoundindustries.my.site.com zoundindustries.my.salesforce-scrt.com vimeo.com/ *.googlesyndication.com www.google.com server-side-tagging-iglp74couq-uc.a.run.app/ zoundindustries--int.sandbox.my.site.com zoundindustries--int.sandbox.my.salesforce-scrt.com *.hotjar.com *.hotjar.io connect.facebook.net *.facebook.com www.mczbf.com wss://*.hotjar.com eu.klarnaevt.com js.klarna.com/ *.voyado.com *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu adservice.google.com www.googleadservices.com js.playground.klarna.com track.marshall.com *.ada.support *.clarity.ms api.addressy.com *.addressy.com services.postcodeanywhere.co.uk;frame-src 'self' *.doubleclick.net insight.adsrvr.org ct.pinterest.com/ player.vimeo.com/ *.youtube.com/ *.youtube-nocookie.com/ *.spotify.com/ *.my.salesforce.com www.google.com www.googletagmanager.com *.facebook.com zoundindustries--int.sandbox.my.site.com zoundindustries--int.sandbox.my.salesforce-scrt.com zoundindustries.my.site.com zoundindustries.my.salesforce-scrt.com services.sheerid.com js.klarna.com/ https://osm.klarnaservices.com/learn-more/index.html marshall-prod.sitestorage.se static.onsite.voyado.com *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu track.marshall.com *.ada.support;frame-ancestors *.contentful.com *.ada.support;upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none' 2
script-src 'self' www.bmv.de bmv.de *.youtube.com *.init-ag.de *.bund.de 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de *.emailsys1a.net https://www.google.com/ https://www.gstatic.com/; style-src 'unsafe-inline' 'self' www.bmv.de bmv.de *.youtube.com *.init-ag.de *.bund.de; media-src 'self' www.bmv.de bmv.de *.youtube.com *.init-ag.de *.bund.de; font-src 'self' www.bmv.de bmv.de data: 'self' *.init-ag.de *.bund.de; frame-ancestors 'self' www.bmv.de bmv.de *.youtube.com https://*.init-ag.de https://*.powerbi.com https://*.bund.de *.emailsys1a.net; form-action 'self' www.bmv.de bmv.de *.init-ag.de *.bund.de *.emailsys1a.net https://www.google.com/; upgrade-insecure-requests; img-src 'self' www.bmv.de bmv.de data: *.init-ag.de *.bund.de https://*.openstreetmap.org *.emailsys1a.net; default-src 'self' www.bmv.de bmv.de data: https://*.tv1.eu http://*.tv1.eu https://atenekom.eu https://*.etracker.com https://*.etracker.de *.youtube.com https://*.powerbi.com *.init-ag.de *.bund.de https://datawrapper.dwcdn.net/ *.emailsys1a.net https://www.google.com/; 2
default-src 'self' data: 'unsafe-inline' https://*.brightcove.net http://opgdev1901 http://opgtest https://*.google-analytics.com https://*.google.com https://*.brightcove.com *.akamaihd.net *.boltdns.net https://brightcove.hs.llnwd.net https://stats.g.doubleclick.net https://*.classmarker.com https://*.crossref.org https://cm.scholarlyiq.com https://public.tableau.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://code.jquery.com https://*.simpli.fi https://cdn.jsdelivr.net https://snap.licdn.com http://opgdev1901 https://opgtest https://tagmanager.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://www.gstatic.com https://*.crossref.org https://cdnjs.cloudflare.com https://vjs.zendcdn.net https://vjs.zencdn.net https://players.brightcove.net https://www.youtube.com https://s.ytimg.com https://*.classmarker.com https://cdn.ckeditor.com https://public.tableau.com https://consent.studio *.perfdrive.com *.doubleclick.net *.stackadapt.com *.facebook.net https://www.redditstatic.com https://files.bettybot.ai https://challenges.cloudflare.com blob:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net http://opgdev1901 https://opgtest https://tagmanager.google.com https://fonts.googleapis.com https://*.crossref.org https://cdn.ckeditor.com *.stackadapt.com https://files.bettybot.ai players.brightcove.net; img-src 'self' 'unsafe-inline' https://*.linkedin.com http://opgdev1901 https://opgtest https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.crossref.org https://stats.g.doubleclick.net players.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.brightcovecdn.com https://imagebank.osa.org https://imagebank.optica.org https://account.optica.org https://cdn.ckeditor.com https://public.tableau.com https://www.osapublishing.org https://alb.reddit.com https://www.facebook.com https://www.google.com https://files.bettybot.ai; font-src 'self' data: 'unsafe-inline' 'unsafe-eval' http://opgdev1901 http://opgtest https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com about: players.brightcove.net; connect-src 'self' https://*.brightcovecdn.com *.boltdns.net players.brightcove.net edge.api.brightcove.com *.akamaihd.net https://*.linkedin.com https://*.simpli.fi https://opgtest https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://consent.studio *.jsdelivr.net *.facebook.com *.reddit.com *.redditstatic.com *.googlesyndication.com *.stackadapt.com https://www.google.com *.doubleclick.net https://betty-api.tasio.co https://*.algolia.net https://cas.avalon.perfdrive.com https://demo-1.conversionsapigateway.com https://*.us.central1.run.app https://challenges.cloudflare.com; media-src 'self' 'unsafe-inline' http://opgdev1901 http://opgtest https://opg.optica.org https://www.osapublishing.org *.akamaihd.net *.boltdns.net https://*.brightcove.com *.brightcovecdn.com *.cf.brightcove.com blob: data:; object-src 'self' 'unsafe-inline' http://opgdev1901 http://opgtest *.akamaihd.net *.boltdns.net; frame-src 'self' https://www.classmarker.com https://www.googletagmanager.com players.brightcove.net https://challenges.cloudflare.com; worker-src blob:; frame-ancestors 'self' http://cmsdev2001:1337/admin https://opgtest/ 2
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *; 2
frame-ancestors 'none';  object-src 'none';  base-uri 'none'; 2
default-src 'self' cdn.sanity.io cdn.equinor.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.eds.equinor.com https://platform.twitter.com https://*.twimg.com; script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: https://*.googletagmanager.com https://siteimproveanalytics.com https://*.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com https://cdn.syndication.twimg.com/ https://www.youtube.com ; img-src 'self' data: https://cdn.eds.equinor.com https://cdn.sanity.io https://cdn.equinor.com https://*.siteimproveanalytics.io https://*.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://i.ytimg.com https://*.cookiebot.com ; connect-src 'self' cdn.sanity.io cdn.equinor.com https://bcdn.screen9.com https://qcdn.screen9.com https://h61q9gi9.api.sanity.io https://h61q9gi9.apicdn.sanity.io/ https://tools.eurolandir.com https://inferred.litix.io/ https://*.algolia.net https://*.algolianet.com https://*.cookiebot.com ; child-src blob:; frame-src 'self' https://consentcdn.cookiebot.com https://lt.morningstar.com https://www.youtube.com https://vimeo.com https://player.vimeo.com https://sds-maintenance.com https://tools.eurolandir.com https://platform.twitter.com https://syndication.twitter.com https://vds.issgovernance.com https://*.plaii.no https://livestream.com https://*.castr.com https://pixel.as https://www.youtube-nocookie.com https://h61q9gi9.api.sanity.io http://localhost:3333 https://eu.frcapi.com/; frame-ancestors https://studio-global-equinor-web-sites-preprod.c2.radix.equinor.com https://studio-global-equinor-web-sites-prod.c2.radix.equinor.com http://studiov3-global-development-equinor-web-sites-dev.c2.radix.equinor.com https://equinor.sanity.studio; font-src 'self' https://cdn.eds.equinor.com data:; media-src 'self' blob: https://bcdn.screen9.com https://qcdn.screen9.com https://cdn.sanity.io/ https://cdn.equinor.com/; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.svenskadomaner.se *.dibspayment.eu *.cookiebot.com *.trustpilot.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com connect.facebook.net www.googletagmanager.com www.clarity.ms; frame-src 'self' *.svenskadomaner.se *.dibspayment.eu *.cookiebot.com *.trustpilot.com *.youtube.com *.facebook.com s-static.ak.facebook.com www.googletagmanager.com td.doubleclick.net blob:; object-src 'self'; worker-src 'self' blob:; 2
frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 2
default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.cloudfunctions.net https://*.europe-west1.firebasedatabase.app https://*.soundcloud.com *.mixcloud.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.google.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com *.gstatic.com *.doubleclick.net https://connect.facebook.net https://analytics.tiktok.com https://js.stripe.com https://www.paypal.com https://www.paypalobjects.com https://*.onetrust.com https://*.hotjar.com https://www.redditstatic.com;connect-src *; img-src 'self' data: https:; media-src 'self' blob: https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk https://*.sndcdn.com https://*.radiomast.io; style-src 'unsafe-inline' 'self' hello.myfonts.net https://optimize.google.com https://fonts.googleapis.com https://*.typekit.net; child-src 'self' blob: *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; font-src 'self' data: fonts.gstatic.com https://*.typekit.net https://*.nts.live; frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com https://*.google.com *.doubleclick.net *.firebaseapp.com https://js.stripe.com *.paypal.com https://www.paypalobjects.com https://www.googletagmanager.com; 2
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.wdr.io *.fortum.com *.fortum.se *.fortum.no *.fortum.pl *.fortum.fi *.fortum.in https://fa-se-all-webapp-e1-prd-wa.azurewebsites.net; base-uri 'self'; object-src 'self'; connect-src wss: https:; worker-src 'self' blob: data: 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2
default-src 'self' assets-next.mattersprotocol.io; script-src 'self' assets-next.mattersprotocol.io 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com challenges.cloudflare.com *.google-analytics.com *.analytics.google.com js.stripe.com *.cloudflareinsights.com pagead2.googlesyndication.com *.adtrafficquality.google *.doubleclick.net tpc.googlesyndication.com adservice.google.com; style-src 'self' 'unsafe-inline' assets-next.mattersprotocol.io fonts.googleapis.com; img-src 'self' data: blob: assets.matters.news imagedelivery.net assets-next.mattersprotocol.io *.matters.town nft-cdn.alchemy.com matters-server-production.s3-ap-southeast-1.amazonaws.com *.google-analytics.com *.walletconnect.com *.walletconnect.org matters-billboard-ad.s3.ap-southeast-1.amazonaws.com/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.adtrafficquality.google; font-src 'self' fonts.gstatic.com; media-src 'self' data: blob: assets.matters.news imagedelivery.net assets-next.mattersprotocol.io *.matters.town nft-cdn.alchemy.com matters-server-production.s3-ap-southeast-1.amazonaws.com *.google-analytics.com *.walletconnect.com *.walletconnect.org matters-billboard-ad.s3.ap-southeast-1.amazonaws.com/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.adtrafficquality.google; connect-src 'self' ws: wss: assets-next.mattersprotocol.io https://server.matters.town/graphql https://server.matters.news/graphql upload.imagedelivery.net *.google-analytics.com firebase.googleapis.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com api.stripe.com *.walletconnect.org *.walletconnect.com *.web3modal.org *.alchemyapi.io *.alchemy.com cloudflare-ipfs.com/ipfs/ ipfs.io/ipfs/ ipfs-gateway.matters.town/ipfs/ ipfs.w3s.link *.ingest.us.sentry.io pagead2.googlesyndication.com *.adtrafficquality.google adservice.google.com *.doubleclick.net; frame-src 'self' button.like.co www.youtube.com player.vimeo.com player.bilibili.com www.bilibili.com www.instagram.com jsfiddle.net codepen.io challenges.cloudflare.com js.stripe.com hooks.stripe.com *.walletconnect.com *.walletconnect.org pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com *.adtrafficquality.google www.google.com; prefetch-src 'self' assets-next.mattersprotocol.io; report-uri https://o1089931.ingest.us.sentry.io/api/6153512/security/?sentry_key=5af839b6d42044548d8ec70f00af8c10; report-to csp-endpoint 2
frame-ancestors 'self' https://alpha.duoke.com https://alpha2.duoke.com https://alpha3.duoke.com https://web.duoke.com https://app.tongpaidang.com https://app.duoke.com 2
frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://sites.dev.penguinrandomhouse.com/ https://sites.tst.penguinrandomhouse.com/ https://sites.prh.com/ https://iteratehq.com/ https://c.lytics.io/ *.penguinrandomhouse.com *.dev.penguinrandomhouse.com *.tst.penguinrandomhouse.com 2
frame-ancestors 'self' https://cx360.corp.ackodev.com https://cx360.corp.acko.com https://app.ola.riskcovry.com https://lead360.corp.ackodev.com https://lead360.corp.acko.com https://cmp.mygate.com https://uapp.kappa.mgmaglev.xyz https://cmp.env.mgmaglev.xyz https://app.mygate.com https://appnew.mygate.com https://apptest.mygate.com https://cx360v2.corp.ackodev.com https://cx360v2.corp.acko.com https://auto-policy-frontend-ui-master.internal.ackodev.com https://auto-policy-frontend.internal.live.acko.com https://*.ackodrive.com https://ackodrive.com https://lead-pre-sales-panel.corp.acko.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://consentcdn.cookiebot.eu https://consent.cookiebot.eu https://*.datablocks.se https://*.addthis.com https://consent.cookiebot.com/ https://consent.cookiebot.eu/uc.js https://consentcdn.cookiebot.com https://websolutions.ne.cision.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://static.cloudflareinsights.com; style-src 'report-sample' 'self' 'unsafe-inline' https://*.datablocks.se https://cdnjs.cloudflare.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.eu https://*.datablocks.se https://*.mfn.se https://google.se https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://publish.ne.cision.com https://*.analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://cloudflareinsights.com; font-src 'self' data: https://*.datablocks.se https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.eu https://*.doubleclick.net https://consentcdn.cookiebot.com https://www.google.com https://player.vimeo.com; img-src 'self' data: https://*.datablocks.se https://secure.gravatar.com https://imgsct.cookiebot.com https://img.sct.eu1.usercentrics.eu https://pixel-geo.prfct.co https://www.google.com https://px.ads.linkedin.com https://*.lfeeder.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.se https://cloudflareinsights.com; manifest-src 'self'; media-src 'self' https://*.akamaized.net https://vimeo.com https://*.vimeo.com https://widget-v4.tidiochat.com; worker-src 'self' blob:; 2
upgrade-insecure-requests; frame-ancestors 'self' *.reforma.com *.elnorte.com *.mural.com.mx *.gruporeforma.com *.agenciareforma.com *.avisosdeocasion.com *.elviernesnocuesta.com aristeguinoticias.com *.ezproxy.iteso.mx creative-preview-an.com ib.adnxs-simple.com mediation.adnxs.com adsdk.microsoft.com *.safeframe.googlesyndication.com *.espacior.com *.kromatica.com *.grupo.reforma.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.doubleclick.net api.mapbox.com consentcdn.cookiebot.com consent.cookiebot.com 'self';  object-src 'none'; worker-src blob: ; child-src www.google.com consentcdn.cookiebot.com assist.zoho.eu blob: 'self' ; img-src imgsct.cookiebot.com data: blob: 'self' www.google.ch www.google.com www.google-analytics.com; connect-src 'self' *.tiles.mapbox.com consentcdn.cookiebot.com api.mapbox.com events.mapbox.com www.google-analytics.com stats.g.doubleclick.net region1.analytics.google.com; frame-ancestors 'self' 2
default-src 'self' https://play.vidyard.com; connect-src 'self' https://*.vwo.com https://*.adnxs.com https://*.goadopt.io https://*.cloudflare.com https://*.bootstrapcdn.com https://*.jsdelivr.net wss://*.userflow.com https://*.segment.io https://*.userflow.com https://*.segment.com https://*.aptrinsic.com https://*.optimizely.com https://*.azure.com https://googleads.g.doubleclick.net https://analytics.ahrefs.com/api/event https://www.google.com https://*.linkedin.com https://*.zi-scripts.com https://*.googlesyndication.com https://*.visualwebsiteoptimizer.com https://cdn.linkedin.oribi.io https://*.certinia.com https://*.6sc.co https://analytics.google.com https://*.6sense.com https://*.mktoutil.com https://c.6sc.co https://ws.zoominfo.com https://*.pathfactory.com https://stats.g.doubleclick.net https://*.marketo.com https://munchkin.marketo.net https://*.mktoresp.com https://bat.bing.com https://cdn.cookielaw.org https://play.vidyard.com https://www.google-analytics.com https://www.googletagmanager.com https://*.qualified.com wss://*.qualified.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.whistic.com https://*.googleapis.com https://*.goadopt.io https://*.userflow.com https://*.aptrinsic.com https://*.optimizely.com https://*.azure.com https://*.pardot.com https://*.cloudflareinsights.com https://*.vwo.com https://analytics.ahrefs.com https://*.zi-scripts.com https://unpkg.com https://static.srcspot.com https://j.6sc.co https://cdn-app.pathfactory.com https://ws-assets.zoominfo.com https://*.certinia.com https://*.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://*.marketo.com https://play.vidyard.com https://*.netdna-ssl.com https://www.googletagmanager.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.vidyard.com http://ct.capterra.com https://munchkin.marketo.net https://snap.licdn.com https://a.quora.com https://googleads.g.doubleclick.net https://www.gstatic.com https://dev.visualwebsiteoptimizer.com https://www.googleadservices.com https://js.qualified.com; img-src data: https: https://www.google-analytics.com; frame-src 'self' blob: mailto: https://*.vwo.com https://*.whistic.com https://*.optimizely.com api-cbb17618.duosecurity.com https://scores.securityscorecard.io https://*.doubleclick.net https://public-profile.whistic.com https://securityscorecard.com https://*.certinia.com https://bid.g.doubleclick.net https://*.vidyard.com https://*.google.com https://www.googletagmanager.com https://*.qualified.com; font-src 'self' data: https://*.pathfactory.com https://*.cloudfront.net https://*.netdna-ssl.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.certinia.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://*.vwo.com https://*.pathfactory.com https://*.jsdelivr.net https://*.aptrinsic.com https://unpkg.com https://*.certinia.com https://cdnjs.cloudflare.com https://*.google.com https://fonts.googleapis.com https://*.netdna-ssl.com https://www.googletagmanager.com https://code.jquery.com https://gmpg.org https://maxcdn.bootstrapcdn.com https://cdn.cookielaw.org; frame-ancestors 'self' https://library.certinia.com; object-src 'none'; worker-src 'self' blob:; 2
default-src 'self' data:; connect-src 'self' piwik.itzbund.de cldf-wzw-od.r53.cdn.tv1.eu; worker-src blob: 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtu.be *.ytimg.com *.vimeo.com *.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com youtube.com *.youtu.be youtu.be *.vimeo.com *.aktion-mensch.de *.materna.de *.cdninstagram.com *.youtube-nocookie.com *.readspeaker.com *.tremonia-dxp.de; frame-src *.google.com *.gstatic.com *.youtube.com *.youtu.be *.vimeo.com *.twitter.com *.instagram.com *.cdninstagram.com *.youtube-nocookie.com *.3qsdn.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtu.be *.twitter.com *.cdninstagram.com *.youtube-nocookie.com *.ytimg.com *.openstreetmap.org; frame-ancestors 'self'; upgrade-insecure-requests; 2
frame-ancestors 'self' *.blinds-2go.co.uk; 2
default-src 'self' www.microsoft.com; script-src 'self' www.microsoft.com js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms 'unsafe-inline' 'unsafe-eval' snap.licdn.com *.clarity.ms *.google.com www.gstatic.com 204-kzg-685.mktoweb.com bat.bing.com acdn.adnxs.com *.hsforms.net *.hsforms.com *.amazonaws.com msamarketingstatic-cna3fqavaphge7a3.b02.azurefd.net admin.microsoft.com adsuxsiwest.blob.core.windows.net adsuxprodfd-awb5gsddabddbqgv.z01.azurefd.net adsuxsiwestfd-ahfeakeyhtafghd0.z01.azurefd.net *.api.sandbox.ads.microsoft.com *.api.ads.microsoft.com directline.botframework.com petrol-int.office.microsoft.com petrol.office.microsoft.com *.omnichannelengagementhub.com browser.pipe.aria.microsoft.com us-prod.asyncgw.teams.microsoft.com edge.skype.com customervoice.microsoft.com adrecommendation.api.sandbox.ads.microsoft.com adrecommendation.api.ads.microsoft.com res.cdn.office.net; style-src 'self' www.microsoft.com 'unsafe-inline' 204-kzg-685.mktoweb.com; font-src 'self' c.s-microsoft.com www.microsoft.com res-1.cdn.office.net data:; img-src 'self' data: img-prod-cms-rt-microsoft-com.akamaized.net googleads.g.doubleclick.net www.facebook.com px.ads.linkedin.com *.google.com *.google.co * dev-about.ads.microsoft.com qa-about.ads.microsoft.com about.ads.microsoft.com blob:; connect-src 'self' wss: 'unsafe-inline' *.google.com js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms px.ads.linkedin.com *.hsforms.net *.hsforms.com *.amazonaws.com mscom.demdex.net browser.events.data.microsoft.com d.clarity.ms target.microsoft.com dpm.demdex.net *.clarity.ms/collect bat.bing.com dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com *.adnxs.com consentreceiverfd-prod.azurefd.net adsuxprodfd-awb5gsddabddbqgv.z01.azurefd.net adsuxsiwestfd-ahfeakeyhtafghd0.z01.azurefd.net msftenterprise.sc.omtrdc.net westus2-2.in.applicationinsights.azure.com bat.bing.net msamarketingstatic-cna3fqavaphge7a3.b02.azurefd.net *.microsoft.com adsuxsiwest.blob.core.windows.net *.api.sandbox.ads.microsoft.com *.api.ads.microsoft.com directline.botframework.com petrol-int.office.microsoft.com petrol.office.microsoft.com *.omnichannelengagementhub.com browser.pipe.aria.microsoft.com us-prod.asyncgw.teams.microsoft.com edge.skype.com comms.omnichannelengagementhub.com *.trouter.skype.com *.communication.azure.com us-prod.asyncgw.teams.microsoft.com  adrecommendation.api.sandbox.ads.microsoft.com adrecommendation.api.ads.microsoft.com res.cdn.office.net; frame-src 'self' *.google.com * 204-kzg-685.mktoweb.com www.microsoft.com; media-src 'self' blob: dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com; 2
script-src *.website-solution.net *.googletagmanager.com *.facebook.net *.google.com *.gstatic.com www.recaptcha.net *.doubleclick.net 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://clearlyip.com https://trunking.clearlyip.com https://cloud.clearlyip.com https://w.clearlyip.com https://clusterpbx.com https://go.clearlyip.com https://trunking.clearlyip.dev https://devices.clearlyip.com https://mirroradmin.clearlyip.com https://crosstalk.clearlyip.com https://incrediblesip.clearlyip.com https://vitalpbx.clearlyip.com https://screenfly.org https://clearlyip.ca https://telos.clearlyip.com/ http://beta.ai.clearlyip.com/ *.preview.clearlyip.dev; 2
frame-ancestors 'self' https://*.lancashire.ac.uk https://*.uclan.ac.uk https://virtualexperience.uclan.ac.uk https://app.storyblok.com https://eu.posthog.com; form-action 'self' https://www.lancashire.ac.uk https://secure.worldpay.com https://www.facebook.com/tr/; object-src 'none'; report-uri https://o4504649999843328.ingest.us.sentry.io/api/4509411846062080/security/?sentry_key=ff39bd3e40413a6fcc6d02f474839a13; report-to csp-endpoint 2
default-src 'self' our.umbraco.com marketplace.umbraco.com;connect-src 'self' https://our.umbraco.com https://www.google-analytics.com https://maps.googleapis.com;frame-src 'self' https://marketplace.umbraco.com https://www.youtube.com;frame-ancestors 'self';script-src-attr 'self' 'unsafe-hashes' https://www.timevaluecalculators.com 'sha256-osfNhigSJXc8OJHaquzanxdFeSrcdyQ4IMr2JCoKAHI=' 'sha256-zBUD20Zzmm8unBB+mQGvT0/RAdIiv9Yb+6wbcLGRnv4=' 'sha256-VZ4ZCysdFhjp4R5vXDX4hGpGYu39RsBnNXp+nU/CfGE=' 'sha256-I2PbBTDldUVf2iViluqgx/xdoPVGu/S1Fv61A2QNUBQ=' 'sha256-bKaUT8+mO4cMU4KETpb5/Pe5S4vY/TIbpa2JP/rH5VI=' 'sha256-zWzoVPi+JRuigrmsloBQuSUBioJxfx8awlNrQsNAwhE=' 'sha256-7GlCGMSIJcNTRBPdfUZ36EvDF3cMNRAXGc1PTBSrmmI=' 'sha256-PII22oOie2pC3XdX0wj66tpVeQ1uT/9EEW66uzJOCVU=' 'sha256-mjFD5uCJaJT0393De1U12rUIPkwqyqbb7rr6T6tOO+g=' 'sha256-3dtoFvjQNiFkfcoaUorL0mCtqQNmEtYPKJ4ZKutLxu0=' 'sha256-6EL3QENKT8ZoHz0B4SujdsG4LcXhq38zBGDmvabrs2g=' 'sha256-UVe8aL77yyrm3Oq9H0/9FxnuNh87IsWoPIynuP20g6g=' 'sha256-QiSIS7Y2mUC+F02jr53n0dSDGruNlq7aI4w5TmSBcU8=' 'sha256-LqZKJS0hH6DBfCoQ5cLkWeDAPoaJ3bxaVrMZJ5aHzxY=' 'sha256-+CMYoP1kEoXsUO/t513QxA5XS2YSsvhcqDKu5zeNIEo=' 'sha256-dojYH1VXQYX8CH460bZscv36v18K7edZplYec/fZDQw=' 'sha256-7o26PSLUVKBgl6qqHjaA91XVSSMTX27SHlwmGzgAILU=' 'sha256-X5ykrk7IufzCUzH++66v2jUJKwzMBLG3jyhIkKIhywc=' 'sha256-ReftB5JqhkOrz3MZa/67YQSWP9z2RbVlRY14ilRZZq4=' 'sha256-lmQzCPWQ2RMDe45+s2z8uWl4bnvpI//cNyy8P1zkbuY=' 'sha256-W0gtYujbazamXxOSUElCtKUs+gXmWzMtcUH4NgVSxlM=' 'sha256-Jlpin7v6urtvjOR3OvqA5RS8WkZSH6yzEUgr4xIEolM=' 'sha256-Ds/qnYtTK7k5ITKaLy86CbgwdzqipMANXbnZSedStYg=' 'sha256-kYaBD3jGcrs0f0RltU4NkSobSkkECt0tGQH5FXtms+0=' 'sha256-/H/Pa6h8fvN++H4uQC3U2qSVbFftAR7SktEQDKKSLXs=' 'sha256-JSXMuCA2KyoM3yusTIOeCgSz9NaqjxyIET3RqqWAYHs=' 'sha256-NQ7syT9URYy8vV0BlG3YzxaEAJJYz2g0jHwY9eeTjQc=' 'sha256-0ANgmO0jSY6nOobwvyjEizt7Bush+mw5WHlOU74WvWI=' 'sha256-R3ap3OX4GdDWj7jLoUL/W3O2VNKbWLcFCqPatgY/CwU=' 'nonce-FPJfAxyh6Ds' 'sha256-Fn4FTkfPl3EJA0xrNVM4lCiJeR2HC6vBqgDTluUz7+Q=' 'sha256-bCoSCrb/somI2qGDll3x6b2dS+KmI0lasJMQbmfYFcY=' 'sha256-R45I/J9kK6eXN5SioFI4Z5QzTsibQGGIoReNY+VBGRI=' 'sha256-bAKtUJ4ZolWyIpLn3HjEhWL/CwbJ1W4TdKRNRZv4n44=' 'sha256-M2voXyYS3VMmfxgEn0xjbVcYMZzFRe1/mCw1tAXZL84=' 'sha256-Jw5pvBfPBjXTOgcyDqn5AaUmFdRb8OE4P136DjD8VqY=' 'sha256-Mr/nBZxV5JRFPOH3BoNcqFDemR06LkFzkXB8o/8EKzE=' 'sha256-28JqjI93F6DpY1aQ5SFoPWO/Bufm1ssXh0JA7OmApBo=' 'sha256-4GwRLe7A7eQbjkNpnOmw5b1N3wvbfZzqCEmPzDrTOIo=' 'sha256-95RMRFeZ+7Po29ZCrafTmZd5V5uMAql1meIxGOpUQsI=' 'sha256-g177Je6F+Y4TDclaSDjKeRnfeHpK14zZY8HR+L9LfWk=' 'sha256-z73EqLq946u2YEQNVU0Z7Zh++Rk1Ut28gRsQL/nTEnI=';script-src-elem 'self' https://siteimproveanalytics.com/js/siteanalyze_49669.js https://www.timevaluecalculators.com 'nonce-vNddzXJn6QA' 'nonce-6xaBY0PGOvA' 'sha256-0CQMbDLhApnZ5liy7mFoZA6ol/5djupAVqlqY64n2U4=' 'sha256-9yG7uFdptlQxsIAmqXatU7TyRmwwD6euCstHBxh/dIM=' 'sha256-s+2qtFQQwZztj9CLKxljBhlwHe1EYvU8kwHyCCePVH8=' 'sha256-axVt0+ZNKSkwrajtzSZhyYTI4i1O/MJ8+2WT5H4Axn0=' 'sha256-VJAM6BolRI9epsZNmfLqW6VTmCwxWqYG/gYF9BHk4zI=' 'sha256-DAR16vnYelQAC8IhJtcqEka+34ZZGeM9OH5H3I7wUnw=' 'sha256-I/0O0X+xh99W43WM8++3Luo7EBb0RwzycCWBOP6YrOs=' 'sha256-Xd28rz7m/SD7XZTiPgsiMfvXducSJyncr4M0VhQAv6g=' 'sha256-BFOKkBjm2ietnTozGFPiM4Sr25H/mVlPw1XTGmcCfWU=' 'sha256-5DI7UnblXeYa0u5FQqAOAXG3gevCJ5UHcKfC7yfZULk=' 'sha256-vp7yR2HlfvabVUIe7i5qa3ukzzrzgfE0Oi+cQyCr+M0=' 'sha256-qwULASgE8t1yz4vVp0zXx9akdXEUrWpKkxIT/vHtzkI=' 'nonce-bG9jYWxpemF0aW9u' 'nonce-ZXhwYW5kYWJsZQ==' 'nonce-LNVM9IYfbXk' 'nonce-3156c3f21b' 'nonce-aW9uYWxpemF0' 'nonce-BY0P6xaGOvA' 'nonce-GOvABY0P6xa' 'nonce-vSyHSJn4AQD' 'nonce-5XBqmfdJd2' 'nonce-2fCTXz98Xy' 'sha256-9wDs+yaWrlE2GgGBAbi/NVDugqlFsLAEwgIJnUwKfpc=';script-src 'self' 'unsafe-hashes' siteimproveanalytics.com https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com https://www.timevaluecalculators.com 'sha256-0CQMbDLhApnZ5liy7mFoZA6ol/5djupAVqlqY64n2U4=' 'sha384-q6JPDONlhQjlTTFSfpA4B+b6N+bpJptDEwKBnILd6BhSBaaQ+MSKRxohUIYuy1MM' 'sha384-yp8skXLQ5MFXsUwAWZbXxAqZMDIqO1aORujwx06y0hOxsFa1EJe56nOMMGXTPkjc' 'sha256-axVt0+ZNKSkwrajtzSZhyYTI4i1O/MJ8+2WT5H4Axn0=' 'sha256-RvkC228Q8+C1uB1j+BVZoYQInwQinnIIPboMNdpkHn0=' 'sha256-VJAM6BolRI9epsZNmfLqW6VTmCwxWqYG/gYF9BHk4zI=' 'sha256-DAR16vnYelQAC8IhJtcqEka+34ZZGeM9OH5H3I7wUnw=' 'sha256-iwiRRwKnOae+e1NUEZNXz7NM+6zy2LuNBMYMsOaG4fU=' 'sha256-zgfBQEBzb4maxy+zSOS6qLNswIS/E70vyCWJqRpoBy4=' 'sha256-VJsfypG/nAx46DLkn1p79yA1QdvdbkPtu3REdS5T+wI=' 'sha256-ZhxM5QkYBQzjJNW2yDLO2DZ88BGvLqv5KTw8H71sykk=' 'sha256-/4cmRfNOEk/cC4Vz9SKiTkVXQ2/T0+q6JMbnIWwAdgU=' 'sha256-5238lGjhhKe+aJ7KyCwzfmd1LGtgcCGRmVGO5fTLRoY=' 'sha256-Sz+yNIB3qxGQSmdphwiwZsdKIOBfu109ShyISKy3UBM=' 'sha256-78+BA7QFqeOVDjQJOT1thoJcehJsQc80iPY7XpFZiDI=' 'sha256-5Bpz5PRpdfQAG158VleLtx2AaMJbMLD3uICYoL4h3e0=' 'sha256-VeaOuhKqVYFuI8L/gM8IsWJEM43i59i5BWuhqhtEPv0=' 'sha256-92msGode+PdMwJ0aRbvcmxvUw0G0eJmfZf7tRFoEwM0=' 'sha256-aaCHDlg8icoJWfJKmIifwYGkGW9giXNAxGu7uYZ9EEk=' 'sha256-gtLATYLDUGjZ3cN30hl1ZlpPtIsuHTOi2ko8dzAYIV0=' 'sha256-Xd28rz7m/SD7XZTiPgsiMfvXducSJyncr4M0VhQAv6g=' 'sha256-L2YATLbuEzycqpj4VQxd7eUfn0g30mp76YWW3NFvqrA=' 'sha256-Tl6eNf6MIDJpxS8N4Q1ls7sxDpeMBdQ1FG0EfVu8Vok=' 'sha256-vXiT7QINpKSvbUM5tORYKLDf3FoF9b2HK6sPl37bhHw=' 'sha384-YMGY63oqO65ZF2CfUEZlpuWq/JGJxY3yKnmsrV5XvI+Dhv9QmhK1Nn9p6Ao1/+3N' 'sha256-zTwj9RFB3h2X5MFms1qaCNHDpJJY7AL3O12Gai580tg=' 'nonce-2726c7f26c' 'sha256-I/0O0X+xh99W43WM8++3Luo7EBb0RwzycCWBOP6YrOs=' 'nonce-bG9jYWxpemF0aW9u' 'nonce-Y2hlY2tpbmc=' 'nonce-vNddzXJn6QA' 'sha384-apfJm2DWye6itJXDari7QfgbBXzkNeRsr1xgTfEH0SCvYV+NlzqP+MkX/LHMZIPI';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.timevaluecalculators.com;img-src 'self' data: our.umbraco.com dashboard.umbraco.com *.woodforest.com https://www.gravatar.com https://www.s1.umbraco.io *.siteimproveanalytics.io https://maps.googleapis.com https://maps.gstatic.com *.prnewswire.com https://www.timevaluecalculators.com;font-src 'self' data: https://fonts.gstatic.com; 2
default-src 'none'; frame-ancestors 'none'; script-src 'self' 'nonce-kP9w3lW0Vf2y7Qx8bZ1hNQ==' 'sha256-vyQAPX/m7w5VGwxiWGfxPSDdIuwx9q53vwl0DopD4zI=' 'sha256-5/OsUIzoU8LG19/AuzS2aWelvZ+lYhVns6btOCoG30s=' 'sha256-OeDmE+r6H+Gnr2y2z+KtBl/PXM3wuREmhaljtXVxyPs=' 'sha256-ZFgEXkseyEt3CFGjUxYUE6rV3zJeeINABgKRBELxcrM=' 'sha256-eHvlfSp4WdmxVEF62vHFKGeY5BrXBPmZer3n9XNFfyU=' 'sha256-7Ia7ivoj7HI/U+5g2XG9hbQ69AbUohgkE2T1pl/AAjE=' https://tags.srv.stackadapt.com/events.js https://www.google.com/recaptcha/enterprise.js https://widget.bemyvega.com https://grupoanaya.es/gafooter/didomi.js https://grupoanaya.es/gafooter/bemyvega.js https://grupoanaya.es/js/didomi.js https://www.grupoanaya.es/js/btn_compra.js https://www.gstatic.com/ https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/recaptcha/releases/66WEle60vY1w2WveBS-1ZMFs/recaptcha__es.js https://www.gstatic.com/recaptcha/api2/v1566858990656/recaptcha__es.js https://connect.facebook.net/signals/config/1610730305895192 https://www.googletagmanager.com https://rec.smartlook.com/ https://track.oniad.com/ https://track.adform.net/ https://www.grupoanaya.es/ https://scontent.cdninstagram.com/ https://platform.oniad.com https://track.adform.net/serving/scripts/trackpoint/async/ https://www.google-analytics.com/ https://www.googletagmanager.com https://api.instagram.com https://ajax.googleapis.com/* https://www.google.com/recaptcha/api.js https://sdk.privacy-center.org https://widget.bemyvega.com https://posthog.bemyvega.com/ https://matomo.bemyvega.com; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com/sa.css https://widget.bemyvega.com https://fonts.googleapis.com/ https://hello.myfonts.net/count/36c8c0 https://www.grupoanaya.es https://fonts.cdnfonts.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://use.typekit.net https://www.grupoanaya.es; img-src * data:; connect-src *; frame-src *; base-uri 'self'; 2
frame-ancestors 'self'; base-uri 'self'; form-action *.amazon.de blog.teufel.de checkout.getalma.eu checkout.sandbox.getalma.eu *.contentsquare.com *.contentsquare.net *.experimentation.dev *.kameleoon.com *.kameleoon.eu *.kameleoon.io m.exactag.com payments.amazon.de payments.amazon.es payments.amazon.fr payments.amazon.it *.przelewy24.pl retoure.teufel.de row.ups.com service.teufel.de supportb2b.teufel.de support.teufel.de testblog.teufel.de test.saferpay.com teufelsurvey.fra1.qualtrics.com www.saferpay.com www.terminland.de teufel.de zed.teufel.de login.microsoftonline.com teufelaudio.at teufel.ch teufelaudio.fr teufelaudio.nl teufelaudio.be teufelaudio.es teufelaudio.it cz.teufelaudio.com dk.teufelaudio.com ee.teufelaudio.com fi.teufelaudio.com gb.teufelaudio.com gr.teufelaudio.com hr.teufelaudio.com hu.teufelaudio.com ie.teufelaudio.com li.teufelaudio.com lt.teufelaudio.com lu.teufelaudio.com lv.teufelaudio.com no.teufelaudio.com pt.teufelaudio.com se.teufelaudio.com si.teufelaudio.com sk.teufelaudio.com teufelaudio.pl us.teufelaudio.com 'self' 2
base-uri *; font-src * data:; form-action *; frame-ancestors *; img-src * data: blob:; object-src *; script-src-attr 'none'; style-src * https: 'unsafe-inline'; upgrade-insecure-requests; 2
frame-ancestors 'self' https://edicola.naviga.it/ 2
default-src 'self'; img-src data: 'self' https://media.home.bargains https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookielaw.org https://*.facebook.com https://*.clarity.ms; style-src 'self' 'nonce-8Jhw1Lzp' 'sha256-ND6iXW1aHR5g8r/LihFfVXNCyOKpEA+yocHMpZEXexw=' 'nonce-9dj7hsk2' https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; script-src 'self' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-58kCxrZMl/eGrC3RTZz3GdbVVWE7J0AIn2DvVm+5jjM=' 'nonce-8Jhw1Lzp' https://js.stripe.com https://tagmanager.google.com https://*.googletagmanager.com https://*.clarity.ms https://*.cookielaw.org https://*.facebook.net https://analytics.ahrefs.com; frame-ancestors 'none'; frame-src https://js.stripe.com https://hooks.stripe.com; connect-src 'self' https://api.stripe.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://*.clarity.ms https://*.cookielaw.org https://*.onetrust.com https://*.cookie-script.com https://o4504927879692288.ingest.sentry.io https://analytics.ahrefs.com; 2
frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' data: https:; frame-ancestors 'self' 2
default-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.googleapis.com https://*.gstatic.com https://static.addtoany.com https://*.piwik.pro https://*.usw2.pure.cloud https://*.rochesterregional.org https://*.elderone.org https://*.blackbaudhosting.com https://www.google.com https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io https://cdn.jsdelivr.net/npm/@fullcalendar/ https://*.fonts.net;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.sitecorecloud.io https://*.rochesterregional.org https://*.blackbaudhosting.com https://*.elderone.org https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io https://*.fonts.net;img-src 'self' data: https://*.siteimproveanalytics.io https://siteimproveanalytics.com https://*.googleapis.com https://*.gstatic.com https://edge.sitecorecloud.io https://*.rochesterregional.org https://*.blackbaudhosting.com https://*.elderone.org https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io;connect-src 'self' https://*.usw2.pure.cloud https://*.googleapis.com https://*.gstatic.com https://edge-platform.sitecorecloud.io https://*.coveo.com https://*.rochesterregional.org https://*.elderone.org https://edge.sitecorecloud.io https://edge.sitecorecloud.io/* https://api-cdn.usw2.pure.cloud https://static.addtoany.com https://*.piwik.pro https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io wss://webmessaging.usw2.pure.cloud;font-src 'self' https://*.googleapis.com https://*.usw2.pure.cloud https://*.gstatic.com https://prod-rrh.vercel.app https://*.rochesterregional.org https://*.elderone.org data: https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io https://*.fonts.net;frame-src 'self' https://*.rochesterregional.org https://*.blackbaudhosting.com https://www.google.com https://*.elderone.org https://www.youtube.com https://apps.usw2.pure.cloud https://static.addtoany.com https://*.piwik.pro https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io https://*.airtable.com https://airtable.com https://my.matterport.com/;frame-ancestors 'none';object-src 'none';base-uri 'self';form-action 'self';upgrade-insecure-requests; 2
default-src 'self' data: http://prawo-prod-app-v000488128 https://www.prawo.pl http://www.prawo.pl wss://*.ideo.pl https://*.prawo.pl https://*.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://a.opmnstr.com https://a.omappapi.com https://api.omappapi.com https://z.omappapi.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://s1364398973.t.eloqua.com/e/f2 https://jnn-pa.googleapis.com https://bat.bing.com/ https://bat.bing.net/ https://files.startquestion.com https://snap.licdn.com https://px.ads.linkedin.com https://app.startquestion.com https://pagead2.googlesyndication.com https://sdk.amazonaws.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.pl https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://bat.bing.com/p/insights/c/o https://connect.facebook.net https://*.facebook.com https://facebook.com https://capig.stape.pro https://stats.g.doubleclick.net https://adserver-prod.wolterskluwer.pl https://borg.wolterskluwer.pl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.prawo.pl https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ blob: https://a.opmnstr.com https://a.omappapi.com https://api.omappapi.com https://z.omappapi.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://s1364398973.t.eloqua.com/e/f2 https://jnn-pa.googleapis.com https://bat.bing.com https://bat.bing.net https://files.startquestion.com https://snap.licdn.com https://px.ads.linkedin.com https://app.startquestion.com https://pagead2.googlesyndication.com https://sdk.amazonaws.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.pl https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://bat.bing.com/p/insights/c/o https://connect.facebook.net https://*.facebook.com https://facebook.com https://region1.analytics.google.com https://adserver-prod.wolterskluwer.pl https://borg.wolterskluwer.pl; style-src 'self' 'unsafe-inline' https://*.prawo.pl https://fonts.googleapis.com https://a.opmnstr.com https://a.omappapi.com https://api.omappapi.com https://z.omappapi.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://jnn-pa.googleapis.com https://bat.bing.com https://bat.bing.net https://files.startquestion.com https://snap.licdn.com https://app.startquestion.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://sdk.amazonaws.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.pl https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://bat.bing.com/p/insights/c/o https://connect.facebook.net https://*.facebook.com https://facebook.com https://region1.analytics.google.com https://adserver-prod.wolterskluwer.pl https://borg.wolterskluwer.pl; img-src 'self' 'unsafe-inline' data: https://www.prawo.pl http://www.prawo.pl https://*.ideo.pl https://*.prawo.pl https://www.googletagmanager.com https://a.opmnstr.com https://a.omappapi.com https://api.omappapi.com https://z.omappapi.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com https://www.google.com/images/ https://fonts.gstatic.com https://i.ytimg.com https://cdn.wolterskluwer.pl https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://jnn-pa.googleapis.com https://bat.bing.com https://bat.bing.net https://files.startquestion.com https://snap.licdn.com https://px.ads.linkedin.com https://app.startquestion.com https://pagead2.googlesyndication.com https://sdk.amazonaws.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.pl https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://bat.bing.com/p/insights/c/o https://connect.facebook.net https://*.facebook.com https://facebook.com https://region1.analytics.google.com https://capig.stape.pro https://stats.g.doubleclick.net https://adserver-prod.wolterskluwer.pl https://borg.wolterskluwer.pl; font-src 'self' https://www.prawo.pl http://www.prawo.pl https://*.prawo.pl https://fonts.gstatic.com; frame-src 'self' https://*.prawo.pl https://www.google.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://secure.payu.com https://merch-prod.payu.com https://merch-prod.snd.payu.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.wolterskluwer.pl https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://jnn-pa.googleapis.com https://bat.bing.com https://bat.bing.net https://files.startquestion.com https://snap.licdn.com https://px.ads.linkedin.com https://app.startquestion.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://sdk.amazonaws.com https://googleads.g.doubleclick.net https://www.google.pl https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://bat.bing.com/p/insights/c/o https://connect.facebook.net https://facebook.com https://region1.analytics.google.com https://adserver-prod.wolterskluwer.pl https://borg.wolterskluwer.pl 2
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.adobedc.net *.cloudflare.com *.bing.com *.firestonecompleteautocare.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.firestonecompleteautocare.com *.tiktok.com *.doubleclick.net *.adobedtm.com *.adobedc.net *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.io *.hotjar.com *.bing.com *.beamery.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.adroll.com *.sprinklr.com d2hrivdxn8ekm8.cloudfront.net telemetry.vaultdcr.com ads.nextdoor.com cdnjs.cloudflare.com; img-src * data: blob: ; connect-src *; frame-src *;  media-src 'self' *.sprinklr.com blob:;  font-src 'self' fonts.bridgestoneresources.com data: 2
default-src 'self' chat.searchengines.guru d.searchengines.guru; script-src 'self' search.searchengines.guru d.searchengines.guru pagead2.googlesyndication.com 'unsafe-inline' ep1.adtrafficquality.google ep2.adtrafficquality.google; style-src d.searchengines.guru 'unsafe-inline'; img-src 'self' chat.searchengines.guru d.searchengines.guru blob: data: pagead2.googlesyndication.com ep1.adtrafficquality.google ep2.adtrafficquality.google; media-src 'self' chat.searchengines.guru; font-src 'self' d.searchengines.guru; connect-src 'self' https://chat.searchengines.guru wss://chat.searchengines.guru pagead2.googlesyndication.com ep1.adtrafficquality.google ep2.adtrafficquality.google; frame-src 'self' d.searchengines.guru www.youtube.com googleads.g.doubleclick.net ep1.adtrafficquality.google ep2.adtrafficquality.google www.google.com pagead2.googlesyndication.com; frame-ancestors 'self'; object-src 'self' blob:; 2
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 2
base-uri 'none'; connect-src 'self' https://552-ogk-141.mktoresp.com https://analytics.google.com https://api.company-target.com https://api.hubapi.com https://cdn.cookielaw.org https://cdn.lottielab.com https://forms-na1.hubspot.com https://forms.hsforms.com https://forms.hubspot.com https://geolocation.onetrust.com https://hubspot-forms-static-embed.s3.amazonaws.com https://openpgpkey.bitgo.com https://pagead2.googlesyndication.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://tag-logger.demandbase.com https://www.google-analytics.com https://www.google.com https://js.zi-scripts.com https://ws.zoominfo.com/ https://ws-assets.zoominfo.com/; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com; form-action https://forms.hsforms.com; frame-ancestors; frame-src https://app.hubspot.com https://forms.hsforms.com https://landing.bitgo.com/ https://recaptcha.google.com/recaptcha/ https://docs.google.com/ https://td.doubleclick.net https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: https://analytics.twitter.com https://cdn.cookielaw.org https://cdn.lottielab.com https://forms-na1.hsforms.com https://googleads.g.doubleclick.net https://id.rlcdn.com https://images.ctfassets.net https://px.ads.linkedin.com https://segments.company-target.com https://t.co https://track.hubspot.com https://www.google.com https://www.googletagmanager.com https://www.linkedin.com; media-src 'self' https://videos.ctfassets.net; object-src; script-src 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; script-src-elem 'self' 'unsafe-inline' https://app.hubspot.com https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://landing.bitgo.com https://munchkin.marketo.net https://pagead2.googlesyndication.com https://snap.licdn.com https://static.ads-twitter.com https://tag.demandbase.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws.zoominfo.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://landing.bitgo.com; worker-src; 2
frame-ancestors 'self' api.sheetmusicdirect.com *.arrangeme.com arrangeme.com 2
default-src data: blob: 'self' https://* 'unsafe-eval' 'unsafe-inline';object-src 'none'; upgrade-insecure-requests; 2
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; style-src 'self' https: 'unsafe-inline'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; font-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; connect-src 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; frame-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; frame-ancestors 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; object-src data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; media-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; worker-src 'self' data: blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138 2
frame-ancestors 'self' https://explore.manh.com/; 2
default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com browser.events.data.microsoft.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.pipe.co/ https://stats.pipe.co/ https://widget.trustpilot.com/ https://www.google.com/ https://www.gstatic.com/ https://chat.purely.group/ https://client.crisp.chat https://settings.crisp.chat https://app.sgwidget.com/; img-src 'self' data: https://app.pipe.co/ https://secure.gravatar.com/ https://chat.purely.group/ https://client.crisp.chat/ https://image.crisp.chat/ https://storage.crisp.chat/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://client.crisp.chat/; font-src 'self' data: https://fonts.gstatic.com/ https://client.crisp.chat/; frame-src 'self' https://www.google.com/ https://chat.purely.group/ https://game.crisp.chat/; object-src 'none'; connect-src 'self' https://app.pipe.co/ https://stats.pipe.co/ https://client.crisp.chat/ https://storage.crisp.chat/ wss://client.relay.crisp.chat/ wss://stream.relay.crisp.chat/ https://app.sgwidget.com/ 2
default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; frame-src blob:; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-modals allow-downloads 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.medcity.net https://youtube.com https://www.youtube.com https://*.googleapis.com https://*.google.com https://*.formstack.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.healthgrades.com *.undertone.com *.facebook.net *.facebook.com *.trkn.us *.jotform.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://translate.google.com https://www.gstatic.com https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.go-mpulse.net/ https://*.akstat.io/ https://*.akamaihd.net/ https://dc.hcafloridahealthcare.com https://dc.hcafloridaphysicians.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud https://player.vimeo.com https://embed.vidbeo.com/ https://*.azure.com https://*.microsoft.com https://*.visualstudio.com blob: https://dc.mymdnow.com/ https://dc.carenow.com/ https://dc.stdavids.com/ https://dpx-xsf-func-maps-eastus2-dev-bbasc5hha3dfexh6.eastus2-01.azurewebsites.net https://solutions.invocacdn.com/ https://pnapi.invoca.net/ https://*.podium.com https://*.analyticspodium.com https://dpx-xsf-func-maps-eastus2-prod-bnf2g4e0a8fvhahy.eastus2-01.azurewebsites.net; img-src 'self' data: https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.ytimg.com https://*.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://carelinkhca.my.salesforce-sites.com *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.s3.amazonaws.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud https://i.vimeocdn.com/ https://*.podium.com; style-src 'self' 'unsafe-inline' https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.microsoft.com https://*.podium.com; font-src 'self' 'unsafe-inline' data: https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.microsoft.com https://atlas.microsoft.com https://*.podium.com; frame-src 'self' 'unsafe-inline' https://*.clearstep.health *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://www.youtube.com https://youtube.com https://player.vimeo.com https://embed.vidbeo.com/ *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.securiti.ai https://mammogramscreenbotcontainer.azurewebsites.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://mycarenowbiltmoreparkbot.azurewebsites.net https://privacy-central.securiti.ai; upgrade-insecure-requests; block-all-mixed-content; ; 2
child-src checkoutshopper-live.adyen.com 'self'; connect-src adservice.google.com ajax.googleapis.com analytics.google.com analytics.twitter.com api.eu-1.smooch.io api-js.mixpanel.com api.mixpanel.com apis.google.com arena.matific.com bam-cell.nr-data.net bam.nr-data.net beaconapi.helpscout.net cdn.linkedin.oribi.io chatapi.helpscout.net checkoutshopper-live.adyen.com code.jquery.com consentcdn.cookiebot.com d3hb14vkzrxvla.cloudfront.net d5c36hgmtufmn.cloudfront.net ekr.zdassets.com episode-fact.matific.com firebase.googleapis.com firebaseinstallations.googleapis.com firestore.googleapis.com fonts.googleapis.com googleads.g.doubleclick.net *.google-analytics.com heapanalytics.com https://*.cardinalcommerce.com https://*.clarity.ms/ https://*.clarity.ms/collect https://customer-h8ynfrgd4l2k01xb.cloudflarestream.com https://embedwistia-a.akamaihd.net https://er0hbf77h9.execute-api.us-east-1.amazonaws.com/production/logVoiceOverEvent https://google.com/ https://google.com/ccm/form-data/ https://hv.survicate.com https://*.litix.io https://production-respondent-uploads.s3.eu-west-1.amazonaws.com https://respondent.survicate.com https://survey-prd.survicate-cdn.com https://survey.survicate.com https://translate-pa.googleapis.com https://*.wistia.com https://www.cloudflare.com https://www.google.gr ljifg6p8cd.execute-api.us-east-1.amazonaws.com matific1084.zendesk.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu matific-generatedpdf-ca.s3.amazonaws.com matific-homepage-production.s3.amazonaws.com pagesense-collect.zoho.com.au pagesense.zoho.com.au/ pi.pardot.com polling.matific.com prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com px.ads.linkedin.com region1.analytics.google.com s147nglrj7.execute-api.us-east-1.amazonaws.com securetoken.googleapis.com 'self' *.sentry.io site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com stats.g.doubleclick.net *.sumologic.com t.co translate.googleapis.com wa.appsflyer.com wa.onelink.me widget.usersnap.com widget.usersnap.com/api/widget/xhrrpc/* wss://*.pusher.com wss://widget-mediator.zopim.com www.facebook.com www.google.ad www.googleadservices.com www.google.ae www.google.al www.googleapis.com www.google.az www.google.be www.google.by www.google.ca www.google.ch www.google.cl www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.com www.google.com.ar www.google.com.au www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.do www.google.com.ec www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.om www.google.com.pe www.google.com.pr www.google.com.qa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.hn www.google.hr www.google.hu www.google.iq www.google.it www.google.jo www.google.kg www.google.li www.google.lu www.google.lv www.google.mn www.google.mv www.google.nl/ www.google.no www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.googletagmanager.com www.google.vg; default-src fonts.googleapis.com https://c.bing.com https://*.clarity.ms https://matific1084.zendesk.com https://*.wistia.com https://*.wistia.net https://*.zdassets.com https://*.zendesk.com https://zendesk-eu.my.sentry.io https://*.zopim.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu 'self' 'unsafe-inline' wss://matific1084.zendesk.com wss://*.zopim.com; font-src api.couponmate.com cdnjs.cloudflare.com d5c36hgmtufmn.cloudfront.net data: fonts.googleapis.com fonts.gstatic.com gateway.zscalerone.net heapanalytics.com https://beacon-v2.helpscout.net https://surveys-static-prd.survicate-cdn.com https://surveys-static.survicate.com https://*.wistia.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu maxcdn.bootstrapcdn.com production-cdn-slatemathweb.s3.amazonaws.com 'self' stackpath.bootstrapcdn.com themes.googleusercontent.com use.fontawesome.com use.typekit.net; form-action *.3ds.modirum.com *.bluesnap.com data: lgn.edu.gov.il matific-admintools.auth.us-east-1.amazoncognito.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu 'self' staging-matific-admintools.auth.us-east-1.amazoncognito.com 'unsafe-eval' www.facebook.com; frame-ancestors *.matific.com 'self' www.instructure.com www.matific.com; frame-src * accounts.google.com app.smartsheet.com bid.g.doubleclick.net *.bluesnap.com challenges.cloudflare.com checkoutshopper-live.adyen.com consentcdn.cookiebot.com customer-h8ynfrgd4l2k01xb.cloudflarestream.com d5c36hgmtufmn.cloudfront.net gateway.zscalerone.net https://beacon-v2.helpscout.net https://*.cardinalcommerce.com https://fast.wistia.com https://fast.wistia.net live.adyen.com live-apse.adyen.com live-au.adyen.com live-us.adyen.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu matific-prod.firebaseapp.com pagesense.zoho.com.au pay.google.com policies.google.com prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com 'self' site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com tst.kaptcha.com 'unsafe-eval' us-east-1.quicksight.aws.amazon.com www.facebook.com www.google.com www.gstatic.com; img-src accounts.google.com *.analytics.google.com analytics.google.com analytics.twitter.com bam-cell.nr-data.net bam.nr-data.net blob: *.bluesnap.com c.bing.com code.jquery.com connect.facebook.net csi.gstatic.com cx.atdmt.com d33v4339jhl8k0.cloudfront.net d5c36hgmtufmn.cloudfront.net data: dev.visualwebsiteoptimizer.com files.readme.io gateway.zscalerone.net googleads.g.doubleclick.net *.google-analytics.com *.gstatic.com heapanalytics.com https://assets.survicate.com https://beacon-v2.helpscout.net https://c.clarity.ms/ https://c.clarity.ms/c.gif https://chatapi-prod.s3.amazonaws.com/ https://embedwistia-a.akamaihd.net https://*.gravatar.com https://images.unsplash.com https://img.survicate.com https://matific1084.zendesk.com https://purecatamphetamine.github.io/country-flag-icons/ https://static.zdassets.com https://surveys-static-prd.survicate-cdn.com https://surveys-static.survicate.com https://v2assets.zopim.io https://*.wistia.com https://*.wistia.net https://www.facebook.com/ https://www.facebook.com/tr/ https://www.google.ge imgsct.cookiebot.com matific-a.akamaihd.net *.matific.ca *.matific.co.il *.matific.com *.matific.eu p.adsymptotic.com pagesense-collect.zoho.com.au prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com p.typekit.net px4.ads.linkedin.com px.ads.linkedin.com resources.usersnap.com 'self' site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com static.ads-twitter.com stats.g.doubleclick.net t.co translate.googleapis.com translate.google.com tst.kaptcha.com 'unsafe-eval' 'unsafe-inline' web.facebook.com www.google.ad www.googleadservices.com www.google.ae www.google.al www.google.at www.google.az www.google.be www.google.bg www.google.bs www.google.bt www.google.by www.google.ca www.google.ch www.google.cl www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.com www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.do www.google.com.ec www.google.com.eg www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.jo www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mn www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.googletagmanager.com www.google.tt www.google.vg www.google.vu www.kidsafeseal.com www.linkedin.com *.zendesk.com; media-src blob: data: https://beacon-v2.helpscout.net https://customer-h8ynfrgd4l2k01xb.cloudflarestream.com https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.wistia.net *.matific.com 'unsafe-eval' *.zdassets.com; object-src https://beacon-v2.helpscout.net 'self' 'unsafe-eval' 'unsafe-inline'; script-src ajax.googleapis.com analytics.twitter.com apis.google.com appleid.cdn-apple.com bam-cell.nr-data.net bam.nr-data.net beacon-v2.helpscout.net blob: *.bluesnap.com cdn4.mxpnl.com cdn.heapanalytics.com cdnjs.cloudflare.com cdn.mxpnl.com challenges.cloudflare.com checkoutshopper-live.adyen.com code.jquery.com connect.facebook.net consentcdn.cookiebot.com consent.cookiebot.com dev.visualwebsiteoptimizer.com firebase.googleapis.com firstore.googleapis.com gateway.zscalerone.net googleads.g.doubleclick.net *.google-analytics.com *.google.com heapanalytics.com https://appleid.cdn-apple.com https://*.cardinalcommerce.com https://*.clarity.ms https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://fast.wistia.com https://firebaseinstallations.googleapis.com https://src.litix.io https://survey-prd.survicate-cdn.com https://surveys-static-prd.survicate-cdn.com https://surveys-static.survicate.com https://survey.survicate.com https://*.wistia.com https://*.wistia.net https://www.recaptcha.net js-agent.newrelic.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu *.pagesense.io pi.pardot.com resources.usersnap.com 'self' snap.licdn.com static.ads-twitter.com static.zdassets.com static.zohocdn.com translate.googleapis.com translate.google.com 'unsafe-eval' 'unsafe-inline' use.typekit.net wa.appsflyer.com websdk.appsflyer.com widget.usersnap.com www.googleadservices.com www.google.al www.google.cn www.google.co.kr www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.na www.google.com.ng www.google.com.ni www.google.com.om www.google.com.sg www.google.co.zw www.google.dk www.google.es www.google.iq www.google.kg www.google.md www.google.mn www.google.mv www.google.rs www.google.se www.google.si www.google.sk www.googletagmanager.com www.gstatic.com; script-src-attr 'unsafe-inline'; script-src-elem ajax.googleapis.com analytics.twitter.com api.eu-1.smooch.io apis.google.com appleid.cdn-apple.com bam-cell.nr-data.net bam.nr-data.net beacon-v2.helpscout.net *.bluesnap.com cdn4.mxpnl.com cdn.heapanalytics.com cdnjs.cloudflare.com cdn.mxpnl.com challenges.cloudflare.com checkoutshopper-live.adyen.com code.jquery.com connect.facebook.net consentcdn.cookiebot.com consent.cookiebot.com dev.visualwebsiteoptimizer.com fast.wistia.com googleads.g.doubleclick.net *.google-analytics.com googletagmanager.com heapanalytics.com https://*.cardinalcommerce.com https://*.clarity.ms https://fast.wistia.com https://firestore.googleapis.com js-agent.newrelic.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu pagesense-collect.zoho.com.au *.pagesense.io pagesense.zoho.com.au pay.google.com pi.pardot.com plus.google.com resources.usersnap.com 'self' *.sentry-cdn.com snap.licdn.com ssl.kaptcha.com static.ads-twitter.com static.zdassets.com static.zohocdn.com 'unsafe-inline' use.typekit.net wa.appsflyer.com websdk.appsflyer.com widget.usersnap.com www.googleadservices.com www.google.com www.googletagmanager.com www.gstatic.com; style-src blob: cdnjs.cloudflare.com checkoutshopper-live.adyen.com fonts.googleapis.com heapanalytics.com https://beacon-v2.helpscout.net https://fast.wistia.com https://surveys-static-prd.survicate-cdn.com https://surveys-static.survicate.com https://www.gstatic.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu 'self' stackpath.bootstrapcdn.com translate.googleapis.com 'unsafe-eval' 'unsafe-inline' use.fontawesome.com; style-src-attr 'unsafe-inline'; style-src-elem apis.google.com cdnjs.cloudflare.com checkoutshopper-live.adyen.com code.jquery.com fonts.googleapis.com heapanalytics.com https://surveys-static.survicate.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu 'self' stackpath.bootstrapcdn.com 'unsafe-inline' use.fontawesome.com; worker-src blob: 'self'; report-uri https://matific.report-uri.com/r/d/csp/reportOnly; report-to default; 2
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net unpkg.com *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.mail.cafepress.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com *.eml.stockingshop.com *.eml.ornamentstreet.com *.eml.baubles.co.uk track.cordial.io tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.turnto.com *.turnto.eu wac.edgecast.net s.axon.ai c.albss.com *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com *.simplytoimpress.com *.photoaffections.com *.canvasworld.com *.mycustomcase.com *.simplytoimpress.co.uk *.parkerandpip.com *.legacylane.com *.gifts.com *.personalcreations.com *.stockingshop.com *.ornamentstreet.com *.baubles.co.uk *.cafepress.com cdn.gonift.com shopper.shop.pe d2mjzob2nc713b.cloudfront.net capig.gifts.com nexus.ensighten.com *.mczbf.com *.herbstarsbuilding.com res4.applovin.com cdn.simplytoimpress.com;frame-ancestors 'self' https://www.simplytoimpress.com https://*.personalcreations.com;object-src 'self' https://www.simplytoimpress.com;upgrade-insecure-requests 2
frame-ancestors 'self' https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch https://*.enboarder.com 2
script-src 'self' https://*.googletagmanager.com https://*.gstatic.com https://*.google.com https://*.google.pl https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.ggpht.com https://*.googleusercontent.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.snrcdn.net https://chat.pekao.com.pl https://public.tableau.com https://bat.bing.com https://platform.twitter.com 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self'; object-src 'none'; 2
frame-ancestors 'self' https://wella-pro.cms.wella.digital; object-src 'none'; upgrade-insecure-requests 2
img-src * 'self' https: 'unsafe-eval' data: https://*.transcend.io/* https://*.mutinycdn.com/* https://*.mutinyhq.io/* https://*.mutinyhq.com/* https://*.qualified.com/* https://*.wistia.com/* http://splashthat.com/* http://*.marketo.net/* http://*.6sc.co/* https://app.qualified.com/ https://sync.transcend.io/ https://vercel.live/ https://www.youtube.com/ http://668-yxh-576.mktoweb.com/ https://cdn.transcend.io/ https://splashthat.com/ http://splashthat.com/ http://munchkin.marketo.net/ wss://ws.qualified.com/ https://client-registry.mutinycdn.com/ http://668-yxh-576.mktoresp.com https://videos.ctfassets.net/ wss://ws7.hotjar.com/ wss://ws-us3.pusher.com/ https://events.rm-api.com/ https://app.mutinyhq.com/; frame-ancestors 'self' https://app.mutinyhq.com/; 2
img-src 'self' data:; default-src 'self' 'unsafe-inline' 2
frame-ancestors 'self' https://cdn-pre.tngdigital.com.my https://cdn.tngdigital.com.my https://www.cimbclicks.com.my; object-src 'none'; upgrade-insecure-requests; script-src 'self' rum.hlx.page assets.adobedtm.com *.googletagmanager.com *.google-analytics.com analytics.tiktok.com *.adsrvr.org tags.crwdcntrl.net connect.facebook.net *.doubleclick.net *.google.com *.innity.net *.outbrain.com *.hotjar.com *.onetrust.com *.line-scdn.net *.demdex.net *.omtrdc.net *.cimb.com.sg *.quantserve.com *.quantcount.com *.brand-display.com *.fontawesome.com *.pand.ai *.mookie1.com *.cimbclicks.com.my *.bbci.co.uk *.oracleinfinity.io *.oracle.com *.gstatic.com *.licdn.com *.recaptcha.net *.adobe.com *.cloudfront.net *.youtube.com *.googleusercontent.com *.youtube-nocookie.com *.azureedge.net *.blob.core.windows.net 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.google.com https://recaptcha.net https://www.recaptcha.net *.doubleclick.net *.brand-display.com *.googletagmanager.com *.adsrvr.org *.demdex.net *.forksurge.com *.crwdcntrl.net *.cloudfront.net youtube-nocookie.com *.youtube-nocookie.com https://*.fls.doubleclick.net players.brightcove.net *.youtube.com irs.tools.investis.com *.googleusercontent.com *.azureedge.net https://www.cimbclicks.com.my; 2
base-uri 'self';frame-ancestors 'self';object-src 'none' 2
frame-ancestors 'self' lhg.hubwoo.com; 2
default-src 'self'; connect-src * webpack:; font-src * data: webpack:; frame-src * *.wellsfargo.com; img-src * data:; media-src *; object-src *; script-src * *.wellsfargo.com 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; manifest-src https://*.afw.com; 2
'self' script-src https://ajax.googleapis.com/ajax/*; object-src 'self' 2
default-src 'self' 'unsafe-inline' *.tuxis.nl tools.tuxis.cloud tuxis.my3cx.nl object-src data: 'unsafe-eval' frame-ancestors: 'self' connect-src * ws: wss:; 2
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://c.clarity.ms https://c.bing.com *.clarity.ms *.betufa.com ufshseo-cdn.mybet789.com natural-sunrise-eea00ccd45.media.strapiapp.com; media-src self data: *.betufa.com ufshseo-cdn.mybet789.com natural-sunrise-eea00ccd45.media.strapiapp.com; script-src 'self' 'unsafe-inline' https://www.clarity.ms *.clarity.ms https://www.googletagmanager.com https://static.cloudflareinsights.com;connect-src 'self' https://*.betufa.com https://staging-api.ufabet.sh https://ufshseo-content.mybet789.com https://content.ufanews.com https://api.staging.myufa.com https://ajax-login-portal.mybet789.com https://one.one.one.one/cdn-cgi/trace https://www.googletagmanager.com https://www.clarity.ms *.clarity.ms https://www.google-analytics.com https://j.clarity.ms; 2
frame-ancestors 'self' https://solar.justpark.com https://business.justpark.com https://pay-26l.pages.dev/ https://o2landingpage.kinsta.cloud/ https://pay.justpark.com/ https://app.storyblok.com/ 2
connect-src 'self' https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://privacyportal-uk.onetrust.com fndrsp.net fndrsp-checkout.net *.fundraiseup.com *.stripe.com *.paypal.com *.paypalobjects.com api.addressy.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googlesyndication.com https://google.com https://*.google.com https://*.google.co.uk https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net https://stats.g.doubleclick.net https://px.ads.linkedin.com https://bat.bing.com https://bat.bing.net https://*.clarity.ms https://cloudflareinsights.com https://cycling-uk-d9.cycle.travel https://cycling-uk-dev.cycle.travel https://tile.cycle.travel https://tile.geowiki.com https://geocoder.cycle.travel https://routing-uk.cycle.travel https://www.cyclestreets.net https://*.fontawesome.com https://monorail-edge.shopifysvc.com https://*.myshopify.com https://www.facebook.com https://*.svc.dynamics.com https://cyclinguk.maps.arcgis.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://public-gbr.mkt.dynamics.com https://assets-gbr.mkt.dynamics.com https://region1.google-analytics.com https://region1.analytics.google.com; font-src 'self' *.fundraiseup.com *.stripe.com https://fonts.gstatic.com https://*.fontawesome.com; frame-src 'self' *.fundraiseup.com *.stripe.com *.paypal.com pay.google.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com e.issuu.com https://www.google.com https://*.svc.dynamics.com https://cyclinguk.maps.arcgis.com *.dynamics.com; img-src 'self' data: https://www.cyclinguk.org https://cdn-ukwest.onetrust.com *.fundraiseup.com ucarecdn.com pay.google.com *.paypalobjects.com https://*.bing.com https://*.bing.net https://*.clarity.ms https://www.googletagmanager.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://google.com https://www.gstatic.com https://www.facebook.com https://px.ads.linkedin.com https://*.ytimg.com https://raster-eu.cycle.travel https://cycling-uk-d9.cycle.travel https://cycling-uk-dev.cycle.travel https://*.amazonaws.com https://tile.openstreetmap.org https://cdn.shopify.com https://sdks.shopifycdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://use.typekit.net https://www.youtube.com https://cdn.fundraiseup.com *.fundraiseup.com *.stripe.com m.stripe.network pay.google.com *.paypal.com *.paypalobjects.com https://scripts.clarity.ms https://sdks.shopifycdn.com *.azureedge.net *.dynamics.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://kit.fontawesome.com https://unpkg.com https://use.fontawesome.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://js-agent.newrelic.com https://fonts.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://bat.bing.com https://connect.facebook.net https://*.clarity.ms https://script.hotjar.com https://*.azureedge.net https://*.googleadservices.com https://cdn-ukwest.onetrust.com https://www.youtube.com https://sdks.shopifycdn.com https://cdn.fundraiseup.com https://static.fundraiseup.com https://static.cloudflareinsights.com https://ajax.googleapis.com https://js.stripe.com https://pay.google.com https://ajax.aspnetcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://kit.fontawesome.com https://unpkg.com https://use.fontawesome.com; style-src 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://js-agent.newrelic.com https://fonts.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://bat.bing.com https://connect.facebook.net https://*.clarity.ms https://script.hotjar.com blob: https://cdn-ukwest.onetrust.com https://www.youtube.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://fonts.googleapis.com https://p.typekit.net https://www.youtube.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://unpkg.com; frame-ancestors 'self' 2
frame-src 'self' https://eu-west-2-elume.s3.us-east-1.amazonaws.com/ https://forms.hsforms.com/ https://app.hubspot.com https://www.googletagmanager.com https://accounts.google.com https://sdk.companywebcast.com https://ir.asp.manamind.com https://www.youtube.com https://www.youtube-nocookie.com *.metric.gstatic.com *.dynamics.com https://webcast.seria.no https://spinzam.com/ https://player.vimeo.com https://vimeo.com https://cdn.embedly.com https://www.facebook.com https://www.google.com/ https://platform.twitter.com/ https://twitter.com/ https://ir.oms.no/ https://kongsberg.easycruit.com https://tools.eurolandir.com https://asia.tools.euroland.com https://tools.euroland.com https://gamma.euroland.com https://jirango.com https://app.powerbi.com/ https://dashboard.find.episerver.net/; frame-ancestors 'self' 2
frame-ancestors https://caramel.la https://caramel.la/* 'self' 2
style-src 'self' https://www.santafe.gob.ar https://www.santafe.gov.ar https://fonts.googleapis.com https://embed.typeform.com 'unsafe-inline' frame-ancestors 'self' https://gestionvirtual.santafe.gob.ar 2
upgrade-insecure-requests;font-src 'self' data:; img-src 'self' https://assets.pinterest.com/ https://www.googletagmanager.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net data: blob:; frame-src 'self' https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; child-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ ;connect-src 'self'  https://gallery-rc.monocle3d.com/  https://components-rc.monocle3d.com/ https://gallery.monocle3d.com/ https://components.monocle3d.com/ https://www.google.com/recaptcha/api2/ https://firebasestorage.googleapis.com https://firestore.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com/ https://www.google-analytics.com/j/ www.google-analytics.com *.google-analytics.com https://stats.g.doubleclick.ne blob:; form-action 'self' https://www.sandbox.paypal.com/ https://www.paypal.com/ https://proantic.us8.list-manage.com/subscribe/post; object-src 'none'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self';script-src 'unsafe-eval' 'unsafe-inline' 'self' https://components.monocle3d.com/ https://components-rc.monocle3d.com/ https://www.googletagmanager.com/ https://monocle.link https://monocle.link/ https://ajax.googleapis.com/ajax/libs/model-viewer/3.5.0/model-viewer.min.js https://cse.google.com/cse/ https://www.google.com/cse/ https://tagmanager.google.com https://transloadit.edgly.net/releases/ https://code.jquery.com/jquery-3.2.1.min.js https://cdn.jsdelivr.net/npm/ https://apis.google.com/ajax/libs/ https://www.google.com/recaptcha/api.js https://ajax.googleapis.com/ajax/libs/webfont/ https://apis.google.com/js/ https://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://cdnjs.cloudflare.com/ajax/libs/jqueryui/; 2
frame-ancestors 'self' https://pdftron.sanity.studio; 2
frame-ancestors 'self' cdn.adkaora.space cdn.ampproject.org *.g.doubleclick.net blob: elpopular.pe *.googleapis.com *.googlesyndication.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' https://www.google-analytics.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2
child-src 'self' *.lightning.force.com *.pendo.io *.greenhouse.io *.google.com *.vimeo.com *.isnetworld.com *.mypurecloud.com js.hs-scripts.com *.googletagmanager.com *.userway.org *.youtube.com 21911619.hs-sites.com; form-action 'self'; frame-ancestors 'self' *.lightning.force.com google.com *.vimeo.com 2
default-src 'self' https:; img-src * data:; media-src 'self' https: blob: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.mega.cl *.megatiempo.cl *.meganoticias.cl *.mdstrm.com *.tomorrow.io *.etc.cl servicios-mega.cdn.mdstrm.com data:; style-src 'self' 'unsafe-inline' https: blob: data:; connect-src 'self' https:; form-action 'self'; base-uri 'self'; worker-src 'self' blob: *.megamedia.cl *.etc.cl *.megatiempo.cl *.meganoticias.cl *.mega.cl; frame-src 'self' https:; child-src 'self' blob: *.megamedia.cl *.firebaseapp.com *.mdstrm.com; frame-ancestors *.meganoticias.cl *.mega.cl *.etc.cl *.megamedia.cl *.megatiempo.cl  *.google.com elfestival.tv; 2
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://sdk.privacy-center.org https://analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://assets-ctb.pernod-ricard.io https://api.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://zfm2j5365u-dsn.algolia.net https://d8ejoa1fys2rk.cloudfront.net https://brandcloud.pernod-ricard.com https://optoutapi.evidon.com *.evidon.com *.betrad.com https://us-central1-pantheon-psapps.cloudfunctions.net https://insight.pravp.com/analytics *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css agegate.pr-globalcms.com 4q87csmwes-dsn.algolia.net *.didomi.io pernod-ricard-deutschland.mynewsdesk.com px.ads.linkedin.com https://loop.pr-globalcms.com https://cdn.blueconic.net https://pernodricardusa.blueconic.net https://www.facebook.com https://www.googletagmanager.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://app-avp.pravp.com https://assets-ctb.pernod-ricard.io https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://static.addtoany.com https://emperia.gallery https://my.matterport.com https://www.google.com pernod-ricard-deutschland.mynewsdesk.com https://www.mynewsdesk.com https://live.eventtia.com; img-src 'self' https: data:; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://sdk.privacy-center.org https://avp.pravp.com https://www.google-analytics.com https://c.evidon.com https://assets-ctb.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://www.youtube.com https://player.vimeo.com *.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://snap.licdn.com https://www.google.com https://www.gstatic.com https://static.cloudflareinsights.com agegate.pr-globalcms.com pernod-ricard-deutschland.mynewsdesk.com https://loop.pr-globalcms.com https://cdn.blueconic.net https://pernodricardusa.blueconic.net https://plugins.blueconic.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://vuejs.org; style-src 'self' 'unsafe-inline' https://assets-ctb.pernod-ricard.io data: https://live-pernod-ricard-global-cms.pantheonsite.io https://loop.pr-globalcms.com https://plugins.blueconic.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-hashes' 'unsafe-inline'; base-uri 'self'; form-action 'self' https://login.microsoftonline.com https://device.login.microsoftonline.com; frame-ancestors 'self' 2
upgrade-insecure-requests; default-src 'self' https://cdn.plaid.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.plaid.com/link/v2/stable/link-initialize.js https://platform.benefits.wexglobal.com/identityverification/v1/js/identityverificationwrapper.min.js; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src *; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net https://cdn.plaid.com; connect-src 'self' dpm.demdex.net https://production.plaid.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' * data:;frame-ancestors 'self';; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 2
frame-ancestors www.googletagmanager.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.ipeye.com.tr ipeye.com.tr ipglaz.kz https://www.ipglaz.kz https://www.ipeye.by ipeye.by https://smartcaptcha.yandexcloud.net https://www.google.com https://www.gstatic.com  www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net mc.yandex.ru mc.yandex.com api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yastatic.net *.roistat.com tech.rtb.mts.ru qoopler.ru use.fontawesome.com app.diagrams.net viewer.diagrams.net;  font-src 'self' https://www.ipeye.com.tr ipeye.com.tr ipglaz.kz https://www.ipglaz.kz https://www.ipeye.by ipeye.by https://www.ipeye.ru yastatic.net;  frame-src 'self' https://www.ipeye.com.tr ipeye.com.tr ipglaz.kz https://www.ipglaz.kz https://www.ipeye.by ipeye.by ipeye.ru docs.google.com https://www.youtube.com https://www.youtube-nocookie.com/ mc.yandex.ru mc.yandex.com https://www.google.com https://smartcaptcha.yandexcloud.net; img-src 'self' data: i.ytimg.com api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yastatic.net yandex.ru mc.yandex.ru mc.yandex.com https://www.ipeye.com.tr ipeye.com.tr ipglaz.kz https://www.ipglaz.kz https://www.ipeye.by ipeye.by; 2
font-src 'self' fonts.gstatic.com; img-src 'self' cdn.redoc.ly data: maps.googleapis.com maps.gstatic.com; default-src 'self'; style-src 'self' fonts.googleapis.com 'unsafe-inline' maps.gstatic.com; connect-src *.google-analytics.com 'self' maps.googleapis.com; worker-src 'self' blob:; frame-src 'self' www.google.com 'unsafe-inline'; script-src 'self' www.google.com www.googletagmanager.com www.gstatic.com cdn.redoc.ly 'unsafe-inline' maps.googleapis.com 2
default-src 'self' flickrembed.com *.flickrembed.com *.jquery.com *.flickr.com *.twitter.com *.gstatic.com *.weloveiconfonts.com weloveiconfonts.com *.googletagmanager.com *.google-analytics.com *.youtube.com youtube.com *.ytimg.com *.google.com *.googlevideo.com *.googleapis.com *.facebook.net *.facebook.com *.doubleclick.net *.rss2json.com *.instagram.com *.googleservices.com *.office.com *.matterport.com *.cloudflare.com *.benchmarkemail.com *.renem.es *.openstreetmap.org *.opentopomap.org *.ign.es data: 'unsafe-inline' 'unsafe-eval'; 2
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2
frame-ancestors 'self' https://viestimedia.blueconic.net https://viestimedia.sb.blueconic.net https://*.viestimedia.net; 2
frame-ancestors 'self' https://app.contentful.com http://15.156.122.252 https://timescale.ghost.io https://assets.tigerdata.com https://assets.timescale.com https://timescale.com https://www.timescale.com https://studio.plasmic.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://cdn.segment.com https://cdn.cr-proxy.com https://*.googletagmanager.com https://www.googletagmanager.com http://js.hs-scripts.com https://js.hs-scripts.com https://js.hubspot.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.usemessages.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://connect.facebook.net https://j.6sc.co https://*.leandata.com https://tag.clearbitscripts.com https://x.clearbitjs.com https://static.ads-twitter.com https://analytics.twitter.com https://cdn.pendo.io https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.qualified.com https://js.qualified.com https://unpkg.com https://cdn.plasmic.app https://cmp.osano.com https://cdn.vector.co https://d-code.liadm.com https://vercel.live https://www.redditstatic.com https://tag.unifyintent.com https://www.clarity.ms https://scripts.clarity.ms https://jobs.ashbyhq.com https://snap.licdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; frame-src 'self' https://accounts.google.com https://www.youtube.com https://player.vimeo.com https://vercel.live https://vercel.com https://app.contentful.com https://www.googletagmanager.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.google.com https://js.qualified.com https://app.qualified.com https://*.liadm.com https://forms.hsforms.com https://*.leandata.com https://jobs.ashbyhq.com; connect-src 'self' https://accounts.google.com https://www.google.com https://api.segment.io https://cdn.segment.com https://api.cr-proxy.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://*.sentry.io https://o417395.ingest.us.sentry.io http://ib.adnxs.com https://secure.adnxs.com http://c.6sc.co https://j.6sc.co https://ipv6.6sc.co https://api.clearbit.com https://reveal.clearbit.com https://cdn.heapanalytics.com https://heapanalytics.com https://pixel.ad.samsungads.com https://px.ads.linkedin.com https://analytics.twitter.com https://cdn.pendo.io https://app.pendo.io https://data.pendo.io https://pendo-io-static.storage.googleapis.com https://*.qualified.com https://wss.qualified.com wss://*.qualified.com https://api.github.com https://api.vector.co https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://*.liadm.com https://*.leandata.com https://pixel-config.reddit.com https://api.unifyintent.com https://z.clarity.ms https://jobs.ashbyhq.com https://*.algolianet.com https://*.algolia.net https://pagead2.googlesyndication.com; img-src 'self' data: blob: https: http:; media-src 'self' data: blob: https: http:; font-src 'self' data: https://fonts.gstatic.com https://assets.tigerdata.com https://*.leandata.com; default-src 'self' 2
default-src 'self' 'unsafe-inline' blob: data: https://*.gstatic.com https://embedr.flickr.com https://widgets.flickr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.readspeaker.com https://*.google.com https://*.google.pt https://*.clarity.ms https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://snap.licdn.com https://px.ads.linkedin.com https://www.facebook.com https://embedr.flickr.com https://widgets.flickr.com https://hcaptcha.com https://*.hcaptcha.com https://*.unibuddy.co https://cdn.jsdelivr.net code.jquery.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://*.readspeaker.com https://hcaptcha.com https://*.hcaptcha.com https://*.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data: blob: 'unsafe-inline' https://placehold.it https://*.iscte-iul.pt https://iscte-iul.pt https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.pt https://www.linkedin.com https://www.googleadservices.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ciencia.iscte-iul.pt https://px.ads.linkedin.com https://www.facebook.com https://live.staticflickr.com https://*.clarity.ms; connect-src 'self' https://*.readspeaker.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com https://*.clarity.ms https://embedr.flickr.com https://*.hcaptcha.com; object-src 'self'; frame-src 'self' https://*.iscte-iul.pt https://*.eventbrite.pt https://*.eventbrite.com https://*.google.com https://*.google.pt https://*.soundcloud.com https://www.youtube.com https://youtu.be https://sketchfab.com https://player.vimeo.com https://www.strava.com https://hcaptcha.com https://*.hcaptcha.com https://forms.office.com https://*.unibuddy.co https://unibuddy.co 2
object-src https://cdn.speedcurve.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.speedcurve.com https://360learning.chilipiper.com https://munchkin.marketo.net https://www.googletagmanager.com https://fonts.googleapis.com https://cdn.amplitude.com https://ssl.geoplugin.net https://pages.360learning.com https://www.instagram.com https://fast.wistia.com https://static.cdn.prismic.io https://prismic.io https://bat.bing.com https://appvizer.one https://pagead2.googlesyndication.com https://script.crazyegg.com https://redditstatic.com https://www.redditstatic.com https://snap.licdn.com https://connect.facebook.net https://tracking.g2crowd.net https://s.adroll.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://googleads.g.doubleclick.net https://onsite.optimonk.com https://gs-cdn.optimonk.com https://ct.capterra.com https://browser.sentry-cdn.com https://fast.wistia.net https://tracking.g2crowd.com https://cdn-asset.optimonk.com https://d.adroll.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://ingest.promptwatch.com https://ddwl4m2hdecbv.cloudfront.net/b/ https://b-code.liadm.com/lc2.js https://rp.liadm.com https://idx.liadm.com https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.liadm.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://a.usbrowserspeed.com https://pocustrack.com/ https://*.pocustrack.com https://cdn.cr-proxy.com https://cdn.vector.co; frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://teams.microsoft.com https://*.sharepoint.com 2
frame-ancestors 'self' https://www.sciencenews.org https://www.societyforscience.org https://centennial.societyforscience.org 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://ipapi.co; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.bt.bt/wp-content/cache/; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https://www.google-analytics.com https://bt.bt; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://geo.wpforms.com; frame-ancestors 'self'; frame-src 'self' https://maps.google.com https://www.google.com; object-src 'none'; upgrade-insecure-requests; 2
default-src form.gov.sg api-cdp.eu01.treasuredata.com *.treasuredata.com *.recaptcha.net *.bellustartokyo.jp *.net-fs.com *.matterport.com *.smartviewmedia.com.au *.sprinklr.com *.zencdn.net *.googleapis.com *.cloudflare.com 'self' 'unsafe-inline'; script-src 'self' *.panpacific.com *.pphg.com *.opentable.com.au *.affilired.com *.denomatic.com *.doubleclick.net *.panomatics.com *.googlesyndication.com messenger.myma.ai *.cookieyes.com cdn-cookieyes.com *.adobedtm.com form.gov.sg *.addtoany.com api-cdp.eu01.treasuredata.com *.treasuredata.com *.gstatic.cn *.cloudfront.net *.usabilla.com *.recaptcha.net *.sojern.com *.gstatic.com *.yimg.jp *.sevenrooms.com *.twitter.com *.sprinklr.com *.fontawesome.com *.amazonaws.com *.imenupro.com imenupro.com *.tablecheck.com *.instagram.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.nowbookit.com *.mynewsdesk.com *.opentable.co.uk *.jscache.com *.tripadvisor.com *.tripadvisor.com.au *.tacdn.com *.abtasty.com *.digicert.com *.titiqcdn.com *.tiqcdn.com *.google.com *.facebook.com *.facebook.net *.youtube.com *.googleapis.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com *.googletagmanager.com *.enzymic.co *.baidu.com *.bing.com *.google-analytics.com *.licdn.com *.tiktok.com *.everestjs.net *.matomo.cloud *.adform.com *.adform.net *.googleadservices.com *.google.com.sg *.zencdn.net *.doubleclick.net *.clarity.ms *.addthisedge.com *.moatads.com *.contentsquare.net app.contentsquare.com 20.67.250.109 54.247.44.196 52.51.9.12 52.18.162.157 20.75.90.236 100.24.76.90 34.192.98.148 20.67.250.109 54.247.44.196 52.51.9.12 35.72.153.38 35.73.99.41 34.192.240.128 *.fullstory.com *.linkedin.com *.stackadapt.com *.trueloyal.com *.simpli.fi https://*.pxlecdn.com https://*.pixlee.com 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' *.panpacific.com *.panomatics.com *.cloudfront.net *.usabilla.com *.sprinklr.com *.sevenrooms.com *.sprinklr.com *.abtasty.com *.amazonaws.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.bootstrapcdn.com *.tacdn.com *.googleapis.com *.cloudfront.net *.cloudflare.com *.zencdn.net *.stackadapt.com 'unsafe-inline'; font-src 'self' *.cloudfront.net *.usabilla.com *.sevenrooms.com *.abtasty.com *.sprinklr.com *.fontawesome.com *.amazonaws.com *.gstatic.com *.panpacific.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.contentsquare.net 'unsafe-inline' data: ; img-src 'self' blob: data: *.panpacific.com  *.bookmebob.com *.affilired.com *.denomatic.com *.doubleclick.net *.panomatics.com https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com  *.googlesyndication.com *.cookieyes.com cdn-cookieyes.com bmbuiassetsprod.blob.core.windows.net *.googletagmanager.com *.google.ca *.cloudfront.net *.usabilla.com *.tripadvisor.com *.travelmyth.com *.sojern.com *.sevenrooms.com *.sprinklr.com *.fbcdn.net *.twimg.com *.pphg.com *.google.co.id *.google.com.my *.abtasty.com http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org *.osm.org *.tile.osm.org *.googleadservices.com *.ghadiscovery.com *.nor1upgrades.com *.amazonaws.com *.adsymptotic.com *.demdex.net *.everesttech.net *.maxcdn.com *.tacdn.com *.tripadvisor.com.au *.facebook.com *.doubleclick.net *.linkedin.com *.bing.com *.google-analytics.com *.google.com *.google.com.sg *.gstatic.com *.googleapis.com *.digicert.com *.maxcdn.com *.baidu.com *.cloudfront.net *.usabilla.com *.clarity.ms *.derbysoftca.com *.contentsquare.net 20.67.250.109 54.247.44.196 52.51.9.12 52.18.162.157 20.75.90.236 100.24.76.90 34.192.98.148 20.67.250.109 54.247.44.196 52.51.9.12 35.72.153.38 35.73.99.41 34.192.240.128 *.fullstory.com https://*.pixlee.com 'unsafe-inline' ; frame-src 'self' *.affilired.com *.denomatic.com *.doubleclick.net *.sojern.com panomatics.com *.panomatics.com *.opentable.com.au *.thefork.com messenger.myma.ai *.net-fs.com *.addtoany.com *.cloudfront.net *.usabilla.com *.recaptcha.net *.hotelgroove.jp *.bellustartokyo.jp *.google.com *.dailymotion.com *.vimeo.com *.sevenrooms.com *.matterport.com *.adform.net tablecheck.com *.tablecheck.com *.smartviewmedia.com.au *.demdex.net *.instagram.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.nowbookit.com *.facebook.com *.mynewsdesk.com *.opentable.co.uk *.doubleclick.net *.trustyou.com *.trustyou.co *.youtube.com *.lafourchette.com planet360bd.com *.abtasty.com *.contentsquare.net 360.theredmarker.com *.googletagmanager.com *.stackadapt.com *.trueloyal.com https://*.pixlee.co 'unsafe-inline' ; connect-src https: http: *.cloudfront.net *.usabilla.com *.abtasty.com *.contentsquare.net *.contentsquare.com 20.67.250.109 54.247.44.196 52.51.9.12 52.18.162.157 20.75.90.236 100.24.76.90 34.192.98.148 20.67.250.109 54.247.44.196 52.51.9.12 35.72.153.38 35.73.99.41 34.192.240.128 *.fullstory.com ; child-src blob: ; worker-src blob: ; 2
default-src 'self'                 https://*.santander.pt                 https://*.adobecqms.net                 data:;             object-src 'self'                 https://*.santander.pt                 https://*.adobecqms.net;             frame-ancestors 'self'                 https://*.santander.pt                 https://*.adobecqms.net;             frame-src 'self'                 https://santander.pt                 https://*.santander.pt                 https://*.santander.com                 https://*.adobecqms.net                 https://www.youtube.com                 https://www.youtube-nocookie.com                 https://www.googletagmanager.com                 https://*.doubleclick.net                 https://ct.pinterest.com;             img-src 'self'                 https://*.santander.pt                 https://alb.reddit.com                 https://t.co                 https://analytics.twitter.com                 https://*.linkedin.com                 https://*.doubleclick.net                 https://www.google.ie                 https://www.google.nl                 https://www.google.fr                 https://www.google.es                 https://www.google.com                 https://www.google.pt                 https://*.google-analytics.com                 https://www.googletagmanager.com                 https://fonts.gstatic.com                 https://bat.bing.com                 https://c.clarity.ms                 https://www.facebook.com                 https://c.bing.com                 https://i.ytimg.com                 https://*.youtube.com                 https://*.gruposantander.com                 https://*.cookielaw.org                 https://*.santander.com                 https://*.bing.net                 https://*.gstatic.com                 data:;             style-src 'self' 'unsafe-inline'                 https://*.googletagmanager.com                 https://fonts.googleapis.com;             script-src 'self' 'unsafe-inline' 'unsafe-eval'                 https://www.googletagmanager.com                 https://www.googleadservices.com                 https://*.google-analytics.com                 https://*.google.com                 https://*.googlesyndication.com                 https://snap.licdn.com                 https://static.ads-twitter.com                 https://cdn.evgnet.com                 https://cdn1.adoberesources.net                 https://www.redditstatic.com                 https://*.hotjar.com                 https://connect.facebook.net                 https://www.clarity.ms                 https://bat.bing.com                 https://analytics.tiktok.com                 https://s.pinimg.com                 https://*.qualtrics.com                 https://www.youtube.com                 https://unpkg.com                 https://cdnjs.cloudflare.com                 https://maxcdn.bootstrapcdn.com                 https://code.jquery.com                 https://ct.pinterest.com                 https://*.cookielaw.org                 https://*.santander.com                 https://*.gruposantander.com                 https://rum.hlx.page/;             font-src 'self'                 https://*.santander.pt                 https://fonts.gstatic.com                 https://*.santander.com                 data:;             connect-src 'self'                 https://*.santander.pt                 https://*.santander.com                 https://*.evergage.com                 https://*.linkedin.com                 https://*.doubleclick.net                 https://*.google.com                 https://www.google.nl                 https://*.google-analytics.com                 https://adobedc.demdex.net                 https://ct.pinterest.com                 https://*.clarity.ms                 https://analytics.tiktok.com                 https://edge.adobedc.net                 https://bat.bing.com                 https://*.qualtrics.com                 https://*.hotjar.io                 https://*.hotjar.com                 wss://ws.hotjar.com                 https://www.redditstatic.com                 https://*.cookielaw.org                 https://*.reddit.com                 wss://webmessaging.mypurecloud.ie                 https://*.onetrust.com                 https://*.bing.net                 https://pagead2.googlesyndication.com                 https://*.google.pt                 https://*.google.nl                 https://*.facebook.com                 https://*.googleadservices.com                 https://*.gruposantander.com;             form-action 'self'                 https://santander.pt                 https://*.santander.pt                 https://*.santander.com                 https://*.adobecqms.net;             report-to https://www.santander.pt/csp-report; 2
default-src 'self';       script-src 'self' 'unsafe-inline' 'unsafe-eval'         https://www.googletagmanager.com         https://www.google-analytics.com         https://dap.digitalgov.gov         https://www.google.com         https://www.gstatic.com         https://www.recaptcha.net         https://cdn.jsdelivr.net;       connect-src 'self'         https://www.google-analytics.com         https://www.googletagmanager.com         https://dap.digitalgov.gov         https://www.google.com         https://www.recaptcha.net;       img-src 'self' data: https:;       style-src 'self' 'unsafe-inline'         https://fonts.googleapis.com;       font-src 'self' data:         https://fonts.gstatic.com;       frame-src 'self'         https://cdn.embedly.com         https://www.youtube.com         https://i.ytimg.com         https://www.google.com         https://www.recaptcha.net         https://recaptcha.net         https://s.recaptcha.net;       frame-ancestors 'self';       base-uri 'self';       form-action 'self'; 2
default-src 'self';connect-src 'self' google.com ipinfo.io *.amazonaws.com *.bigcontent.io *.cardinalcommerce.com *.cloudflare.com *.hotjar.io *.facebook.com *.google-analytics.com *.google.com *.hasbropulse.com *.ipify.org *.ipinfo.io *.ketchcdn.com *.ketchjs.com *.klaviyo.com *.launchdarkly.com *.online-metrix.net *.optimizely.com *.paypal.com *.pingone.com *.postcodeanywhere.co.uk *.px-cloud.net *.reddit.com *.redditstatic.com *.usablenet.com *.yotpo.com *.zdassets.com *.zendesk.com *.zopim.com browser-intake-datadoghq.com api.cquotient.com wss://ws.hotjar.com wss://widget-mediator.zopim.com;font-src 'self' data: *.bootstrapcdn.com *.cloudflare.com *.gstatic.com *.hotjar.com *.klaviyo.com *.yotpo.com;frame-ancestors 'self' *.amplience.net *.hasbropulse.com pay.google.com;frame-src 'self' *.cardinalcommerce.com *.cybersource.com *.facebook.com *.google.com *.online-metrix.net *.optimizely.com *.paypal.com *.youtube-nocookie.com;img-src 'self' data: *.amplience.net *.bigcontent.io *.cloudflare.com *.facebook.com *.googletagmanager.com *.gstatic.com *.ketchcdn.com *.online-metrix.net *.postcodeanywhere.co.uk *.reddit.com *.usablenet.com *.yotpo.com *.ytimg.com;media-src 'self' *.amplience.net *.bigcontent.io;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cardinalcommerce.com *.cloudflare.com *.cybersource.com *.cquotient.com *.datadoghq-browser-agent.com *.facebook.com *.facebook.net *.getshogun.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hasbropulse.com *.hotjar.com *.ketchcdn.com *.ketchjs.com *.klaviyo.com *.online-metrix.net *.optimizely.com *.paypal.com *.paypalobjects.com *.pcapredict.com *.pingone.com *.postcodeanywhere.co.uk *.px-cloud.net *.redditstatic.com *.usablenet.com *.yotpo.com *.zdassets.com *.zopim.com storage.googleapis.com;script-src-elem 'self' 'unsafe-inline' *.cardinalcommerce.com *.cloudflare.com *.cybersource.com *.cquotient.com *.datadoghq-browser-agent.com *.facebook.com *.facebook.net *.getshogun.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hasbropulse.com *.hotjar.com *.ketchcdn.com *.ketchjs.com *.klaviyo.com *.online-metrix.net *.optimizely.com *.paypal.com *.paypalobjects.com *.pcapredict.com *.pingone.com *.postcodeanywhere.co.uk *.px-cloud.net *.redditstatic.com *.usablenet.com *.yotpo.com *.zdassets.com *.zopim.com storage.googleapis.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com *.getshogun.com *.googleapis.com *.pingone.com *.postcodeanywhere.co.uk *.usablenet.com *.yotpo.com;style-src-elem 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com *.getshogun.com *.googleapis.com *.pingone.com *.postcodeanywhere.co.uk *.usablenet.com *.yotpo.com;worker-src 'self' blob: *.hasbropulse.com;upgrade-insecure-requests 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://web.cmp.usercentrics.eu/ https://*.vgrblogg.se/ https://*.boost.ai/ https://*.entryscape.com https://*.stratsys.com/ registry.dataportalvast.se https://piwik-ext.vgregion.se/ https://piwik-ext.vgregion.se/piwik.js https://*.vgregion.se https://*.vimeocdn.com https://player.vimeo.com/ https://www.youtube.com https://cdn.siteimprove.net/ https://vgrintern.boost.ai https://vgregion.esmaker.net/ https://ssl.webserviceaward.com/; style-src 'unsafe-inline' 'self' https://*.vgrblogg.se/ https://*.vimeocdn.com https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.stratsys.com/ registry.dataportalvast.se https://*.vgregion.se https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://consent-api.service.consent.usercentrics.eu/ https://v1.api.service.cmp.usercentrics.eu/ https://*.vgrblogg.se/ https://*.boost.ai/ https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.vimeocdn.com registry.dataportalvast.se https://piwik-ext.vgregion.se/ https://nominatim.openstreetmap.org https://*.vgregion.se https://id.siteimprove.com https://my2.siteimprove.com/ https://vgrintern.boost.ai https://td.azure-api.net/ *.t-d.se; font-src 'self' data: https://static.entryscape.com/ https://static2.sharepointonline.com/ https://players.cupix.com/*; frame-src  'self' https://*.siteimprove.com/ https://*.vgrblogg.se/ https://sketchfab.com/ https://play.gu.se/ https://forms.office.com/ https://*.microsoftstream.com/ https://nominatim.openstreetmap.org https://www.google.com https://maps.google.se https://e.infogram.com https://vimeo.com https://player.vimeo.com https://www.youtube.com https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com https://players.cupix.com/; img-src 'self' data: https://app.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://*.vgrblogg.se/ https://maps.lantmateriet.se https://ssl.webserviceaward.com/wsc/  https://i.vimeocdn.com/ https://i.ytimg.com/ https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com https://*.amazonaws.com/ https://sahlgrenskaliv.se/ https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com blob:; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' *.vgrblogg.se *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com ; 2
img-src hm.vostok.zone35.net *.b-ite.com *.hm.edu flockler.com fl-1.cdn.flockler.com social-proxy.flocklr.com media-api.flockler.com media.licdn.com cloud.ccm19.de *.cdninstagram.com *.xx.fbcdn.net 'self' data:; font-src *.assisto.beranet.de formulare.hm.edu formulare-test.hm.edu assets.hm.edu mediapool.hm.edu mediapool-prem.hm.edu data:; script-src *.assisto.beranet.de *.b-ite.com plugins.flockler.com matomo.hm.edu assets.hm.edu mediapool.hm.edu mediapool-prem.hm.edu cloud.ccm19.de 'unsafe-inline'; script-src-elem *.assisto.beranet.de *.b-ite.com plugins.flockler.com matomo.hm.edu formulare.hm.edu formulare-test.hm.edu assets.hm.edu mediapool.hm.edu mediapool-prem.hm.edu cloud.ccm19.de 'unsafe-inline' 'self'; script-src-attr 'unsafe-inline'; connect-src wss://hm.vostok.zone35.net cdn.jsdelivr.net hm.vostok.zone35.net *.beranet.de hm-edu-search-api.e-spirit.cloud *.b-ite.com stats-api.flockler.app api.flockler.app *.hm.edu cloud.ccm19.de matomo.hm.edu; style-src *.assisto.beranet.de *.b-ite.com assets.hm.edu mediapool.hm.edu mediapool-prem.hm.edu cloud.ccm19.de 'unsafe-inline'; style-src-elem *.assisto.beranet.de *.b-ite.com formulare.hm.edu formulare-test.hm.edu mediapool.hm.edu mediapool-prem.hm.edu assets.hm.edu cloud.ccm19.de 'unsafe-inline'; style-src-attr 'unsafe-inline'; default-src 'self' matomo.hm.edu search.hm.edu formulare.hm.edu formulare-test.hm.edu cloud.ccm19.de assets.hm.edu mediapool.hm.edu mediapool-prem.hm.edu 'unsafe-inline'; media-src 'self' dms.licdn.com media-api.flockler.com data:; frame-src 'self' cloud.ccm19.de mstream.hm.edu www.youtube.com www.youtube-nocookie.com media-api.flockler.com *.cloudflarestream.com; child-src 'self'; frame-ancestors 'none'; base-uri 'self'; worker-src 'none'; manifest-src 'none'; report-to https://sentry.hm.edu/api/9/security/?sentry_key=3d6f839d908181cf6622e6f584d2efe3; report-uri https://sentry.hm.edu/api/9/security/?sentry_key=3d6f839d908181cf6622e6f584d2efe3; 2
default-src 'self'; font-src 'self' data: https://cdn.givechariot.com https://cdn.jdrf.design https://cdn.acsbapp.com https://doublethedonation.com/fonts/inter/ https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://cloud.typography.com *.userway.org matchbox.hepdata.com; frame-ancestors 'self'; frame-src 'self' blob: https://*.blackbaud.com https://*.googletagmanager.com https://*.cdn.optimizely.com https://secure.dafpay.com https://chatbot.breakthrought1d.org *.userway.org https://www.tiktok.com https://platform.twitter.com https://ndam-landing-page.s3.amazonaws.com https://widget.thegivingblock.com https://td.doubleclick.net https://word.rodeo https://prod-useast-b.online.tableau.com https://www2.breakthrought1d.org https://crosswordlabs.com https://jdrf.massrel.io https://*.jdrfoverlays.com https://jdrfoverlays.com https://tgbwidget.com https://public.tableau.com https://app.hubspot.com https://www.youtube-nocookie.com https://a597080980.cdn.optimizely.com https://wp.freemius.com https://player.vimeo.com https://antidote.me https://www.youtube.com https://public.domo.com https://www.google.com https://www.facebook.com https://www.matchinggifts.com https://ww2.matchinggifts.com https://javamatch.matchinggifts.com https://x.adroll.com; img-src 'self' blob: https://img.youtube.com/ https://*.adentifi.com https://doublethedonation.com/api/img/ https://www.facebook.com/ https://connect.facebook.net https://s.amazon-adsystem.com/ https://cm.g.doubleclick.net https://public.tableau.com/static/images/Ma/MapsActiveGrants-US/MapsActiveGrants-US/1.png https://public.tableau.com/static/images/7N/7NPFK7P5M/1.png data: https://www.dafdirect.org https://ipv4.d.adroll.com https://x.bidswitch.net https://*.reson8.com https://reson8.com https://idsync.rlcdn.com https://dsum-sec.casalemedia.com https://sync.srv.stackadapt.com https://tags.bluekai.com  https://dpm.demdex.net https://usermatch.krxd.net  https://cms.analytics.yahoo.com https://pixel.rubiconproject.com https://us-u.openx.net https://sync.taboola.com  https://image2.pubmatic.com https://sync.outbrain.com https://ib.adnxs.com *.userway.org https://ups.analytics.yahoo.com  https://eb2.3lift.com https://d.adroll.com  https://pixel.quantserve.com https://cdn.acsbapp.com https://gravatar.com https://s3-us-west-2.amazonaws.com https://wpstorelocator.co https://khms0.googleapis.com https://khms1.googleapis.com https://s38924.pcdn.co https://gravityforms.s3.amazonaws.com https://s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://marvel-processor.bc0a.com https://updates.bnecreative.com https://s.w.org https://ps.w.org https://a1.b0e8.com https://marvel-b1-cdn.bc0a.com https://www.google.co.in https://googleads.g.doubleclick.net https://*.wpengine.com https://bat.bing.com https://nova.collect.igodigital.com https://p.typekit.net https://secure.gravatar.com https://sp.analytics.yahoo.com https://www.google-analytics.com https://www.google.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com *.ads.linkedin.com ajax.googleapis.com; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://6467beef974ac544f93aa9e8.endpoint.csper.io https://www2.breakthrought1d.org; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://tags.srv.stackadapt.com https://secure.dafpay.com https://cdn.givechariot.com https://chatbot.breakthrought1d.org https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js https://*.adentifi.com https://widget.thegivingblock.com/widget/script.js https://doublethedonation.com/api/js/ddplugin.js *.userway.org https://platform.twitter.com https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.js https://www.tiktok.com/embed.js https://www.gstatic.com https://app.blackbaud.com https://sdk.amazonaws.com/js/aws-sdk-2.927.0.min.js https://code.jquery.com/jquery-3.6.0.min.js https://www.harborcompliance.com/js/dynamic-disclosures.js https://online.tableau.com/javascripts/api/tableau.embedding.3.latest.min.js https://prod-useast-b.online.tableau.com/javascripts/api/tableau.embedding.3.latest.js https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js https://www.dafdirect.org https://public.tableau.com/javascripts/api/viz_v1.js https://analytics.tiktok.com https://d.adroll.com https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/js/select2.min.js https://js.dev.shift4.com/shift4.js https://s.adroll.com https://cdn.segment.com https://js.hs-scripts.com https://ajax.aspnetcdn.com https://djtflbt20bdde.cloudfront.net https://player.vimeo.com https://antidote.me https://www.google.com https://cdn.optimizely.com https://maps.googleapis.com https://cdn.jsdelivr.net https://marvel-b2-cdn.bc0a.com https://cdn.b0e8.com https://cdn.mxpnl.com https://acsbapp.com https://*.collect.igodigital.com https://bat.bing.com https://connect.facebook.net https://*.doubleclick.net https://s.yimg.com https://s3.amazonaws.com https://*.hotjar.com https://secure.adnxs.com https://unpkg.com https://use.typekit.net https://walls.io https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://www2.breakthrought1d.org https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com snap.licdn.com https://ams.wpml.org; style-src 'report-sample' 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://cdn.givechariot.com https://doublethedonation.com/api/css/ddplugin.css *.userway.org https://ams.wpml.org https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.css https://www.dafdirect.org https://ajax.googleapis.com https://rgsharedweb.s3.amazonaws.com https://use.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css https://use.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cloud.typography.com matchbox.hepdata.com; worker-src 'self' blob: https://www.breakthrought1d.org https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is *.userway.org; connect-src 'self' https://www.facebook.com https://tags.srv.stackadapt.com https://*.givechariot.com https://mpc-prod-14-s6uit34pua-ue.a.run.app/events https://demo-1.conversionsapigateway.com/ https://test-drive-20-1053047382554.us-central1.run.app/ https://unpkg.com/ https://www.google.com/ccm/collect *.userway.org https://doublethedonation.com/api/v1/ https://ndam-landing-page.s3.amazonaws.com https://bt1d-320050302261.s3-accesspoint.us-east-1.amazonaws.com https://www.harborcompliance.com/dynamic-disclosures/public-api/subscriptions/fb24b4c8-2b27-4d65-86d7-e37bff85eb69 https://prod-useast-b.online.tableau.com/vizportal/api/web/v1/auth/embed/signin https://analytics.google.com https://*.optimizely.com https://optimizely.com https://*.hubspot.com https://hubspot.com https://pixel.quantcount.com https://spreadsheets.google.com https://host-v618rd.api.swiftype.com https://metrics.hotjar.io https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://content.hotjar.io wss://ws.hotjar.com https://in.hotjar.com https://www2.breakthrought1d.org https://acsbapp.com https://errors.client.optimizely.com https://my.yoast.com https://vc.hotjar.io https://my.wpengine.com https://yoast.com https://www.google-analytics.com https://www.google.co.in https://cdn.acsbapp.com https://logx.optimizely.com https://maps.googleapis.com https://s.yimg.com https://stats.g.doubleclick.net https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com *.ads.linkedin.com bat.bing.com https://ams.wpml.org; 2
default-src 'self'; font-src 'self' fonts.bunny.net data:; img-src 'self' matomo.sib.swiss fonts.googleapis.com fonts.gstatic.com data: blob: ui-avatars.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.sib.swiss  https://unpkg.com; style-src 'self' fonts.bunny.net 'unsafe-inline' https://unpkg.com; connect-src 'self' matomo.sib.swiss https://chat.expasy.org; 2
frame-ancestors 'self' https://admin.akjournals.com 2
default-src * 'unsafe-inline' 'unsafe-eval' data:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://a.cms.omniupdate.com; 2
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com *.visualwebsiteoptimizer.com; frame-ancestors 'self' https://cms.suempresa.com; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com  https://googleads.g.doubleclick.net; upgrade-insecure-requests; worker-src blob:; 2
style-src 'self' 'unsafe-inline'; form-action 'self' 2
frame-ancestors 'self' https://*.playojo.com https://*.skillonnet.com https://skillonnet.com https://*.netdnstrace.com https://netdnstrace.com https://*.netdnstrace1.com https://netdnstrace1.com https://*.skilldnsproc.com https://skilldnsproc.com https://*.skillprocessing.com https://skillprocessing.com https://*.safe-communication.com https://safe-communication.com https://*.image-tech-storage.com https://image-tech-storage.com https://*.kineticdigital.com; 2
default-src 'self' https://*.tataplay.com blob:; connect-src 'self' https://*.google.com https://dev.fido.ashieldhub.com/ https://www.clarity.ms/ https://*.clarity.ms/ https://col.site24x7rum.com https://app.litmusworld.com https://*.tataplay.com https://*.tatasky.com https://*.g.doubleclick.net https://logs.juspay.in https://payments.juspay.in https://*.taboola.com/ https://www.google-analytics.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://s.yimg.com https://e3zogked5l.execute-api.us-west-2.amazonaws.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://rs.fullstory.com/ https://maps.googleapis.com/ https://analytics.google.com/ https://wafs.mfilterit.net/ https://assets.juspay.in/ https://tr.outbrain.com/ https://*.bing.com https://*.outbrain.com https://staging.litmusworld.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sf16-muse-va.ibytedtos.com https://s0.ipstatp.com https://static.bytedance.com https://a.quora.com https://bat.bing.com https://www.googletagservices.com https://maps.googleapis.com https://code.jquery.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.sokrati.com https://ad.doubleclick.net https://www.googleadservices.com https://static.site24x7rum.com https://tagmanager.google.com https://ssl.gstatic.com https://www.tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://*.google.co.in/ https://www.gstatic.com/recaptcha/ https://*.twitter.com/ https://*.twimg.com/ https://www.youtube.com/ https://s.ytimg.com/ https://*.googlesyndication.com/ https://*.taboola.com/ https://payments.juspay.in/ https://static.ads-twitter.com/ https://cdn.invitereferrals.com/ https://www.googleoptimize.com/ https://optimize.google.com https://www.ref-r.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://aax-eu.amazon-adsystem.com https://s.yimg.com https://sp.analytics.yahoo.com/ https://script.mfilterit.net/ https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://sokrati.g2afse.com/ https://d2yjce5oayglmo.cloudfront.net/ https://uathelpchat.tataplay.com/ https://edge.fullstory.com/ https://rs.fullstory.com/ https://amplify.outbrain.com/ https://www.clarity.ms/ https://*.clarity.ms/ https://helpchat.tataplay.com/ https://public.releases.juspay.in/ https://tr.outbrain.com/ https://wave.outbrain.com/ ; img-src 'self' https://*.videoready.tv/ https://mediaready.videoready.tv/ https://uat.tstatic.videoready.tv/ https://business-sg.topbuzz.com https://business.topbuzz.com https://q.quora.com https://www.ref-r.com https://bat.bing.com https://maps.gstatic.com https://maps.googleapis.com https://*.facebook.com https://*.sokrati.com https://www.google.com https://www.google.co.in https://*.fls.doubleclick.net https://*.linkedin.com https://www.googleadservices.com https://*.g.doubleclick.net https://tagmanager.google.com https://www.google-analytics.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://ad.doubleclick.net/ https://*.google.com/ https://*.google.co.in/ https://*.tataplay.com https://*.tatasky.com/ https://*.taboola.com/ https://secure.adnxs.com/ https://optimize.google.com https://www.gstatic.com/ https://aax-eu.amazon-adsystem.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/  https://*.googleusercontent.com/ https://*.ggpht.com/ https://sp.analytics.yahoo.com/ https://sokrati.g2afse.com/ https://tr.outbrain.com https://www.googletagmanager.com https://uat.tstatic.videoready.tv/ https://tstatic.videoready.tv/ data: blob:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://optimize.google.com https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://cdn.invitereferrals.com/ ; font-src 'self' https://*.tataplay.com https://*.tatasky.com/ https://tagmanager.google.com https://fonts.gstatic.com https://ssl.gstatic.com https://optimize.google.com data: ; frame-src 'self' tez: phonepe: paytmmp: upi: bytedance: https://*.googletagmanager.com https://*.juspay.in/ https://td.doubleclick.net https://*.g.doubleclick.net https://*.fls.doubleclick.net https://app.litmusworld.com https://www.youtube.com https://www.google.com/ https://uat.help.tatasky.com https://www.facebook.com/ https://*.twitter.com/ https://*.twimg.com/ https://www.ref-r.com/ https://player.vimeo.com/ https://payments.juspay.in/ https://optimize.google.com https://youtu.be/ https://docs.google.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://d2yjce5oayglmo.cloudfront.net/ https://uathelpchat.tataplay.com/ https://helpchat.tataplay.com/ https://gethelpuat2.tatasky.com/ https://help.tatasky.com/ https://staging.litmusworld.com/ https://public.releases.juspay.in/ data: blob:; object-src 'self' https://docs.google.com/ data: blob:; frame-ancestors https://*.tataplay.com https://*.tatasky.com ; 2
frame-ancestors *; default-src 'self'; frame-src 'self' unicaja.webfg.com unicaja-uat.webfg.com www.liberbank.es www.tarjetaplaystation.com univia.unicaja.es univiapru.unicaja.es hola.unicajabanco.es *.doubleclick.net 8020496.fls.doubleclick.net 8499384.fls.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net  pagead2.googlesyndication.com region1.analytics.google.com adservice.google.com www.google.es www.youtube.com www.google.com asp.quefondos.com unicajabanco-backend.flumotion.com player.vimeo.com www.facebook.com connect.facebook.net *.teads.tv track.adform.net vars.hotjar.com optimize.google.com *.weborama.fr *.qualtrics.com data.unicajabanco.es *.tiktok.com analytics-ipv6.tiktokw.us *.afi.es *.outbrain.com *.tradedoubler.com a.imgstatics.com; media-src *; img-src 'self' *.contentsquare.net *.qualtrics.com *.taboola.com *.clarity.ms data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.gstatic.com www.gstatic.com *.doubleclick.net 8020496.fls.doubleclick.net 8499384.fls.doubleclick.net www.unicajabanco.es www.youtube.com www.google.com www.google-analytics.com maps.googleapis.com www.facebook.com connect.facebook.net *.teads.tv googleads.g.doubleclick.net stats.g.doubleclick.net pagead2.googlesyndication.com region1.analytics.google.com adservice.google.com www.google.es www.googleadservices.com www.unicajabanco.com unicaja-prod.adobecqms.net chat.kommunicate.io *.adform.net *.googletagmanager.com cdnjs.cloudflare.com widget.kommunicate.io www.unicajabanco.es.seg.js www.unicajabanco.com.seg.js cdn.kommunicate.io cdn.applozic.com cdn.cookielaw.org uimarketpro.com asp.quefondos.com storage.googleapis.com static.hotjar.com script.hotjar.com www.googleoptimize.com optimize.google.com tagmanager.google.com hercial-thurch.com t.contentsquare.net app.contentsquare.com *.weborama.fr *.visualwebsiteoptimizer.com *.qualtrics.com data.unicajabanco.es *.tiktok.com analytics-ipv6.tiktokw.us *.afi.es *.outbrain.com *.tradedoubler.com a.imgstatics.com *.taboola.com *.clarity.ms; child-src blob:; worker-src blob:; style-src * 'unsafe-inline'; font-src *; connect-src 'self' *.contentsquare.net *.qualtrics.com blob: data: * 2
frame-ancestors 'self' *.bnc.ca *.nbc.ca; 2
frame-ancestors 'self' https://mydrive.univ-st-etienne.fr https://mydrive-ng.univ-st-etienne.fr https://laboratoirehubertcurien.univ-st-etienne.fr https://sesame.univ-st-etienne.fr 2
frame-ancestors 'self' *.microsoft.com *.sharepoint.com *.tarimorman.gov.tr *.com.tr *.gov.tr *.com 2
frame-ancestors 'self' *.meutudo.app https://www.google.com https://meutudo.api.useinsider.com https://event.getblue.io https://s.amazon-adsystem.com googleads.g.doubleclick.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://no-cdn.convertexperiments.com https://cdn.amplitude.com/libs/analytics-browser-2.4.1-min.js.gz https://app.varify.io https://editor.varify.io *.api.useinsider.com https://www.trustedsite.com/rpc/ajax *.amazon-adsystem.com *.gstatic.com https://cdn-4.convertexperiments.com/js/10041799-10042103.js https://dashboard.purplemetrics.com.br/widget/js/widget.js https://www.trustedsite.com/rpc/tmjs/meutudo.com.br/visit https://cdn.ywxi.net *.facebook.net https://event.getblue.io https://meutudo.api.useinsider.com https://api.useinsider.com/sw.js https://s1.kwai.net/ https://static.hotjar.com https://script.hotjar.com https://widget.getblue.io/event/ *.clarity.ms *.google.com https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com googleads.g.doubleclick.net; 2
default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://code.jquery.com https://widget.trustpilot.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.datatables.net https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net/npm https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.bunny.net https://unpkg.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net/npm https://cdn.jsdelivr.net 'unsafe-inline'; img-src * data: blob:; font-src 'self' https://fonts.gstatic.com https://fonts.bunny.net; connect-src 'self' https://stats.revbid.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src 'self' https://widget.trustpilot.com https://www.google.com/ https://www.gstatic.com/; 2
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' https:; img-src 'self' https: data: blob:; font-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; frame-src 'self' https:; worker-src 'self' blob:; child-src 'self' blob:; media-src 'self' https: blob: data:; upgrade-insecure-requests; block-all-mixed-content 2
default-src 'self'  https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://*.yandex.ru https://*.yandex.com; 2
default-src *; 		child-src 'self' blob:; 		connect-src * blob: ws: wss:; 		frame-src 'self' www.googletagmanager.com api.foxentry.cz www.databreakers.com cdn.msgok.net 			www.mall.tv mall.fameplay.tv fameplay.tv www.google.com 			www.youtube.com creativecdn.com sketchfab.com 			socialplugin.facebook.net www.kdukvh.com tcp.googlesyndication.com 			www.zbozi.cz 			cj.dotomi.com 			open.spotify.com 			payu.com secure.payu.com merch-prod.snd.payu.com 			cpx.smind.hr cpx.smind.si 			data:; 		script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mall.cz *.mall.sk *.mall.hr *.mall.hu *.mall.pl *.mimovrste.com 			*.google-analytics.com ajax.googleapis.com mallgroup-api.exponea.com supine.io *.clarity.ms www.googleadservices.com 			download.databreakers.com connect.facebook.net api.mapy.cz *.cdn.nrholding.net 			c.seznam.cz tpc.googlesyndication.com www.zbozi.cz cdn.msgok.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 			translate.google.com cdnjs.cloudflare.com cdn.jsdelivr.net cloudflare.hcaptcha.com static.cloudflareinsights.com 			www.googletagmanager.com *.foxentry.cz im9.cz/js/ bat.bing.com *.adform.net static.criteo.net sslwidget.criteo.com 			*.mallgroup.com yottlyscript.com login.dognet.sk etargetnet.com secure.smartform.cz 4w.smartform.cz 			ssl.heureka.cz ssl.heureka.sk http://localhost:* *.cs.mall.local *.cs.mall.test www.arukereso.hu 			tracking.channelsight.com ngastatic.com/s4c/tracker.js sk.search.etargetnet.com/j/ 			*.mczbf.com *.cj.com *.payu.com 			unpkg.com/leaflet@1.9.4/dist/leaflet.js https://unpkg.com/leaflet.markercluster@1.4.1/dist/leaflet.markercluster.js 			*.mgit.cz *.smind.hr *.smind.si; 		style-src * 'unsafe-inline'; 		img-src * data:; 		object-src 'none' 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://*.carnivalcloud.net https://www.kayak.com http://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.com http://carnivalmeetings.wuata.com https://carnivalmeetings.wuata.com https://carnivalmeetings.com https://*.goccl.com.au http://carnivalmeetings.com.s227501.gridserver.com https://carnivalmeetings.com.s227501.gridserver.com/ https://carnivalmeetings.prod.carnivalcloud.net; worker-src blob: 2
object-src 'none'; block-all-mixed-content 2
frame-ancestors 'self' https://*.cibc.com https://*.cibc.mobi https://*.simplii.com; 2
frame-ancestors 'self' *.sartorius.com service.ariba.com www.service.ariba.com s1.ariba.com www.s1.ariba.com service-2.ariba.com www.service-2.ariba.com s1-eu.stc.ariba.com *.ariba.com *.coupa.com *.govsci.com govsci.com *.sciquest.com *.coupahost.com *.coupadev.com *.compute.amazonaws.com *.netsuite.com *.shop.sartorius.com *.shop.sartorius.com.cn; 2
report-to csp-endpoint;object-src 'none'; base-uri 'self'; 2
frame-ancestors self https://dol.com.br/ https://elitecs.gruporba.com.br/ https://ed.dol.com.br/ https://diariodopara.com.br/ 2
font-src 'self' data: https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://www.google.com https://www.google.co.za https://icon.widen.net *.prod.acquia-sites.com https://px.ads.linkedin.com https://cdn.cookielaw.org https://www.facebook.com https://ade.googlesyndication.com https://*.widencdn.net https://metrics.brightcove.com https://www.google-analytics.com https://*.boltdns.net https://www.googletagmanager.com https://tracking.monsido.com https://hostedseal.trustarc.com https://*.mapi-trust.org https://*.accellacare.com https://*.iconplc.com https://cdn.jsdelivr.net https://cdn.monsido.com/page-assist/v2/assets/img/uaccess.svg https://cdn.monsido.com/page-assist/v2/assets/img/default-spinner.png; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com apis.google.com js-agent.newrelic.com https://cdn.cookielaw.org gtm.js www.tagassistant.google.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' data: https://www.googletagmanager.com https://bat.bing.com https://pi.pardot.com js-agent.newrelic.com https://www.google-analytics.com www.google.com apis.google.com https://connect.facebook.net https://cdn.cookielaw.org https://www2.iconplc.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://s.go-mpulse.net https://app-script.monsido.com/v2/monsido-script.js https://heatmaps.monsido.com/v1/heatmaps.js https://www.gstatic.com https://snap.licdn.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://googleads.g.doubleclick.net https://static.searchstax.com https://cdn.monsido.com/page-assist/v2/mon-page-assist-loader.js https://cdn.monsido.com/page-assist/v2/mon-page-assist.js https://cdn.jsdelivr.net https://www.google.com; style-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://players.brightcove.net https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fast.fonts.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://players.brightcove.net https://unpkg.com; worker-src 'self' blob:; frame-ancestors 'self' 2
default-src 'none'; child-src 'self'; connect-src 'self' *.ads.linkedin.com *.bazaarvoice.com *.blob.core.windows.net *.boltdns.net *.brightcove.com *.brightcovecdn.com *.clarity.ms *.cloudfront.net *.commerce.insitesandbox.com *.cookielaw.org *.copeland.com *.doubleclick.net *.ecorebates.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.mapbox.com *.mavenoid.com *.mavenoidfiles.com *.omappapi.com *.onetrust.com *.optimizely.com *.pricespider.com *.pusher.com *.qualtrics.com *.secure.force.com *.segment.com *.segment.io *.sentry.io *.stackadapt.com *.tiles.mapbox.com *.userflow.com *.youku.com *.zaius.com api.mapbox.com ds360.co edge.api.brightcove.com mavenoidfiles.com maweb.copeland.com players.brightcove.net prd-commerce.copeland.com prd-commerce.sensi.copeland.com sensiapi.io wss://*.mavenoid.com wss://*.pusher.com wss://*.twilio.com wss://*.userflow.com wss://api.mavenoid.com wss://twilio.com wss://ws.hotjar.com/; font-src 'self' data: *.cloudfront.net *.ecorebates.com *.gstatic.com *.mavenoid.com *.typekit.net https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/; frame-src 'self' *.amazon-adsystem.com *.cdn.optimizely.com *.copeland.com *.doubleclick.net *.google.com *.mavenoid.com *.qualtrics.com *.surveymonkey.com *.youku.com *.youtube.com app.cypheme.com cg.optimizely.com fastcomments.com flex.cybersource.com https://www.googletagmanager.com oversight.copeland.com players.brightcove.net service.force.com static.addtoany.com; img-src 'self' data: *.ads.linkedin.com *.akamaihd.net *.baidu.com *.bazaarvoice.com *.bing.com *.boltdns.net *.brightcove.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.cookielaw.org *.copeland.com *.doubleclick.net *.facebook.com *.google.com *.google.com.hk *.google.com.ph *.google.com.sg *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.cn *.linkedin.com *.mavenoidfiles.com *.omappapi.com *.pricespider.com *.qualtrics.com *.rnengage.com *.s3.amazonaws.com *.smassets.net *.srv.stackadapt.com *.usea01.idio.episerver.net *.zaius.com ds360.co files.bugherd.com mavenoidfiles.com media.copeland.com players.brightcove.net www.bugherd.com; media-src 'self' blob: *.akafms.net *.akamaihd.net *.boltdns.net *.brightcovecdn.com *.cf.brightcove.com *.copeland.com *.llnw.net *.llnwd.net *.mavenoid.com *.mavenoidfiles.com *.media.brightcove.com; script-src-elem 'self' 'unsafe-inline' *.ads-twitter.com *.azalead.com *.baidu.com *.bazaarvoice.com *.brightcove.com *.brightcovecdn.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.cookielaw.org *.copeland.com *.dwin1.com *.ecorebates.com *.en25.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.hotjar.com *.igodigital.com *.jsdelivr.net *.licdn.com *.lightning.force.com *.mavenoid.com *.omappapi.com *.optimizely.com *.pricespider.com *.qualtrics.com *.rnengage.com *.salesforce.com *.salesforceliveagent.com *.secure.force.com *.stackadapt.com *.surveymonkey.com *.tiles.mapbox.com *.usea01.idio.episerver.net *.userflow.com *.youku.com *.youtube.com cdn.fastcomments.com copeland-latam.custhelp.com copeland.custhelp.com copeland.widget.custhelp.com ds360.co flex.cybersource.com https://copeland-latam.custhelp.com https://copeland-latam.widget.custhelp.com https://www.googletagmanager.com players.brightcove.net service.force.com static.addtoany.com unpkg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cdn.optimizely.com *.cloudfront.net *.episerver.net *.optimizely.com *.srv.stackadapt.com *.usea01.idio.episerver.net *.youku.com cdn.fastcomments.com players.brightcove.net vjs.zencdn.net; style-src-elem 'self' 'unsafe-inline' *.bazaarvoice.com *.ecorebates.com *.googleapis.com *.jsdelivr.net *.omappapi.com *.pricespider.com *.secure.force.com *.stackadapt.com *.tiles.mapbox.com *.typekit.net *.youku.com copeland.custhelp.com copeland.widget.custhelp.com https://copeland-latam.widget.custhelp.com service.force.com; style-src 'self' 'unsafe-inline' players.brightcove.net; frame-ancestors *.copeland.com *.emerson.cn *.emerson.com *.oversight.copeland.com cope01mstrkhh65prod-slot.dxcloud.episerver.net cope01mstrkhh65prod.dxcloud.episerver.net copeland.pathfactory.com fastcomments.com oversight.copeland.com; worker-src blob: *.copeland.com *.sensi.copeland.com; 2
default-src 'self' https://b2b-experiences.nequi.com.co/ https://cdnjs.cloudflare.com/ https://b2b-experiences-dev.bancadigital.com.co/ https://b2b-experiences-qa.bancadigital.com.co/ https://captcha-qa.bancadigital.com.co/ https://www.googletagmanager.com/ https://www.clarity.ms/ https://*.dynamicyield.com https://*.dy-api.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* https://fonts.googleapis.com https://fonts.gstatic.com https://zendesk-eu.my.sentry.io https://web-components-dev.bancadigital.com.co/ https://sdk.twilio.com https://eventgw.twilio.com wss://nequi.zendesk.com wss://voice-js.roaming.twilio.com https://ajax.googleapis.com wss://api.smooch.io https://sdk.twilio.com https://zendesk-eu.my.sentry.io https://media.smooch.io https://api.smooch.io https://nequi.zendesk.com/ https://ekr.zendesk.com https://ekr.zdassets.com https://static.zdassets.com 'unsafe-inline' *.website-files.com cdn.jsdelivr.net https://ajax.googleapis.com fonts.googleapis.com 'unsafe-eval' blob:; script-src-elem 'self' https://challenges.cloudflare.com https://b2b-experiences.nequi.com.co/ https://cdnjs.cloudflare.com/ https://b2b-experiences-dev.bancadigital.com.co/ https://captcha-qa.bancadigital.com.co/ https://b2b-experiences-qa.bancadigital.com.co/ https://scripts.clarity.ms/ https://www.clarity.ms/ https://tracker.metricool.com/ wss://nequibotwebsocket.bancadigital.com.co/ https://cdn.prod.website-files.com cdn.prod.website-files.com https://d3e54v103j8qbb.cloudfront.net https://ekr.zdassets.com https://nequi.zendesk.com https://static.zdassets.com https://web-components-qa.bancadigital.com.co/ https://js-cdn.dynatrace.com/ https://apps.usw2.pure.cloud/ https://web-components.nequi.com.co/ https://*.dynamicyield.com 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/* *.visualwebsiteoptimizer.com app.vwo.com https://web-components-dev.bancadigital.com.co/ https://analytics.tiktok.com/ https://ajax.googleapis.com https://www.googletagservices.com/ https://securepubads.g.doubleclick.net/ http://127.0.0.1:5500/ https://us1.clevertap-prod.com/ https://static.elfsight.com/platform/platform.js https://cdn.jsdelivr.net/ https://static.ads-twitter.com https://tpc.googlesyndication.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://s.yimg.com https://www.google.com https://www.gstatic.com/ https://*.cloudfront.net/ https://*.website-files.com/ https://*.zdassets.com/ https://www.googletagmanager.com/; connect-src https://pagead2.googlesyndication.com/ https://www.facebook.com/ https://*.doubleclick.net https://*.google-analytics.com https://googleads.g.doubleclick.net/ https://www.google.com.co/ https://k.clarity.ms/ https://challenges.cloudflare.com https://z.clarity.ms/ https://captcha-qa.bancadigital.com.co/ https://b2b-experiences-qa.bancadigital.com.co/ https://a.clarity.ms/ https://v.clarity.ms/ https://mobile-app-assets.nequi.com/ https://static.zdassets.com/ https://o.clarity.ms/collect https://www.googleadservices.com/ https://www.googletagmanager.com/ https://l.clarity.ms/ https://n.clarity.ms/ https://rhaoyl43mj.execute-api.us-east-1.amazonaws.com/ https://rhaoyl43mj.execute-api.us-east-1.amazonaws.com/ https://analytics-ipv6.tiktokw.us/ https://tracker.metricool.com/ wss://nequibotwebsocket.bancadigital.com.co/ https://adservice.google.com/ https://us1.api.clevertap.com/1/counts/profiles.json https://iyl01250.live.dynatrace.com/ wss://websocketchatbot.bancadigital.com.co/ https://bf48591pze.bf.dynatrace.com/ wss://websocketchatbot-qa.bancadigital.com.co/ https://customer-engagement-chatbot-qa.bancadigital.com.co/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/ https://bf64848bdm.bf.dynatrace.com/ https://fileupload.usw2.pure.cloud/ wss://webmessaging.usw2.pure.cloud/ https://api.usw2.pure.cloud/ https://www.google.com/ https://api-cdn.usw2.pure.cloud/ https://customer-engagement-chatbot.bancadigital.com.co https://*.dynamicyield.com https://*.dy-api.com https://analytics.tiktok.com/ https://web-components-dev.bancadigital.com.co/ https://cdn.prod.website-files.com cdn.prod.website-files.com/ https://px.ads.linkedin.com 'self' https://widget-mediator.zopim.com https://zendesk-eu.my.sentry.io wss://voice-js.roaming.twilio.com wss://api.smooch.io https://sdk.twilio.com https://media.smooch.io https://api.smooch.io https://ekr.zendesk.com *.visualwebsiteoptimizer.com app.vwo.com https://securepubads.g.doubleclick.net/ https://nequi-colombia.webflow.io/ https://raw.githubusercontent.com https://ad.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://analytics.google.com https://*.nequi.com.co https://webflow-user-file-uploads-tmp-production.s3.amazonaws.com/ https://webflow.com/ https://s.yimg.com https://stats.g.doubleclick.net https://ekr.zdassets.com/ https://www.google-analytics.com https://nequi.zendesk.com/ https://zendesk-eu.my.sentry.io wss://widget-mediator.zopim.com; media-src https://mobile-app-assets.nequi.com/ https://cdnjs.cloudflare.com/ https://b2b-experiences-qa.bancadigital.com.co/ https://cdn.jsdelivr.net/ https://static.zdassets.com https://cdn.prod.website-files.com cdn.prod.website-files.com/ https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com/ https://static.zdassets.com; font-src https://cdn.prod.website-files.com cdn.prod.website-files.com https://assets.website-files.com https://fonts.gstatic.com data:; frame-src https://nequiprod.nequi.trustx.com/ https://challenges.cloudflare.com https://cdnjs.cloudflare.com/ https://v2assets.zopim.io https://nequitest.nequi.trustx.com https://apps.usw2.pure.cloud/ https://www.facebook.com/ https://www.googletagmanager.com https://heyzine.com/ https://geo-nequi.puntored.co/ https://public.transacciones.com.co/ app.vwo.com *.visualwebsiteoptimizer.com https://cdn.embedly.com/ https://w.soundcloud.com/ https://accounts.google.com/ https://drive.google.com/ https://www.youtube.com/ https://www.instagram.com/ https://status.nequi.com.co/ https://www.google.com/ https://tpc.googlesyndication.com/ https://*.doubleclick.net/; img-src https://cdnjs.cloudflare.com/ https://b2b-experiences-qa.bancadigital.com.co/ https://cdn.jsdelivr.net/ https://fonts.gstatic.com/ https://c.clarity.ms/ https://tracker.metricool.com/ https://cdn.prod.website-files.com cdn.prod.website-files.com https://v2assets.zopim.io https://nequi.zendesk.com https://static.zdassets.com https://adservice.google.com/ https://d3e54v103j8qbb.cloudfront.net/ https://cdn.prod.website-files.com cdn.prod.website-files.com/ https://ad.doubleclick.net 'self' https://www.nequi.com.co https://widget-mediator.zopim.com https://v2assets.zopim.io https://nequi.zendesk.com https://static.zdassets.com https://*.zdusercontent.com https://media.smooch.io https://accounts.zendesk.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.facebook.com https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google-analytics.com https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com https://www.google.com https://analytics.twitter.com https://t.co https://www.google.com.co https://*.dynamicyield.com data: 2
frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.ergocarbon.com *.ergo-reiseversicherung.de *.dkv.com *.erg.ravespace.cloud; 2
default-src https: data: blob: wss://*.zopim.com wss://*.hotjar.com wss://*.noibu.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://app.reskyt.com; upgrade-insecure-requests 2
default-src 'self' https://trillian.cachefly.net https://static.olark.com https://forms.hubspot.com; script-src 'self' https://trillian.cachefly.net https://*.olark.com https://www.google-analytics.com https://www.googletagmanager.com https://ct.capterra.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-banner.com; style-src 'self' https://trillian.cachefly.net https://static.olark.com 'unsafe-inline'; object-src 'none'; base-uri 'none'; connect-src 'self' https:; media-src 'self' https:; img-src 'self' http: https: data:; 2
frame-src *.nttdataservices.com *.nttdata.com *.google.com *.googletagmanager.com *.pardot.com *.ceros.com 'self' *.sitescout.com *.sharethis.com *.company-target.com *.hotjar.com *.facebook.net *.twitter.com *.youtube.com *.infogram.com *.jobdiva.com *.doubleclick.net *.adsrvr.org *.clarity.ms *.evidon.com; frame-ancestors 'self' *.nttdataservices.com *.nttdata.com; 2
default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 2
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.walkme.com https://analytics.tiktok.com https://connect.facebook.net https://extend.vimeocdn.com/ga/41833415.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10892526870/ https://js.adsrvr.org/up_loader.1.1.0.js https://maps.googleapis.com https://up.pixel.ad/assets/up.js https://www.gstatic.com https://*.clarity.ms https://cdn.jsdelivr.net/npm/publicalbum@latest/embed-ui.min.js https://platform.twitter.com https://player.vimeo.com/api/player.js https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://*.walkme.com; img-src 'self' blob: data: https://maps.googleapis.com https://pixel.sitescout.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://maps.gstatic.com https://*.prnewswire.com https://www.multivu.com https://ad.doubleclick.net https://ball.mediaroom.com https://filecache.mediaroom.com; connect-src 'self' https://analytics.tiktok.com https://maps.googleapis.com https://www.google-analytics.com https://*.walkme.com htttps://localhost:5001 https://localhost:44314 https://localhost:54518 https://*.clarity.ms https://www.googletagmanager.com https://ad.doubleclick.net https://insight.adsrvr.org https://www.google.com https://www.google.com/ccm/collect; font-src 'self' data: https://fonts.gstatic.com; object-src https://stream1.newswire.ca/static/StrobeMediaPlayback.swf; media-src 'self'; frame-src 'self' https://insight.adsrvr.org https://pixel.sitescout.com https://player.vimeo.com https://td.doubleclick.net https://video.ball.com https://www.youtube.com https://*.walkme.com https://pixel-sync.sitescout.com https://www.google.com https://tv.ball.com https://*.adsrvr.org https://*.prnewswire.com https://*.fls.doubleclick.net https://i.vimeocdn.com https://www.googletagmanager.com https://platform.twitter.com; frame-ancestors 'self' https://ball-com-2021-cms.bluemod.me/ https://vision-dev-cms.ball.com https://vision-test-cms.ball.com https://vision-cms.ball.com; worker-src 'none'; manifest-src 'self' 2
frame-ancestors 'self' *.download.com.vn download.com.vn *.download.vn download.vn *.softvn.com softvn.com *.quantrimang.com quantrimang.com *.meta.vn meta.vn *.vndoc.com vndoc.com *.gamevui.vn gamevui.vn *.hoatieu.vn hoatieu.vn 2
frame-ancestors 'self' *.katalon.com;; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; base-uri 'self'; 2
frame-ancestors *.shein.com https://www.shein.com.hk https://s1.shein.com https://www.shein.com.mx https://www.shein.co.uk https://www.shein.tw https://www.shein.se https://co.shein.com https://www.shein.com.co 2
frame-ancestors https://*.pressetext.com; 2
default-src 'self' data: https: wss: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.ampproject.org www.google.com sale.sulpak.kz www.googletagmanager.com tags.creativecdn.com recommender.scarabresearch.com cdn.retailrocket.ru app.blinger.io sulpak.api.useinsider.com eitri.api.useinsider.com connect.facebook.net content.mql5.com www.google-analytics.com www.googleadservices.com mc.yandex.ru static.hotjar.com script.hotjar.com googleads.g.doubleclick.net kaspi.kz static.demoup.com analytics.tiktok.com maps.googleapis.com code.jquery.com www.gstatic.com export.sulpak.kz media.flixfacts.com media.flixcar.com content.24ttl.stream button.loadbee.com assets.api.useinsider.com api-maps.yandex.ru yastatic.net suggest-maps.yandex.ru widget.devino.chat core-renderer-tiles.maps.yandex.net plerdy.com a.plerdy.com c.plerdy.com h.plerdy.com cdn.loadbee.com prod.flixgvid.flix360.io my.devino.chat widget-chat.devinotele.com epay.homebank.kz epay-oauth.homebank.kz creativecdn.com abt.s3.yandex.net ajax.cloudflare.com mw2.breezyx.space test-halykid.homebank.kz static.cloudflareinsights.com;style-src 'self' 'unsafe-inline' data: blob: www.google.com fonts.googleapis.com assets.api.useinsider.com media.flixcar.com media.flixfacts.com widget.devino.chat cdn.loadbee.com widget-chat.devinotele.com mw2.breezyx.space 2
default-src 'none'; connect-src 'self' https://*.getjerry.com https://*.jerry.ai https://growthbook-api.getjerry.app https://*.s3.us-west-2.amazonaws.com https://*.datadoghq.com https://browser-intake-datadoghq.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://verifi.podscribe.com https://ipv4.podscribe.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://vimeo.com; font-src 'self' https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai data: https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai https://www.googletagmanager.com https://td.doubleclick.net https://e.infogram.com https://embed.reddit.com https://www.tiktok.com bytedance: sslocal: https://player.vimeo.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' blob: data: https://images.ctfassets.net https://jerry-uploads-prod.s3.amazonaws.com https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai https://secure.gravatar.com https://i2.ytimg.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://verifi.podscribe.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://i.vimeocdn.com https://i.ytimg.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai https://cdn.jsdelivr.net https://www.datadoghq-browser-agent.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://e.infogram.com https://d34r8q7sht0t9k.cloudfront.net https://embed.reddit.com https://www.tiktok.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://player.vimeo.com https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai https://cdn.jsdelivr.net https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; worker-src 'self' https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests 2
default-src https:; script-src 'unsafe-inline' blob: https: 'unsafe-eval' https://crossway.my.salesforce.com; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2
block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net  *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2
frame-ancestors 'self' localhost:* https://*.sanity.studio https://*.ingress.npstage.lan https://joi.com https://*.joi.com https://joi.ai https://*.joi.ai https://www.sanity.io 2
frame-ancestors 'self' http://*.vde.com; 2
default-src 'self' blob:; frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.makehook.ws https://js.boxx.ai https://*.boxx.ai https://cdn-app6.securiti.ai https://tr.snapchat.com https://scripts.clarity.ms/* https://scripts.clarity.ms/ https://*.clarity.ms https://sc-static.net https://www.clarity.ms *.visualwebsiteoptimizer.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com app.vwo.com https://cdn.ampproject.org https://www.youtube.com/iframe_api https://*.intellectadz.com https://*.haptikapi.com https://app.vwo.com https://www.youtube.com https://*.criteo.com https://gtms2s.maxlifeinsurance.com https://*.axismaxlife.com https://dynamic.criteo.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me  https://adgebra.co.in https://*.licdn.com https://cdn.pushcrew.com https://*.linkedin.com https://i.l-dsp.inmobicdn.net https://*.google.com https://toolassets.haptikapi.com https://numrcommonstorage.blob.core.windows.net https://*.akamaihd.net https://*.go-mpulse.net https://*.billdesk.com https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://*.outbrain.com https://maxneoggn.silaris.in:* https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://maps.googleapis.com *.indixital.com *.int.tl https://maxlifeinsurance-145508.uc.r.appspot.com https://toolassets.haptikapi.com https://*.hellohaptik.com https://fcmregistrations.googleapis.com https://cdn.indixital.com https://*.maxlifeinsurance.com https://*.axismaxlife.com https://*.creativecdn.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.visualwebsiteoptimizer.com https://omnisetup.silaris.in https://*.googleoptimize.com/ https://unpkg.com https://*.intellectadz.com/ https://*.gotrackier.com https://*.paytm.in https://*.google.com https://optimize.google.com https://*.artfut.com https://*.paytm.com https://*.akstat.io https://*.yahoo.com https://*.yimg.com https://a.mgid.com https://pixel.mathtag.com https://*.bing.com https://www.google-analytics.com https://*.amazon-adsystem.com https://TrackTrack.org https://*.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://unpkg.com https://*.billdesk.com https://*.billdesk.io https://*.netcoresmartech.com https://*.taboola.com https://www.tecprocesssolution.com https://www.paynimo.com https://schema.org https://maxneo.silaris.in https://*.hotjar.io https://*.hotjar.com https://*.facebook.net https://*.facebook.com https://*.outbrain.com https://maxneoggn.silaris.in:* https://*.ads-twitter.com https://www.invincibleiq.com/ https://www.youtube.com/iframe_api; connect-src 'self' https: wss: https://*.makehook.ws https://technicalseo.com https://www.technicalseo.com https://*.technicalseo.com https://fonts.gstatic.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com *.visualwebsiteoptimizer.com app.vwo.com wss: https://*.criteo.com https://www.google.com https://cdn.ampproject.org https://gtms2s.maxlifeinsurance.com https://*.axismaxlife.com https://player.vwo.me  https://adgebra.co.in https://firebaseinstallations.googleapis.com https://securepg.paynimo.com https://*.licdn.com app.vwo.com https://*.linkedin.com wss://*.hellohaptik.com/mqtt https://*.haptikapi.com https://*.youtube.com https://app.vwo.com https://*.o18.link https://ssp-csync.smartadserver https://ampcid-google-com.o365.maxlifeinsurance.skyfencenet.com https://*.axismaxlife.com https://numrcommonstorage.blob.core.windows.net https://dev.visualwebsiteoptimizer.com https://dis.criteo.com https://pixel.rubiconproject.com https://u.openx.net https://agrim-prod-documents.s3.ap-south-1.amazonaws.com https://d19l9mjjyusa0p.cloudfront.net https://*.maxlifeinsurance.com https://*.axismaxlife.com https://*.hellohaptik.com wss://staging-emqx.hellohaptik.com wss://mqtt-emqx.haptik.me https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://api.haptikapi.com *.indixital.com *.int.tl https://maxlifeinsurance-145508.uc.r.appspot.com https://fcmregistrations.googleapis.com https://*.visualwebsiteoptimizer.com https://*.creativecdn.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.googleapis.com https://tinyurl.com/ https://bitly.com/ https://agrim-uat-documents.s3.ap-south-1.amazonaws.com https://payments-uat.maxlifeinsurance.com https://*.axismaxlife.com https://d3b8hhxb222skm.cloudfront.net https://d2mvi0djpg9q5l.cloudfront.net https://dixsh5d2ct1z2.cloudfront.net wss://*.paytm.in https://*.paytm.in https://*.paytm.com https://api.bigdatacloud.net https://optimize.google.com https://*.akstat.io https://*.yahoo.com https://*.yimg.com wss://*.hotjar.com https://*.go-mpulse.net https://*.facebook.com https://*.hotjar.io https://*.bing.com https://maxneoggn.silaris.in:* https://*.hotjar.com https://maxneo.silaris.in https://*.outbrain.com https://*.taboola.com https://ampcid.google.com https://ampcid.google.co.in https://www.google-analytics.com https://*.g.doubleclick.net https://www.paynimo.com https://*.netcoresmartech.com https://www.googletagmanager.com https://*.facebook.net https://*.billdesk.io https://*.billdesk.com https://analytics.google.com https://*.google.com https://www.google.co.in/ads https://api.interakt.ai https://tinyurl.com/ https://bitly.com/; img-src 'self' blob: https://*.makehook.ws https://*.clarity.ms https://tr.snapchat.com/ https://tr.snapchat.com/ https://sync.teads.tv https://*.casalemedia.com https://*.adnxs.com *.visualwebsiteoptimizer.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com app.vwo.com https://*.youtube.com https://*.maxlifeinsurance.com https://*.axismaxlife.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me  https://tpcs.payu.in https://rt.udmserve.net https://*.licdn.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://*.linkedin.com https://*.inmobiapis.com https://*.g2afse.com https://app.vwo.com https://useruploads.vwo.io https://i.l-dsp.inmobicdn.net wss://*.hellohaptik.com/mqtt https://*.mdsmedia.co.in https://*.haptikapi.com https://*.affise.com/ https://*.indoleads.com/ https://*.o18.click/ https://*.onatrack.in/ https://*.salesleaf.com https://*.clckon.in https://*.ringocount.com https://*.performship.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmaxservicecwyl.silaris.in&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-2895e8e819c67738c2429759f8d31f6d0e44464c https://maps.googleapis.com data: https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://haptikappimg.haptikapi.com https://haptikappimg-ap-southeast-1.s3.amazonaws.com/ https://haptikappimg.s3.amazonaws.com/ https://haptikimg.s3.amazonaws.com/ https://haptikimg.s3-ap-southeast-1.amazonaws.com/ https://haptikappimg-v1.haptikapi.com/ https://haptikappimg-v1.s3.ap-south-1.amazonaws.com/ https://haptik-stagingcf.haptikapi.com/ https://haptik-stagingcf.haptikapi.com/ https://expertdashboardcf.haptikapi.com/ https://expert-dashboard.s3-ap-southeast-1.amazonaws.com/ https://expert-dashboard.s3.amazonaws.com/ https://expertdashboardcf-v1.haptikapi.com/ https://expertdashboardcf-v1.s3.ap-south-1.amazonaws.com/ https://s2.googleusercontent.com/ https://*.gstatic.com *.indixital.com *.int.tl https://dis.criteo.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.creativecdn.com https://*.googletagmanager.com https://ad.doubleclick.net https://*.visualwebsiteoptimizer.com https://*.o18.link https://pixel.rubiconproject.com https://u.openx.net https://*.quora.com/ https://*.paytm.in https://*.intellectadz.com/ https://*.gotrackier.com https://*.o18.link/ https://*.airtel.in/ http://*.offerstrack.net https://*.googleadservices.com https://*.atdmt.com https://www.gstatic.com https://*.bing.com https://*.skyfencenet.com https://fonts.gstatic.com https://script.hotjar.com https://optimize.google.com https://www.e-connect.in https://*.trackneo.com https://*.mathtag.com https://*.mgid.com https://*.yahoo.com https://*.clmbtech.com https://*.omguk.com https://*.go2cloud.org https://*.amazon-adsystem.com https://TrackTrack.org https://*.polyvalent.co.in https://adgebra.co.in https://*.taboola.com https://*.outbrain.com https://*.g.doubleclick.net https://*.facebook.com https://www.google.com https://www.google.co.in https://d28krgir60o432.cloudfront.net https://www.google-analytics.com https://www.paynimo.com http://www.w3.org https://www.tpsl-india.in https://adcanopus.go2cloud.org https://1.policytriangle.com/ https://trk.opiclepxl.com https://omnisetup.silaris.in https://optimidea.go2cloud.org https://tracking.salesleaf.com https://ryt.clckon.in https://ttrk.ringocount.com https://click.performship.com https://*.adcanopus.com https://*.twitter.com https://track.adnextmedia.com/ https://affle.vnative.net/ https://tracking.primedigital.in/ https://affilsoft.gotrackier.com/ https://leadstores.in/ https://paytm43.gotrackier.com/ https://metrics.makemytrip.com/ https://*.admitad.com/ https://*.vcommission.com/ https://iqwebgroup.o18.click/ https://timesinternetlimited187.o18.click/ https://addensuremedia.o18.click/ https://staticgw1.paytm.in/ https://t.co/ data:; style-src 'self' 'unsafe-inline' https://*.makehook.ws  https://cdn-app6.securiti.ai https://*.haptikapi.com https://*.googletagmanager.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com https://*.paytm.in https://*.paytm.com https://*.google.com https://*.googleapis.com https://*.googleapis.com https://*.skyfencenet.com https://*.billdesk.com https://*.billdesk.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.paynimo.com; base-uri 'self'; form-action 'self' * data: blob: 'unsafe-inline' 'unsafe-eval' https://*.paytm.in https://*.paytm.com; media-src 'self' https://*.makehook.ws https://app.vwo.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me  https://adgebra.co.in https://*.licdn.com https://*.creativecdn.com https://*.paytm.in https://*.visualwebsiteoptimizer.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.youtube.com; font-src 'self' https://*.makehook.ws https://app.vwo.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me  https://adgebra.co.in https://*.licdn.com *.visualwebsiteoptimizer.com https://*.haptikapi.com https://*.paytm.in https://*.paytm.com https://www.paynimo.com https://fonts.gstatic.com https://script.hotjar.com data:; object-src 'none'; frame-src https://*.makehook.ws https://tr.snapchat.com/ https://c.clarity.ms/* https://fnrk.in https://fnrk.in *.visualwebsiteoptimizer.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com app.vwo.com https://*.maxlifeinsurance.com https://*.axismaxlife.com  https://video-staging.medibuddy.in https://*.licdn.com https://*.criteo.com https://www.googletagmanager.com https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me  https://adgebra.co.in https://tsdtocl.com https://surveys.numr.app https://www.maxlifeinsurance.com/ https://*.axismaxlife.com https://video.medibuddy.in https://*.linkedin.com https://*.adgebra.co.in/ https://*.mdsmedia.co.in/ https://bot.maxlifeinsurance.com https://*.axismaxlife.com https://*.visualwebsiteoptimizer.com https://*.creativecdn.com https://*.pruads.com/ https://*.iperformance.in/ https://*.clmbtrck.in/ https://s.docsapp.in/ https://*.gotrackier.com/ https://*.paytm.in https://*.doubleclick.net https://*.paytm.com https://*.google.com https://*.skyfencenet.com https://*.amazon-adsystem.com https://*.mathtag.com https://*.icubeswire.co https://www.youtube.com https://*.billdesk.com https://*.billdesk.io https://*.hotjar.com https://*.facebook.com https://omnisetup.silaris.in https://*.g.doubleclick.net; manifest-src 'self' https://*.makehook.ws https://app.vwo.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me  https://adgebra.co.in https://*.linkedin.com https://d3b8hhxb222skm.cloudfront.net https://d2mvi0djpg9q5l.cloudfront.net https://dixsh5d2ct1z2.cloudfront.net wss://*.paytm.in https://*.salesleaf.com https://*.clckon.in https://*.ringocount.com https://*.performship.com https://*.licdn.com https://*.visualwebsiteoptimizer.com https://*.paytm.in https://*.netcoresmartech.com https://omnisetup.silaris.in 2
worker-src data: blob: 'self'; font-src fonts.gstatic.com use.typekit.net https://fontawesome.com https://app.breeze.in/ https://sdk.breeze.in/ https://app.beta.breeze.in/ https://api.beta.breeze.in/ https://api.breeze.in/ https://bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://*.maxcdn.bootstrapcdn.com/* https://fonts.gstatic.com https://test.payu.in https://apitest.payu.in data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' data: *.payu.in *.app.beta.breeze.in *.api.juspay.in/orders/ https://test.payu.in https://apitest.payu.in 'self' 'unsafe-inline'; frame-ancestors 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com https://test.payu.in https://apitest.payu.in 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://google.com *.moengage.com https://connect.facebook.net https://www.facebook.com https://app.breeze.in/ https://sdk.breeze.in/ https://app.beta.breeze.in/ https://api.beta.breeze.in/ https://api.breeze.in/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com *.app.beta.breeze.in https://test.payu.in https://apitest.payu.in 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.moengage.com https://moe-email-campaigns.s3.amazonaws.com https://connect.facebook.net https://www.facebook.com https://app.breeze.in/ https://sdk.breeze.in/ https://app.beta.breeze.in/ https://api.beta.breeze.in/ https://api.breeze.in/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://googleusercontent.com https://test.payu.in https://apitest.payu.in *.adobedc.net https://analytics.havells.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://gstatic.com https://google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.moengage.com https://connect.facebook.net https://www.facebook.com https://unpkg.com https://sdk.breeze.in/ https://app.breeze.in/ https://app.beta.breeze.in/ https://api.beta.breeze.in/ https://api.breeze.in/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.payu.in https://bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://*.maxcdn.bootstrapcdn.com/* https://maps.google.com https://googleapis.com https://googleusercontent.com https://*.ggpht.com https://secure-ds.serving-sys.com https://payu.in *.cardinalcommerce.com *.breeze.in *.braintreegateway.com ccdc02.com magento-datasolutions.com https://googletagmanager.com *.paypalobjects.com *.beta.breeze.in https://google-analytics.com *.adobedc.net *.adobedtm.com beacon-stage.magento-ds.com  commerce.adobe.net t.paypal.com  magento-recs-sdk.adobe.net  s.ytimg.com  www.googleapis.com  vimeo.com  www.vimeo.com  *.gstatic.com https://google.com/recaptcha *.sdk.breeze.in *.app.beta.breeze.in *.api.beta.breeze.in *.api.breeze.in https://paypal.com blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.moengage.com https://connect.facebook.net https://www.facebook.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://*.maxcdn.bootstrapcdn.com/* https://fonts.googleapis.com https://gstatic.com https://fontawesome.com https://test.payu.in https://apitest.payu.in *.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com commerce.adobe.io *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.moengage.com https://connect.facebook.net https://www.facebook.com https://sdk.breeze.in/ https://app.breeze.in/ https://app.beta.breeze.in/ https://api.breeze.in/ https://api.beta.breeze.in/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.payu.in https://maps.googleapis.com https://google.com https://*.gstatic.com *.app.beta.breeze.in *.api.juspay.in https://test.payu.in https://apitest.payu.in data: blob: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.test.payu.in *.apitest.payu.in 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.roh.org.uk roh.global.ssl.fastly.net bam.nr-data.net bat.bing.com bs.serving-sys.com canopylabstracking.s3.amazonaws.com connect.facebook.net *.cloudfront.net intljs.rmtag.com js-agent.newrelic.com nxtck.com rules.quantcount.com secure-ds.serving-sys.com secure.quantserve.com tags.rd.linksynergy.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com https://tagmanager.google.com http://*.hotjar.com https://*.hotjar.com https://optimize.google.com https://*.bookatable.com https://youtube.com https://*.youtube.com https://static.ads-twitter.com https://analytics.twitter.com https://app.charitycheckout.co.uk https://media.imi.chat/ https://analytics.tiktok.com/ https://*.ctnsnet.com consentag.eu collector-11526.tvsquared.com https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://cdn.bitmovin.com/ https://cdn.cookielaw.org/ https://www.gstatic.com/ https://*.prospect2.com/ https://prism.app-us1.com/ https://diffuser-cdn.app-us1.com/ https://trackcmp.net/ www.clarity.ms https://translations.signapsesolutions.com/; style-src 'self' blob: 'unsafe-inline' https://cloud.typography.com https://*.googleapis.com https://static.roh.org.uk https://static.rolex.com https://optimize.google.com https://*.googleapis.com https://*.bookatable.com https://tagmanager.google.com https://youtube.com https://*.youtube.com https://media.imi.chat/ https://*.typekit.net/; object-src 'none'; worker-src blob:; 2
frame-ancestors 'self' https://dashboard.sitew.com  https://admin.sitew.com https://www.sitew.com; 2
frame-ancestors 'self' https://sensors.olighthk.com https://*.olight.com https://*.olightcloud.com; 2
default-src 'self'; frame-ancestors *.localize.com *.localizejs.com *.localizecdn.com; connect-src 'self' saltosystem-cvs-prod.appspot.com cms.saltosystems.com pardot.saltosystems.com cdn.cookielaw.org *.localize.com *.localizecdn.com *.localizejs.com *.hotjar.com www.google-analytics.com stats.g.doubleclick.net ws25.hotjar.com analytics.google.com *.analytics.google.com geolocation-db.com *.oribi.io *.onetrust.com *.visualwebsiteoptimizer.com app.vwo.com *.googlesyndication.com *.linkedin.com *.google.com *.clarity.ms *.google-analytics.com *.facebook.com *.google.es *.hotjar.io *.svgator.com *.googleadservices.com; font-src 'self' data: *.googleapis.com fonts.gstatic.com; worker-src 'self' blob:; img-src 'self' data: *.localizecdn.com www.google-analytics.com www.google.com www.google.es *.linkedin.com *.onetrust.com *.facebook.com googleads.g.doubleclick.net *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.clarity.ms *.googletagmanager.com *.storychief.com *.bing.com; script-src 'self' 'unsafe-inline' global.localizecdn.com cdn.cookielaw.org *.onetrust.com connect.facebook.net stats.g.doubleclick.net googleads.g.doubleclick.net pi.pardot.com pardot.saltosystems.com *.hotjar.com *.licdn.com www.google-analytics.com www.google.com www.google.es www.gstatic.com www.googleadservices.com www.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com *.clarity.ms *.svgator.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com; frame-src 'self' *.googletagmanager.com cms.saltosystems.com pardot.saltosystems.com vars.hotjar.com www.google.com *.google.com *.localizecdn.com *.youtube.com *.facebook.com *.twitter.com app.vwo.com *.visualwebsiteoptimizer.com *.doubleclick.net 2
default-src 'self' *.sulzer.com;                      img-src * data: blob: 'unsafe-inline' 'self' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://img.youtube.com http://sulzer.com *.google-analytics.com *.analytics.google.com https://*.gleap.io;                      font-src 'self' data: https://fonts.gstatic.com;                      style-src 'unsafe-inline' 'self' https://fast.fonts.net https://s93ds-prod.app-platform.tech/index.css https://s93lc-prod.app-platform.tech/index.css https://s93ln-prod.app-platform.tech/index.css https://s93ds-int.app-platform.tech/index.css https://s93lc-int.app-platform.tech/index.css https://s93ln-int.app-platform.tech/index.css;                      script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://pi.pardot.com/analytics https://go.sulzer.com/analytics https://pi.pardot.com/pd.js http://cdn.pardot.com/pd.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflnjBBxk/www-widgetapi.js https://s.ytimg.com https://cdn.cookielaw.org *.hotjar.com *.hotjar.io *.callrail.com https://go.sulzer.com/pd.js https://s93ds-prod.app-platform.tech/contact-finder.js https://s93ds-prod.app-platform.tech/index.js https://s93lc-prod.app-platform.tech/locator.js https://s93lc-prod.app-platform.tech/index.js https://s93ln-prod.app-platform.tech/location.js https://s93ln-prod.app-platform.tech/index.js https://js-eu1.hs-scripts.com/145309032.js https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.hs-banner.com/v2/145309032/banner.js https://js-eu1.hsadspixel.net/fb.js https://js-eu1.hs-analytics.net https://js-eu1.hubspot.com/web-interactives-embed.js https://*.gleap.io https://s93ds-int.app-platform.tech/contact-finder.js https://s93ds-int.app-platform.tech/index.js https://s93lc-int.app-platform.tech/locator.js https://s93lc-int.app-platform.tech/index.js https://s93ln-int.app-platform.tech/location.js https://s93ln-int.app-platform.tech/index.js;                      connect-src 'self' https://www.google-analytics.com https://mybusiness.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://cdn.cookielaw.org https://maps.googleapis.com *.google-analytics.com *.analytics.google.com https://geolocation.onetrust.com https://privacyportal-ch.onetrust.com https://www.google.ch *.hotjar.io https://s93ds-prod.app-platform.tech https://s93ds-int.app-platform.tech https://api.country.is https://s93lc-prod.app-platform.tech https://s93lc-int.app-platform.tech https://s93ln-prod.app-platform.tech https://s93ln-int.app-platform.tech https://js-eu1.hs-banner.com/v2/cf-location https://js-eu1.hs-banner.com/cookie-banner-public/v2/cf-location https://js-eu1.hs-banner.com/v2/geolocation-reporting https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json https://cta-eu1.hubspot.com https://*.gleap.io wss://ws.gleap.io;                      child-src 'self' https://www.platform-viewer.v-ex.com https://www.google.com https://sulzer.us6.list-manage.com http://www.sulzerpumpsmexico.com https://app.xtremelocator.com https://ir.tools.investis.com https://www.youtube.com http://8826991.fls.doubleclick.net/ https://sulzer-pump-types.v-ex.app/ https://app.xtremelocator.com/ *.doubleclick.net https://*.gleap.io;                      media-src 'self' https://youtu.be https://www.youtube.com https://*.gleap.io 2
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 2
default-src 'self' data: wss: 'unsafe-eval' 'unsafe-inline' blob: *.afterpay.com *.algolia.net *.algolianet.com *.applicationinsights.azure.com *.azure.com *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com *.cloudflareinsights.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com *.google.com *.google.com.au *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hoyts.co.nz *.hoyts.com.au *.in.applicationinsights.azure.com *.jsdelivr.net *.paypal.com *.paypalobjects.com *.recaptcha.net *.report-uri.com *.smooch.io *.snapchat.com *.vimeo.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com analytics.tiktok.com analytics-ipv6.tiktokw.us apps.rokt.com az416426.vo.msecnd.net cdn.jsdelivr.net emailvalidatoruatfunc.azurewebsites.net google.com insights.algolia.io js.monitor.azure.com sc-static.net tr.snapchat.com stream.mux.com kg668dbov0.execute-api.us-east-1.amazonaws.com; object-src 'none'; frame-src *; img-src 'self' https: data:;upgrade-insecure-requests;report-uri https://hoyts.report-uri.com/r/d/csp/enforce 2
connect-src 'self' https: ws: https://ww2-api.tigocloud.net https://analytics.google.com https://cdn.cookielaw.org https://script.hotjar.com https://stats.g.doubleclick.net;  img-src 'self' data: blob: https://ww2-cdn.tigocloud.net https://ww2-api.tigocloud.net https://www.millicom.com https://www.google.com.gt https://www.google-analytics.com https://cdn.cookielaw.org https://i.ytimg.com; media-src 'self' data: blob: https://ww2-cdn.tigocloud.net;  default-src 'self';  base-uri 'self';  font-src 'self' https: data:;  form-action 'self';  frame-ancestors 'self';  object-src 'none';  script-src 'self' https: https://analytics.google.com https://cdn.cookielaw.org https://script.hotjar.com https://stats.g.doubleclick.net 'unsafe-inline';  script-src-attr 'unsafe-inline';  style-src 'self' https: 'unsafe-inline'; frame-src 'self' https://www.youtube.com/; 2
frame-ancestors 'self' ai.nb.no tools.nb.no produksjon.nb.no dev.produksjon.nb.no; 2
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.siteimprove.com https://*.readspeaker.com https://*.hireserve.nl https://*.acc.hireserve.nl https://*.doubleclick.net https://www.facebook.com https://api.ats-platform.com https://platform.hireserve.nl https://connect.facebook.net https://adservice.google.com https://www.nwo.nl https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://*.hireserve.nl https://fonts.googleapis.com https://*.acc.hireserve.nl https://www.nwo.nl; frame-src 'self' https://www.google.com https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://app.powerbi.com https://td.doubleclick.net https://my2.siteimprove.com https://expeditienext.weticket.io https://contentassistant.eu.siteimprove.com; img-src 'self' https://*.siteimproveanalytics.io data: https://www.gstatic.com https://*.google-analytics.com https://*.hireserve.nl https://*.acc.hireserve.nl https://*.ytimg.com https://www.facebook.com https://www.googletagmanager.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.nl https://*.openstreetmap.org https://www.google-analytics.com https://www.nwo.nl https://www.nko.nl https://www.kennisrotonde.nl https://www.onderwijskennis.nl https://www.openscience.nl https://gwi.nwo.prerelease.betawerk.eu; media-src 'self' https://www.nwo.nl https://www.nko.nl https://www.kennisrotonde.nl https://www.onderwijskennis.nl https://www.openscience.nl https://gwi.nwo.prerelease.betawerk.eu; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://connect.facebook.net https://*.twitter.com https://www.gstatic.com https://*.youtube.com https://*.vimeo.com https://connect.facebook.com cdn-eu.readspeaker.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://siteimproveanalytics.com https://www.google-analytics.com https://connect.facebook.com https://www.youtube.com https://www.gstatic.com https://platform.twitter.com https://www.googleadservices.com https://maps.googleapis.com cdn-eu.readspeaker.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://www.google.com; style-src 'self' 'unsafe-inline' https://cdn-eu.readspeaker.com https://www.gstatic.com https://cloud.typography.com https://www.nwo.nl https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://cdn-eu.readspeaker.com https://cloud.typography.com https://www.nwo.nl https://fonts.googleapis.com; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests 2
frame-ancestors 'self' *.mybigcommerce.com *.shopify.com *.amptab.com *.wix.com framer.com *.fisglobal.com fisglobal.seismic.com 2
default-src 'self' *.statistik.at *.local *.google.com *.gstatic.com *.highcharts.com *.statistik blob: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob:; frame-src www.youtube.com youtube.com 'self' mailto: *.statistik.at *.statistik *.local *.google.com *.gstatic.com *.openstreetmap.org 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.socket.filum.ai socket.filum.ai *.filum.ai filum.ai filum-assets.s3.ap-southeast-1.amazonaws.com *.criteo.net *.criteo.com *.tiktok.com *.huawei.com *.zalo.me *.zdn.vn page.widget.zalo.me *.hoanghamobile.com *.accesstrade.vn www.gstatic.com connect.facebook.net www.google-analytics.com www.googletagmanager.com fonts.googleapis.com fonts.gstatic.com storage.googleapis.com www.youtube.com *.doubleclick.net *.googleapis.com *.google.com *.googleadservices.com *.useinsider.com; frame-src 'self' *.socket.filum.ai socket.filum.ai *.filum.ai *.criteo.com *.googletagmanager.com *.creativecdn.com www.youtube.com *.youtube-nocookie.com *.facebook.com *.google.com *.doubleclick.net *.hoanghamobile.com *.useinsider.com page.widget.zalo.me; 2
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; frame-ancestors 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://unpkg.com https://www.gstatic.com https://maps.googleapis.com https://www.google.com https://visualtec.host; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com data:; img-src 'self' data: blob: https: https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://lh3.googleusercontent.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://www.google.com https://google.com https://*.google.com https://*.doubleclick.net https://connect.facebook.net https://www.facebook.com https://visualtec.host https://*.visualtec.host; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://*.google.com https://*.doubleclick.net https://www.facebook.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self' https://visualtec.host https://*.visualtec.host; frame-ancestors 'self' 2
frame-ancestors 'self' https://partners.pindrop.com 2
upgrade-insecure-requests; frame-ancestors https: 'self' *.uprinting.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 2
default-src 'none';    manifest-src https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net;    connect-src 'self' https://data.stat.fi https://stat.matomo.cloud https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net https://cdn.reactandshare.com https://data.reactandshare.com https://api.stat.fi/content/search https://stat.fi https://api.stat.fi https://stat.fi;    script-src 'self';    script-src-elem 'self' 'unsafe-inline' https://cdn.matomo.cloud https://cdn.reactandshare.com https://data.reactandshare.com https://stat.matomo.cloud https://public.flourish.studio;    style-src 'self' 'unsafe-inline' https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net https://cdn.reactandshare.com;    style-src-elem 'self' 'unsafe-inline' https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net https://cdn.reactandshare.com;    img-src 'self' https://media.stat.fi https://media.graphcms.com https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net https://media.graphassets.com https://eu-central-1-statfi.graphassets.com https://cdn.reactandshare.com https://data.reactandshare.com https://i.ytimg.com data: blob:;    font-src 'self' https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net https://cdn.reactandshare.com;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    frame-src https://www.youtube.com https://w.soundcloud.com https://flo.uri.sh https://kartta.paikkatietoikkuna.fi;    upgrade-insecure-requests; 2
frame-ancestors 'self' http://coder.lookbookhq.com https://coder.lookbookhq.com http://coder.pathfactory.com https://coder.pathfactory.com http://resources.coder.com https://resources.coder.com https://help.coder.com https://coder.zendesk.com 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adoberesources.net *.ads.linkedin.com *.apolloplatform.com *.brightcove.com *.brightcove.net *.clarity.ms *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.fti-cloud.com *.ftsites.com *.googleads.g.doubleclick.net *.kampyle.com *.linkedin.com *.linkedin.oribi.io *.marketo.com *.marketo.net *.mktoutil.com *.mktoweb.com *.mountain.com *.qualtrics.com *.taboola.com *.twimg.com *.yimg.com ads-api.twitter.com ads-twitter.com amplify.outbrain.com analytics.twitter.com apps.mypurecloud.com assets.adoberesources.net bat.bing.com browser-update.org cdn.cookielaw.org cdn.decibelinsight.net classify.gofurther.com collector-52407.us.tvsquared.com connect.facebook.net documentcloud.adobe.com lonrtp1-cdn.marketo.com munchkin.marketo.net p.adsymptotic.com platform.twitter.com resources.digital-cloud-west.medallia.com schema.apolloplatform.com script.mfilterit.net siteimproveanalytics.com sjs.bizographics.com snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.cloudflareinsights.com tr.outbrain.com trc.taboola.com up.pixel.ad vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net www.clarity.ms www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com zn9nsigbnk054lp8n-frk.siteintercept.qualtrics.com ; connect-src 'self' *.adobe.io *.ads.linkedin.com *.akamaihd.net *.analytics.google.com *.apolloplatform.com *.boltdns.net *.brightcove.com *.brightcove.net *.brightcovecdn.com *.browser-intake-datadoghq.com *.clarity.ms *.cloudhub.io *.decibelinsight.com *.decibelinsight.net *.digital-cloud-west.medallia.com *.doubleclick.net *.franklintempleton.com *.frk.com *.fti-cloud.com *.ftsites.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleads.g.doubleclick.net *.googletagmanager.com *.kampyle.com *.launchdarkly.com *.linkedin.com *.linkedin.oribi.io *.marketo.com *.mktoresp.com *.mktoutil.com *.mountain.com *.onetrust.com *.onetrust.io *.qualtrics.com *.taboola.com *.widen.net *.widencdn.net *.yimg.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 848-iap-939.mktoresp.com ads-api.twitter.com ads-twitter.com adservice.google.com analytics-fe.digital-cloud-west.medallia.com analytics.twitter.com api.intentiq.com bat.bing.com bat.bing.net browser-intake-datadoghq.com cdn.cookielaw.org cdn.linkedin.oribi.io classify.gofurther.com collector-52407.us.tvsquared.com dc.services.visualstudio.com fti.wsodqa.com hummingbirdwebsocket-va7.cloud.adobe.io p.adsymptotic.com pdswebapi.fti-cloud.com px.ads.linkedin.com resources.digital-cloud-west.medallia.com s.yimg.com session-replay.browser-intake-datadoghq.com siteimproveanalytics.com sjs.bizographics.com snap.licdn.com wss://*.adobe.io wss://*.decibelinsight.com wss://*.decibelinsight.net www.facebook.com www.fti.wallst.com www.google.com www.google.co.uk www.googleadservices.com www.googletagmanager.com assets.adoberesources.net ; img-src 'self' *.adsymptotic.com *.akamaihd.net *.analytics.google.com *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.franklintempleton.com *.fti-cloud.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kampyle.com *.linkedin.com *.qualtrics.com *.siteimproveanalytics.io *.stocksnap.io *.tvsquared.com *.twimg.com *.widen.net *.widencdn.net ad.doubleclick.net analytics.twitter.com assets.adoberesources.net bat.bing.com bat.bing.net browser-update.org c.bing.com c.clarity.ms classify.gofurther.com collector-52407.us.tvsquared.com connect.facebook.net d21y75miwcfqoq.cloudfront.net data: di.rlcdn.com fa.aidemsrv.com fml-x.com franklintempletonprod.widen.net lh3.googleusercontent.com pixel.sitescout.com platform.twitter.com px.ads.linkedin.com r.turn.com resources.digital-cloud-west.medallia.com rtp-static.marketo.com sp.analytics.yahoo.com sync.intentiq.com syndication.twitter.com t.co tk-static.fml-x.com tr.outbrain.com www.dianomi.com www.facebook.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.bn www.google.com.br www.google.com.cy www.google.com.hk www.google.com.im www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.it www.google.jo www.google.li www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.si www.google.sk ; font-src 'self' *.franklintempleton.com *.franklintempleton.lu *.ftsites.com *.typekit.net data: fonts.googleapis.com fonts.gstatic.com templeton.com ; style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.kampyle.com *.marketo.com *.typekit.net blob: fonts.googleapis.com fonts.gstatic.com platform.twitter.com ; worker-src blob: *.decibel.net ;  frame-ancestors 'none'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com addtocalendar.com *.airtable.com airtable.com *.airtableusercontent.com *.apple.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com elfsightcdn.com  *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com heyzine.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com; img-src 'self' data: *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com *.airtable.com airtable.com *.airtableusercontent.com *.apple.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.heyzine.com heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com; font-src 'self' data:; report-uri /hec-report-csp-violation 2
frame-ancestors 'self' www.baby.ru postila.ru www.neboleem.net www.beautyinsider.ru yandex.com.tr yandex.com yandex.net yandex.uz yandex.fr yandex.kz yandex.ru yandex.by yandex.ua *.yandex.com.tr *.yandex.com *.yandex.net *.yandex.uz *.yandex.fr *.yandex.kz *.yandex.ru *.yandex.by *.yandex.ua *.turbopages.org 2
frame-ancestors 'self' https://good-game-network.com https://*.good-game-network.com https://*.ggpoker.co.uk https://ggpoker.com https://*.ggpoker.com https://ggpoker.kg https://*.ggpoker.kg https://ggpoker.eu https://*.ggpoker.eu https://*.ggpoker.ca https://ggpoker.ca https://*.olybet.ee https://*.olybet.lv https://*.olybet.eu; 2
frame-ancestors 'self' https://*.hana.ondemand.com; 2
frame-ancestors https://app.contentful.com https://app.netlify.com https://create.netlify.com https://create.netlifystg.com https://*.sanity.studio https://hex-studio.sanity.studio 'self' 2
default-src *.myidx.cloud 'self' ajax.googleapis.com assets.investisdigital.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com; connect-src *.myidx.cloud 'self' media.idigitalcontents.com irs.tools.investis.com jzkss3k18d.execute-api.eu-west-1.amazonaws.com stats.reciteme.com api.reciteme.com stats.g.doubleclick.net edge.api.brightcove.com google-analytics.com www.google-analytics.com *.google-analytics.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com kingfisher-global.cd.invdcloud-is.co.uk www.kingfisher.com *.invdcloud-is.co.uk; script-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.amazonaws.com *.analytics.google.com *.google.com *.google-analytics.com *.lfeeder.com *.staticcontents.investisdigital.com api.reciteme.com googletagmanager.com ajax.googleapis.com static.cloudflareinsights.com player.vimeo.com www.youtube.com cdn.jsdelivr.net kingfisher-global.cd.invdcloud-is.co.uk www.kingfisher.com code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com unpkg.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com *.invdcloud-is.co.uk; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com unpkg.com *.googletagmanager.com google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com *.invdcloud-is.co.uk; object-src 'none'; base-uri 'none'; form-action 'self'; font-src *.myidx.cloud 'self' 'unsafe-inline' data: www.w3.org api.reciteme.com fonts.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com; frame-src *.myidx.cloud 'self' *.zscaler.net *.zscalerone.net *.zscalertwo.net bugcrowd.com www.youtube-nocookie.com *.zscalerthree.net *.zscloud.net adfs.justretirement.com viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com *.vimeo.com; img-src *.myidx.cloud 'self' 'unsafe-inline' data: i.ytimg.com www.w3.org fonts.gstatic.com tr.lfeeder.com www.googletagmanager.com www.google-analytics.com; media-src *.myidx.cloud 'self' media.idigitalcontents.com; 2
default-src 'self'; frame-ancestors 'self' https://prod-author.repsol.com/ https://www.todoluzygas.es/ areacliente.repsol.es waylet.es newdev-areacliente.cloudapp.repsol.com test-areacliente.cloudapp.repsol.com pre-areacliente.repsol.es pre-pidetubombona.repsol.es pidetubombona.repsol.es repsol.pt pro.areaclientemultienergia.es *.repsolluzugas.com *.repsol.com pre-beta-areacliente.klikinlabs.com; frame-src * ; media-src *; img-src * https://cdn.valuesportal.com https://log.adtraction.fail blob: data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://valuesportal.com https://cdn.adt356.com https://gtm.adt313.net https://cnv.adt632.com *.google-analytics.com *.analytics.google.com *.krxd.net www.google.com d3a.walmeric.com cdn.jsdelivr.net insight.adsrvr.org cdn.cookielaw.org p.teads.tv platform.twitter.com px.sunmedia.tv secure.adnxs.com s.yimg.com cdn.taboola.com pixel.mathtag.com amplify.outbrain.com bat.bing.com d1skycrvs9ubse.cloudfront.net www.gstatic.com googleads.g.doubleclick.net cdn.krxd.net *.hotjar.com www.googleadservices.com www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com t.womtp.com ws.walmeric.com maps.googleapis.com unpkg.com sdk.inbenta.io up.pixel.ad static.ads-twitter.com secure-ds.serving-sys.com i.clarity.ms trc.taboola.com tr.outbrain.com bs.serving-sys.com embed.typeform.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com static-eu.oct8ne.com snap.licdn.com stories.adsocy.com 9000468.spxl.socy.es p1.socy.es repsol.my.site.com ai.trk42.net pro.areaclientemultienergia.es adtraction.net kwanko.com img.metaffiliation.com *.adobe.net jswebproduction.com Preciso.net 2trk.info cookieless-data.com sddan.com adnxs.com euob.isstarsbuilding.com c.amazon-adsystem.com obseu.isstarsbuilding.com s.kk-resources.com rum.hlx.page igodigital.com analytics.tiktok.com dynamic.criteo.com sslwidget.criteo.com tiktok.com widget.trustpilot.com; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src *; object-src 'none' 2
frame-ancestors 'self' guides.tvunetworks.com; 2
frame-ancestors 'self' https://upvert.io https://*.upvert.io 2
base-uri https: data: blob: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; connect-src https: data: blob:; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: data: blob:; frame-ancestors https:; frame-src https: data: blob:; img-src https: data: blob:; manifest-src https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: data: blob: 'unsafe-inline'; upgrade-insecure-requests; 2
default-src 'self' https: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io cdn.pushcrew.com; script-src 'self' data: blob: * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com https://www.youtube.com https://youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://code.jquery.com https://cdn.cookielaw.org https://www.google.com/recaptcha https://maps.googleapis.com https://www.gstatic.com/recaptcha https://static.doubleclick.net https://www.gstatic.com https://www.googletagmanager.com https://js.adsrvr.org https://cdnjs.cloudflare.com https://nexus.ensighten.com https://*.tidio.co https://*.jivosite.com https://browser.sentry-cdn.com https://*.cloudfront.net; style-src 'self' * 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https://www.youtube.com https://youtube.com https://*.fontawesome.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.jivosite.com https://*.tidio.co; img-src 'self' data: * app.vwo.com useruploads.vwo.io https://media.wp.d.fogo-testing.g43labs.net https://*.jivosite.com https://*.tidio.co https://cdn.cookielaw.org https://fogodechao.com https://*.wixstatic.com; font-src 'self' data: * https://www.gstatic.com https://fonts.gstatic.com https://*.fontawesome.com https://fonts.googleapis.com; connect-src 'self' * *.visualwebsiteoptimizer.com app.vwo.com https://media.wp.d.fogo-testing.g43labs.net https://www.youtube.com https://youtube.com https://*.tidio.co https://*.jivosite.com https://firebaseremoteconfig.googleapis.com https://www.google.com/recaptcha https://maps.googleapis.com https://www.gstatic.com/recaptcha https://ajax.googleapis.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://insight.adsrvr.org/ https://cdn.cookielaw.org https://match.adsrvr.org https://geolocation.onetrust.com; frame-src 'self' *.visualwebsiteoptimizer.com app.vwo.com * https://*.tidio.co https://*.jivosite.com https://www.youtube.com https://www.google.com https://recaptcha.google.com https://insight.adsrvr.org https://match.adsrvr.org https://www.gstatic.com/recaptcha https://www.google.com/recaptcha https://app.calconic.com https://*.issuu.com https://www.donationx.org; media-src 'self' data: blob: * 'unsafe-inline' 'unsafe-hashes'; worker-src 'self' blob:; child-src *.visualwebsiteoptimizer.com app.vwo.com; 2
frame-ancestors 'self' *.uob.com.sg *.uobgroup.com *.uobgroup.com.sg http://uob.eltropy.com https://uob.eltropy.com http://findahomeloan.co https://www.edgeprop.sg https://sleek.sg 2
frame-ancestors 'self'; block-all-mixed-content; 2
frame-ancestors 'self' https://timestation.uservoice.com; 2
default-src 'none'; style-src 'self' 'unsafe-inline' *.gstatic.com fonts.googleapis.com maps.googleapis.com wchat.eu.freshchat.com https://static.kameleoon.com https://static.products.kameleoon.com https://graphical-editor.kameleoon.com https://simulation.kameleoon.com *.hotjar.com bat.bing.com bat.bing.net; font-src data: 'self' fonts.gstatic.com fonts.googleapis.com *.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' apis.google.com www.google.com pagead2.googlesyndication.com googleadservices.com www.googleadservices.com googleads.g.doubleclick.net *.gstatic.com www.google-analytics.com *.googletagmanager.com maps.googleapis.com app.aiden.cx api.eu1.exponea.com wchat.eu.freshchat.com *.kameleoon.eu *.kameleoon.com js.mollie.com browser.sentry-cdn.com js.sentry-cdn.com *.hotjar.com connect.facebook.net platform.twitter.com bat.bing.com bat.bing.net flex.msn.com www.youtube.com ct.beslist.nl tgtag.io; img-src 'self' data: *.google.com google.com www.google.nl *.gstatic.com pagead2.googlesyndication.com *.g.doubleclick.net googleadservices.com *.googleadservices.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com https://123led.nl https://www.bugherd.com *.kameleoon.io *.kameleoon.eu *.kameleoon.com *.products.kameleoon.com *.hotjar.com checkoutshopper-live.adyen.com www.facebook.com connect.facebook.net syndication.twitter.com bat.bing.com bat.bing.net i.ytimg.com *.tgtag.io; frame-src 'self' www.google.com doubleclick.net td.doubleclick.net www.googletagmanager.com https://app.aiden.cx https://www.kiyoh.com app.aiden.cx wchat.eu.freshchat.com https://graphical-editor.kameleoon.com js.mollie.com checkoutshopper-live.adyen.com acs-live-eu.adyen.com staticxx.facebook.com www.facebook.com platform.twitter.com syndication.twitter.com bat.bing.com bat.bing.net flex.msn.com youtube.com *.youtube.com *.youtube-nocookie.com; object-src 'self'; connect-src 'self' www.googlesyndication.com www.google.com google.com www.google.nl adservice.google.com pagead2.googlesyndication.com www.googleadservices.com *.analytics.google.com google-analytics.com *.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com maps.googleapis.com https://analytics.google.com https://googleads.g.doubleclick.net https://places.googleapis.com app.aiden.cx api.eu1.exponea.com app.eu1.exponea.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.products.kameleoon.com *.sentry.io *.hotjar.com *.hotjar.io wss://*.hotjar.com checkoutshopper-live.adyen.com www.facebook.com bat.bing.com bat.bing.net ct.beslist.nl *.trafficguard.ai; manifest-src 'self'; report-uri https://123inkt.report-uri.com/r/t/csp/reportOnly; 2
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src 'none'; child-src https: data: blob:; form-action https:; frame-ancestors 'self'; 2
default-src 'self' pantheonsite.io ddev.site *.jsdelivr.net *.typekit.net *.googletagmanager.com *.termly.io *.gyantts.com *.amazonaws.com *.amplitude.com *.invocacdn.com *.invoca.net *.ipify.org *.clockwisemd.com *.mapbox.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.addthis.com addthis.com amplitude.com googletagmanager.com analytics.google.com *.youtube.com youtube.com facebook.net twitter.com linkedin.com instagram.com doubleclick.net *.pantheonsite.io *.ddev.site ddev.site:* *.cloudflare.com *.jsdelivr.net *.typekit.net *.googletagmanager.com *.termly.io *.gyantts.com *.amazonaws.com *.amplitude.com *.invocacdn.com *.invoca.net *.ipify.org *.clockwisemd.com *.mapbox.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.pantheonsite.io *.ddev.site ddev.site:* *.cloudflare.com *.jsdelivr.net *.typekit.net *.googletagmanager.com *.termly.io *.gyantts.com *.amazonaws.com *.mapbox.com; img-src 'self' data: blob: ytimg.com i.ytimg.com googleusercontent.com fonts.gstatic.com gstatic.com facebook.com twimg.com *.pantheonsite.io *.ddev.site ddev.site:* *.jsdelivr.net *.typekit.net *.googletagmanager.com *.termly.io *.gyantts.com *.cloudflare.com *.amazonaws.com *.mapbox.com; media-src 'self' youtube.com *.pantheonsite.io *.ddev.site ddev.site:* *.cloudflare.com *.jsdelivr.net *.typekit.net *.googletagmanager.com *.termly.io *.gyantts.com *.amazonaws.com *.mapbox.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.google.com www.facebook.com platform.twitter.com *.pantheonsite.io *.ddev.site ddev.site:* *.cloudflare.com *.jsdelivr.net *.typekit.net *.googletagmanager.com *.termly.io *.gyantts.com *.amazonaws.com *.invoca.net *.mapbox.com *.monday.com; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.pantheonsite.io *.ddev.site ddev.site:* *.cloudflare.com *.jsdelivr.net *.typekit.net *.googletagmanager.com *.termly.io *.gyantts.com *.amazonaws.com *.mapbox.com; connect-src 'self' *.amplitude.com *.google-analytics.com stats.g.doubleclick.net api.instagram.com graph.facebook.com *.pantheonsite.io *.ddev.site ddev.site:* *.cloudflare.com *.jsdelivr.net *.typekit.net *.googletagmanager.com *.termly.io *.gyantts.com *.amazonaws.com *.invoca.net *.gyantts.com *.gyantts.com:* wss://*.gyantts.com *.clockwisemd.com *.mapbox.com *.eloqua.com *.google.com; report-uri /report-csp-violation 2
default-src 'self' https://*.crazyegg.com https://*.hsforms.com https://*.hsforms.net https://hubspot-forms-static-embed-na2.s3.amazonaws.com;     base-uri 'self';     object-src 'none';     frame-ancestors 'self';     form-action 'self';     upgrade-insecure-requests;         script-src 'self' 'unsafe-inline' 'unsafe-eval'       https://*.crazyegg.com       https://cdn.jsdelivr.net       https://cdnjs.cloudflare.com       https://cdn.mathjax.org       https://*.hsforms.net       https://*.hsforms.com       https://hubspot-forms-static-embed-na2.s3.amazonaws.com       https://*.hs-scripts.com       https://*.hs-analytics.net       https://*.hscollectedforms.net       https://*.hsadspixel.net       https://*.hs-banner.com       https://kit.fontawesome.com       https://ka-f.fontawesome.com       https://p.typekit.net       https://www.googletagmanager.com       https://www.google-analytics.com       https://cse.google.com https://www.google.com https://www.gstatic.com       https://script.crazyegg.com       https://players.brightcove.net       https://soundcloud.com https://*.soundcloud.com       https://sndcdn.com https://*.sndcdn.com;         style-src 'self' 'unsafe-inline'       https://*.crazyegg.com       https://cdn.jsdelivr.net       https://cdnjs.cloudflare.com       https://cse.google.com https://www.google.com https://www.gstatic.com https://fonts.googleapis.com       https://a-v2.sndcdn.com https://sndcdn.com https://*.sndcdn.com       https://hubspot-forms-static-embed-na2.s3.amazonaws.com       https://ka-f.fontawesome.com;         img-src 'self' data:       https://www.googletagmanager.com https://www.google-analytics.com       https://*.crazyegg.com https://www.google.com https://cse.google.com https://www.gstatic.com       https://*.gstatic.com       https://user-images.crazyeggcdn.com       https://bcove.video https://*.brightcove.com https://*.brightcove.net       https://manifest.prod.boltdns.net https://*.boltdns.net https://*.brightcovecdn.com       https://soundcloud.com https://*.soundcloud.com       https://sndcdn.com https://*.sndcdn.com       https://i1.sndcdn.com https://a-v2.sndcdn.com       https://hubspot-forms-static-embed-na2.s3.amazonaws.com;         font-src 'self' data:       https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://ka-f.fontawesome.com       https://www.gstatic.com https://fonts.gstatic.com       https://soundcloud.com https://*.soundcloud.com       https://sndcdn.com https://*.sndcdn.com       https://a-v2.sndcdn.com;         connect-src 'self'       https://*.hsforms.com https://*.hsforms.net       https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.crazyegg.com       https://*.doubleclick.net       https://edge.api.brightcove.com https://metrics.brightcove.com https://*.brightcove.com https://*.brightcove.net       https://manifest.prod.boltdns.net https://*.boltdns.net https://*.brightcovecdn.com       https://kit.fontawesome.com https://ka-f.fontawesome.com       https://*.hs-scripts.com       https://fonts.googleapis.com https://fonts.gstatic.com       https://soundcloud.com https://*.soundcloud.com       https://sndcdn.com https://*.sndcdn.com       https://edge.api.brightcove.com/playback/v1/accounts/1328010478001/videos/6375097818112       https://cdn.jsdelivr.net/npm/entreprise7pro-bootstrap@3.4.8/dist/css/bootstrap.min.css.map;         media-src 'self' blob:       https://bcove.video https://bcovlive-a.akamaihd.net https://*.brightcove.com https://*.brightcove.net       https://manifest.prod.boltdns.net https://*.boltdns.net https://*.brightcovecdn.com       https://soundcloud.com https://*.soundcloud.com       https://sndcdn.com https://*.sndcdn.com       https://cf-media.sndcdn.com https://media.soundcloud.com https://*.sndcdn.com;         frame-src 'self'       https://www.googletagmanager.com https://players.brightcove.net       https://cse.google.com https://www.google.com       https://www.youtube.com https://*.youtube.com https://www.youtube-nocookie.com       https://soundcloud.com https://w.soundcloud.com       https://sndcdn.com https://*.sndcdn.com       https://*.crazyegg.com;         worker-src 'self' blob:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://mc.yandex.ru https://www.googletagmanager.com https://talkdriver.ru https://support.smsc.ru https://support.smsc.kz https://sup.smsc.ua https://plugins.stripo.email blob: 2
frame-ancestors https://leren.han.nl/ 'self' 2
frame-ancestors 'self' chrome-extension://ngigoeagdgecjjbmielklflkmnlnddop moz-extension://* 2
upgrade-insecure-requests; default-src blob: 'self' 'strict-dynamic' 'unsafe-inline' *.liadm.com *.kiteworks.com *.twitter.com *.chilipiper.com *.adswizz.com *.nitropack.io *.nitrocdn.com *.getnitropack.com bugcrowd.com assets.bugcrowdusercontent.com *.crazyegg.com; img-src 'self' deeto-images.s3.amazonaws.com data: *.nivaai.com *.google.com *.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googletagmanager.com *.adswizz.com *.reddit.com *.nitropack.io *.nitrocdn.com d.adroll.mgr.consensu.org eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com *.linkedin.com pixel.advertising.com snap.licdn.com sync.outbrain.com *.taboola.com ads.yahoo.com *.facebook.com idsync.rlcdn.com *.adsrvr.org dpm.demdex.net tags.bluekai.com pixel.tapad.com *.agkn.com pixel.rubiconproject.com *.adnxs.com uipglob.semasio.net *.pubmatic.com *.addthis.com s.thebrighttag.com x.bidswitch.net *.exelator.com ads.scorecardresearch.com ups.analytics.yahoo.com *.krxd.net sync.mathtag.com dsum-sec.casalemedia.com *.doubleclick.net match.sharethrough.com s3.amazonaws.com a.remarketstats.com a.clickcertain.com *.crazyegg.com avatars0.githubusercontent.com * https://cdn-igcff.nitrocdn.com/; script-src blob: 'self' 'unsafe-eval' 'unsafe-inline' js.hubspot.com ddwl4m2hdecbv.cloudfront.net/b/ b-code.liadm.com/lc2.js rp.liadm.com idx.liadm.com *.quattr.com browser.sentry-cdn.com a.usbrowserspeed.com tribl.io api.throttleup.ai *.elevenlabs.io elevenlabs.io js.sentry-cdn.com *.chatbase.co *.deeto.ai deeto-images.s3.amazonaws.com nitroscripts.com *.nivaai.com *.chilipiper.com *.clarity.ms *.adswizz.com *.redditstatic.com *.getnitropack.com *.nitropack.io *.nitrocdn.com *.buzzsprout.com *.soundcloud.com *.clickagy.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com *.linkedin.com pixel.advertising.com pixel.rubiconproject.com *.pubmatic.com sync.outbrain.com *.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net ajax.googleapis.com *.steelhousemedia.com *.adsrvr.org *.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 *.pathmonk.com *.hsleadflows.net bugcrowd.com assets.bugcrowdusercontent.com fast.wistia.net player.vimeo.com accellion.widget.insent.ai cdn.syndication.twimg.com *.twitter.com *.influ2.com *.omappapi.com a.remarketstats.com a.clickcertain.com *.crazyegg.com *.cisostreet.com *.akamaihd.net *.zi-scripts.com *.zoominfo.com *.intercomcdn.com *.wistia.com *.hsforms.com *.doubleclick.net *.hs-scripts.com *.datadome.co js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsforms.net pixel.dealtale.io snap.licdn.com *.rightmessage.com widget.intercom.io *.google-analytics.com *.google.com *.googletagmanager.com *.youtube.com *.gstatic.com *.dealtale.com *.googleadservices.com https://cdn-igcff.nitrocdn.com/ https://nitroscripts.com/; font-src widget.deeto.ai *.getnitropack.com *.nitropack.io *.nitrocdn.com *.omappapi.com *.wistia.com fonts.gstatic.com 'self' data: js.intercomcdn.com https://cdn-igcff.nitrocdn.com/; style-src 'self' 'unsafe-inline' deeto-images.s3.amazonaws.com *.deeto.ai *.chilipiper.com *.googletagmanager.com *.google.com *.googleapis.com *.getnitropack.com *.nitropack.io *.nitrocdn.com *.pathmonk.com accellion.widget.insent.ai *.twimg.com *.twitter.com *.omappapi.com *.crazyegg.com fonts.googleapis.com blob: 'unsafe-eval' https://cdn-igcff.nitrocdn.com/; connect-src 'self' 'strict-dynamic' pro.ip-api.com alocdn.com/c/vn3d8u2u/a/xtarget/p.json *.liadm.com 9xgnrndqve.execute-api.us-west-2.amazonaws.com a.usbrowserspeed.com *.chatbase.co *.exponode.com kiteworks-demo.app.n8n.cloud cors-anywhere.herokuapp.com postman-echo.com *.quattr.com www.facebook.com connect.facebook.net wss://api.us.elevenlabs.io *.elevenlabs.io deeto-images.s3.amazonaws.com *.deeto.ai px.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com *.nivaai.com nitropack.io *.clarity.ms *.chilipiper.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.google.com *.g.doubleclick.net *.googletagmanager.com *.analytics.google.com *.google-analytics.com accellion.widget.insent.ai cdn.linkedin.oribi.io *.getnitropack.com *.nitropack.io *.nitrocdn.com *.clickagy.com *.pathmonk.com *.hubspot.com *.zi-scripts.com *.zoominfo.com *.influ2.com *.omappapi.com *.crazyegg.com api.glitch.com *.hsforms.com *.akamaihd.net *.rightmessage.com *.litix.io *.intercom.io *.datadome.co *.hubapi.com *.wistia.com *.dealtale.com *.doubleclick.net wss://nexus-websocket-a.intercom.io rmbutterfly.com https://cdn-igcff.nitrocdn.com/ https://to.getnitropack.com/; frame-src 'self' blob: *.google.com www.googletagmanager.com *.chatbase.co *.deeto.ai *.chilipiper.com clarity.microsoft.com *.clickagy.com *.nitropack.io *.nitrocdn.com *.getnitropack.com data: *.buzzsprout.com *.soundcloud.com *.youtube.com *.pathmonk.com bugcrowd.com assets.bugcrowdusercontent.com fast.wistia.net *.wistia.com accellion.widget.insent.ai *.twitter.com a.remarketstats.com a.clickcertain.com *.crazyegg.com *.hsforms.com *.doubleclick.net; media-src 'self' *.deeto.ai *.twitter.com updates.themepunch.tools *.nitropack.io *.nitrocdn.com *.getnitropack.com *.pathmonk.com *.wistia.com *.intercomcdn.com *.w.org *.wistia.net *.akamaihd.net blob: data:; child-src blob:; worker-src blob: 'self' *.nitropack.io *.getnitropack.com *.nitrocdn.com https://cdn-igcff.nitrocdn.com/; object-src 'none' 2
frame-ancestors 'self' https://*.medbridge.io https://*.medbridge.com https://*.medbridgeeducation.com https://*.xealth.io; 2
frame-ancestors 'self' https://join-stories.com https://*.join-stories.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.hirkereso.hu http://img.hirkereso.hu http://gahu.hit.gemius.pl/ http://ls.hit.gemius.pl http://www.idokep.hu https://adservice.google.com https://cse.google.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https:;report-uri /csp-violation-report-endpoint.php?v=1;report-to csp-endpoint 2
frame-ancestors 'self' https://*.tenniswarehouse-europe.com https://*.tennis-warehouse.com https://*.runningwarehouse.com https://*.runningwarehouse.eu https://www.runningwarehouse.de https://www.runningwarehouse.it https://www.runningwarehouse.es https://www.runningwarehouse.fr; 2
default-src 'self' https:; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval'; style-src  'self' https: 'unsafe-inline'; img-src * data: blob:; font-src 'self' https: data:; connect-src *; object-src 'none'; frame-ancestors *; upgrade-insecure-requests 2
default-src 'self' *.hva.nl; frame-ancestors 'self' cms-prd.cms.hva.nl; connect-src *.hva.nl *.amsterdamuas.com consent.cookiebot.com *.cookiebot.com analytics.tiktok.com analytics-ipv6.tiktokw.us tr.snapchat.com *.snapchat.com px.ads.linkedin.com www.googleadservices.com www.google.com *.google.com region1.google-analytics.com googleads.g.doubleclick.net www.google.nl *.google.nl www.facebook.com *.facebook.com maps.googleapis.com www.googletagmanager.com api.scribit.pro api.addsearch.com; worker-src *.hva.nl; font-src *.hva.nl *.amsterdamuas.com data: fonts.gstatic.com; frame-src *.hva.nl consentcdn.cookiebot.com tr.snapchat.com www.googletagmanager.com *.googletagmanager.com www.youtube.com www.vimeo.com player.vimeo.com; img-src *.cloudfront.net *.hva.nl *.amsterdamuas.com data: imgsct.cookiebot.com *.doubleclick.net googleads.g.doubleclick.net *.googleadservices.com www.google.com region1.google-analytics.com *.google-analytics.com www.google.nl px.ads.linkedin.com px4.ads.linkedin.com *.ads.linkedin.com analytics.tiktok.com analytics-ipv6.tiktokw.us www.facebook.com *.siteimproveanalytics.io tr.snapchat.com maps.gstatic.com www.googletagmanager.com maps.googleapis.com fonts.gstatic.com i.ytimg.com i.vimeocdn.com; manifest-src *.hva.nl data:; media-src *.hva.nl data:; script-src 'unsafe-inline' 'unsafe-eval' *.hva.nl *.amsterdamuas.com www.youtube.com *.vimeo.org www.google.com consent.cookiebot.com *.cookiebot.com *.googletagmanager.com *.doubleclick.net googleads.g.doubleclick.net *.googleadservices.com connect.facebook.net snap.licdn.com analytics.tiktok.com siteimproveanalytics.com sc-static.net tr.snapchat.com; script-src-attr 'unsafe-inline' *.hva.nl *.amsterdamuas.com www.youtube.com *.vimeo.org www.google.com consent.cookiebot.com *.cookiebot.com *.googletagmanager.com *.doubleclick.net googleads.g.doubleclick.net *.googleadservices.com connect.facebook.net snap.licdn.com analytics.tiktok.com siteimproveanalytics.com sc-static.net tr.snapchat.com; script-src-elem 'unsafe-inline' *.hva.nl *.amsterdamuas.com www.youtube.com *.vimeo.org www.google.com consent.cookiebot.com *.cookiebot.com *.googletagmanager.com *.doubleclick.net googleads.g.doubleclick.net *.googleadservices.com connect.facebook.net snap.licdn.com analytics.tiktok.com siteimproveanalytics.com sc-static.net tr.snapchat.com enquete.agconsult.com maps.googleapis.com widget.scribit.pro api.scribit.pro player.vimeo.com www.vimeo.com vimeo.com; style-src 'unsafe-inline' *.hva.nl *.amsterdamuas.com; style-src-elem 'unsafe-inline' *.hva.nl *.amsterdamuas.com fonts.googleapis.com www.googletagmanager.com; style-src-attr 'unsafe-inline' *.hva.nl *.amsterdamuas.com 2
frame-ancestors 'none'; base-uri 'none'; form-action 'self'; block-all-mixed-content 2
frame-ancestors 'none'; report-uri https://prod-th-csp-service.rbictg.com/csp; report-to csp-endpoint 2
Content-Security-Policy: frame-ancestors 'self' https://*.superbid.net; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com https:; frame-ancestors 'self' https:; 2
frame-src 'self' https://193.105.74.4/  https://62.140.31.104/ https://www.gstatic.com/ https://www.google.com/recaptcha/ https://platform-use.ci360.sas.com https://individeo.com/ https://www.youtube.com/ https://www.produbanco.com.ec/ https://estella01.prd.net.ec/api/heartbeat https://cdn.botframework.com/ https://*.hotjar.com https://*.hotjar.io https://cixctn.produbanco.ec 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self'; connect-src 'self';media-src 'self'; frame-src www.effektenbank.de irpages2.equitystory.com www.tradegate.ag; base-uri 'self'; object-src 'self'; 2
frame-ancestors https://specialty-care-pavilion-latest.jefferson.edu https://specialty-care-pavilion.jefferson.edu https://specialty-care-pavilion-dev.jefferson.edu; 2
default-src 'self' leslibraires.ca *.leslibraires.ca booksellers.ca *.booksellers.ca; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' leslibraires.ca *.leslibraires.ca booksellers.ca *.booksellers.ca lbrs.ca *.lbrs.ca bkls.ca *.bkls.ca *.quialu.ca *.cloudflare.com *.cloudflareinsights.com *.termly.io *.dialoginsight.com *.ofsys.com *.facebook.com *.facebook.net *.maxmind.com *.mmapiws.com *.paypal.com *.paypalobjects.com *.wordpress.com google.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.adtrafficquality.google; script-src-elem 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' leslibraires.ca *.leslibraires.ca booksellers.ca *.booksellers.ca lbrs.ca *.lbrs.ca bkls.ca *.bkls.ca *.quialu.ca *.cloudflare.com *.cloudflareinsights.com *.termly.io *.dialoginsight.com *.ofsys.com *.facebook.com *.facebook.net *.maxmind.com *.mmapiws.com *.paypal.com *.paypalobjects.com *.wordpress.com google.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.adtrafficquality.google; style-src 'report-sample' 'self' 'unsafe-inline' leslibraires.ca *.leslibraires.ca booksellers.ca *.booksellers.ca *.typekit.net google.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.adtrafficquality.google; style-src-elem 'report-sample' 'self' 'unsafe-inline' leslibraires.ca *.leslibraires.ca booksellers.ca *.booksellers.ca *.typekit.net google.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.adtrafficquality.google; object-src none; base-uri self; connect-src 'self' leslibraires.ca *.leslibraires.ca booksellers.ca *.booksellers.ca lbrs.ca *.lbrs.ca bkls.ca *.bkls.ca *.quialu.ca *.typekit.net *.termly.io *.dialoginsight.com *.ofsys.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net *.maxmind.com *.mmapiws.com *.podcastics.com *.paypal.com *.paypalobjects.com *.wordpress.com google.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.adtrafficquality.google *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src 'self' data: *.gstatic.com *.typekit.net; frame-src 'self' leslibraires.ca *.leslibraires.ca booksellers.ca *.booksellers.ca lbrs.ca *.lbrs.ca bkls.ca *.bkls.ca *.quialu.ca *.cloudflare.com *.cloudflareinsights.com *.termly.io *.braintreegateway.com *.braintree-api.com *.paypal.com *.paypalobjects.com *.facebook.com *.facebook.net *.podcastics.com *.fliphtml5.com google.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.adtrafficquality.google; fenced-frame-src 'self' leslibraires.ca *.leslibraires.ca booksellers.ca *.booksellers.ca lbrs.ca *.lbrs.ca bkls.ca *.bkls.ca *.quialu.ca *.cloudflare.com *.cloudflareinsights.com *.termly.io *.braintreegateway.com *.braintree-api.com *.paypal.com *.paypalobjects.com *.facebook.com *.facebook.net *.podcastics.com *.fliphtml5.com google.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.adtrafficquality.google; img-src 'self' blob: data: leslibraires.ca *.leslibraires.ca booksellers.ca *.booksellers.ca lbrs.ca *.lbrs.ca bkls.ca *.bkls.ca *.lab0.io *.librairiemoderne.com *.squarespace-cdn.com *.cjoint.com *.twimg.com librairiebertrand.com *.imgur.com *.dialoginsight.com *.ofsys.com *.facebook.com *.facebook.net *.paypal.com *.paypalobjects.com google.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.adtrafficquality.google *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; manifest-src 'self' leslibraires.ca *.leslibraires.ca booksellers.ca *.booksellers.ca lbrs.ca *.lbrs.ca bkls.ca *.bkls.ca leslibraires.cloudflareaccess.com; media-src self data: blob:; child-src blob:; report-uri https://o4505964188139520.ingest.sentry.io/api/4505964295684096/security/?sentry_key=0c267b745f30d4da27e8d996a22eb2b4&sentry_environment=production; report-to csp-endpoint; worker-src blob:; upgrade-insecure-requests; 2
default-src 'self' * 'unsafe-inline' *.3qsdn.com *.payengine.de data: blob:; style-src 'self' *.googleapis.com *.eye-able.com *.gstatic.com 'unsafe-inline' *.vorteilsguru.de *.3qsdn.com; img-src * 'unsafe-inline' data:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; font-src 'self' *.gstatic.com 'unsafe-inline' *.vorteilsguru.de *.3qsdn.com data: 2
script-src blob: https://*.virginplus.ca https://*.vpc.ca https://*.bell.ca https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://www.googletagmanager.com https://assets.adobedtm.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://solutions.invocacdn.com https://*.google-analytics.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.licdn.com https://sc-static.net https://virgin.know-where.com https://maps.googleapis.com https://bellmaps.korem.com https://*.ss-omtrdc.net https://*.invoca.net https://*.tiktok.com https://*.bing.com https://*.googleadservices.com https://*.clarity.ms https://*.schemaapp.com https://*.medallia.ca https://*.googlesyndication.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.acuityplatform.com https://*.stackadapt.com https://*.outbrain.com https://*.adnxs.com https://*.cluep.com https://*.snapchat.com https://*.cookielaw.org https://cdn.cookielaw.org https://websdk.ujet.co https://www.websdk.ujet.co https://bell-npe-9jnycaz.ca.ccaiplatform.com/log-proxy/log https://cdn.gbqofs.com https://ct.pinterest.com https://*.ccaiplatform.com https://www.geoplugin.com https://*.vaulting.io 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' data: https:; frame-ancestors *.bell.ca *.virginplus.ca *.vpc.ca; object-src https://*.virginplus.ca; 2
connect-src 'self' * ws: blob:; 2
frame-ancestors 'self' *.westchestercountyny.gov *.westchestergov.com *.myaccess.westchestergov.com *.westchestercatalyst.com westchestercatalyst.com *.westchesterputnamonestop.com *.westchesterda.net westchesterda.net *.westchesterlegislators.com westchesterlegislators.com; 2
font-src fonts.gstatic.com use.typekit.net cdn.jsdelivr.net https://fonts.gstatic.com cdn.almapay.com https://applepay.cdn-apple.com https://ws.colissimo.fr maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com applepay.cdn-apple.com common-fonts.abtasty.com https: *.besson-shoes.com *.besson-chaussures.com *.axept.io *.besson.app *.gstatic.com s3s.fr measurement-api.criteo.com *.google-analytics.com *.abtasty.com *.abtastycdn.com blob: self data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.getalma.eu *.payplug.com *.dalenys.com https://applepay.cdn-apple.com https://www.youtube.com https://form.typeform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api-qa.payplug.com secure-qa.payplug.com data: https: *.besson-shoes.com *.besson-chaussures.com *.axept.io *.besson.app *.criteo.com *.pinterest.com *.easydmp.net *.abtasty.com *.abtasty-editor.com *.adnxs.com dqfw2hlp4tfww.cloudfront.net *.criteo.net *.bing.com *.bing.net *.pinimg.com *.affilae.com *.google.fr bessonchaussures.script.admo.tv *.advalo.com s3s.fr measurement-api.criteo.com *.google-analytics.com tbs.tradedoubler.com self 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com https://secure-magenta.dalenys.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com maps.googleapis.com *.realytics.io *.realytics.net adservice.google.com aa.agkn.com https: *.besson-shoes.com *.digitaloceanspaces.com *.rawgit.com *.jsdelivr.net *.besson-chaussures.com *.axept.io *.besson.app *.gstatic.com *.criteo.com *.pinterest.com *.easydmp.net *.abtasty.com *.abtastycdn.com *.abtasty-editor.com *.abtasty.io *.abtasty.net *.adnxs.com dqfw2hlp4tfww.cloudfront.net *.criteo.net *.bing.com *.bing.net *.pinimg.com *.affilae.com *.google.fr bessonchaussures.script.admo.tv *.advalo.com *.doubleclick.net *.bidswitch.net *.smartadserver.com *.taboola.com visitor.omnitagjs.com *.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com *.pubmatic.com pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv criteo-partners.tremorhub.com *.3lift.com ad.yieldlab.net sync-criteo.ads.yieldmo.com *.emxdgt.com sync.1rx.io axeptio.imgix.net sync.targeting.unrulymedia.com *.analytics.google.com www.facebook.com s3s.fr measurement-api.criteo.com *.google-analytics.com tbs.tradedoubler.com blob: self *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com cdn.jsdelivr.net https://maps.googleapis.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com applepay.cdn-apple.com https://cdn.payplug.com https://cdn-qa.payplug.com maps.googleapis.com *.realytics.io *.realytics.net adservice.google.com aa.agkn.com data: https: *.besson-shoes.com *.besson-chaussures.com *.analytics.tiktok.com *.axept.io *.besson.app *.criteo.com *.pinterest.com *.easydmp.net *.abtasty.com *.abtastycdn.com *.abtasty-editor.com *.abtasty.io *.abtasty.net *.adnxs.com dqfw2hlp4tfww.cloudfront.net *.criteo.net *.bing.com *.bing.net *.pinimg.com *.affilae.com *.google.fr bessonchaussures.script.admo.tv *.advalo.com atout.email-match.com s3s.fr measurement-api.criteo.com *.google-analytics.com tbs.tradedoubler.com self blob: *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com cdn.jsdelivr.net https://fonts.googleapis.com https://secure-magenta.dalenys.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com assets.braintreegateway.com *.besson-shoes.com *.besson-chaussures.com *.axept.io *.besson.app *.googletagmanager.com s3s.fr measurement-api.criteo.com *.google-analytics.com tbs.tradedoubler.com *.abtasty.com blob: self tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.getalma.eu https://maps.googleapis.com https://player.vimeo.com https://ws.colissimo.fr https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.realytics.io *.realytics.net adservice.google.com aa.agkn.com data: https: analytics.tiktok.com *.besson-shoes.com *.besson-chaussures.com *.axept.io *.besson.app *.criteo.com *.pinterest.com *.easydmp.net *.abtasty.com *.abtasty-editor.com *.abtasty.io *.abtasty.net *.adnxs.com dqfw2hlp4tfww.cloudfront.net *.criteo.net *.bing.com *.bing.net *.pinimg.com *.affilae.com *.google.fr bessonchaussures.script.admo.tv *.advalo.com axeptio.imgix.net s3s.fr measurement-api.criteo.com *.google-analytics.com tbs.tradedoubler.com self *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' vercel.live *.sanity-cdn.com  *.cookieyes.com cdn-cookieyes.com eu-assets.i.posthog.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.plot.ly unpkg.com www.unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.unpkg.com; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; img-src 'self' data: blob: cdn.sanity.io *.cookieyes.com cdn-cookieyes.com accessible-coneflower-adf.notion.site img.notionusercontent.com file.notion.so; media-src 'self' data: blob: cdn.sanity.io; connect-src 'self' *.bfl.ai *.supabase.co cdn.sanity.io *.api.sanity.io sanity-cdn.com wss://2gpum2i6.api.sanity.io unpkg.com boards-api.greenhouse.io eu.i.posthog.com eu-assets.i.posthog.com eu.posthog.com *.cookieyes.com cdn-cookieyes.com cdn.jsdelivr.net; frame-src 'self' *.preview.bfl.ai *.bfl.ai vercel.live *.cookieyes.com cdn-cookieyes.com; frame-ancestors 'self' 2
frame-ancestors https://*.relive.com https://*.relive.cc; form-action 'self'; object-src 'none'; upgrade-insecure-requests 2
default-src https: data: blob: wss:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors https://app.contentful.com; 2
frame-ancestors 'self' https://marchedufilm.online 2
default-src 'self'; script-src 'self' https://stats.allenai.org/ https://www.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://cdn.us.heap-api.com/ https://c.us.heap-api.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://www.google-analytics.com/ https://*.mux.com/ https://inferred.litix.io/ https://cdn.us.heap-api.com/ https://c.us.heap-api.com/ https://www.datocms-assets.com/; style-src 'self' 'unsafe-inline'; img-src 'self' https://i.ytimg.com/ https://i3.ytimg.com/ https://allenai-web.stats.allenai.org/ https://www.datocms-assets.com/ https://image.mux.com/ data:; media-src 'self' https://*.mux.com/ blob:; object-src 'self' https://www.datocms-assets.com/; frame-src 'self' https://www.youtube-nocookie.com/ https://www.datocms-assets.com/; frame-ancestors 'none'; upgrade-insecure-requests; 2
frame-ancestors 'self' resources.renishaw.com static.renishaw.net www.renishaw.cz www.renishaw.de www.renishaw.com www.renishaw.es www.renishaw.fr www.renishaw.it www.renishaw.hu www.renishaw.nl www.renishaw.pl www.renishaw.com.br www.renishaw.si www.renishaw.se www.renishaw.com.tr www.renishaw.ru www.renishaw.jp www.renishaw.co.kr www.renishaw.com.cn pg.info.renishaw.net; report-uri https://renishaw.report-uri.com/r/d/csp/enforce 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.odphp.health.gov odphp.health.gov health.gov https://cdn.jsdelivr.net https://d1il786i4vdqy4.cloudfront.net https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://analytics.google.com *.analytics.google.com *.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://td.doubleclick.net *.youtube.com *.youtube-nocookie.com survey.alchemer.com *.ytimg.com, frame-ancestors 'self' 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com https://heatmaps.monsido.com/ https://cdn.insight.sitefinity.com *.monsido.com/ https://dec.azureedge.net/ munchkin.marketo.net unpkg.com/@frontify/ *.cloudinary.com www.googletagmanager.com https://manage.hawksearch.com https://app-script.monsido.com https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://stats.g.doubleclick.net/ https://cdn.usefathom.com https://player.video.wowza.com/ https://s3.amazonaws.com/ https://prod-railsapp.s3.amazonaws.com/ https://latencytimer.azurewebsites.net/ https://indd.adobe.com https://public.tableau.com *.userway.org *.ssa.gov/accessibility/andi/andi.js *.citibot.net *.ctctcdn.com *.google.com *.constantcontact.com 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.cuyahogacounty.us/ https://cdn.insight.sitefinity.com https://dec.azureedge.net https://cdnjs.cloudflare.com/ https://manage.hawksearch.com https://player.video.wowza.com/ https://s3.amazonaws.com/ https://prod-railsapp.s3.amazonaws.com/ https://latencytimer.azurewebsites.net/ https://www.ssa.gov/accessibility/andi/andi.js *.userway.org *.citibot.net *.ctctcdn.com *.google.com *.constantcontact.com 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.frontify.com *.cloudinary.com www.googletagmanager.com http://cuyahogacounty.us https://cdn.cuyahogacounty.us/ http://tracking.monsido.com https://cuyahogacms.blob.core.windows.net https://cdn.usefathom.com https://player.video.wowza.com/ https://s3.amazonaws.com/ https://prod-railsapp.s3.amazonaws.com/ https://latencytimer.azurewebsites.net/ *.userway.org *.citibot.net *.amazonaws.com *.ssa.gov/accessibility/andi/andi.js *.google.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: http://tracking.monsido.com https://cdnjs.cloudflare.com https://manage.hawksearch.com https://www.googletagmanager.com/ https://cuyahogacms.blob.core.windows.net https://cdn.userway.org https://api.userway.org https://www.ssa.gov/accessibility/andi/andi.js *.google.com; frame-src 'self' https://www.youtube.com/ https://embed.podcasts.apple.com/ https://player.vimeo.com https://www.google.com/ *.youtube.com/ *.matrixpublicrecords.com/ https://indd.adobe.com https://public.tableau.com *.userway.org *.ssa.gov/accessibility/andi/andi.js *.citibot.net *.google.com *.wowza.com https://embed.wowza.com/ forms.hsforms.com web-chat.nativechat.com; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://heatmaps.monsido.com/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.frontify.com *.cloudinary.com http://tracking.monsido.com https://stats.g.doubleclick.net *.usefathom.com *.monsido.com *.userway.org *.ssa.gov/accessibility/andi/andi.js *.citibot.net *.ctctcdn.com *.google.com *.constantcontact.com 'self' forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com https://cuyahogacms.blob.core.windows.net https://cdn.cuyahogacounty.us/ https://player.video.wowza.com/ https://s3.amazonaws.com/ https://prod-railsapp.s3.amazonaws.com/ https://latencytimer.azurewebsites.net/ https://cdn.userway.org https://api.userway.org https://www.ssa.gov/accessibility/andi/andi.js https://embed.wowza.com/; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.frontify.com *.cloudinary.com *.userway.org *.ssa.gov/accessibility/andi/andi.js *.citibot.net *.google.com *.constantcontact.com 'self' web-chat.nativechat.com 2
default-src 'self'; script-src 'self' https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.google-analytics.com/ https://*.analytics.google.com https://www.googletagmanager.com https://translate.google.com https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/ https://*.js.stripe.com/; style-src 'unsafe-inline' 'self'; frame-src https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/ https://*.js.stripe.com/ https://www.youtube.com/; child-src 'self'; img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com; font-src data:; connect-src blob: https://api.textures.com/ https://api-v3.textures.com/ https://www.textures.com/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/ https://stats.g.doubleclick.net https://*.google-analytics.com/ https://*.analytics.google.com; worker-src 'self'; form-action 'self'; object-src 'self'; base-uri 'self'; frame-ancestors 'self' https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/; upgrade-insecure-requests; media-src 'self'; prefetch-src 'self'; manifest-src 'self'; 2
default-src 'self' https:; script-src 'self' 'nonce-PgzR4vVfu3io3LQ/Hr3IwA==' 'strict-dynamic' *.calibermind.com *.hs-scripts.com js.hs-analytics.net blob: *.hs-banner.com  *.cookielaw.org *.hubspot.com js.hsadspixel.net pi.pardot.com tag.demandbase.com scripts.saltbox.tech player.vimeo.com go.rapidscale.net js.zi-scripts.com *.ads-twitter.com *.facebook.net *.licdn.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.jsdelivr.net *.cloudflare.com *.youtube.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com edge.marker.io cdn.polyfill.io; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.gstatic.com; img-src 'self' https: data:; frame-src 'self' *.commoninja.com *.genially.com *.googletagmanager.com *.vimeo.com *.company-target.com pixel.sitescout.com *.facebook.com *.adsrvr.org *.liadm.com *.doubleclick.net *.hsforms.com *.hsforms.net *.youtube.com *.google.com *.youtube-nocookie.com; form-action 'self' *.facebook.com *.hsforms.net *.hsforms.com; base-uri 'self'; connect-src 'self' *.googletagmanager.com *.calibermind.com *.commoninja.com google.com *.google.com *.hsforms.com *.liadm.com *.adsrvr.org *.clickagy.com *.linkedin.com api.hubapi.com *.hubspot.com ws.zoominfo.com *.onetrust.com *.demandbase.com *.company-target.com cdn.cookielaw.org js.zi-scripts.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.licdn.com *.hsforms.net https://hubspot-forms-static-embed.s3.amazonaws.com https://static.hsappstatic.net; frame-ancestors 'self'; object-src 'none'; media-src 'self' https:; manifest-src 'self' https:; 2
img-src https: 2
default-src 'self'; connect-src *; font-src * data:; frame-src *; frame-ancestors 'self'; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
default-src 'self';script-src 'self' https://static.userback.io https://cdn.iubenda.com https://cs.iubenda.com https://cdn.segment.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.instagram.com https://js.refiner.io https://apv-launcher.minute.ly https://platform.twitter.com https://embed.typeform.com https://www.googletagmanager.com https://e-10353.adzerk.net/ https://ajax.googleapis.com https://www.sportinfocentar.com https://www.sportinfocentar2.com https://analytics.tiktok.com https://snippet.minute.ly https://tldw.me https://*.tldw.me https://sdk.mvp.fan https://securepubads.g.doubleclick.net https://imasdk.googleapis.com https://minute-ly.com https://*.minute-ly.com 'unsafe-eval' 'unsafe-inline';style-src 'self' https://static.userback.io https://embed.typeform.com https://cdn.iubenda.com https://www.sportinfocentar2.com/ https://sdk.mvp.fan https://fonts.googleapis.com 'unsafe-inline';connect-src 'self' https://api.userback.io/ https://api.segment.io https://events.eu1.segmentapis.com https://hits-i.iubenda.com https://cdn.segment.com https://connect.facebook.net https://www.facebook.com https://js.refiner.io https://cdn.iubenda.com https://idb.iubenda.com https://cpl.iubenda.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://api.refiner.io https://www.google.com https://counter.snackly.co https://static.userback.io https://www.sportinfocentar2.com https://tldw.me https://*.tldw.me https://ipapi.co https://blazesdk-prod-cdn.clipro.tv https://securepubads.g.doubleclick.net https://imasdk.googleapis.com https://blaze-audit.clipro.tv https://ehf-assets.mvp.fan https://pagead2.googlesyndication.com https://analytics.tiktok.com/ https://minute-ly.com https://*.minute-ly.com https://analytics-ipv6.tiktokw.us;font-src 'self' data: https://static.userback.io https://fonts.gstatic.com;img-src 'self' data: https://res.ehf.eu https://flags.ehf.eu https://firebasestorage.googleapis.com https://img.ehf.eu https://www.eurohandball.com https://picsum.photos https://www.google.at https://www.facebook.com https://brand.eurohandball.com https://s.zkcdn.net/ https://e-10353.adzerk.net/ https://www.iubenda.com/ https://www.googletagmanager.com/ https://static.adzerk.net https://www.sportinfocentar2.com/ https://tldw.me https://*.tldw.me https://files.pdcstrcdn.de/ https://ehf-assets.mvp.fan https://minute-ly.com https://*.minute-ly.com;media-src 'self' https://tldw.me https://*.tldw.me https://ehf-assets.mvp.fan https://minute-ly.com https://*.minute-ly.com https://*.eurohandball.com;frame-ancestors 'self' https://form.typeform.com https://www.youtube.com https://player.pdcstrcdn.de/;frame-src 'self' https://cdn.iubenda.com https://www.google.com https://www.facebook.com https://js.refiner.io https://platform.twitter.com https://form.typeform.com https://www.youtube.com https://td.doubleclick.net/ https://players.brightcove.net/ https://www.iubenda.com/ https://www.googletagmanager.com/ https://player.pdcstrcdn.de/ https://blazeprod.prod-cdn.clipro.tv/;worker-src 'self' 2
frame-ancestors 'none';; upgrade-insecure-requests 2
script-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self' *.ing.com.tr; object-src 'self'; 2
default-src 'self' https://dayone.me https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://d1m1arvbwat4xp.cloudfront.net/ blob: https://pixel.wp.com/t.gif https://i.ytimg.com/; img-src 'self' https://dayone.me https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://d1m1arvbwat4xp.cloudfront.net/ blob: https://pixel.wp.com/t.gif https://i.ytimg.com/ data: https://api.mapbox.com https://dgalywyr863hv.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://accounts.google.com/gsi/client https://apis.google.com https://cdn.jsdelivr.net/npm/@huggingface/ https://cdn.jsdelivr.net/npm/onnxruntime-common/+esm https://cdn.jsdelivr.net/npm/onnxruntime-web@1.22.0-dev.20250409-89f8206ba4/+esm; connect-src 'self' https://dayone.me https://pbcms.dayone.me https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://apis.google.com https://accounts.google.com/gsi/ https://pixel.wp.com/t.gif https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://d1m1arvbwat4xp.cloudfront.net/ https://o248881.ingest.sentry.io/api/4503976745369600/envelope/ https://public-api.wordpress.com/geo/ https://www.googleapis.com https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone-client-only/production/private/records/ https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone/production/public/users/current https://publish.dayone.app/support/SupportFormConfig.json https://api.mapbox.com https://events.mapbox.com/ https://dgalywyr863hv.cloudfront.net https://api.openai.com https://zapier.com https://huggingface.co/Xenova/all-MiniLM-L6-v2/ https://cas-bridge.xethub.hf.co/xet-bridge-us/ https://cdn.jsdelivr.net/npm/@huggingface/ https://cdn.jsdelivr.net/npm/onnxruntime-web@1.22.0-dev.20250409-89f8206ba4/+esm https://cdn.jsdelivr.net/npm/onnxruntime-common/+esm https://cdn.jsdelivr.net/sm/2bdf6a06ee70e15b76b5d2ff1e8a9aa3c9c8d4cfe7cea16cb0bfff62a751077e.map https://cdn.jsdelivr.net/sm/4944f7a27027a137aef8f6088012eb90dceb5fcbe5f8ceed67e37774e5d814bc.map https://cdn.jsdelivr.net/sm/e3518fbe0c2a4ec8c27d5a407c9a244a0ac7a9c81cc77c64b40e470ba6707160.map https://cdn.jsdelivr.net/sm/1e4298d097fbdbb7a57c3a6e4edaba03276110f5663cd84d40904bea45e756d1.map; frame-src https://accounts.google.com/gsi/ blob: https://content.googleapis.com/ https://www.youtube.com/ https://player.vimeo.com/video/ https://embed.spotify.com/ https://open.spotify.com/embed/playlist/; font-src 'self' data: blob:; worker-src 'self' blob:; frame-ancestors 'self' 2
frame-ancestors 'self' https://live.nkd.com https://www2.nkd.com 2
child-src   blob: mc.yandex.ru; connect-src   'self' ekapusta.ru potato-app.ekapusta.ru tracker.ekapusta.ru *.google-analytics.com *.analytics.google.com mc.yandex.ru mc.yandex.com top-fwz1.mail.ru www.facebook.com stats.g.doubleclick.net pixel.scoring.ru *.appsflyer.com *.ekapusta.ru *.ekapusta.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ru; default-src   'self'; font-src   'self' *.gstatic.com cdnjs.cloudflare.com; frame-ancestors   'self' blob: https://metrika.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; frame-src   'self' www.googletagmanager.com mc.yandex.ru mc.yandex.com reformal.ru *.facebook.com https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://cards.ekapusta.ru https://vk.com https://login.vk.com; img-src   'self' blob: data: mc.yandex.ru mc.yandex.com vk.com www.facebook.com *.google-analytics.com *.google.com potato-app.ekapusta.ru *.zdusercontent.com ekapusta.zendesk.com storage.ekapusta.com top-fwz1.mail.ru login.vk.com *.google.com *.google.ru *.doubleclick.net counter.yadro.ru www.googleadservices.com www.googletagmanager.com *.googlesyndication.com x01.aidata.io *.skype.com *.battle.net *.steampowered.com *.clouddrive.com *.paypal.com *.youtube.com *.live.com *.drom.ru hh.ru *.hh.ru *.dnevnik.ru *.selcdn.ru *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net zendesk.ekapusta.com *.ekapusta.com *.ekapusta.ru pixel.scoring.ru; report-uri   https://report-uri.ekapusta.ru; script-src   'self' 'unsafe-inline' *.google-analytics.com www.googleadservices.com mc.yandex.ru mc.yandex.com connect.facebook.net top-fwz1.mail.ru kladr-api.com *.doubleclick.net *.gstatic.com www.googletagmanager.com websdk.appsflyer.com pixel.scoring.ru *.googletagmanager.com https://yastatic.net; style-src   'self' 'unsafe-inline' www.gstatic.com cdnjs.cloudflare.com; worker-src   'self' blob:; 2
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com s7.addthis.com cdnjs.cloudflare.com; style-src 'self' https: 'unsafe-inline' 2
frame-ancestors 'self' https://*.nano.ir; 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self' https://*.imagio.covestro.com; upgrade-insecure-requests; block-all-mixed-content; 2
base-uri 'self' https://*.adsrvr.org; child-src 'self' 'unsafe-eval' 'unsafe-inline' wss://ws.eu1.paradox.ai/; connect-src 'self' 'unsafe-eval' blob: data: *.redditstatic.com https://*.adnxs.com https://*.adsrvr.org https://*.aptrinsic.com https://*.basis.net https://*.bausch.com https://*.bing.com https://*.bing.net https://*.bl-ppd.com https://*.bluecava.com https://*.bootstrapcdn.com https://*.bunny.net/ https://*.businesswire.com https://*.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.collect.igodigital.com https://*.consensu.org https://*.consentmanager.net https://*.consumerism.pressganey.com https://*.contextweb.com https://*.doctor.com/ https://*.doubleclick.net https://*.eu1.paradox.ai https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.fonts.net https://*.google-analytics.com https://*.google.co.in https://*.google.com https://*.google.nl https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gstatic.com https://*.investis.com https://*.linkedin.com https://*.litix.io https://*.mapbox.com https://*.marinsm.com https://*.mgr.consensu.org https://*.mikmak.ai https://*.mmitnetwork.com/ https://*.monitor.azure.com https://*.mookie1.com https://*.paradox.ai https://*.pinimg.com https://*.pinterest.com https://*.powerapps.com https://*.pricespider.com https://*.prnewswire.com/ https://*.reddit.com https://*.redditstatic.com https://*.rubiconproject.com https://*.services.visualstudio.com https://*.serving-sys.com https://*.snapchat.com https://*.swaven.com https://*.tiktok.com https://*.tiktokw.us https://*.tools.investis.com https://*.txttoi.com https://*.typekit.net https://*.wistia.com https://*.wistia.net https://cdn.fonts.net https://copilotstudio.microsoft.com https://google.com https://sc-static.net https://unpkg.com wss://ws.eu1.paradox.ai/ wss://wtbstream.pricespider.com/; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bausch.com https://*.cloudfront.net https://*.investis.com https://*.paradox.ai https://*.tools.investis.com https://lumify-project-glimmer.netlify.app; font-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.adnxs.com https://*.bausch.com https://*.bl-ppd.com https://*.bootstrapcdn.com https://*.bunny.net/ https://*.cloudflare.com https://*.cloudfront.net https://*.consentmanager.net https://*.doctor.com/ https://*.eu1.paradox.ai https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.fonts.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gotolstoy.com https://*.gstatic.com https://*.jsdelivr.net/ https://*.litix.io https://*.marinsm.com https://*.mikmak.ai https://*.mmitnetwork.com/ https://*.mookie1.com https://*.powerapps.com https://*.pricespider.com https://*.salesforceliveagent.com https://*.swaven.com https://*.tiktok.com https://*.typekit.net https://*.wistia.com https://*.wistia.net https://cdn.fonts.net https://copilotstudio.microsoft.com wss://ws.eu1.paradox.ai/; form-action 'self' 'unsafe-eval' 'unsafe-inline' https://*.adsrvr.org https://*.bausch.com https://*.consentmanager.net https://*.doctor.com/ https://*.facebook.com https://copilotstudio.microsoft.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.redditstatic.com https://*.adnxs.com https://*.adsrvr.org https://*.basis.net https://*.bausch.com https://*.bl-ppd.com https://*.cloudfront.net https://*.consensu.org https://*.consentmanager.net https://*.doctor.com/ https://*.doubleclick.net https://*.eu1.paradox.ai https://*.facebook.com https://*.fingertipformulary.com https://*.fonts.net https://*.force.com https://*.google.com https://*.google.ie https://*.googletagmanager.com https://*.gotolstoy.com https://*.gstatic.com https://*.lumifyrewards.com https://*.mapbox.com https://*.marinsm.com https://*.mgr.consensu.org https://*.mikmak.ai https://*.mookie1.com https://*.pinterest.com https://*.pricespider.com https://*.salesforceliveagent.com https://*.sightmatters.com https://*.sitescout.com https://*.snapchat.com https://*.swaven.com https://*.wistia.net https://*.youtube.com https://copilotstudio.microsoft.com https://irxcm.com https://lumify-project-glimmer.netlify.app https://www.juicer.io wss://ws.eu1.paradox.ai/; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.redditstatic.com https://*.adentifi.com https://*.adnxs.com https://*.adsrvr.org https://*.akamaihd.net https://*.app-us1.com https://*.basis.net https://*.bausch.com https://*.bauschsurgical.com https://*.bidswitch.net https://*.bing.com https://*.bing.net https://*.bl-ppd.com https://*.bluecava.com https://*.businesswire.com https://*.casalemedia.com https://*.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.collect.igodigital.com https://*.consentmanager.net https://*.contextweb.com https://*.deepintent.com https://*.doctor.com/ https://*.doubleclick.net https://*.eu1.paradox.ai https://*.facebook.com https://*.fontawesome.com https://*.google-analytics.com https://*.google.ca https://*.google.co.in https://*.google.com https://*.google.ie https://*.google.nl https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gstatic.com https://*.linkedin.com https://*.litix.io https://*.marinsm.com https://*.mathtag.com https://*.mikmak.ai https://*.mmitnetwork.com/ https://*.mookie1.com https://*.pinimg.com https://*.pinterest.com https://*.placeholder.com https://*.powerapps.com https://*.pricespider.com https://*.prnewswire.com/ https://*.reddit.com https://*.rubiconproject.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.sharethis.com https://*.sitescout.com https://*.snapchat.com https://*.swaven.com https://*.tapad.com https://*.tiktok.com https://*.turn.com https://*.twitter.com https://*.wistia.com https://*.wistia.net https://*.ytimg.com https://bauschvisioncare.secure.force.com https://c212.net https://cdn.fonts.net https://copilotstudio.microsoft.com https://eyetube.net https://google.com https://sc-static.net https://t.co/ https://thrtle.com https://unpkg.com https://www.google.lu wss://ws.eu1.paradox.ai/; media-src 'self' 'unsafe-inline' blob: https://*.adsrvr.org https://*.bausch.com https://*.cloudfront.net https://*.consentmanager.net https://*.gotolstoy.com https://*.gstatic.com https://*.linkedin.com https://*.litix.io https://*.marinsm.com https://*.mookie1.com https://*.wistia.com https://*.wistia.net wss://ws.eu1.paradox.ai/; object-src 'self' https://*.adsrvr.org https://*.bausch.com https://*.consentmanager.net https://*.litix.io https://*.marinsm.com https://*.mookie1.com https://*.powerapps.com https://*.wistia.net https://copilotstudio.microsoft.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.redditstatic.com https://*.activehosted.com https://*.adnxs.com https://*.adsrvr.org https://*.aptrinsic.com https://*.bausch.com https://*.bing.com https://*.bl-ppd.com https://*.bootstrapcdn.com https://*.bunny.net/ https://*.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.collect.igodigital.com https://*.consentmanager.net https://*.contextweb.com https://*.doctor.com/ https://*.doubleclick.net https://*.eu1.paradox.ai https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gstatic.com https://*.jquery.com/ https://*.jsdelivr.net/ https://*.lassomarketing.io https://*.lhmos.com https://*.licdn.com https://*.linkedin.com https://*.litix.io https://*.mapbox.com https://*.marinsm.com https://*.marketo.net https://*.mikmak.ai https://*.mmitnetwork.com/ https://*.monitor.azure.com https://*.mookie1.com https://*.pinimg.com https://*.pinterest.com https://*.pmsrv.co https://*.powerapps.com https://*.pricespider.com https://*.prod.uidapi.com https://*.redditstatic.com https://*.rezync.com https://*.salesforceliveagent.com https://*.sentry-cdn.com https://*.services.visualstudio.com https://*.serving-sys.com https://*.snapchat.com https://*.swaven.com https://*.tiktok.com https://*.wistia.com https://*.wistia.net https://*.youtube.com https://copilotstudio.microsoft.com https://irxcm.com https://lumify-project-glimmer.netlify.app https://sc-static.net https://static.ads-twitter.com https://tags.spider-mails.com https://unpkg.com wss://ws.eu1.paradox.ai/ ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.redditstatic.com https://*.adnxs.com https://*.aptrinsic.com https://*.bausch.com https://*.bl-ppd.com https://*.bootstrapcdn.com https://*.bunny.net/ https://*.cloudflare.com https://*.cloudfront.net https://*.consentmanager.net https://*.doctor.com/ https://*.eu1.paradox.ai https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.fonts.net https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gstatic.com https://*.jquery.com/ https://*.jsdelivr.net/ https://*.linkedin.com https://*.litix.io https://*.mapbox.com https://*.marinsm.com https://*.mikmak.ai https://*.mmitnetwork.com/ https://*.mookie1.com https://*.powerapps.com https://*.pricespider.com https://*.typekit.net https://*.wistia.com https://*.wistia.net https://cdn.fonts.net https://copilotstudio.microsoft.com https://unpkg.com wss://ws.eu1.paradox.ai/ ; worker-src 'self' blob: https://*.consentmanager.net https://*.powerapps.com; manifest-src https://*.adsrvr.org https://*.consentmanager.net; upgrade-insecure-requests;report-to stott-security-endpoint;report-uri https://www.beprevepro.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 2
frame-ancestors https://www.thefabulous.co https://*.thefabulous.co https://ai.thefabulous.co; 2
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net unpkg.com *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.mail.cafepress.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com *.eml.stockingshop.com *.eml.ornamentstreet.com *.eml.baubles.co.uk track.cordial.io tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.turnto.com *.turnto.eu wac.edgecast.net s.axon.ai c.albss.com *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com *.simplytoimpress.com *.photoaffections.com *.canvasworld.com *.mycustomcase.com *.simplytoimpress.co.uk *.parkerandpip.com *.legacylane.com *.gifts.com *.personalcreations.com *.stockingshop.com *.ornamentstreet.com *.baubles.co.uk *.cafepress.com cdn.gonift.com shopper.shop.pe d2mjzob2nc713b.cloudfront.net capig.gifts.com nexus.ensighten.com *.mczbf.com *.herbstarsbuilding.com res4.applovin.com d32u6scf3pzwp7.cloudfront.net;frame-ancestors 'self' https://www.gifts.com https://*.personalcreations.com;object-src 'self' https://www.gifts.com;upgrade-insecure-requests 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 2
default-src 'self' https://*.lifepointspanel.com https://*.clarity.ms; connect-src 'self' https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.clarity.ms https://bat.bing.com https://bat.bing.net https://*.doubleclick.net https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.at https://www.google.be https://www.google.com.br https://www.google.ca https://www.google.cl https://www.google.cn https://www.google.com.co https://www.google.cz https://www.google.de https://www.google.dk https://www.google.com.eg https://www.google.es https://www.google.fi https://www.google.fr https://www.google.com.gh https://www.google.gr https://www.google.com.hk https://www.google.hu https://www.google.co.id https://www.google.co.in https://www.google.ie https://www.google.co.il https://www.google.it https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.com.mx https://www.google.co.ma https://www.google.com.ng https://www.google.nl https://www.google.no https://www.google.co.nz https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.com.sa https://www.google.com.sg https://www.google.sn https://www.google.sk https://www.google.co.za https://www.google.se https://www.google.ch https://www.google.co.th https://www.google.com.tr https://www.google.co.tz https://www.google.co.ug https://www.google.com.ua https://www.google.ae https://www.google.co.uk https://www.google.com.vn https://www.google-analytics.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://capig.lifepointspanel.com *.nr-data.net https://www.facebook.com https://click.prod.mplat-ppcprotect.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://pixel-config.reddit.com; font-src 'self' data: https://www.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://content.lifepointspanel.com; frame-src 'self' https://*.trustpilot.com https://consent.kantar.com https://bid.g.doubleclick.net https://td.doubleclick.net https://10766450.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com; img-src 'self' data: https://*.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.google.com.ar https://www.google.com.au https://www.google.at https://www.google.be https://www.google.com.br https://www.google.ca https://www.google.cl https://www.google.cn https://www.google.com.co https://www.google.cz https://www.google.de https://www.google.dk https://www.google.com.eg https://www.google.es https://www.google.fi https://www.google.fr https://www.google.com.gh https://www.google.gr https://www.google.com.hk https://www.google.hu https://www.google.co.id https://www.google.co.in https://www.google.ie https://www.google.co.il https://www.google.it https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.com.mx https://www.google.co.ma https://www.google.com.ng https://www.google.nl https://www.google.no https://www.google.co.nz https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.com.sa https://www.google.com.sg https://www.google.sn https://www.google.sk https://www.google.co.za https://www.google.se https://www.google.ch https://www.google.co.th https://www.google.com.tr https://www.google.co.tz https://www.google.co.ug https://www.google.com.ua https://www.google.ae https://www.google.co.uk https://www.google.com.vn https://www.google.cat https://adservice.google.com https://www.googleadservices.com https://*.googlesyndication.com https://10766450.fls.doubleclick.net https://ad.doubleclick.net https://*.clarity.ms https://*.bing.com https://bat.bing.net https://www.facebook.com https://s1.adform.net https://sb.scorecardresearch.com https://sb.voicefive.com https://secure.insightexpressai.com https://a.e-webtrack.net https://img.macromill.com https://www.insightexpressai.com https://www.rlcdn.com https://flextrack.msi-aci.com https://ads.e-webtrack.net https://*.nudatasecurity.com https://alb.reddit.com; object-src 'none'; script-src 'self' 'unsafe-inline' blob: https://*.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://js-agent.newrelic.com https://redditstatic.com https://*.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://tag.simpli.fi https://a.e-webtrack.net https://analytics.tiktok.com https://client.prod.mplat-ppcprotect.com https://www.redditstatic.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://www.lifepointspanel.com https://content.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://cdn.jsdelivr.net; frame-ancestors 'self' 2
frame-ancestors 'self' *.strumentimusicali.net; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://babiel.jobbase.io https://babiel.onlyfy.jobs https://*.usercentrics.eu https://www.instagram.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fast.fonts.net; img-src 'self' data: https://www.google-analytics.com https://*.usercentrics.eu; frame-src 'self' https://babiel.jobbase.io https://babiel.onlyfy.jobs https://www.youtube-nocookie.com https://www.instagram.com https://*.usercentrics.eu; connect-src 'self' https://www.google-analytics.com https://*.usercentrics.eu 2
frame-ancestors 'self' https://www.winspark.ai 2
frame-ancestors https://cruiser.cloud.capitalone.com 2
style-src 'self' https: 'report-sample' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.google.com cdn.jsdelivr.net www.googletagmanager.com https://www.netsurion.com; img-src 'self' https: data: https://bat.bing.com https://clients1.google.com https://px.ads.linkedin.com https://tribl.io https://www.google-analytics.com https://www.google.com https://www.netsurion.com;  script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.netsurion.com/ https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://assets.calendly.com https://www.google.com https://cse.google.com  https://clients1.google.com https://www.googletagmanager.com https://googletagmanager.com   https://tagmanager.google.com https://www.google-analytics.com https://analytics.google.com/ https://ssl.google-analytics.com  https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googleadservices.com/pagead/conversion_async.js https://apis.google.com  https://www.recaptcha.net https://recaptcha.net  https://www.gstatic.cn/recaptcha/  https://www.google.com/recaptcha/ https://www.gstatic.com https://snap.licdn.com https://bat.bing.com https://ajax.googleapis.com   https://ws.zoominfo.com  https://www.netsurion.com https://www.google.co.uk https://www.google.nl https://www.google.de https://www.google.fr https://www.google.co.in https://www.google.pl  https://www.google.com.au  https://www.google.co.id https://www.google.it https://www.google.co.il  https://www.google.com.ph https://www.google.ie   https://www.google.be https://www.google.ru  https://www.google.se  https://www.google.co.nz  https://www.google.com.co  https://www.google.com.mx https://www.google.pt https://www.google.co.th  https://www.google.com.ng https://www.google.ca  https://www.google.es  https://www.google.no https://www.google.dk  https://www.google.com.bd https://www.google.ch  https://www.google.com.my https://www.google.co.za  https://www.google.cz https://www.google.com.pk https://www.google.co.ma https://www.google.si https://www.google.com.tr https://www.google.com.tw https://www.google.com.br https://www.google.bg https://www.google.co.kr https://www.google.com.ua https://www.google.co.cr https://www.google.com.pe https://www.google.fi https://www.google.lt https://www.google.ge https://www.google.com.ar https://www.google.com.pr https://www.google.com.sg https://www.google.gr https://www.google.lk https://www.google.co.jp https://www.google.ae https://www.google.com.eg https://www.google.com.sa https://www.google.com.do https://www.google.com.pa https://www.google.ro https://www.google.hu https://www.google.cl https://www.google.hr  https://www.google.lv https://www.google.at https://www.google.com.ec https://www.google.com.vn https://www.google.cn https://www.google.com.hk https://www.google.rs https://www.google.com.cy https://www.google.al https://www.google.com.py https://www.google.co.ke https://www.google.ee https://www.google.com.sv https://www.google.com.np https://www.google.co.ug https://www.google.kz  https://www.google.com.jm   https://www.google.lu  https://www.google.mu https://www.google.com.kw https://www.google.iq https://www.google.com.gh  https://www.google.by  https://www.google.mk  https://www.google.co.mz https://www.google.com.uy https://www.google.sk https://www.google.md https://www.google.hn https://www.google.jo https://www.google.dz https://www.google.com.et https://www.google.am  https://www.google.co.ve https://tribl.io https://scout-cdn.salesloft.com www.google.com/jsapi https://partner.googleadservices.com/gampad/cookie.js https://tags.clickagy.com/data.js https://pi.pardot.com https://info.netsurion.com https://j.6sc.co/6si.min.js;  connect-src 'self' https://px.ads.linkedin.com/wa/ https://csp.withgoogle.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://bat.bing.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com  https://adservice.google.com/ https://analytics.google.com/ https://www.netsurion.com https://scout.salesloft.com/ https://cdn.linkedin.oribi.io/ https://aorta.clickagy.com https://hemsync.clickagy.com https://secure.adnxs.com/getuidj https://c.6sc.co/ https://ipv6.6sc.co/;   frame-src 'self' blob: https://www.netsurion.com/latest-news https://www.netsurion.com/latest-news/news https://www.google.com/recaptcha/ https://cse.google.com/ https://www.googletagmanager.com https://bid.g.doubleclick.net  https://www.youtube.com/ https://player.vimeo.com/ https://www.youtube-nocookie.com/ https://cdn.embedly.com/ https://tribl.io  https://www.netsurion.com/ https://info.netsurion.com/ https://td.doubleclick.net/;  child-src https://www.googletagmanager.com/ns.html; object-src 'none';   base-uri 'self';  manifest-src 'self';   media-src 'self' https://www.netsurion.com; worker-src 'none';form-action 'self' https://www.netsurion.com/assessments/gap-analysis https://www.netsurion.com/campaigns/ppc-gap-analysis https://www.netsurion.com/campaigns/cmit-gap-analysis; 2
frame-ancestors https://*.mofos.com 2
default-src 'self' 'unsafe-inline' https://documentcloud.adobe.com https://*.brand-portal.adobe.com https://viewlicense.adobe.io https://lionbridge.data.adobedc.net https://lionbridge-stage.adobemsbasic.com/ https://px.ads.linkedin.com/ https://*.clarity.ms https://region1.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.lionbridge.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com https://*.trendemon.com https://info.lionbridge.com/js/forms2/js/forms2.min.js https://googleads.g.doubleclick.net/* https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info1.lionbridge.com/ https://ajax.googleapis.com/ https://ws-assets.zoominfo.com/ https://schedule.zoominfo.com https://*.brand-portal.adobe.com https://www.lionbridge.com blob: https://lionbridge-stage.adobemsbasic.com https://documentcloud.adobe.com https://s.go-mpulse.net https://www.clarity.ms https://*.prod.mplat-ppcprotect.com https://*.mplat-ppcprotect.com https://mplat-ppcprotect.com https://bat.bing.com/bat.js https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=gggwzf https://bat.bing.com/p/action/343159921.js https://*.webexperiences.com https://*.bound360.com https://*.getsmartcontent.com; script-src-elem 'self' data: 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://lionbridge.data.adobedc.net https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com https://www.google.com/ https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/ https://js.zi-scripts.com/zi-tag.js https://googleads.g.doubleclick.net/* https://ws-assets.zoominfo.com/formcomplete.js https://*.brand-portal.adobe.com https://documentcloud.adobe.com https://s.go-mpulse.net https://www.clarity.ms https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.prod.mplat-ppcprotect.com https://*.mplat-ppcprotect.com https://mplat-ppcprotect.com https://bat.bing.com/bat.js https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=gggwzf https://bat.bing.com/p/action/343159921.js https://wec-assets.terminus.services https://chat-snippet.terminusplatform.com https://*.webexperiences.com https://*.getsmartcontent.com https://cdn.dreamdata.cloud/scripts/analytics/next/dreamdata.min.js https://www.lionbridge.com ; script-src-attr https://*.brand-portal.adobe.com https://*.prod.mplat-ppcprotect.com https://*.mplat-ppcprotect.com https://mplat-ppcprotect.com https://assets.adobedtm.com; style-src * 'self' https://*.brand-portal.adobe.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://*.brand-portal.adobe.com; style-src-attr 'self' 'unsafe-inline' https://*.brand-portal.adobe.com; img-src 'self' data: https://www.lionbridge.com https://play.vidyard.com https://five.fourtimessmelly.com https://cdn.cookielaw.org https://cdn.vidyard.com https://*.brand-portal.adobe.com https://b.6sc.co/ https://www.facebook.com https://trackingapi.trendemon.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google.com https://www.google.ie https://cm.everesttech.net https://pic.trendemon.com/ https://lionbridge.data.adobedc.net https://dpm.demdex.net/ https://a.mktgcdn.com https://t.co https://analytics.twitter.com https://dpm.demdex.net https://www.google-analytics.com https://*.clarity.ms https://*.bing.com https://*.linkedin.com https://www.googleadservices.com https://www.google.co.in https://lionbridgeallstage.112.2o7.net https://smetrics.lionbridge.com https://*.google.com.br https://*.google.com.ch https://*.terminus.services https://*.adsrvr.org https://*.webexperiences.com https://*.bound360.com https://*.getsmartcontent.com; connect-src 'self' https://server.gametester.gg/ https://ws.zoominfo.com https://api.schedule.zoominfo.com https://c.go-mpulse.net https://five.fourtimessmelly.com/mon https://*.lionbridge.com https://cdn.cookielaw.org https://answersstatus.pagescdn.com https://liveapi-cached.yext.com https://ipv6.6sc.co https://geolocation.onetrust.com https://five.fourtimessmelly.com https://dpm.demdex.net https://js.zi-scripts.com https://epsilon.6sense.com https://*.brand-portal.adobe.com https://cdn.linkedin.oribi.io https://lionbridge.tt.omtrdc.net https://dayintegrationintern.tt.omtrdc.net https://viewlicense.adobe.io https://liveapi.yext.com https://answers.yext-pixel.com https://privacyportal-de.onetrust.com https://c.6sc.co https://region1.analytics.google.com https://stats.g.doubleclick.net/ https://secure.adnxs.com https://px.ads.linkedin.com https://www.google.ie https://*.clarity.ms https://*.go-mpulse.net https://pagead2.googlesyndication.com https://www.google.com https://*.doubleclick.net https://analytics.google.com https://*.on24.com https://*.prod.mplat-ppcprotect.com https://*.mplat-ppcprotect.com https://mplat-ppcprotect.com https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=66a3d5b3ccc0bf01b27a0116 https://*.google-analytics.com https://google.com https://google.ch https://*.terminus.services wss://*.amazonaws.com https://script.google.com/macros/s/AKfycbzuW1rr4er2kHmpndHBxGUVaOfm3VU1joALNCVJgWWnfg6wtuogPdW5Bvl2t43Umjxn/exec?url=https://www.lionbridge.com; frame-src 'self' https://play.vidyard.com https://dayintegrationinternal.demdex.net https://lionbridge.demdex.net https://www.facebook.com https://app-sjn.marketo.com https://www.youtube.com/ https://www.google.com/ https://www.lionbridge.com/ https://player.youku.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/ https://documentcloud.adobe.com/ https://*.brand-portal.adobe.com https://td.doubleclick.net https://*.prod.mplat-ppcprotect.com https://*.mplat-ppcprotect.com https://mplat-ppcprotect.com https://*.googletagmanager.com/ https://*.webexperiences.com https://*.bound360.com https://*.getsmartcontent.com; frame-ancestors 'self' http://lionbridge.com:8000 https://*.brand-portal.adobe.com; 2
frame-ancestors 'self' https://gnosis-safe.io https://dev.gnosis-safe.io https://dapp-browser.apps.ledger.com https://ledger-live-platform-apps.vercel.app https://bsc.gnosis-safe.io https://polygon.gnosis-safe.io https://tmm.world https://dhedge.org https://dh-pre-prod.vercel.app/ https://app.safe.global https://*.coinshift.xyz https://connect.trezor.io https://verify.walletconnect.com https://wallet-v2.blocto.app https://1inch.cloudflareaccess.com https://buy.moonpay.com https://*.blockscout.com https://1inch.github.io https://connect.solflare.com https://1inch.com https://staging.1inch.com; frame-src data: blob: 'self' https://challenges.cloudflare.com https://app.safe.global https://*.coinshift.xyz https://connect.trezor.io https://verify.walletconnect.com https://wallet-v2.blocto.app https://dapp-browser.apps.ledger.com https://1inch.cloudflareaccess.com https://buy.moonpay.com https://sdk.prod.innerworks.me https://verify.walletconnect.org https://connect.solflare.com https://1inch.com https://staging.1inch.com https://subscribe-forms.beehiiv.com https://www.youtube.com https://youtube.com https://buy.moonpay.com https://verify.walletconnect.org; 2
default-src 'self' https://*.zdassets.com https://*.zendesk.com https://*.smooch.io https://*.sentry.io https://*.twilio.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.aware.com.au https://aware.com.au https://assets.adobedtm.com https://www.googletagmanager.com https://*.ads.linkedin.com https://pixels.spotify.com https://*.cobrowse.io https://*.adsrvr.org https://ka-p.fontawesome.com https://www.googleadservices.com https://*.zdassets.com https://connect.facebook.net https://fss.tt.omtrdc.net https://*.demdex.net https://app-script.monsido.com https://r.turn.com https://cdn.pdst.fm https://snap.licdn.com https://sdc.aware.com.au https://tracking.monsido.com https://td.doubleclick.net https://*.doubleclick.net https://analytics.tiktok.com https://googleads.g.doubleclick.net https://*.googleapis.com https://use.typekit.net https://cdn.appdynamics.com https://www.youtube.com https://rum.hlx.page https://*.siteintercept.qualtrics.com https://s.yimg.com https://siteintercept.qualtrics.com https://www.recaptcha.net https://www.gstatic.com https://*.zendesk.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.aware.com.au https://aware.com.au https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://ka-p.fontawesome.com https://use.typekit.net; img-src 'self' data: blob: https://googleads.g.doubleclick.net https://*.doubleclick.net https://analytics.tiktok.com https://aware.com.au https://*.aware.com.au https://www.facebook.com https://*.fbcdn.net https://r.turn.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://px.ads.linkedin.com https://*.ads.linkedin.com https://pixels.spotify.com https://*.adsrvr.org https://tracking.monsido.com https://www.google.com.au https://connect.facebook.net https://maps.gstatic.com https://*.googleapis.com https://p.typekit.net https://sp.analytics.yahoo.com https://*.cobrowse.io https://*.zendesk.com https://*.qualtrics.com https://cm.everesttech.net https://*.ggpht.com https://*.demdex.net https://lh3.googleusercontent.com https://*.gravatar.com https://*.zdassets.com https://media.smooch.io https://*.zdusercontent.com; media-src 'self' https://*.zdassets.com; worker-src 'self' blob:; connect-src 'self' https://googleads.g.doubleclick.net https://*.doubleclick.net https://analytics.tiktok.com https://connect.facebook.net https://fss.tt.omtrdc.net https://*.demdex.net https://*.api.aware.com.au https://api.aware.com.au https://www.googletagmanager.com https://ka-p.fontawesome.com https://*.zdassets.com https://sdc.aware.com.au https://firststatesuper.zendesk.com https://www.googleadservices.com https://www.google.com https://adobedc.demdex.net https://www.facebook.com https://pixels.spotify.com https://px.ads.linkedin.com https://*.ads.linkedin.com https://maps.googleapis.com https://*.googleapis.com https://syd-col.eum-appdynamics.com https://aware.com.au https://*.aware.com.au https://s.yimg.com https://siteintercept.qualtrics.com https://dpm.demdex.net https://*.cobrowse.io wss://*.cobrowse.io https://*.zendesk.com https://*.qualtrics.com https://www.recaptcha.net https://*.adsrvr.org wss://*.zendesk.com wss://api.smooch.io wss://voice-js.roaming.twilio.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://analytics.tiktok.com https://www.facebook.com https://retirementcalculator.aware.com.au https://*.retirementcalculator.aware.com.au https://www.googletagmanager.com https://fss.demdex.net https://td.doubleclick.net https://calculators.infochoice.com.au https://www.recaptcha.net https://*.adsrvr.org https://*.ads.linkedin.com https://pixels.spotify.com https://*.aware.com.au https://aware.com.au https://awaresuperstaging.zendesk.com https://awaresuperada.zendesk.com https://firststatesuper.zendesk.com; object-src 'none'; base-uri 'self'; form-action 'self' https://voice.aware.com.au; frame-ancestors 'self' https://*.aware.com.au https://aware.com.au https://*.aem.aware.com.au https://author.aem.aware.com.au; 2
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net  https://*.qualtrics.com https://*.piwik.pro https://www.youtube.com/ https://*.googleapis.com https://secure.leadforensics.com/ https://*.hotjar.com ; style-src 'self' 'unsafe-inline' https://*.googleapis.com  https://*.hotjar.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com  https://*.qualtrics.com https://*.legrand.com https://*.legrandgroup.com;; frame-src https://www.youtube.com/ https://www.youtube-nocookie.com https://*.qualtrics.com https://legrand.symex.be;; frame-ancestors https://*.legrand.com https://*.legrandgroup.com https://www.googletagmanager.com https://legrand.symex.be; font-src  https://*.googleapis.com https://*.legrand.com https://*.gstatic.com https://*.hotjar.com; connect-src 'self' https://legrand.symex.be https://www.google-analytics.com https://legrand-plateforme.containers.piwik.pro https://cdn.jsdelivr.net  https://*.qualtrics.com https://*.piwik.pro https://www.youtube.com/ https://*.googleapis.com https://www.youtube-nocookie.com https://*.google-analytics.com https://www.googletagmanager.com www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self'  wbpa.wdo.io eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 2
default-src 'self'; font-src 'self' data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://cdn.jsdelivr.net/* https://static.zohocdn.com https://widget.rather.chat https://widget.rather.chat/* https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; img-src 'self' data: https://p.typekit.net https://tawk.link https://tawk.link/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/1/i/* https://geo-tracker.trinadsp.co.za/* https://s2s.oldmutual.co.za https://track.adform.net/Serving/TrackPoint/* https://server.seadform.net/serving/cookie/sync/* https://dsp.trinamarketing.co.za/ https://tribalfusion.com/ https://*.tribalfusion.com https://*.twitter.com https://ads-twitter.com https://bat.bing.com https://a.tribalfusion.com https://us4-files.zohopublic.com https://*.company-target.com https://*.rlcdn.com https://flagcdn.com https://flagcdn.com/* https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; frame-src 'self' https://www.oldmutual.co.za/ https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com https://*.adform.net https://td.doubleclick.net https://bot-omi-eu.rather.chat/* https://bot-omi-eu.rather.chat https://salesiq.zohopublic.com https://*.company-target.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; connect-src 'self' https://api-eu1.cludo.com/ https://www.google.com https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to  wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/* https://c1001.report.gbss.io https://c2001.report.gbss.io https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://*.eskimi.com https://ams.creativecdn.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://s2s.oldmutual.co.za https://*.demandbase.com https://js-eu1.hs-scripts.com https://api.hubspot.com https://gdpr.loopme.com https://sms.hubtel.com https://*.company-target.com https://google.com https://*.uapoldmutual.co.ug https://tag.demandbase.com https://api.company-target.com https://s.company-target.com https://*.dynatrace.com https://*.bf.dynatrace.com https://*.zoho.com https://*.rather.chat https://*.rather.chat/* https://maps.googleapis.com/maps/* https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true https://maps.googleapis.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.pagesense.io https://static.zohocdn.com https://customer.cludo.com/ https://salesiq.zohopublic.com https://analytics.twitter.com https://c1001.report.gbss.io https://c2001.report.gbss.io https://cdn.gbqofs.com  https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://use.typekit.net https://static.ads-twitter.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://js.zohocdn.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/* https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://bat.bing.com https://dsp.trinamarketing.co.za/ https://secure.adnxs.com/ https://quantserve.com/quant.js https://tags.creativecdn.com/ http://rtbhouse.com http://rtbhouse.net https://secure.quantserve.com/quant.js https://googleads.g.doubleclick.net https://tag.demandbase.com https://api.company-target.com https://s.company-target.com https://*.dynatrace.com https://*.bf.dynatrace.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://*.demandbase.com https://js-eu1.hs-scripts.com https://api.hubspot.com https://*.loopme.com https://sms.hubtel.com https://*.company-target.com https://widget.rather.chat https://widget.rather.chat/* https://js-cdn.dynatrace.com/jstag/15fc9f135f3/bf62395jrv/a207cbaa8e544abe_complete.js https://js-cdn.dynatrace.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za https://bot-omi-eu.rather.chat/; media-src 'self' data: https://static.zohocdn.com https://mpsnare.iesnare.com 2
object-src 'none'; frame-ancestors 'self' script-src 'self' 'nonce-6c2fcd1cd7939c2c844c965cae94af511398bc54fd629b3982c0dd86983e934e' *.hdbfs.com *.hdbfs.com/branch/ *.google-analytics.com *.google.com  *.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.googletagmanager.com  *.hdbfs.com hdbfs.com *.fontawesome.com *.gstatic.com cdn.datatables.net cdnjs.cloudflare.com; img-src 'self' data: *.hdbfs.com *.google.co.in *.google.com *.googletagmanager.com *.maggiesadler.com *.google-analytics.com *.gstatic.com *.googleapis.com *.hdbfs.com *.fontawesome.com css.page-source.com; 2
frame-ancestors 'self' https://app.trengo.com/ 2
default-src 'none'; connect-src 'self' *.onetrust.com *.demdex.net *.adobedc.net *.cookielaw.org *.twitter.com; script-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.adobedtm.com *.youtube.com *.cookielaw.org *.twitter.com *.twimg.com cdn.inspectlet.com frontend.id-visitors.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com cdn.jsdelivr.net *.typekit.net; child-src 'self' data: *.google.com *.gstatic.com *.twitter.com; img-src 'self' data: *.gstatic.com *.google.com *.cookielaw.org *.google-analytics.com stats.g.doubleclick.net *.twitter.com *.twimg.com *.paypalobjects.com cartodb-basemaps-a.global.ssl.fastly.net cartodb-basemaps-b.global.ssl.fastly.net cartodb-basemaps-c.global.ssl.fastly.net; style-src 'self' *.google.com *.twitter.com *.twimg.com cdn.jsdelivr.net *.typekit.net 'unsafe-inline'; object-src 'self'; frame-ancestors 'none' 2
default-src 'self' https://*.hotjar.io https://media.cez.cz data:;frame-ancestors https://*.setrim.cz https://*.cez.cz http://*.cez.cz *.cezdata.corp https://*.cezdistribuce.cz https://www.dev.cez.cz;style-src 'self' data:  'unsafe-eval' 'unsafe-inline' https://setrim.cz https://ceztipy.cz/ https://*.cez.cz http://*.cez.cz https://*.hotjar.com https://*.hotjar.io https://fonts.googleapis.com https://cdn.bezstavy.cz https://www.test.bezstavy.cz https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://www.cezdistribuce.cz https://api.bezstavy.cz *.luigisbox.com *.hospitalita.cz *.visualwebsiteoptimizer.com app.vwo.com https://tagmanager.google.com https://googletagmanager.com https://fonts.googleapis.com https://cdn.luigisbox.tech;frame-src *.cookiebot.com *.cookiebot.eu https://vars.hotjar.com https://www.cez.cz/ https://www.google.com https://www.youtube.com https://www.test.bezstavy.cz https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://dip.cezdistribuce.cz/ https://chatbot.cezdistribuce.cz/ https://wtgisweb.cezdata.corp/ https://api.bezstavy.cz *.adform.net *.seadform.net https://media.cez.cz https://geoportal.cezdistribuce.cz/ *.hospitalita.cz *.visualwebsiteoptimizer.com app.vwo.com https://www.dev.cez.cz *.googletagmanager.com widgets.refsite.info https://www.googletagmanager.com https://www.facebook.com;font-src 'self' data:  https://*.cez.cz https://fonts.gstatic.com *.hospitalita.cz;connect-src 'self' https://clc.cez.cz http://clc-test.cez.cz https://clc-test.cez.cz http://clc-test.cez.cz https://*.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com *.cookiebot.com *.cookiebot.eu https://*.google.com https://*.google.cz https://*.googletagmanager.com https://*.googleservices.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://plausible.io https://*.hotjar.com https://*.hotjar.io https://www.cezdistribuce.cz https://maps.googleapis.com wss://*.hotjar.com *.adform.net *.seadform.net https://www.test.bezstavy.cz https://www.dev.cezdistribuce.cz https://www.devpublic1.cez.cz https://www.devpublic3.cez.cz https://api.bezstavy.cz *.luigisbox.com *.hospitalita.cz http://public4.cez.cz http://www.svetenergie.cz http://svetenergie.cz *.visualwebsiteoptimizer.com app.vwo.com https://bat.bing.com https://bat.bing.net *.seznam.cz https://www.cez.cz https://live.luigisbox.tech https://api.luigisbox.tech;img-src 'self' https://bat.bing.com https://setrim.cz https://ceztipy.cz/ https://www.cezdistribuce.cz https://googletagmanager.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://storage.googleapis.com https://*.g.doubleclick.net https://*.google.com https://c.seznam.cz https://*.google.cz https://recaptcha.net https://*.cez.cz https://img.bankid.cz https://www.facebook.com https://cx.atdmt.com https://*.hotjar.com https://*.hotjar.io https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com *.cookiebot.com *.cookiebot.eu https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://api.bezstavy.cz https://tile.openstreetmap.org https://streetviewpixels-pa.googleapis.com https://lh3.ggpht.com/ *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.adform.net *.seadform.net *.hospitalita.cz *.usercentrics.eu data:  https://developers.google.com/ *.bing.net;script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://www.google.com https://*.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://www.gstatic.com https://recaptcha.net https://c.imedia.cz *.adform.net *.seadform.net *.cez.cz https://pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.cookiebot.com *.cookiebot.eu https://connect.facebook.net https://*.persoo.cz https://*.persoo.ai https://*.hotjar.com https://*.seznam.cz https://plausible.io https://*.hotjar.com https://*.hotjar.io https://www.youtube.com https://maps.googleapis.com https://cdn.bezstavy.cz https://www.test.bezstavy.cz https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://api.bezstavy.cz https://chatbot.cezdistribuce.cz https://unpkg.com/ https://www.cezdistribuce.cz *.visualwebsiteoptimizer.com https://bat.bing.com app.vwo.com *.vimeo.com *.luigisbox.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech *.hospitalita.cz 'unsafe-inline' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob: 2
frame-ancestors 'self' https://*.amplitude.com 2
object-src 'none'; base-uri 'none';frame-ancestors 'self' *.myscheme.gov.in *.myscheme.in https://dashboard.dl6.in; 2
frame-ancestors 'self' https://dbrand.sanity.studio 2
base-uri 'none'; 2
img-src 'self' *.foodwatch.org googleads.g.doubleclick.net www.google.com www.google.de *.fundraisingbox.com *.ytimg.com *.facebook.com public.flourish.studio data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.foodwatch.org *.foodwatch.nl www.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com *.fundraisingbox.com *.eventjet.at *.klantsite.net *.doubleclick.net *.procurios.site *.youtube.com https://www.youtube.com *.podigee-cdn.net *.facebook.net *.instagram.com foodwatch.spendenwidget.com *.stripe.com *.stripe.network ipapi.co public.flourish.studio blob:; frame-src 'self' *.foodwatch.org *.foodwatch.nl *.google.com *.stripe.com *.fundraisingbox.com *.eventjet.at *.klantsite.net *.doubleclick.net *.procurios.site *.youtube.com https://www.youtube.com https://www.youtube-nocookie.com *.podigee-cdn.net *.instagram.com public.flourish.studio flo.uri.sh rappelconso.dev; connect-src 'self' *.foodwatch.org *.foodwatch.nl ipapi.co *.fundraisingbox.com *.eventjet.at *.klantsite.net *.doubleclick.net *.procurios.site *.podigee-cdn.net *.google.com *.google.de www.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com *.facebook.net foodwatch.spendenwidget.com data: blob:; font-src 'self' *.podigee-cdn.net foodwatch.spendenwidget.com; style-src 'self' 'unsafe-inline' *.podigee-cdn.net *.stripe.com *.stripe.network foodwatch.spendenwidget.com; worker-src blob:; form-action 'self'; object-src 'none'; frame-ancestors 'self' localhost *.foodwatch.org reseauactionclimat.org www.federationdesdiabetiques.org www.france-assos-sante.org www.la-csf.org cnao.fr www.unaf.fr  pourdessupermarchesdurables.org; 2
media-src blob: * 2
default-src * 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://remitano.com 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; connect-src https: wss:; img-src * data:; style-src https: 'unsafe-inline'; font-src * data:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; object-src 'none'; media-src 'self' https:; frame-src 'self' https:; base-uri 'self'; form-action 'self'; 2
default-src 'self'; connect-src 'self' https://*.komatsu.com https://edge.adobedc.net https://analytics.google.com https://region1.analytics.google.com https://www.google.co.in https://dpm.demdex.net https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com https://geolocation.onetrust.com https://adobedc.demdex.net https://maps.googleapis.com https://places.googleapis.com https://maps.gstatic.com https://*.clarity.ms https://*.onetrust.com https://*.speccheck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com https://cdn.cookielaw.org https://edge.adobedc.net https://www.youtube.com/s/player https://www.google.com/js/th https://www.gstatic.com https://www.googletagmanager.com https://static.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://dpm.demdex.net https://maps.googleapis.com https://maps.gstatic.com https://*.clarity.ms https://*.onetrust.com https://privacyportal-cdn.onetrust.com https://*.speccheck.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://privacyportal-cdn.onetrust.com https://lite.speccheck.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.gstatic.com/s/notosans https://fonts.gstatic.com/s/roboto https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' data: blob: https://*.komatsu.com https://*.scene7.com https://*.stylelabs.cloud https://www.google.co.in https://cdn.cookielaw.org https://dev.day.com https://www.googletagmanager.com https://img.youtube.com https://cm.everesttech.net https://*.adobeaemcloud.com https://dpm.demdex.net https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.onetrust.com https://*.clarity.ms https://*.speccheck.com; frame-src 'self' https://www.youtube.com https://komatsu.demdex.net https://*.google.com; frame-ancestors 'self' https://www.komatsu.com https://mykomatsu.komatsu 2
frame-ancestors 'self' https://*.cashconverters.es https://production-eu01-cashconverters.demandware.net https://www.pccomponentes.com https://*.cashconverters.pt; 2
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.jp flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.eu flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.kr flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.grabaseat.co.nz govtbookings.airnewzealand.co.nz au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com test.adyen.com; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' flightbookings.airnewzealand.com t.a3cloud.net ib.adnxs.com *.demdex.net www.everestjs.net oc-cdn-public-oce.azureedge.net https://unpkg.com/acs_webchat-chat-adapter@0.0.35-beta.20/dist/chat-adapter.js www.googleadservices.com www.google.com www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com www.google-analytics.com analytics.google.com tagmanager.google.com *.doubleclick.net static.hotjar.com script.hotjar.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au cdn-au.onetrust.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com upgrade.plusgrade.com s.swiftypecdn.com player.vimeo.com s.wayin.com xd.wayin.com x.wayin.com eu-x.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com yourir.info www.youtube.com s.ytimg.com; style-src 'unsafe-inline' p-airnz.com 'self' oc-cdn-public-oce.azureedge.net fonts.googleapis.com tagmanager.google.com static.hotjar.com script.hotjar.com upgrade-cdn-prd.plusgrade.com upgrade-prod-cdn.plusgrade.com s.swiftypecdn.com yourir.info; img-src https: data: blob: ad.doubleclick.net ade.googlesyndication.com adservice.google.com www.googletagmanager.com www.google.com static.hotjar.com script.hotjar.com *.kampyle.com i.vimeocdn.com i.ytimg.com; font-src p-airnz.com 'self' *.cdn.office.net fonts.googleapis.com fonts.gstatic.com script.hotjar.com data: dhm5hy2vn8l0l.cloudfront.net; media-src 'self' p-airnz.com data: video.cdnvue.com; frame-src 'self' *.demdex.net www.everestjs.net pixel.everesttech.net au-connect.authsignal.com auth.identity.airnewzealand.com identity.airnewzealand.com airnz-cargo.chooose.today airnz-corporate.chooose.today forms.cd.airnewzealand.co.nz sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com test.adyen.com oc-cdn-public-oce.azureedge.net blob: comms.omnichannelengagementhub.com customervoice.microsoft.com www.googletagmanager.com td.doubleclick.net *.google.com *.doubleclick.net vars.hotjar.com nebula-cdn.kampyle.com www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html www.airnewzealand.co.nz/payment/scripts/done.html *.cdn-pci.optimizely.com nz.fltmaps.com v.qq.com player.vimeo.com xd.wayin.com x.wayin.com eu-x.wayin.com display.engagesciences.com airnz.wufoo.com player.youku.com www.youtube.com; worker-src blob:; connect-src 'self' api.airnz.io api.airnz.ai p-airnz.com *.demdex.net *.tt.omtrdc.net identity.airnewzealand.com sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com unq0355446423e84eb397bc71189d78d-crm6.omnichannelengagementhub.com browser.pipe.aria.microsoft.com *.omnichannelengagementhub.com *.au.omnichannelengagementhub.com https://*.trouter.skype.com wss://*.trouter.skype.com edge.skype.com *.communication.azure.com ocsdk-prod.azureedge.net blob: pagead2.googlesyndication.com www.googleadservices.com www.google.com google.com ad.doubleclick.net *.googleapis.com *.google.com *.gstatic.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://widget.timatic.iata.org/api/ md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au cdn-au.onetrust.com geolocation.onetrust.com privacyportal-au.onetrust.com *.optimizely.com https://*.sentry.io s.swiftypecdn.com search-api.swiftype.com yourir.info; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 2
default-src 'none'; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' *.trustedshops.com; style-src https: 'unsafe-inline' 'self' *.trustedshops.com; img-src https: 'self' *.trustedshops.com data:; font-src 'self' data: *.trustedshops.com https://manage.chilly.domains https://swiss.chilly.domains https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' www.youtube-nocookie.com https://stats.ledl.net/; form-action *; connect-src 'self' *.trustedshops.com stats.ledl.net; worker-src 'self' blob: 2
frame-ancestors 'none'; report-uri csp-reports; report-to csp-endpoint; 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.testkontur.ru localhost localhost:3000 localhost:5995 localhost:8080 kontur.ru *.kontur.ru http://*.kontur.ru wss://ntf.kontur.ru *.skbkontur.ru *.kontur-extern.ru *.diadoc.ru *.kontur.host kontur.tools *.atlasnw.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://metrika.yandex.ru https://yastatic.net http://pki.cib-service.ru http://pki.sertum-pro.ru http://pki.skbkontur.ru *.globalsign.com *.burgaz.ru *.gazprom-hr.transfer *.cryptopro.ru *.ozon.ru *.ozonru.me *.tinkoff.ru *.tbank.ru *.tcsbank.ru https://clientcd.kontur:3443 lh3.googleusercontent.com; img-src 'self' data: *.testkontur.ru localhost localhost:3000 localhost:5995 localhost:8080 kontur.ru *.kontur.ru http://*.kontur.ru wss://ntf.kontur.ru *.skbkontur.ru *.kontur-extern.ru *.diadoc.ru *.kontur.host kontur.tools *.atlasnw.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://metrika.yandex.ru https://yastatic.net http://pki.cib-service.ru http://pki.sertum-pro.ru http://pki.skbkontur.ru *.globalsign.com *.burgaz.ru *.gazprom-hr.transfer *.cryptopro.ru *.ozon.ru *.ozonru.me *.tinkoff.ru *.tbank.ru *.tcsbank.ru; report-uri https://frontreport-relay.kontur.host/csp/ 2
frame-ancestors 'self' *.mann-ivanov-ferber.ru 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*/vnd.ms-fontobject https://*/octet-stream https://*/font-woff https://*/x-font-ttf https://*/svg+xml https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://livesystemssrl.germany-2.evergage.com/ 'self' data: https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com *.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com intent://arvr.google.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.cloudflare.com www.mondoconv.it my.adabra.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com testeps.netswgroup.it eps.netswgroup.it *.facebook.com finanziamenti.agosweb.it secure.findomestic.it test-securepay.eupayglobe.com securepay.eupayglobe.com *.cetelem.es 'self' 'unsafe-inline'; frame-ancestors 'self' www.mondoconv.it *.force.com 'self'; frame-src bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.braintreegateway.com *.paypal.com google.com *.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://mondoconvenienza--partial.sandbox.my.site.com https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://td.doubleclick.net/ https://ct.pinterest.com *.youtube-nocookie.com https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com intent://arvr.google.com  https://load.sgtm.mondoconv.es  https://sgtm.mondoconv.es https://main.d2l4jnxpos1qsv.amplifyapp.com https://staging.d2l4jnxpos1qsv.amplifyapp.com https://ecatview.evinapp.it *.iubenda.com *.livechatinc.com *.online-metrix.net *.tracead.com tracead.com *.signifyd.com img.signifyd.com *.addthis.com *.jrs5.com pubxtag1.com amc.demdex.net *.facebook.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.hotjar.com *.adabra.com *.intervieweb.it finanziamenti.agosweb.it *.force.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://*.online-metrix.net https://*.mondoconv.it https://*.cookielaw.org https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://livesystemssrl.germany-2.evergage.com/ https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://td.doubleclick.net https://*.valueservice.cloud https://n.clarity.ms *.clarity.ms https://image.mondoconvenienza.eu *.mondoconvenienza.eu https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com https://www.google.es https://www.google.fr https://mondoconv.it https://*.google-analytics.com https://*.doubleclick.net https://connect.facebook.net media.mondoconv.it media.mondoconv.es *.mondoconv.es *.payments-amazon.com *.linksynergy.com *.nxtck.com *.mediaforge.com *.jrs5.com *.dc-storm.com *.rd.linksynergy.com *.ra.linksynergy.com *.facebook.com *.google.it *.google.com *.signifyd.com *.e.aa.online-metrix.net *.googleapis.com amcglobal.sc.omtrdc.net cm.everesttech.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.demdex.net *.bing.com *.igodigital.com 510001710.collect.igodigital.com *.googletagmanager.com *.adabra.com track.adabra.com *.flix360.com *.pinterest.com *.swogo.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://*.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://*.vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://*.cloudflareinsights.com *.googletagmanager.com *.facebook.net *.hotjar.com https://*.clearsale.com.br https://*.online-metrix.net https://api.psma.com.au https://*.ewaypayments.com https://*.clearpay.co.uk https://*.afterpay.com https://*.adobedtm.com https://*.adobe.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net js-agent.newrelic.com *.eu01.nr-data.net https://*.cardinalcommerce.com https://*.ccdc02.com https://*.paypal.com https://*.paypalobjects.com https://*.ytimg.com *.googleapis.com https://*.vimeocdn.com *.gstatic.com https://*.typekit.net https://*.omtrdc.net https://*.magento-ds.com *.chimpstatic.com https://*.mailchimp.com https://*.list-manage.com https://*.braintreegateway.com https://*.googleoptimize.com https://*.polyfill.io *.iubenda.com mondoconv.it mondoconv.es https://*.evgnet.com https://*.site.com https://*.noibu.com https://*.googlesyndication.com https://*.cookielaw.org https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://cdn.evgnet.com https://livesystemssrl.germany-2.evergage.com/ https://dynamic.criteo.com https://ct.pinterest.com https://is-cdn.dynatrace.com *.dynatrace.com *.clarity.ms widget.pinterest.com https://*.valueservice.cloud https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com *.flixfacts.com https://*.flix360.io https://*.flix360.com *.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com https://www.google.es chimpstatic.com *.cloudflare.com *.doofinder.com *.signifyd.com *.livechatinc.com *.rmtag.com *.tracead.com tracead.com *.addthis.com *.amazon.com *.amazonaws.com *.jsdelivr.net *.moatads.com *.addthisedge.com *.genteroma.com smct.co *.smct.co smct.io *.smct.io *.adabra.com widget-mediator.zopim.com *.bing.com *.igodigital.com 510001710.collect.igodigital.com *.swogo.net *.intervieweb.it pushpad.xyz *.mondoconv.it *.mondoconv.es *.force.com *.pinimg.com https://www.clarity.ms https://*.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://*.site.com https://*.valueservice.cloud https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com https://fonts.googleapis.com *.cloudflare.com *.googleapis.com *.jsdelivr.net *.gstatic.com *.adabra.com *.force.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.mondoconv.it 'self' 'unsafe-inline'; manifest-src https://media.mondoconv.es https://media.mondoconv.it https://media-staging247.mondoconv.it https://media-staging247.mondoconv.es 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.cloudflareinsights.com https://cloudflareinsights.com https://api.psma.com.au *.hotjar.com https://*.salesforce-scrt.com https://*.mondoconv.it https://*.googlesyndication.com https://*.cookielaw.org https://*.onetrust.com https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://cdn.evgnet.com https://livesystemssrl.germany-2.evergage.com/ https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://cdn.noibu.com https://bat.bing.net https://n.clarity.ms *.clarity.ms *.dynatrace.com https://*.valueservice.cloud https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com https://media.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com https://www.google.es https://www.google.it  https://sgtm.mondoconv.es  https://*.googleapis.com https://media.mondoconv.es *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.iubenda.com *.doofinder.com *.g.doubleclick.net *.doubleclick.net *.signifyd.com *.signifyd.com:11103 *.signifyd.com:11103/onload https://bt.signifyd.com:11103 https://bt.signifyd.com:11103/onload bt.signifyd.com *.facebook.com *.google-analytics.com *.livechatinc.com *.addthis.com dpm.demdex.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com widget-mediator.zopim.com wss://widget-mediator.zopim.com bat.bing.com *.adabra.com pushpad.xyz *.igodigital.com http://510001710.collect.igodigital.com *.eu01.nr-data.net *.pinterest.com *.swogo.net ws: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self' https://webidprovera-p.yettel.rs https://idprovera-p.yettel.rs https://webidprovera-t.yettel.rs https://idprovera-t.yettel.rs 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: maxcdn.bootstrapcdn.com *.klaviyo.com smsapi.7-s.si *.googleapis.com *.gstatic.com www.google.com googletagmanager.com *.googletagmanager.com static.cloudflareinsights.com www.facebook.com connect.facebook.net *.mass.si *.mass-shoes.com *.mass-shoes.at mass-shoes.at bat.bing.com www.google.si assets.adobedtm.com *.cloudfront.net liveupdate.pimcore.org www.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net td.doubleclick.net api.instacloud.io business.facebook.com *.paypalobjects.com *.cookiebot.com *.hotjar.com *.hotjar.io creativecdn.com *.google-analytics.com *.pusher.com sessions.bugsnag.com www.youtube.com *.gls-hungary.com *.gls-slovenia.com *.openstreetmap.org *.elfsight.com *.elfsightcdn.com api-js.datadome.co *.analytics.google.com pagead2.googlesyndication.com *.paypal.com *.posta.si *.boxnow.hr x.klarnacdn.net *.klarnaevt.com *.klarna.com; 2
default-src  'self' ; connect-src  'self' www.google-analytics.com;  img-src      'self' 'unsafe-inline' 'unsafe-eval' data: i.ytimg.com image.tmdb.org *.gstatic.com *.google.com *.w.org *.gravatar.com *.vimeocdn.com *.phenomena.com;  script-src   'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com *.youtube.com *.vimeo.com *.googleapis.com *.google-analytics.com;  style-src    'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.vimeocdn.com;  font-src     'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com;  frame-src    'self' *.youtube.com *.vimeocdn.com *.vimeo.com;  frame-ancestors 'self';  object-src   'self' ;  2
frame-ancestors 'self' http://localhost:3000 2
default-src 'self' data: blob: https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://cms.globalconnect.net https://cdnjs.cloudflare.com/ajax/libs/lodash.js/ https://unpkg.com/axios/dist/ https://unpkg.com/vue@3/dist/ https://cdnjs.cloudflare.com/ajax/libs/vue/ https://cdnjs.cloudflare.com/ajax/libs/axios/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://*.globalconnect.dk https://globalconnect.fi https://*.globalconnect.fi https://globalconnect.no https://*.globalconnect.no https://*.globalconnect.de https://*.globalconnect.se https://bat.bing.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://apps.mypurecloud.de https://globalconnect-2.mynewsdesk.com/ globalconnect-no.mynewsdesk.com globalconnect-se.mynewsdesk.com globalconnect-fi.mynewsdesk.com globalconnect-de.mynewsdesk.com https://*.adform.net https://s3.amazonaws.com/downloads.mailchimp.com/ https://globalconnect.us1.list-manage.com/ https://snippet.maze.co/maze-universal-loader.js https://snippet.maze.co/static/ https://prompts.maze.co/api/widgets https://chat.kindlycdn.com/; style-src 'unsafe-inline' 'self' https://cms.globalconnect.net https://cdn-images.mailchimp.com; img-src 'self' data: blob: https://cms.globalconnect.net https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://secure.gravatar.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.se/ https://www.google.dk/ https://www.google.fi/ https://www.google.de/ https://www.google.no/ https://www.facebook.com/ https://bat.bing.com/ https://ade.googlesyndication.com https://googleads.g.doubleclick.net/ https://i.ytimg.com https://i.vimeocdn.com https://wp.gcweb.live https://imgsct.cookiebot.com https://ad.doubleclick.net https://static.kindlycdn.com/ https://api-downloads.mypurecloud.de/ https://bot.kindly.ai/ https://ui-avatars.com/ https://attachments.kindlycdn.com; connect-src 'self' https://globalconnect.no https://*.globalconnect.no https://*.globalconnect.dk https://globalconnect.fi https://*.globalconnect.fi https://*.globalconnect.de https://*.globalconnect.se https://api.dataforsyningen.dk/ https://consentcdn.cookiebot.com/ https://yoast.com/ https://api.ip-only.net https://www.google.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com https://bat.bing.com/ https://api-cdn.mypurecloud.de wss://ws.hotjar.com/ https://content.hotjar.io/ https://metrics.hotjar.io/ https://api.mypurecloud.de wss://webmessaging.mypurecloud.de https://prompts.maze.co/api/widgets https://chat.kindlycdn.com/ https://bot.kindly.ai/ wss://ws-eu.pusher.com/ https://sockjs-eu.pusher.com/ https://storage.googleapis.com/; frame-src 'self' data: blob: https://cms.globalconnect.net https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.youtube.com/ https://td.doubleclick.net/ https://globalconnect.bbvms.com/ https://player.vimeo.com/ https://response.questback.com/ https://globalconnect-2.mynewsdesk.com/ globalconnect-no.mynewsdesk.com globalconnect-se.mynewsdesk.com globalconnect-fi.mynewsdesk.com globalconnect-de.mynewsdesk.com https://apps.mypurecloud.de https://www.youtube.com/ https://player.vimeo.com/ https://*.doubleclick.net/ https://c1.adform.net https://chat.kindlycdn.com/; media-src 'self' data: blob: https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://globalconnect.bbvms.com/ https://www.youtube.com/ https://player.vimeo.com/; form-action 'self' https://cms.globalconnect.net; font-src 'self' data: blob: https://assets.ip-only.net/ https://chat.kindlycdn.com/ https://assets.globalconnect.net/; 2
default-src blob: data: 'self' http://*.stash.com http://browser-intake-datadoghq.com http://videos.ctfassets.net http://www.youtube.com; connect-src blob: data: 'self' http://*.doubleclick.net http://*.stash.com http://analytics.google.com http://api.segment.io http://browser-intake-datadoghq.com http://cdn.segment.com http://www.facebook.com http://region1.analytics.google.com http://rum.browser-intake-datadoghq.com http://stats.g.doubleclick.net http://www.google-analytics.com https://api.consentjs.datagrail.io https://experience.ninetailed.co https://ingest.insights.ninetailed.co https://assets.ctfassets.net https://maps.googleapis.com https://maps.gstatic.com https://widget.trustpilot.com https://mapixl.com https://app.launchdarkly.com https://clientsdk.launchdarkly.com https://clientstream.launchdarkly.com https://events.launchdarkly.com https://stream.launchdarkly.com https://hooks.slack.com; script-src blob: data: 'self' 'unsafe-eval' 'unsafe-inline' http://*.stash.com http://browser-intake-datadoghq.com http://cdn.segment.com http://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com; script-src-elem 'unsafe-inline' 'self' http://*.stash.com http://analytics.google.com http://connect.facebook.net http://www.googletagmanager.com http://widget.trustpilot.com https://api.consentjs.datagrail.io https://boards.greenhouse.io https://job-boards.greenhouse.io/ https://maps.googleapis.com https://maps.gstatic.com https://mapixl.com; style-src 'self' http://*.stash.com 'unsafe-inline' https://fonts.googleapis.com; img-src blob: data: 'self' http://*.cloudfront.net http://*.stash.com http://*.wpengine.com http://images.ctfassets.net http://s3.amazonaws.com https://stashpublic.s3.amazonaws.com http://www.facebook.com http://www.google.ca http://www.google.co.in http://www.google.co.ug http://www.google.co.uk http://www.google.de http://www.google.ie http://www.google.it http://www.google.pt http://www.google.nl http://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com; font-src 'self' data: http://*.stash.com http://fonts.gstatic.com; object-src 'self' http://*.stash.com; base-uri 'self' http://*.stash.com; form-action 'self' http://*.stash.com; frame-src 'self' http://*.doubleclick.net http://*.stash.com http://www.youtube.com https://*.typeform.com http://widget.trustpilot.com https://boards.greenhouse.io https://job-boards.greenhouse.io/; frame-ancestors https://app.contentful.com; 2
default-src 'self'; script-src 'self'; connect-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org; media-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org 2
frame-src 'self' https://optimize.google.com https://www.googletagmanager.com https://staging.eigendev.com https://ms1.eigendev.com https://bid.g.doubleclick.net *.lpsnmedia.net *.liveperson.net *.hotjar.com *.fls.doubleclick.net *.salecycle.com https://www.google.com https://customersso.rvs.com https://customersso-stage.rvs.com https://customer-sso-api.kong.test.site-testing.com https://acquire1.comenity.net https://acquire1uat.comenity.net *.youtube.com *.googlesyndication.com https://console.googletagservices.com https://td.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com https://bookings.spot2nite.com https://bookings.spot2nite.dev https://www.google.com https://www.facebook.com https://*.qualtrics.com; 2
connect-src 'self' ws: wss:; 2
frame-ancestors 'self' my.impakt-360.com 2
upgrade-insecure-requests; frame-ancestors 'self' *.wso2.com choreo.dev; 2
default-src 'self' https://new-website-file.s3.ap-southeast-1.amazonaws.com https://static.addtoany.com https://www.sobot.com https://www.youtube.com; img-src 'self' https://new-website-file.s3.ap-southeast-1.amazonaws.com data: https://px.ads.linkedin.com https://www.facebook.com http://www.zkteco.com/en https://connect.facebook.net https://www.linkedin.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.sobot.com https://www.googletagmanager.com https://connect.facebook.net https://snap.licdn.com https://analytics.tiktok.com https://px.ads.linkedin.com https://static.addtoany.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://www.facebook.com/ https://analytics-ipv6.tiktokw.us wss://imws.sobot.com:9016/ws wss://imws.sobot.com:9013/ws https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://px.ads.linkedin.com https://www.facebook.com https://www.google-analytics.com https://mpc2-prod-24-is5qnl632q-uw.a.run.app; font-src 'self' data:;frame-ancestors 'self'; 2
frame-ancestors 'none'; report-uri https://prod-fhs-rn-csp-service.rbictg.com/csp; report-to csp-endpoint 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 2
default-src 'self'; font-src *;img-src * data:; script-src *; style-src *; 2
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com; frame-ancestors 'self'; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net; upgrade-insecure-requests; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.milliman.com https://www.googletagmanager.com https://www.google-analytics.com https://www.buzzsprout.com https://bat.bing.com https://js.driftt.com https://js.adsrvr.org https://solutions.invocacdn.com https://milliman.aiproxies.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://analytics.cdn.aimediagroup.com https://pnapi.invoca.net https://googleads.g.doubleclick.net https://analytics.aimediagroup.com https://maps.googleapis.com https://snap.licdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://public.tableau.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://static.hotjar.com https://script.hotjar.com https://static.cloud.coveo.com https://siteimproveanalytics.com https://www.clarity.ms https://players.brightcove.net https://vjs.zencdn.net https://tagassistant.google.com https://unpkg.com/aos@next/ https://js.zi-scripts.com https://ss-extras.millimanfunds.com https://cxppusa1rdrect01sa02cdn-endpoint.azureedge.net; img-src 'self' data: https://*.milliman.com https://assets.buzzsprout.com https://www.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://cf-images.us-east-1.prod.boltdns.net https://analytics.aimediagroup.com https://milliman.aiproxies.com https://www.google.com https://www.google.ca https://match.adsrvr.org https://maps.googleapis.com https://maps.gstatic.com *.googleapis.com *.ggpht https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://www.youtube.com https://public.tableau.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://*.siteimproveanalytics.io https://metrics.brightcove.com https://edge.sitecorecloud.io https://fonts.gstatic.com https://px4.ads.linkedin.com https://dashboard.aidps.xyz; style-src 'self' 'unsafe-inline' https://*.milliman.com https://fonts.googleapis.com https://cloud.typenetwork.com https://assets.buzzsprout.com https://platform.twitter.com https://ton.twimg.com https://edge-platform.sitecorecloud.io https://www.googletagmanager.com https://unpkg.com/aos@next/ https://ss-extras.millimanfunds.com; font-src 'self' 'unsafe-inline' data: https://*.milliman.com https://fonts.gstatic.com https://cloud.typenetwork.com https://ton.twimg.com https://fastly-cloud.typenetwork.com; frame-src 'self' https://webforms-qa.milliman.com https://webforms.milliman.com https://www.arcgis.com https://*.milliman.com https://players.brightcove.net https://www.buzzsprout.com https://insight.adsrvr.org https://app.powerbi.com https://js.driftt.com https://milliman.maps.arcgis.com https://*.makeaclickablemap.com https://makeaclickablemap.com https://www.google.com https://assets.milliman.com https://milliman-milwaukee-reports.azurewebsites.net https://td.doubleclick.net/ https://twitter.com https://platform.twitter.com https://html5-player.libsyn.com https://bid.g.doubleclick.net https://www.youtube.com https://public.tableau.com https://vars.hotjar.com https://syndication.twitter.com https://milliman.aiproxies.com https://*.vimeo.com https://app.netlify.com/ https://www.googletagmanager.com; child-src 'self' https://webforms-qa.milliman.com https://webforms.milliman.com https://*.milliman.com https://players.brightcove.net https://www.buzzsprout.com https://app.powerbi.com https://milliman.maps.arcgis.com https://*.makeaclickablemap.com https://makeaclickablemap.com https://www.google.com https://assets.milliman.com https://milliman-milwaukee-reports.azurewebsites.net https://twitter.com https://www.twitter.com html5-player.libsyn.com https://bid.g.doubleclick.net blob:; connect-src 'self' https://millimanproductionmo4t0l69.org.coveo.com https://*.milliman.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://edge-platform.sitecorecloud.io https://assets5.lottiefiles.com https://*.analytics.org.coveo.com https://*.clarity.ms https://lottie.host https://assets9.lottiefiles.com https://millimannonproduction1gm81sp5s.org.coveo.com https://millimannonproduction1gm81sp5s.analytics.org.coveo.com https://millimanproductionmo4t0l69.org.coveo.com https://millimanproductionmo4t0l69.analytics.org.coveo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com https://pnapi.invoca.net https://bam.nr-data.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://usageanalytics.coveo.com https://platform.cloud.coveo.com https://www.milliman.com https://us.milliman.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://maps.googleapis.com https://milliman.aiproxies.com https://geolocation.onetrust.com https://secure.adnxs.com https://edge-platform.sitecorecloud.io https://edge.api.brightcove.com https://*.boltdns.net https://*.akamaihd.net https://edge.sitecorecloud.io https://www.google.com https://*.brightcovecdn.com https://js.zi-scripts.com https://ws.zoominfo.com https://ss-extras.millimanfunds.com https://mobile.events.data.microsoft.com; media-src 'self' https://*.milliman.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://*.brightcovecdn.com blob:; upgrade-insecure-requests; block-all-mixed-content; 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://apps.elfsight.com https://static.elfsight.com https://www.youtube.com https://storage.elfsight.com https://apis.google.com https://www.googletagmanager.com https://universe-static.elfsightcdn.com https://app.tintup.com addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; style-src 'self' 'unsafe-inline' https://p.typekit.net addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://idrc-crdi.ca/en/report-uri/enforce 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.intelligence-enterprise.com https://secure.leadforensics.com https://cdn.yoshki.com https://sidley.rev.vbrick.com https://sidley.readz.com https://www.buzzsprout.com https://www.google-analytics.com/ https://www.googletagmanager.com/ http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://cdn.fonts.net/ https://cdn.fonts.net/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/ https://vimeo.com/ https://idx.liadm.com/ https://public.tableau.com *.org.coveo.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.intelligence-enterprise.com https://secure.leadforensics.com https://static.cloud.coveo.com/ https://ajax.cloudflare.com https://sidley.readz.com https://www.buzzsprout.com https://www.google-analytics.com/ https://www.googletagmanager.com/ http://use.typekit.net/ https://use.typekit.net/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://cdn.fonts.net https://cdn.fonts.net https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://player.vimeo.com/ https://secure.tent0mown.com https://challenges.cloudflare.com https://public.tableau.com https://cdn.cookielaw.org https://geolocation.onetrust.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://static.cloud.coveo.com/ https://www.buzzsprout.com http://use.typekit.net/ https://use.typekit.net/ http://cdn.fonts.net/ https://cdn.fonts.net/ https://p.typekit.net http://p.typekit.net ; media-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.buzzsprout.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com ; img-src * 'self' 'unsafe-inline' 'unsafe-eval' https://secure.harm6stop.com https://public.tableau.com data: filesystem: ; font-src data: 'self' https://fonts.gstatic.com/ http://cdn.fonts.net/ https://cdn.fonts.net/ http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/ http://api2.fonts.com/ https://api2.fonts.com/ ; frame-src 'self' https://cdn.yoshki.com https://sidley.rev.vbrick.com https://sidley.readz.com https://www.buzzsprout.com http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://share.transistor.fm/ http://share.transistor.fm/ https://soundcloud.com https://w.soundcloud.com/ https://challenges.cloudflare.com https://public.tableau.com ; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/enforce 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: blob:; font-src * 'self' data:; 2
frame-ancestors *.mewatch.sg *.8world.com *.channelnewsasia.com *.mediacorp.sg *.melisten.sg *.teams.microsoft.com *.todayonline.com home.mediacorp.grp mediacorpteams.sharepoint.com teams.microsoft.com 2
frame-ancestors 'self' localhost:* https://*.doccle.be https://*.doccle.nl https://*.doccle-test.be 2
default-src *; object-src *; style-src cdn.jsdelivr.net https://www.youtube.com www2-dev.thnic.in.th www2-test.thnic.in.th thnic.in.th chat.thnic.co.th chat.thnic.in.th fonts.googleapis.com 'unsafe-inline' https://www-dc0.thnic.co.th https://www-gcp.thnic.co.th https://www-cat.thnic.co.th https://www.thnic.co.th https://thnic.co.th https://xn--42cl2bj2hxbd2g.xn--o3cw4h; img-src * data: ; script-src www2-dev.thnic.in.th www2-test.thnic.in.th thnic.in.th chat.thnic.co.th chat.thnic.in.th www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval' https://www.trustmarkthai.com https://connect.facebook.net https://www-dc0.thnic.co.th https://www-gcp.thnic.co.th https://www-cat.thnic.co.th https://www.thnic.co.th https://thnic.co.th https://xn--42cl2bj2hxbd2g.xn--o3cw4h; child-src assets.braintreegateway.com *.paypal.com; frame-src 'self' data: www2-dev.thnic.in.th www2-test.thnic.in.th thnic.in.th chat.thnic.co.th chat.thnic.in.th https://thnic.or.th/doc/ https://thnic.or.th/doc/ https://www.youtube.com www.google.com https://www-dc0.thnic.co.th https://www-gcp.thnic.co.th https://www-cat.thnic.co.th https://www.thnic.co.th https://thnic.co.th https://xn--42cl2bj2hxbd2g.xn--o3cw4h; connect-src https://chat.thnic.co.th https://chat.thnic.in.th https://www.google-analytics.com https://www.youtube.com https://www2-dev.thnic.in.th https://www2-test.thnic.in.th https://www.thnic.co.th https://thnic.co.th https://www.trustmarkthai.com https://connect.facebook.net http://rdap.thnic.in.th https://www-dc0.thnic.co.th https://www-gcp.thnic.co.th https://www-cat.thnic.co.th https://xn--42cl2bj2hxbd2g.xn--o3cw4h; 2
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net www.datadoghq-browser-agent.com *.sandbox.my.site.com www.googleadservices.com cdn.mouseflow.com googleads.g.doubleclick.net www.youtube.com www.clarity.ms dianews.roche.com cdn.c360a.salesforce.com *.gstatic.com platform.twitter.com static.cloudflareinsights.com roche.piwik.pro widget.usersnap.com twitter.com t.contentsquare.net cdnjs.cloudflare.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com www.google.com munchkin.marketo.net *.marketo.com snippet.ramblechat.com ajax.googleapis.com dev.virtualearth.net app-sji.marketo.com maps.googleapis.com assets.adobedtm.com assets.adoberesources.net cdn.cookielaw.org static.ads-twitter.com connect.facebook.net snap.licdn.com sc.lfeeder.com cdn.leadinfo.net platform-api.sharethis.com buttons-config.sharethis.com www.gstatic.com https://t.sharethis.com https://*.bing.com player.vimeo.com znccssodhgpbfve5g-rochediacx.siteintercept.qualtrics.com siteintercept.qualtrics.com *.qualtrics.com rexis--apollo.sandbox.my.site.com https://rexis--selma.sandbox.my.site.com znehyzqu4e5xaovmd-rochediagnostics1.siteintercept.qualtrics.com roche.containers.piwik.pro bot.eu-rochebot.intersofthub.com bh.contextweb.com eu-cdn.walkme.com documentcloud.adobe.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self' https://rexis--selma.sandbox.my.site.com; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net www.googletagmanager.com; frame-src 'self' *.roche.com *.roche.net rochediacx.fra1.qualtrics.com bot.eu-rochebot.intersofthub.com creators.spotify.com www.brighttalk.com podcasters.spotify.com anchor.fm fhoffmann-larocheag.demdex.net sites.google.com *.googleapis.com *.marketo.com *.twitter.com *.google.com roche.scene7.com *.youtube.com *.googletagmanager.com sftp.rch.cm platform.twitter.com app-sji.marketo.com cdn.walkme.com/* heyzine.com app.smartsheet.com roche.demdex.net dayintegrationinternal.demdex.net td.doubleclick.net https://t.sharethis.com https://r.bing.com/* https://www.bing.com/* v.calameo.com player.vimeo.com docs.google.com accounts.google.com https://docs.google.com/ *.monday.com documentcloud.adobe.com; worker-src 'self' *.roche.com *.roche.net blob:; frame-ancestors 'self' *.roche.com *.roche.net sites.google.com https://docs.google.com/ docs.google.com accounts.google.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net rochediacx.fra1.qualtrics.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com assets.adobedtm.com; report-uri https://bxu7fu4kkj.execute-api.eu-west-1.amazonaws.com/TestStage/CSPReports; 2
connect-src 'self' widget.datablocks.se https://publish.ne.cision.com https://ssm.teliacompany.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com wss://collection.decibelinsight.net *.decibelinsight.net https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://www.google.com https://www.google.se; default-src 'self' https://www.googletagmanager.com; font-src 'self' https://cdn.voca.teliacompany.com https://fonts.gstatic.com; img-src 'self' https://images.ctfassets.net https://cdn-assets-eu.frontify.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.voca.teliacompany.com https://mb.cision.com data: https://ssm.teliacompany.com blob: https://px.ads.linkedin.com https://www.googletagmanager.com; media-src 'self' https://cdn-assets-eu.frontify.com; script-src 'self' 'unsafe-eval' blob: 'nonce-datablocks/widget' https://ssm.teliacompany.com https://cdn.cookielaw.org https://cdn.decibelinsight.net https://www.google.com https://www.gstatic.com https://snap.licdn.com https://stats.g.doubleclick.net https://tools.euroland.com; style-src 'unsafe-inline' 'self' widget.datablocks.se https://fonts.googleapis.com; frame-src 'self' https://maps.google.com widget.datablocks.se https://telia-external.videomarketingplatform.co https://tools.eurolandir.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://telia.videosync.fi https://telia-company.videosync.fi https://ssm.teliacompany.com; object-src 'none' 2
default-src 'self' https://css.page-source.com https://www.google-analytics.com https://analytics.google.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline'; script-src-elem 'self' https://fonts.googleapis.com https://analytics.google.com https://www.gstatic.com https://ajax.googleapis.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://webcdn.appice.io/ 'unsafe-inline'; style-src-elem 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline'; upgrade-insecure-requests; connect-src 'self' https://idbiprodapi.appice.io/ https://analytics.google.com/ https://www.google-analytics.com/; img-src 'self' https://cdn.appice.io; 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://corp.sertifi.com https://campaigns.sertifi.com https://sertifi.chilipiper.com https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://j.6sc.co https://s3-us-west-2.amazonaws.com https://b-code.liadm.com https://js.zi-scripts.com https://widget.surveymonkey.com https://ajax.googleapis.com https://anjt6a9l0k.execute-api.us-west-1.amazonaws.com https://app.jazz.co https://cdn.dreamdata.cloud https://cdn.jsdelivr.net https://connect.facebook.net https://diffuser-cdn.app-us1.com https://dyv6f9ner1ir9.cloudfront.net https://embed.typeform.com https://cdn-asset.optimonk.com https://front.optimonk.com https://googleads.g.doubleclick.net https://gs-cdn.optimonk.com https://js.intercomcdn.com https://kit.fontawesome.com https://l0w6hlar9j.execute-api.us-west-1.amazonaws.com https://onsite.optimonk.com https://onsite2.optimonk.com https://player.vimeo.com https://prism.app-us1.com https://script.hotjar.com https://sertifi.activehosted.com https://snap.licdn.com https://static.cloudflareinsights.com https://static.hotjar.com https://trackcmp.net https://widget.intercom.io https://www.googleadservices.com https://www.googletagmanager.com https://www.redditstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn-asset.optimonk.com https://cdn.jsdelivr.net https://embed.typeform.com https://fonts.bunny.net https://fonts.googleapis.com https://l0w6hlar9j.execute-api.us-west-1.amazonaws.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://pro.ip-api.com https://alocdn.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://stats.g.doubleclick.net https://analytics.google.com https://ws.zoominfo.com https://js.zi-scripts.com https://tracking.chilipiper.com https://sertifi.chilipiper.com https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://api-iam.intercom.io https://api.typeform.com https://cdn-limit.optimonk.com https://cdn-account.optimonk.com https://cdn-renderer.optimonk.com https://cdn-content.optimonk.com https://cdn.dreamdata.cloud https://content.hotjar.io https://vc.hotjar.io https://front.optimonk.com https://jfapiprod.optimonk.com https://metrics.hotjar.io https://pixel-config.reddit.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://pixel-config.reddit.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.redditstatic.com wss://nexus-websocket-a.intercom.io wss://ws.hotjar.com; font-src 'self' data: https://cdn-custom.optimonk.com https://fonts.bunny.net https://fonts.gstatic.com https://fonts.intercomcdn.com https://ka-p.fontawesome.com; frame-src 'self' https://sertifi.chilipiper.com https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://www.googletagmanager.com https://www.tfaforms.com https://www.typeform.com https://www.surveymonkey.com https://sertifi818.outgrow.us https://form.typeform.com https://player.vimeo.com https://td.doubleclick.net https://www.youtube.com; img-src 'self' data: https://testsertifiumbstorage.blob.core.windows.net https://prodsertifiumbstorage.blob.core.windows.net https://sertifi.chilipiper.com https://b.6sc.co https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://prod.smassets.net https://www.facebook.com https://alb.reddit.com https://app.jazz.co https://googleads.g.doubleclick.net https://i.vimeocdn.com https://i.ytimg.com https://js.intercomcdn.com https://px.ads.linkedin.com https://static.intercomassets.com https://ucarecdn.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://corp.sertifi.com https://js.intercomcdn.com; worker-src 'none'; 2
upgrade-insecure-requests;                  default-src 'none';                  base-uri 'self';                  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.alsace.eu/ https://t-stats.alsace.eu/ https://cdn.ampproject.org/ https://www.googletagmanager.com/ https://ajax.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.jsdelivr.net/;                  img-src 'self' https://www.alsace.eu/ https://www.googletagmanager.com/ https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net https://tile.openstreetmap.org/ https://a.tile.openstreetmap.fr https://b.tile.openstreetmap.fr https://c.tile.openstreetmap.fr  https://img.youtube.com;                  media-src 'self';                  frame-src 'self' https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com;                  frame-ancestors 'self';                  font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://cdn.bas-rhin.fr;                  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://platform.twitter.com/ https://cdn.jsdelivr.net/;                  form-action 'self' ;                  connect-src  'self' https://stats.alsace.eu/ https://t-stats.alsace.eu/ https://data.geopf.fr/geocodage/completion https://platform.twitter.com/ https://api-adresse.data.gouv.fr/ https://nominatim.openstreetmap.org/;                  manifest-src 'self';                  child-src 'self' https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com;                  object-src 'self'; 2
frame-ancestors  'self' *.qidian.com  *.hongxiu.com  *.yuewen.com  *.qq.com  *.qdmm.com  *.readnovel.com  *.xs8.cn  *.xxsy.net  *.tingbook.com  *.lrts.me  *.ywurl.cn  *.qdwenxue.com  *.if.qidian.com  www.gameloop.com *.xxsypro.com 2
style-src 'self' 'unsafe-inline' https://invest.directshares.com.au https://*.my.site.com https://cmcmarketsinvest.com https://service.force.com *.salesforce.com https://static.lightning.force.com *.my.salesforce-sites.com *.salesforceliveagent.com https://trading.sharetrade.com.au https://fonts.googleapis.com https://*.google-analytics.com; font-src 'self' data: https://cmcmarketsinvest.com fonts.gstatic.com *.sfdcstatic.com cmcmarketsstockbroking.com.au https://*.qantas.com https://fonts.gstatic.com; object-src 'self'; frame-ancestors 'self' https://www.cmcmarketsstockbroking.com.au https://signup.invest.cmcmarkets.com.au https://trading.anzshareinvesting.com.au https://cmcmarketsinvest.com https://www.cmcmarketsinvest.com https://invest.directshares.com.au; report-uri https://report-uri.cmcmarkets.com.au/csp 2
frame-ancestors 'self' https://www.xxxvideor.com https://www.xxxvideor2cn.com https://www.xxxvideorindia.pro 2
frame-ancestors 'self' https://*.bod.de https://*.bod.ch https://*.bod.dk https://*.bod.fi https://*.bod.fr https://*.bod.se https://*.bod.com.es https://*.bod.no; 2
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval';         script-src-elem 'unsafe-inline' 'self' https:                 https://cdnjs.cloudflare.com https://www.googletagmanager.com                 http://*.google.com https://*.google.com https://unpkg.com                 http://www.google-analytics.com https://*.googleapis.com                 https://cdn.userway.org http://*.sharethis.com https://*.sharethis.com                 https://cdn.jsdelivr.net https://appleid.cdn-apple.com                 https://momentjs.com https://code.jquery.com;         style-src 'self' 'unsafe-inline' https: https://cdn.jsdelivr.net https://unpkg.com https://*.googleapis.com;         img-src 'self' data: https: ;         connect-src https: wss: ;         font-src 'self' data: https: ;         frame-src 'self' https: ; 2
frame-ancestors 'self' https://metallic.io/ 2
base-uri 'self';object-src 'none';frame-ancestors 'self' *.bajajallianz.com *.bajajgeneralinsurance.com *.bajajgeneral.com https://bagicare.bajajallianz.com https://bagicare.bajajgeneral.com https://bagicare.bajajgeneralinsurance.com https://bagicbizconnect--motordev.sandbox.lightning.force.com https://bagicbizconnect--motordev.sandbox.my.salesforce.com https://bagicbizconnect--motordev.sandbox.my.site.com https://bagicbizconnect--uat.sandbox.my.salesforce.com https://bagicbizconnect--uat.sandbox.lightning.force.com https://bagicbizconnect--uat.sandbox.my.site.com https://bagicbizconnect.lightning.force.com https://bagicbizconnect.my.salesforce.com https://bagicbizconnect.my.site.com ; upgrade-insecure-requests; 2
img-src 'self' *.prysmian.com www.google.com www.google.it *.google-analytics.com www.facebook.com *.linkedin.com maps.gstatic.com *.googleapis.com *.ggpht.com *.doubleclick.net img.youtube.com curator-assets.b-cdn.net platform-cdn.sharethis.com www.googletagmanager.com media.corporate-ir.netpx.ads.linkedin.cn beincontact.becloudsolutions.com i.vimeocdn.com l.sharethis.com imgsct.cookiebot.com megaphone.imgix.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prysmian.com www.prysmiangroupcatalogue.com pi.pardot.net rum-static.pingdom.net platform-api.sharethis.com *.cookiebot.com *.hotjar.com static.doubleclick.net googleads.g.doubleclick.net *.adform.net maps.googleapis.com www.googleapis.com jnn-pa.googleapis.com maps.gstatic.com www.gstatic.com www.google.com ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com www.youtube.com www.facebook.com connect.facebook.net static.xx.fbcdn.net px.ads.linkedin.com syndication.teleborsa.it snap.licdn.com static.cloudflareinsights.com cdnjs.cloudflare.com cdn.curator.io cdn.jsdelivr.net buttons-config.sharethis.com platform.twitter.com platform.linkedin.com s3.amazonaws.com pi.pardot.com cdn.livechatinc.com d335luupugsy2.cloudfront.net beincontact.becloudsolutions.com viewer.diagrams.net app.diagrams.net *.cloudfront.net www.scribd.com *.cloudflare.com cdn.babylonjs.com code.jquery.com eu.acsbapp.com blob:; object-src 'self' www.youtube.com; 2
default-src 'self' https://content.dionglobal.in/ https://prod-web.ltfinance.com https://prod-app.ltfinance.com/ https://www.ltfinance.com/ https://twphonepeuat.ltfs.com/ ; script-src http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://ltfs.allincall.in https://ltfs.allincall.in/chat/get-bot-image https://maps.googleapis.com/ *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com https://content.dionglobal.in/ 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * https://ltfs-sf.idealake.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com; font-src 'self' * fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' * data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com https://content.dionglobal.in/;child-src 'self' https://www.google.com https://maps.google.com https://content.dionglobal.in https://cx.camsonline.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com https://maps.googleapis.com data: blob:; frame-src 'self' *; 2
default-src 'self' https:; img-src 'self' https: data:; script-src 'self' https: 'unsafe-eval' dnaspaces.io rmscdn.dnaspaces.io blob:; style-src 'self' 'unsafe-inline' https: rms.react.dnaspaces.io; connect-src https: wss: rms.react.dnaspaces.io data: blob:; object-src 'none'; worker-src 'self' blob: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wistia.com *.hotjar.com *.linkedin.com *.cloudfront.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com cdn.callrail.com *.helpscout.net *.atlassian.net *.marketo.net *.aciworldwide.com *.vimeo.com vimeo.com *.vimeocdn.com cdn.cookielaw.org geolocation.onetrust.com connect.facebook.net static.ads-twitter.com analytics.twitter.com bat.bing.com static.oktopost.com snap.licdn.com siteimproveanalytics.com *.6sc.co script.crazyegg.com *.doubleclick.net okt.to cdn.siteimprove.net *.omappapi.com platform.twitter.com *.twimg.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net secure.harm6stop.com js.callrail.com *.zoominfo.com unpkg.com *.unpkg.com *.crazyegg.com *.userback.io tag.demandbase.com js.hsadspixel.net js.hubspot.com www.clarity.ms cdn.jsdelivr.net *.hsforms.net *.hubspotuserContent-na1.net static.hsappstatic.net app.hubspot.com *.hubspotusercontent-na1.net scripts.clarity.ms;style-src 'self' 'unsafe-inline' *.myfonts.net *.atlassian.net *.marketo.net fonts.googleapis.com *.aciworldwide.com platform.twitter.com www.googletagmanager.com *.omappapi.com *.crazyegg.com *.typekit.net *.userback.io cdn.jsdelivr.net;img-src 'self' data: blob: *.gravatar.com embedwistia-a.akamaihd.net *.wistia.com wp-rocket.me www.google-analytics.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com analytics.google.com *.wpengine.com *.w.org *.aciworldwide.com *.awscloud.com *.vimeo.com *.vimeocdn.com t.co *.linkedin.com *.6sc.co *.siteimproveanalytics.io *.bing.com www.facebook.com *.adsymptotic.com *.omappapi.com *.twimg.com platform.twitter.com syndication.twitter.com *.truste.com track.hubspot.com okt.to qr-code.ithemes.com *.twitter.com cdn.cookielaw.org *.crazyegg.com id.rlcdn.com *.company-target.com c.clarity.ms *.hsforms.com *.hsforms.net hostedseal.trustarc.com placekitten.com;frame-src *.spotify.com www.googletagmanager.com *.flipsnack.com *.crazyegg.com *.aciworldwide.com aciworldwide.local *.wpengine.com player.vimeo.com *.libsyn.com *.cloudfront.net *.company-target.com *.doubleclick.net app.hubspot.com *.hsforms.com *.hsforms.net *.hs-sites.com blob:;worker-src 'self' blob:;object-src 'none'; 2
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline'; 2
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.vantor.com https://*.sanity.io https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.youtube.com https://*.ytimg.com https://*.demandbase.com https://*.company-target.com https://*.licdn.com https://*.linkedin.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://*.wistia.com https://*.vantor.com https://*.sanity.io https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.youtube.com https://*.ytimg.com https://*.demandbase.com https://*.company-target.com https://*.licdn.com https://*.linkedin.com https://www.google.com; script-src-attr 'unsafe-inline'; worker-src 'self' blob:; frame-src 'self' https://*.wistia.net https://*.sanity.io https://*.wistia.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.youtube.com https://*.youtube-nocookie.com https://*.company-target.com https://*.linkedin.com https://www.google.com; frame-ancestors 'self' https://*.sanity.io https://vantor-cms.netlify.app; connect-src 'self' https://*.netlify.app https://*.sanity.io https://*.sanity-cdn.com https://sanity-cdn.com https://*.vantor.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.wistia.com https://fast.wistia.com https://ava0h2e5.apicdn.sanity.io https://*.demandbase.com https://*.company-target.com https://*.licdn.com https://*.linkedin.com https://px.ads.linkedin.com https://www.google.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com; img-src 'self' https://*.sanity.io https://*.netlify.app https://cdn.sanity.io https://*.s3.amazonaws.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.linkedin.com https://*.licdn.com https://www.google.com data: https:; media-src 'self' https://*.sanity.io https://*.netlify.app https://cdn.sanity.io https:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https:; 2
default-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com *.inviewuclab.com static.zdassets.com js.stripe.com *.google.com *.gstatic.com gstatic.com connect.facebook.net *.zendesk.com blob: ; script-src-elem 'self' 'unsafe-inline' https://maps.googleapis.com api.mapbox.com *.google.com *.gstatic.com static.zdassets.com js.stripe.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn.datatables.net ; style-src-elem 'self' 'unsafe-inline' api.mapbox.com fonts.googleapis.com cdn.datatables.net ; style-src-attr 'unsafe-inline' ; img-src 'self' https://maps.gstatic.com https://maps.googleapis.com data: blob: 127.0.0.1:18623 *.mapbox.com *.facebook.com *.google.com *.gstatic.com ; frame-src 'self' *.google.com *.google.ie js.stripe.com player.vimeo.com www.youtube.com; font-src 'self' https://fonts.gstatic.com data: gstatic.com *.gstatic.com *.alicdn.com ; connect-src 'self' https://google.com *.google.com https://maps.googleapis.com https://maps.gstatic.com ekr.zdassets.com *.zendesk.com wss://127.0.0.1:18623 https://127.0.0.1:18623 mlts.dynamsoft.com *.mapbox.com https://events.mapbox.com *.inviewuclab.com https://tiles.openfreemap.org ; worker-src 'self' blob: ; upgrade-insecure-requests ; report-uri https://9a1a6d99ab6aa4ac3290a60bae476ab7.report-uri.com/r/d/csp/enforce 2
base-uri zonapagos.com *.zonapagos.com 2
default-src 'self' *.vrcloud.com vrcloud.com fonts.gstatic.com my.matterport.com *.googleadservices.com www.googletagmanager.com *.google.com *.google.de *.google.at *.google.ca *.doubleclick.net rum.browser-intake-datadoghq.com *.adsrvr.org *.evergage.com *.taboola.com px.ads.linkedin.com bat.bing.com bat.bing.net cdn.cookielaw.org geolocation.onetrust.com netjets.tt.omtrdc.net privacyportal.onetrust.com *.demdex.net www.facebook.com https://s3.us-east-2.amazonaws.com https://nj-corp-site-resizer.awsmktgint.netjets.com/ https://nj-corp-site-resizer.awsmktgtest.netjets.com/ https://nj-corp-site-resizer.awsmktg.netjets.com/ tag.yieldoptimizer.com *.netjets.com www.linkedin.com cm.everesttech.net; script-src 'nonce-M0Q2QTkwQjdDMjM5' 'strict-dynamic' 'self'; style-src 'self' 'unsafe-inline' *.cookielaw.org *.cookiepro.com *.onetrust.com *.adobedtm.com *.googleapis.com; object-src 'none'; img-src 'self' data: bat.bing.net px.ads.linkedin.com insight.adsrvr.org i.liadm.com *.googleadservices.com www.googletagmanager.com *.netjets.com *.google.com https://s3.us-east-2.amazonaws.com https://nj-corp-site-resizer.awsmktgint.netjets.com/ https://nj-corp-site-resizer.awsmktgtest.netjets.com/ https://nj-corp-site-resizer.awsmktg.netjets.com/ tag.yieldoptimizer.com *.adsrvr.org bat.bing.com *.doubleclick.net saadata.netjets.com px.ads.linkedin.com www.linkedin.com cdn.cookielaw.org www.facebook.com cm.everesttech.net dpm.demdex.net *.agkn.com secure.adnxs.com pixel.tapad.com idpix.media6degrees.com match.sync.ad.cpe.dotomi.com *.liadm.com mid.rkdms.com match.sharethrough.com *.exelator.com; form-action 'self' www.facebook.com; base-uri 'self'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb61413121040ab6931e3bb32a195b78a&dd-evp-origin=content-security-policy&ddsource=csp-report; 2
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 2
frame-ancestors 'self' https://bakertilly.prismic.io; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.medco.com *.express-scripts.com *.evernorth.com *.linkedin.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.google-analytics.com *.launchdarkly.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.s3.amazonaws.com *.branch.io app.link *.googleapis.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com *.adsrvr.org www.redditstatic.com pixel-config.reddit.com conversions-config.reddit.com alb.reddit.com; connect-src 'self' *.mktoresp.com *.brightcove.com dotsub.com *.prod.boltdns.net *.google-analytics.com *.s3.amazonaws.com *.112.2o7.net *.omtrdc.net *.qualtrics.com *.akamaihd.net *.demdex.net *.mktoutil.com *.nr-data.net *.facebook.com *.d41.co *.branch.io app.link *.express-scripts.com *.evernorth.com *.googleapis.com *.eloqua.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com *.demandbase.com api.company-target.com *.verint-cdn.com *.wevalueyourfeedback.com *.linkedin.com *.brightcovecdn.com *.google.com *.launchdarkly.com www.redditstatic.com pixel-config.reddit.com conversions-config.reddit.com alb.reddit.com *.doubleclick.net *.googleadservices.com unpkg.com *.adsrvr.org assets.adobetarget.com; font-src 'self' data: fonts.googleapis.com themes.googleusercontent.com fonts.gstatic.com *.marketo.com *.qualtrics.com *.evernorth.com *.express-scripts.com *.verint-cdn.com *.wevalueyourfeedback.com; frame-src 'self' static.addtoany.com *.marketo.com *.demdex.net *.doubleclick.net *.facebook.com *.brightcove.net *.s3.amazonaws.com *.qualtrics.com activitymap.adobe.com *.omniture.com *.google.com s.company-target.com *.evernorth.com *.googletagmanager.com; img-src 'self' blob: data: *.google-analytics.com *.112.2o7.net *.brightcove.com pbs.twimg.com d8-es-rgadev-com.s3.amazonaws.com brightcove.hs.llnwd.net *.googletagmanager.com *.prod.boltdns.net brightcove.vo.llnwd.net *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.everesttech.net *.facebook.com *.linkedin.com *.adsymptotic.com t.co *.twitter.com *.demdex.net *.s3.amazonaws.com *.facebook.net *.marketo.com *.express-scripts.com *.evernorth.com *.doubleclick.net *.google.com *.branch.io app.link *.privacysandbox.googleadservices.com *.adsrvr.org *.googleapis.com maps.gstatic.com lh3.googleusercontent.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com id.rlcdn.com *.verint-cdn.com *.wevalueyourfeedback.com findoctave.com *.findoctave.com alb.reddit.com *.sondermind.com assets.wisematch.com; media-src 'self' blob: *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.akamaihd.net *.s3.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: static.addtoany.com www.google-analytics.com *.adobedtm.com *.googletagmanager.com munchkin.marketo.net *.brightcove.com *.marketo.com *.mktoresp.com *.brightcove.net dotsub.com vjs.zencdn.net 112.2o7.net *.cloudflare.com *.qualtrics.com *.d41.co *.facebook.net *.licdn.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.twitter.com *.s3.amazonaws.com unpkg.com *.rlcdn.com *.agkn.com www.googleadservices.com *.doubleclick.net activitymap.adobe.com *.branch.io app.link *.adsrvr.org *.googleapis.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com cdn.jsdelivr.net tag.demandbase.com *.verint-cdn.com *.wevalueyourfeedback.com *.verint-api.com *.evernorth.com *.google.com www.redditstatic.com *.rezync.com *.rfihub.com *.rfihub.net *.boomtrain.com *.adnxs.co assets.adobedtm.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' blob: static.addtoany.com fonts.googleapis.com fonts.gstatic.com *.marketo.com *.cloudflare.com *.s3.amazonaws.com unpkg.com *.verint-cdn.com *.wevalueyourfeedback.com *.verint-api.com *.evernorth.com https://cdnjs.cloudflare.com; frame-ancestors 'self' *.medco.com *.express-scripts.com *.evernorth.com *.accredo.com 2
default-src 'self' https://kraken.ottobock.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' *.ottobock.com https://events.ottobock.com https://kraken-qa.ottobock.com *.usercentrics.eu https://www.google-analytics.com/ http://www.googletagmanager.com http://www.googletagmanager.com https://maps.googleapis.com https://ajax.googleapis.com/ https://www.googleadservices.com https://www.google.com https://maps.gstatic.com https://www.youtube.com/ https://connect.facebook.net/ https://snap.licdn.com/ http://platform.massrelevance.com/js/massrel.js https://analytics.tiktok.com/ *.zoovu.com https://walls.io https://static.hotjar.com https://script.hotjar.com/ *.loyjoy.com *.clarity.ms *.smartassistant.com https://unpkg.com/web-vitals@3.5.2/dist/web-vitals.iife.js https://visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://app.vwo.com *.optimonk.com https://onsite.optimonk.com https://cdn-asset.optimonk.com https://acsbapp.com/ https://api-prd.vidlab7.com; connect-src 'self' 'self' data: *.ottobock.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io *.usercentrics.eu *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com https://mapsresources-pa.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://tile.googleapis.com stats.g.doubleclick.net www.googleadservices.com td.doubleclick.net https://googleads.g.doubleclick.net/ region1.analytics.google.com https://analytics.tiktok.com/ https://*.in.applicationinsights.azure.com/ js.monitor.azure.com https://*.ctfassets.net/ https://res.cloudinary.com/ottobock-se/ https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com/ *.clarity.ms *.zoovu.com *.smartassistant.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.growthbook.io/ https://*.blackthorn.io https://api.openai.com *.loyjoy.com *.optimonk.com https://cdn-account.optimonk.com app.vwo.com *.visualwebsiteoptimizer.com https://frontend-dev.xima.ottobock.com https://cdn.acsbapp.com https://tiger-leadgen-fileupload.s3.eu-west-1.amazonaws.com https://api-prd.vidlab7.com; img-src 'self' * blob: data: *.loyjoy.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *.zoovu.com https://kraken-qa.ottobock.com https://kraken.ottobock.com https://cdn-asset.optimonk.com *.loyjoy.com; font-src 'self' * data: *.loyjoy.com; frame-src 'self' www.ottobock.de www.ottobock.com www.ottobock.ch www.ottobock.at www.ottobock.it https://tm.ottobock.com tm.ottobock.com boforms.ottobock.com cloud.news.ottobockus.com ottobock-se-co-kgaa.massrel.io https://ttselector.ottobock.com https://www.ottobock-events.de/ https://cloud.info.ottobock.com/ https://www.googleadservices.com https://events.ottobock.com https://kraken.ottobock.com https://kraken-qa.ottobock.com b2cforms.ottobock.com https://www.google.com *.googletagmanager.com https://td.doubleclick.net http://ottobock-se-co-kgaa.massrel.io https://ottobock-se-co-kgaa.massrel.io https://www.youtube.com/ http://www.youtube.com/ https://facebook.com https://events.blackthorn.io https://my.walls.io/ https://www.selection-guide.de/ https://*.loyjoy.com https://tm.ottobock.com/ https://studio.vidlab7.com/; frame-ancestors 'self' https://app.contentful.com https://events.ottobock.com https://orca-preview.zoovu.com; child-src 'self'; media-src 'self' blob: data: https://videos.ctfassets.net http://videos.ctfassets.net https://res.cloudinary.com/ottobock-se/ https://*.ottobock.com *.loyjoy.com https://storage.googleapis.com; worker-src 'self' blob: data:; 2
default-src * 'self' data:; script-src * 'unsafe-inline'; style-src * blob: 'unsafe-inline'; frame-ancestors 'self' app.contentstack.com 2
default-src 'self' *.readspeaker.com data: https://zer-poc.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; base-uri 'self'; connect-src 'self' *.pstmn.io https://zer-poc.bzst.de  *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://api.evatr.vies.bzst.de; style-src 'self' 'unsafe-inline' https://zer-poc.bzst.de *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' https://zer-poc.bzst.de *.google.com piwik.itzbund.de *.readspeaker.com https://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src data: https:; frame-ancestors 'self'; 2
default-src 'self' https://*.wistia.com https://*.wistia.net; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net aorta.clickagy.com hemsync.clickagy.com https://www2.ttec.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://px.ads.linkedin.com https://js.zi-scripts.com https://ws.zoominfo.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://fbo-b.flippingbook.com https://online.flippingbook.com https://d17lvj5xn8sco6.cloudfront.net https://*.doubleclick.net https://pi.pardot.com https://www.google.com https://google.com https://www.facebook.com https://*.clarity.ms https://c.bing.com; font-src 'self' data: https://fonts.gstatic.com https://*.wistia.com https://*.wistia.net https://cdnjs.cloudflare.com; frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://js.driftt.com https://widget.drift.com https://fast.wistia.com https://fast.wistia.net hemsync.clickagy.com https://insight.adsrvr.org https://www2.ttec.com https://online.flippingbook.com https://match.adsrvr.org https://listen.qualtrics.com; img-src 'self' data: https://www.ttec.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://www.google.com https://google.com https://*.wistia.com https://*.wistia.net https://cdn.cookielaw.org https://px.ads.linkedin.com https://ade.googlesyndication.com https://www.linkedin.com https://fonts.gstatic.com https://online.flippingbook.com https://d17lvj5xn8sco6.cloudfront.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://connect.facebook.net https://www.facebook.com https://*.clarity.ms https://c.bing.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net; object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com 'nonce-_5i9-0LSMzIytTwCmdt7Wg'; script-src-elem 'self' https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.google.com https://js.driftt.com https://widget.drift.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://js.zi-scripts.com https://tags.clickagy.com https://www2.ttec.com https://snap.licdn.com/ https://www.gstatic.com https://ws-assets.zoominfo.com https://pagead2.googlesyndication.com https://js.adsrvr.org/ https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://online.flippingbook.com https://d33i2vgywgme2s.cloudfront.net https://js.sentry-cdn.com https://pi.pardot.com https://googleads.g.doubleclick.net https://connect.facebook.net https://*.clarity.ms https://c.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com 'nonce-_5i9-0LSMzIytTwCmdt7Wg'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://fast.wistia.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com use.fontawesome.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *; 2
script-src 'self' *.stripe.com *.stripecdn.com *.hcaptcha.com *.stripe.network vimeo.com *.vimeocdn.com *.vimeo.com *.gamespress.com secure.worldpay.com gamespress.matomo.cloud www.youtube.com www.youtube-nocookie.com www.googleapis.com www.google.com www.gstatic.com connect.facebook.net code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net *.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com platform.twitter.com blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.stripe.com *.stripecdn.com *.hcaptcha.com *.stripe.network vimeo.com *.vimeocdn.com *.vimeo.com *.gamespress.com secure.worldpay.com gamespress.matomo.cloud www.youtube.com www.youtube-nocookie.com www.googleapis.com www.google.com www.gstatic.com connect.facebook.net code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net *.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com platform.twitter.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.bootstrapcdn.com fonts.googleapis.com cdn.jsdelivr.net *.typekit.net 'unsafe-inline'; font-src 'self' *.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com fonts.ncwest.ncsoft.com cdn.jsdelivr.net *.typekit.net; 2
frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' https://c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com h.online-metrix.net https://s3.rdbuz.com https://*.doubleclick.net https://graph.facebook.com  https://*.redbus.in  https://*.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://*.google.co.in https://*.facebook.net http://www.googleadservices.com https://www.facebook.com https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.sentry-cdn.com flackr.github.io www.lacmp.net cdn.branch.io cdn.moengage.com beacon.riskified.com tags.tiqcdn.com http://cdn-akamai.mookie1.com https://*.firebaseio.com https://h.online-metrix.net https://*.twitter.com  https://static.ads-twitter.com https://*.googletagservices.com https://bam.nr-data.net https://*.doubleclick.net https://maxcdn.bootstrapcdn.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com http://www.googletagmanager.com http://connect.facebook.net https://*.googleadservices.com https://*.rdbuz.com https://*.redbus.in https://www.gstatic.com http://*.rdbuz.com; img-src 'self' data: blob: img.youtube.com niubizqr.pagoefectivo.pe img.riskified.com moe-email-campaigns.s3.amazonaws.com image.moengage.com web-elb *.online-metrix.net *.goibibo.com barcode-latam.s3.amazonaws.com t.co www.googletagmanager.com *.doubleclick.net tpc.googlesyndication.com maps.gstatic.com maps.googleapis.com rb-plus.s3.ap-southeast-1.amazonaws.com s3-ap-southeast-1.amazonaws.com *.s3-ap-southeast-1.amazonaws.com h.online-metrix.net bat.bing.com www.google.co.in  origin-st.redbus.in www.redbus.in www.redbus.in *.google.com www.google-analytics.com  https://ssl.google-analytics.com https://*.facebook.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in https://api.midtrans.com https://www.glassdoor.co.in; style-src blob: 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' *.rdbuz.com st.redbus.in payment.pagoefectivo.pe *.firebaseapp.com *.firebaseio.com  www.surveymonkey.com *.google.com isb.au1.qualtrics.com www.googletagservices.com *.redbus.com h.online-metrix.net checkout.payulatam.com *.doubleclick.net in-tags.vizury.com sg-pl.vizury.com *.facebook.com www.youtube.com dis.as.criteo.com; object-src 'self'; connect-src 'self' *.apm.ap-south-1.aws.elastic-cloud.com flackr.github.io browser.sentry-cdn.com *.ingest.de.sentry.io www.lacmp.net wss://rbpub.redbus.com s3-ap-southeast-1.amazonaws.com *.moengage.com analytics.google.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com www.google-analytics.com graph.facebook.com accounts.google.com 2
base-uri 'none';form-action 'self' *.readspeaker.com;frame-ancestors 'self' 2
default-src 'self'; script-src 'self' https://www.googleadservices.com https://static.ads-twitter.com https://*.google.com https://*.google.be https://*.cloudflareinsights.com https://*.freshworks.com https://*.tiktok.com https://*.tiktokw.us https://*.zzgtech.com https://*.facebook.net https://widget.trustpilot.com https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io https://cdn.jsdelivr.net https://kit.fontawesome.com https://*.pinimg.com https://ct.pinterest.com 'unsafe-inline'; img-src 'self' data: https://*.zzgtech.com https://*.pinterest.com https://*.tiktok.com https://*.tiktokw.us https://*.facebook.net https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://t.co https://*.google.com https://*.google.be; font-src 'self' https://*.bootstrapcdn.com https://*.sc-static.net https://*.googleapis.com https://*.gstatic.com https://*.fontawesome.com; style-src 'self' https://*.freshworks.com https://*.signalsight.io https://signalsight.io https://*.fontawesome.com https://*.bootstrapcdn.com https://*.googleapis.com 'unsafe-inline'; connect-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.freshworks.com https://*.zzgtech.com https://*.tiktok.com https://*.tiktokw.us https://*.facebook.net https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io https://*.fontawesome.com https://*.pinterest.com https://*.google.com https://*.google.be https://analytics.twitter.com https://t.co; frame-src 'self' https://www.googleadservices.com https://widget.trustpilot.com https://www.googletagmanager.com https://*.zzgtech.com https://*.pinterest.com https://*.google.com https://*.google.be; form-action 'self'; frame-ancestors *.signalsight.io; 2
block-all-mixed-content; frame-ancestors 'self' *.securityscorecard.com *.securityscorecard.camp *.cookiebot.com https://job-boards.greenhouse.io; default-src 'self'; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: *.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com *.cookiebot.com *.datadoghq-browser-agent.com https://job-boards.greenhouse.io blob: data: https:; style-src 'self' 'unsafe-inline' *.qualified.com https:; font-src 'self' *.securityscorecard.com *.securityscorecard.camp *.auryc.com data: https:; frame-src 'self' *.qualified.com www.googletagmanager.com https: https://job-boards.greenhouse.io; connect-src 'self' *.securityscorecard.com *.securityscorecard.camp *.crazyegg.com *.cookiebot.com *.qualified.com wss://*.qualified.com *.auryc.com *.browser-intake-datadoghq.com https: https://job-boards.greenhouse.io; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src *.qualified.com https://job-boards.greenhouse.io; 2
frame-ancestors 'self' *.reamaze.com google.com 2
base-uri 'self'; frame-ancestors 'self' https://*.life.church https://*.lifechurch.io; worker-src 'self' blob:; object-src 'self' https://*.life.church https://*.lifechurch.io; script-src 'self' https://*.life.church https://*.lifechurch.io https://js.hsadspixel.net https://js.hubspot.com https://js.usemessages.com https://js.hs-banner.com https://js.hsadpixel.net https://js.hs-analytics.net https://*.jwpcdn.com https://cdn.auth0.com https://s7.addthis.com https://content.jwplatform.com https://js.hs-scripts.com https://a.optmstr.com https://assets.ubembed.com https://*.tctm.co https://*.js.ubembed.com https://chat-assets.frontapp.com https://tags.srv.stackadapt.com https://analytics.tiktok.com https://*.clarity.ms https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.bc0a.com https://cmp.osano.com https://code.jquery.com https://connect.facebook.net https://js-agent.newrelic.com https://segment.life.church https://www.googleoptimize.com https://www.googletagmanager.com https://www.life.church https://www.youtube.com https://api.mapbox.com https://cdn.bitmovin.com https://js.hsforms.net 'unsafe-inline'; script-src-elem 'unsafe-inline' https://*.life.church https://*.lifechurch.io https://js.hsadspixel.net https://js.hubspot.com https://js.usemessages.com https://js.hs-banner.com https://js.hsadpixel.net https://js.hs-analytics.net https://*.jwpcdn.com https://cdn.auth0.com https://s7.addthis.com https://content.jwplatform.com https://js.hs-scripts.com https://a.optmstr.com https://assets.ubembed.com https://*.tctm.co https://*.js.ubembed.com https://chat-assets.frontapp.com https://tags.srv.stackadapt.com https://analytics.tiktok.com https://*.clarity.ms https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://a.omappapi.com https://bam.nr-data.net https://code.jquery.com https://connect.facebook.net https://www.clarity.ms https://js-agent.newrelic.com https://js.stripe.com https://static.userback.io https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cmp.osano.com https://cdn.bc0a.com https://www.googleoptimize.com https://www.youtube.com https://api.mapbox.com https://cdn.bitmovin.com https://js.hsforms.net; upgrade-insecure-requests; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://acsbapp.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://polyfill.io https://unpkg.com https://*.fontawesome.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://js-agent.newrelic.com https://*.google.com https://www.gstatic.com https://player.vimeo.com https://*.vimeocdn.com https://connect.facebook.net https://platform.twitter.com https://www.youtube.com https://*.upgrade.guide https://*.googleapis.com https://svc.webspellchecker.net https://touchstoneenergy.com https://cdn.questline.com https://weatherwidget.io https://cdn.gtranslate.net https://www.powr.io https://c03.apogee.net https://static.addtoany.com https://imaginationlibrary.com/; object-src 'self'; style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net https://code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://*.fontawesome.com https://use.typekit.net https://p.typekit.net https://www.gstatic.com https://svc.webspellchecker.net https://cdn.questline.com https://unpkg.com; img-src 'self' data: https://www.google-analytics.com https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://syndication.twitter.com https://cdn.app.cfigroup.com https://images.applicant-tracking.com https://*.gstatic.com https://cdn.questline.com https://www.touchstoneenergy.com https://cdn.gtranslate.net https://www.cooperative.com https://i.vimeocdn.com https://i.ytimg.com https://jelly.mdhv.io https://jelly-v6.mdhv.io https://h5p.org https://www.facebook.com https://cdn.jsdelivr.net https://*.youtube.com; media-src 'self' data:; frame-src 'self' https://*.smarthub.coop https://player.vimeo.com https://www.youtube.com https://outlook.office365.com https://ws-na.amazon-adsystem.com https://*.google.com https://express.adobe.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.youtube-nocookie.com https://hosted.where2getit.com https://*.upgrade.guide https://www.touchstoneenergy.com https://weatherwidget.io https://www.powr.io https://online.fliphtml5.com https://c03.apogee.net https://e.issuu.com https://issuu.com https://static.addtoany.com https://*.arcgis.com https://td.doubleclick.net https://touchstone.myenergysites.com https://arcg.is https://imaginationlibrary.com/; frame-ancestors 'self' https://*.smarthub.coop; font-src 'self' data: https://fonts.gstatic.com https://*.fontawesome.com https://use.typekit.net https://acsbapp.com https://cdn.jsdelivr.net https://svc.webspellchecker.net https://cdnjs.cloudflare.com https://ka-f.fontawesome.com; connect-src 'self' data: https://fonts.gstatic.com https://*.fontawesome.com https://use.typekit.net https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://*.acsbapp.com https://acsbapp.com https://*.googleapis.com https://svc.webspellchecker.net https://www.powr.io https://stats.addtoany.com; upgrade-insecure-requests 2
default-src 'self'; frame-ancestors none; frame-src 'self' https://www.google.com https://jobs.ashbyhq.com https://app.cal.com; connect-src 'self' https://status.northflank.com https://ph.northflank.com https://api.unifyintent.com https://jobs.ashbyhq.com; script-src 'self' 'nonce-mwqrlf1wpdi' https://www.google.com https://www.gstatic.com https://ph.northflank.com https://api.unifyintent.com https://jobs.ashbyhq.com https://app.cal.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; font-src 'self' https://fonts.gstatic.com; upgrade-insecure-requests 2
default-src 'self'; base-uri 'self'; connect-src 'self' https://px.deepintent.com https://*.clarity.ms https://*.googletagmanager.com https://*.google-analytics.com https://*.scene7.com https://eu-api.friendlycaptcha.eu https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://cdn.cookielaw.org https://github.com https://endpoint-app.cognigy.ai https://*.go-mpulse.net https://edge.adobedc.net https://*.qualtrics.com https://objects.githubusercontent.com https://*.biontech.com https://*.akstat.io https://*.akamaihd.net https://api.friendlycaptcha.com/api/v1/puzzle https://biontech-privacy.my.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://*.googletagmanager.com https://*.google-analytics.com https://*.scene7.com https://www.gstatic.com https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js https://github.com https://cdn.cookielaw.org https://objects.githubusercontent.com https://*.go-mpulse.net https://*.qualtrics.com https://www.google.com/recaptcha/ https://*.friendlycaptcha.eu https://dev.zopim.com assets.adobedtm.com https://*.biontech.com https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/friendly-challenge/widget.module.min.js; style-src 'self' https://*.clarity.ms https://*.googletagmanager.com https://*.google-analytics.com https://p.typekit.net 'unsafe-inline' https://cdn.cookielaw.org https://*.biontech.com https://*.scene7.com; style-src-elem 'self' 'unsafe-inline' https://*.clarity.ms https://*.googletagmanager.com https://*.google-analytics.com https://assets.adobedtm.com https://p.typekit.net https://dev.zopim.com https://fonts.googleapis.com https://*.biontech.com https://cdn.jsdelivr.net/npm/friendly-challenge/ https://*.scene7.com; img-src 'self' data: https://*.googletagmanager.com https://*.google-analytics.com https://px.deepintent.com https://cdn.cookielaw.org https://*.biontech.de https://*.scene7.com https://*.qualtrics.com; font-src 'self' data: https://*.clarity.ms https://*.googletagmanager.com https://*.google-analytics.com https://use.typekit.net https://p.typekit.net https://cdn.cookielaw.org https://fonts.gstatic.com https://*.scene7.com; frame-src 'self' https://investors.biontech.de https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com https://www.gstatic.com/recaptcha/ *.frcapi.com https://*.scene7.com  https://*.biontech.com; media-src 'self' data: https://*.clarity.ms https://*.googletagmanager.com https://*.google-analytics.com https://*.biontech.de https://*.scene7.com; manifest-src 'self'; worker-src 'self' blob:; object-src 'none'; form-action 'self' https://*.biontech.com; frame-ancestors 'none'; child-src blob: 2
default-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com https://www.ims-cms.net; script-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com ; style-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com https://www.ims-cms.net ; upgrade-insecure-requests 2
frame-ancestors 'self' https://nginx-sonova-d8-develop.ch.amazee.io https://www.sonova.com https://relaunch.sonova.com https://jobs.nzz.ch https://management.jobs.nzz.ch ; report-uri /report-csp-violation 2
default-src 'self' https: data: blob:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; connect-src 'self' https: wss:; frame-src 'self' https:; object-src 'none'; frame-ancestors 'self' https:; base-uri 'self'; form-action 'self' https:; worker-src 'self' https: blob:; 2
script-src *.adsrvr.org *.cloudflareinsights.com *.cookiefirst.com *.embraer.com *.embraerexecutivejets.com *.facebook.net *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googleapis.com *.googletagmanager.com *.qualtrics.com *.sharethis.com *.youtube.com data: embraer.com https://connect.facebook.net 'self' static.elfsight.com 'unsafe-eval' 'unsafe-inline';img-src *.adsrvr.org *.embraer.com *.embraerexecutivejets.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googleapis.com *.googletagmanager.com *.gstatic.com *.sharethis.com data: embraer.com https://connect.facebook.net https://www.facebook.com;script-src-elem *.cloudflareinsights.com *.cookiefirst.com *.embraer.com *.facebook.net *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googleapis.com *.googletagmanager.com *.qualtrics.com *.sharethis.com *.youtube.com data: embraer.com 'unsafe-inline';style-src *.cookiefirst.com *.embraer.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googleapis.com *.gstatic.com *.sharethis.com data: embraer.com 'self' 'unsafe-inline';connect-src *.cookiefirst.com *.embraer.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googleadservices.com *.google-analytics.com *.googleapis.com *.qualtrics.com *.sharethis.com data: embraer.com stats.g.doubleclick.net t.sharethis.com;style-src-elem *.cookiefirst.com *.embraer.com *.googleapis.com *.gstatic.com *.sharethis.com embraer.com 'unsafe-inline';script-src-attr *.embraer.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl data: 'unsafe-inline';style-src-attr *.embraer.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl data: embraer.com 'unsafe-inline';object-src *.embraer.com embraer.com 'self';default-src *.embraer.com *.embraerexecutivejets.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googletagmanager.com *.sharethis.com data: embraer.com;frame-src *.embraerexecutivejets.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googletagmanager.com *.sharethis.com *.tableau.com *.youtube.com data: embraer.com t.sharethis.com;font-src *.googleapis.com data: embraer.com fonts.gstatic.com 'self';base-uri 'self' 2
default-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' https://unpkg.com;  connect-src 'self' https://unpkg.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: noi.bg www.noi.bg nssi.bg www.nssi.bg; frame-ancestors 'none' 2
child-src 'self' blob:;default-src 'self';connect-src 'self' wss:;font-src 'self' data:;img-src 'self' data: blob:;media-src 'self' blob:;object-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';frame-ancestors 'self' 'self' 2
script-src 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://edge.marker.io https://js.hscta.net https://tours.silverfin.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hsadspixel.net https://js.hubspot.com https://cdnjs.cloudflare.com https://apis.google.com https://js.hsforms.net https://js-na1.hs-scripts.com https://fast.wistia.net https://fast.wistia.com https://assets.calendly.com https://www.google.com/recaptcha/enterprise.js https://static.ads-twitter.com https://www.clarity.ms https://snap.licdn.com https://googleads.g.doubleclick.net https://www.gstatic.com https://tours.silverfin.com https://cdn.jsdelivr.net https://bat.bing.com https://js.usemessages.com https://cta-service-cms2.hubspot.com https://scripts.clarity.ms https://tours.silverfin.com https://connect.facebook.net https://acuteintuitive52.com; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://consentcdn.cookiebot.com https://tours.silverfin.com https://static.ads-twitter.com https://td.doubleclick.net https://forms.hsforms.com; object-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://consentcdn.cookiebot.com https://tours.silverfin.com https://static.ads-twitter.com https://td.doubleclick.net https://forms.hsforms.com; frame-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://consentcdn.cookiebot.com https://tours.silverfin.com https://static.ads-twitter.com https://td.doubleclick.net https://forms.hsforms.com https://kit.fontawesome.com https://js.hsforms.net https://app.hubspot.com https://www.googletagmanager.com https://tours.silverfin.com 2
child-src 'self' *.optimizely.com *.eu.qualtrics.com *.legalandgeneral.com *.everesttech.net *.landg.com *.lgim.com *.boldchat.com *.demdex.net *.g.doubleclick.net *.brighttalk.com *.theidoluat.com *.theidolprod.com *.landginvestments.com *.videomarketingplatform.co www.youtube-nocookie.com storagelandgv2prod.blob.core.windows.net landgmya.ctc.uk.com view.ceros.com apps.euw2.pure.cloud flo.uri.sh nr1.s3.amazonaws.com embeds.audioboom.com www.google.com aax-eu.amazon-adsystem.com 11594483.fls.doubleclick.net 4918313.fls.doubleclick.net 5z4kxmbpt3zylymtu.helpcenter.uwassist.com 6165515.fls.doubleclick.net 7rm60022.ibosscloud.com 9797771.fls.doubleclick.net 9797771.fls.doubleclick.net.x.aec9d37d03ffa0431a09ca80b9876705d3c8.d045239c.id.opendns.com 9797771.fls.doubleclick.net.x.f523c93f0a69604355083bc0a81abbf27ed1.d045239c.id.opendns.com accounts.google.com acestream.me api.nakarta.com auth.filteredinternet.co.uk auth.iws-hybrid.trendmicro.com az416426.vo.msecnd.net blipznchitzcom-a.akamaihd.net blob: bot.ebilobster.ai block.opendns.com butoembed.twentythree.net candysodapopcom-a.akamaihd.net cdncache-a.akamaihd.net checkpoint.tpt.org cn-1998263966-7vnsr30171.ibosscloud.com cn-1998264190-7vnsr30028.ibosscloud.com cn-1998264264-7vnsr40033.ibosscloud.com compare.defaqto.com connect.facebook.net crushclanscom-a.akamaihd.net data: edge.addthis.com embed.buto.tv embed.wirewax.com ernie.midlothian.gov.uk:15871 filter.techloq.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net go.skimresources.com grpfpgw01.group.local:15871 hdapp1008-a.akamaihd.net hhwssac.healthcareath.local images-static.trustpilot.com landg.nanorep.co lgim.turtl.co lifesearch.co.uk localhost:6543 login.microsoftonline.com login.zscalertwo.net login.zscloud.net mail.google.com mh-bir-mgmt101 mozbar.moz.com notify.bluecoat.com o.yieldsquare.com oakfppr01 omny.fm pa.eshapay.net player.videosmart.com pp.ephapay.net pp.eshapay.net pwm-image.trendmicro.com reassured-ltd-dev.onelogin.com rm40954.ibosscloud.com rm40962.ibosscloud.com rm40966.ibosscloud.com rm40977.ibosscloud.com rocket.theregisschool.co.uk s7.addthis.com saml.threatpulse.net:8443 schools-blocked.s3-website-us-east-1.amazonaws.com secure.mycouponizemac.com secure.myshopcouponmac.com secure.optibuymac.com secure5.arcot.com service.securesrv12.com skytraf.xyz sophosxg.equinox.co.uk:8090 sts.global.tesco.org sts.morrisonus.com sts.royalmailgroup.net subwayclanscom-a.akamaihd.net tool-bcg.bwe.io useast2-www.securly.com usercheck.themovefactory.com uwf.demo.upstreamworks.com uwfbankm.demo.upstreamworks.com webui.dashlane.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.calculateyourchances.com www.facebook.com www.houzz.com www.open.edu www.podbean.com www.youtube.com www.youtube.com.x.6449e3e00100204968084550e30d871835ad.d045227c.id.opendns.com www.youtube.com.x.7bfd31dc044f3047e60a8db015534ad35762.d045227d.id.opendns.com yournews-legalandgeneral.com zswpmanager.wip.mmc.com www.everestjs.net lgima.filepoint.live embeds.audioboom.com player.vimeo.com; connect-src 'self' *.optimizely.com *.dynatrace.com *.lgnet.co.uk *.infinity-tracking.com *.infinity-tracking.net *.bold360usercontent.com *.console.glassboxsaas.com *.report.gbss.io *.tealiumiq.com *.sgwidget.com *.recipelondon.co.uk *.crownpeak.net *.nanorep.com *.landg.com *.lgim.com *.boldchat.com *.demdex.net *.everesttech.net *.legalandgeneral.com *.sessioncam.com *.g.doubleclick.net *.googleapis.com *.tt.omtrdc.net edge.adobedc.net wss://webmessaging.euw2.pure.cloud pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com api.euw2.pure.cloud api.shelf-eu.com api-cdn.euw2.pure.cloud brochure-tool.huguenots.co.uk widgets-lgim.huguenots.co.uk incomestandards-api-prod.azurewebsites.net yournews-legalandgeneral.com 1637314617.rsc.cdn77.org 1986635568.rsc.cdn77.org ad.doubleclick.net ads34.adlane.info adservice.google.com am-uk.sophus3.com api.addressy.com api.ip6.org.il api.pokuponik.net api.trongrid.io api.tronstack.io b.1p1eqpotato.com backoffice.abaka.me base3-sv.tribal-enjoy.com bat.bing.com bf21791iym.bf.dynatrace.com blob: block.opendns.com bot.ebilobster.ai catds.net cdn.aframe.io cdncache-a.akamaihd.net cdnjs.cloudflare.com cdn-ukwest.onetrust.com clipsold.com code.jquery.com customer.iad-03.braze.com dasfelynsaterr.webcam data: dc.services.visualstudio.com dpdb.webvr.rocks eu-ec.walkme.com floatingplayer.com gateway.zscloud.net gb.api4load.net gjtrack.ucweb.com hm.baidu.com ka-f.fontawesome.com labs.observepoint.com lawiersenadrey.webcam legalandgeneral.report-uri.com localhost:3000 luxins.net m.addthis.com m65.prod2016.com mcid-0ac271e4-b1ad-4312-a8f4-776fbc9c2cd7.ep-mimecast.doubleclick.net mcid-f5ea55f2-57aa-4c38-8e4d-d04af422d7f4.ep-mimecast.doubleclick.net metriq.xyz new229.com njs.wigoal.com performance.observepoint.com plugin.ucads.ucweb.com privacyportal-uk.onetrust.com qfafcffge3.execute-api.eu-west-2.amazonaws.com s.yimg.com s3-eu-west-1.amazonaws.com s7.addthis.com sample-api-v2.crazyegg.com savingsslider-a.akamaihd.net siteintercept.qualtrics.com steganos-api.ciuvo.com subwayblaze.com subwayclanscom-a.akamaihd.net subwaysmash.com sun.tronex.io surfly.com t.co t.skimresources.com usemarketings.com uwf.demo.upstreamworks.com widget.trustpilot.com ws://localhost:22174 wss://gc.kis.v2.scr.kaspersky-labs.com wss://websocket-eu.bold360.com www.bing.com www.cgtforms.com www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com you.caresourcer.com landg.nanorep.co api.ebiai.app messenger.ebiai.app; default-src 'unsafe-inline' 'self' *.netlify.app *.recipelondon.co.uk *.eu.qualtrics.com *.boldchat.com *.g.doubleclick.net *.google-analytics.com *.brighttalk.com *.everesttech.net *.googleapis.com *.landg.com *.legalandgeneral.com *.lgim.com *.sessioncam.com *.tt.omtrdc.net cdn.jsdelivr.net 4918313.fls.doubleclick.net 6165515.fls.doubleclick.net 9797771.fls.doubleclick.net aa.agkn.com aax-eu.amazon-adsystem.com abp.smartadcheck.de ad.doubleclick.net ad.sxp.smartclip.net ads.avct.cloud ads.avocet.io ads.stickyadstv.com adservice.google.co.uk adservice.google.com am-uk.sophus3.com analytics.twitter.com api.addressy.com app-static.turtl.co assets.adobedtm.com assets.quadpay.com assets.turtl.co at.alicdn.com autroliner.com az416426.vo.msecnd.net backoffice.abaka.me bat.bing.com beacon.krxd.net blinkjork.com blob: block.opendns.com bot.abaka.me bot.ebilobster.ai boxclone.com bppmdmxgsg.execute-api.eu-west-1.amazonaws.com brigstoneapp.com butoembed.twentythree.net cdn.botframework.com cdn.faceworks.nl cdn.honey.io cdn.mark.reevoo.com cdn.megabonus.com cdn.scite.ai cdnjs.cloudflare.com cdn-ukwest.onetrust.com ce.lijit.com cgtforms.com chrome-extension cilkonlay.com cm.adform.net cm3.adform.net code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com compare.defaqto.com connect.facebook.net cs.adingo.jp customer.iad-03.braze.com cx.atdmt.com d.agkn.com d2oh4tlt9mrke9.cloudfront.net d3c3cq33003psk.cloudfront.net data: dc.services.visualstudio.com *.episerver.net dsum-sec.casalemedia.com e1.emxdgt.com eb2.3lift.com embed.buto.tv embed.caresourcer.com eu-u.openx.net fonts.gstatic.com fra1.qualtrics.com fuhupo.lohuwomenu.com g.microsoft.com gateway.zscloud.net gc.kis.v2.scr.kaspersky-labs.com github.com gohimu.kawebezija.com goldapps.org gsa://onpageload https://*.demdex.net hublosk.com i.liadm.com i6.liadm.com ib.adnxs.com ice.360yield.com icelandsue.com id5-sync.com idsync.reson8.com idsync.rlcdn.com ih.adscale.de images-static.trustpilot.com img.youtube.com jp-u.openx.net jullyambery.net ka-f.fontawesome.com kellysford.com killssource.com kit.fontawesome.com kit-free.fontawesome.com lagrtest.112.2o7.net landg.nanorep.co lgim.turtl.co loadm.exelator.com loadus.exelator.com localhost:3000 login.microsoftonline.com login.zscloud.net m.addthis.com mark.reevoo.com match.adsrvr.org mawisa.botateyime.com maxcdn.bootstrapcdn.com metrics.responsetap.com mikkiload.com mp.4dex.io mwzeom.zeotap.com nickletto.com noop.style nr1.s3.amazonaws.com nr-customers.s3.amazonaws.com null omny.fm onetag-sys.com p.adsymptotic.com p.typekit.net pi.pardot.com pippio.com pixel.advertising.com pixel.mathtag.com pixel.rubiconproject.com pixel.tapad.com player.videosmart.com polinaryapp.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com pp.ephapay.net privacyportal-uk.onetrust.com pwm-image.trendmicro.com px.ads.linkedin.com px4.ads.linkedin.com qfafcffge3.execute-api.eu-west-2.amazonaws.com rtb.gumgum.com rtb.vidoomy.com rtb-csync.smartadserver.com s.ad.smaato.net s.btstatic.com s.yimg.com s3.amazonaws.com s3.eu-west-2.amazonaws.com s7.addthis.com scripts.sophus3.com secure.adnxs.com simage2.pubmatic.com singlactive.com siteintercept.qualtrics.com snap.licdn.com sp.analytics.yahoo.com stags.bluekai.com static.ads-twitter.com static2.sharepointonline.com static3.avast.com static-ssl.responsetap.com su.addthis.com sync.admanmedia.com sync.crwdcntrl.net sync.go.sonobi.com sync.lemmatechnologies.com sync.mathtag.com sync.search.spotxchange.com sync-eu.connectad.io t.co t.visx.net themes.googleusercontent.com thrtle.com trableflick.com track.adform.net track.omguk.com tracksmall.com translate.googleapis.com typesample.com uip.semasio.net uipglob.semasio.net unpkg.com ups.analytics.yahoo.com use.fontawesome.com use.typekit.net us-u.openx.net v1.addthisedge.com webfonts.zohostatic.com websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk wss://websocket-eu.bold360.com www.atdmt.com www.calculateyourchances.com www.caresourcer.com www.ciuvo.com www.clearplay.com www.everestjs.net www.facebook.com www.google.co.uk www.google.com www.googleadservices.com www.googletagmanager.com www.linkedin.com www.miaprova.com www.nectar.com www.podbean.com www.slant.co www.topcashback.co.uk www.typesample.com www.youtube.com x.bidswitch.net you.caresourcer.com z.moatads.com; form-action 'self' *.lgim.com *.crownpeak.com *.eu.qualtrics.com bpb.opendns.com connect.facebook.net connect.secure.wellsfargo.com data: identity.landg.com landg.nanorep.co livechat-eu.boldchat.com myaccount.landg.com nr1.s3.amazonaws.com retirements.landg.com sitesearch.legalandgeneral.com sitesearch.legalandgeneral.com.x.0c40fd7205db604fad082c00c03b6e6091fa.d045227c.id.opendns.com sitesearch.legalandgeneral.com.x.3b196ca9077b9049240bee2042ebfaa06335.d045227d.id.opendns.com watermelonsurveys.com www.facebook.com www10.landg.com; frame-ancestors 'self' *.legalandgeneral.com *.legalandgeneralre.com *.lgima.com *.longevitypanel.co.uk *.landg.com *.lgim.com *.optimizely.com; img-src 'self' data: https: blob:; manifest-src 'self'; media-src 'self' data: https:; object-src data: 'self' 'unsafe-inline' *.brighttalk.com yournews-legalandgeneral.com; script-src *.optimizely.com *.lgim.netlify.huguenots.co.uk *.infinity-tracking.com *.infinity-tracking.net *.boldchat.com *.brighttalk.com *.crownpeak.com *.ep-mimecast.googleadservices.com *.everesttech.net *.google-analytics.com *.googleapis.com *.gstatic.com *.id.opendns.com *.legalandgeneral.com *.landg.com *.lgim.com *.qualtrics.com *.recipelondon.co.uk *.sessioncam.com *.sgwidget.com *.tt.omtrdc.net *.tealiumiq.com *.gbqofs.com *.landginvestments.com www.redditstatic.com cdn.jsdelivr.net view.ceros.com apps.euw2.pure.cloud public.flourish.studio am-uk.sophus3.com analytics.twitter.com assets.adobedtm.com az416426.vo.msecnd.net bat.bing.com bot.ebilobster.ai blob: cdnjs.cloudflare.com cdn-ukwest.onetrust.com cgtforms.com code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com connect.facebook.net cookie-cdn.cookiepro.com d2oh4tlt9mrke9.cloudfront.net d32rf3z04esc6j.cloudfront.net d3c3cq33003psk.cloudfront.net data: *.episerver.net embed.caresourcer.com g.microsoft.com gateway.zscaler.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net googleads.g.doubleclick.net googletagmanager.com js.buto.tv js-cdn.dynatrace.com landg.nanorep.co login.zscloud.net mark.reevoo.com mcid-019e7840-618c-457e-a849-9a30ac859267.ep-mimecast.facebook.net mcid-121966df-4958-44b7-bdb2-eaf7495aa328.ep-mimecast.licdn.com mcid-16e9e470-bffa-4bda-ac78-44195b66767b.ep-mimecast.ads-twitter.com mcid-1976a623-6682-4713-baed-2c6f37db1ab5.ep-mimecast.omguk.com mcid-26d71e74-3d79-4f8c-8971-257a1b849987.ep-mimecast.yahoo.com mcid-28deceea-6370-4ebc-9148-13911797af60.ep-mimecast.yahoo.com mcid-29a6bb62-bc5a-498b-a38b-593223170ed2.ep-mimecast.facebook.net mcid-36c18f8a-e64f-4fc4-86db-140aceed9c8e.ep-mimecast.twitter.com mcid-553b692d-9067-4272-b990-8ea8cc32f877.ep-mimecast.facebook.net mcid-5cc076b2-622e-4661-9626-a5754ea24680.ep-mimecast.ads-twitter.com mcid-5f164421-199b-4745-9fa1-4e4e205e682d.ep-mimecast.yahoo.com mcid-6477d951-4ea1-49ca-98c3-9f252dbc1833.ep-mimecast.licdn.com mcid-679f2ff6-ecf8-4f58-bfca-1dc501b19238.ep-mimecast.omguk.com mcid-69d81405-2fd9-49ed-befb-becf1583331a.ep-mimecast.yahoo.com mcid-731b479d-c90c-4b45-8cdc-f81ed387b7c6.ep-mimecast.facebook.net mcid-7d5144a5-b5c0-477f-a08c-22e687a39e2e.ep-mimecast.twitter.com mcid-8722c1df-d8fc-4d3e-8fbf-16314344b30c.ep-mimecast.licdn.com mcid-8a5dc1e3-8fe7-44f8-85cc-223f23be4a84.ep-mimecast.yahoo.com mcid-8ea90f5e-acce-4c10-ab7e-34a2e1e1a149.ep-mimecast.yahoo.com mcid-9892198a-748e-4255-9dff-5d0c822dc6d3.ep-mimecast.ads-twitter.com mcid-99c84166-89d1-4d15-9f9b-d2d7892e25bd.ep-mimecast.licdn.com mcid-9e39af0e-6e5b-42f2-aa14-41109590b4c2.ep-mimecast.licdn.com mcid-a3a8355f-f1c9-4420-9d75-0277324af800.ep-mimecast.ads-twitter.com mcid-c5f55808-ef87-448e-b4fe-67485b672ba4.ep-mimecast.yahoo.com mcid-d5aed1ce-58dc-4759-9b4b-82850797592e.ep-mimecast.facebook.net mcid-dbae6fe0-9ce4-4603-ba5c-d48ffd6196bf.ep-mimecast.yahoo.com mcid-e435a0c4-c921-433d-9d1a-5e48e73655d8.ep-mimecast.facebook.net mcid-ed66c754-edc3-4d70-972b-b3acd565858e.ep-mimecast.licdn.com mcid-f0018d13-1521-4461-8af1-96e3dc39d741.ep-mimecast.licdn.com mcid-f59a4106-e508-4f24-925d-3d8fca127f59.ep-mimecast.twitter.com metrics.responsetap.com mobile.twitter.com pi.pardot.com player.videosmart.com s.btstatic.com s.yimg.com scripts.sophus3.com 'self' snap.licdn.com sp.analytics.yahoo.com static.ads-twitter.com static-ssl.responsetap.com tags.tiqcdn.com track.omguk.com translate.google.com twitter.com ucads-cdn.ucweb.com 'unsafe-eval' 'unsafe-inline' websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.everestjs.net www.google.co.uk www.google.com www.google.com.au www.googleadservices.com www.googleadservices.com.x.c27180fd0f15504886087fb0e004caf0c09f.9270fc42.id.opendns.com www.googletagmanager.com www.youtube.com yournews-legalandgeneral.com *.lgima.com api.ebiai.app messenger.ebiai.app d2hkbi3gan6yg6.cloudfront.net 2
default-src 'self' https://download-video.akamaized.net https://vod-progressive.akamaized.net https://link.mail.movado.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.tiktok.com https://www.talkable.com https://pm.w55c.net https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://*.riskified.com https://player.vimeo.com https://vod-progressive-ak.vimeocdn.com https://*.cloudfront.net https://*.adyen.com https://*.cquotient.com https://cdn.builder.io https://*.yottaa.com https://*.movado.com https://*.movadocompanystore.com https://id5-sync.com https://cdn.cookielaw.org https://*.gstatic.com https://*.espssl.com https://*.joinclyde.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://*.tangiblee.com https://cdn-swell-assets.yotpo.com; connect-src 'self' https://api.ipify.org https://www.googletagmanager.com https://link.mail.movado.com https://*.tangiblee.com https://*.googleapis.com https://*.paypal.com https://cdnjs.cloudflare.com https://analytics.pangle-ads.com wss://*.inside-graph.com https://test.adyen.com/hpp/skipDetails wss://input.noibu.com https://www.facebook.com https://*.rakuten.com https://pubsub.googleapis.com https://*.noibu.com https://*.adyen.com https://www.talkable.com https://api.cooladata.com https://*.inside-graph.com https://media.istockphoto.com https://*.appspot.com https://*.google.com.pk https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.fedex.com https://*.pulseidconnect.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://google.com https://*.espssl.com https://*.gstatic.com https://*.youtube.com https://youtu.be https://*.vimeo.com https://cdn.acsbapp.com https://*.riskified.com https://*.onetrust.com https://api.honeybadger.io https://*.joinclyde.com https://*.equalweb.com https://*.criteo.com https://*.eum-appdynamics.com https://*.luckyorange.com wss://visitors.live wss://*.visitors.live https://*.amazonaws.com https://trail.grin.co https://static-na.payments-amazon.com https://maps.googleapis.com https://*.amazon.com https://*.doubleclick.net https://*.pinterest.com https://*.instagram.com https://*.yotpo.com https://*.taboola.com https://*.quantcount.com https://s.yimg.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.snapchat.com https://*.bing.com https://facebook.net https://s.pinimg.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://*.bidr.io https://*.yahoo.com https://*.google.co.in https://*.cloudfront.net https://*.google-analytics.com https://d1lu3pmaz2ilpx.cloudfront.net https://www.cloudflare.com https://cdn.cookielaw.org https://*.luckyorange.net https://*.cquotient.com https://*.builder.io https://*.movado.com https://*.movadocompanystore.com https://*.affirm.com https://*.yottaa.net https://*.listrakbi.com https://bl.listrakbi.com https://*.google.com https://*.tangiblee.com https://maps.googleapis.com https://google.com/pay https://t.lt02.net; img-src 'self' 'unsafe-inline' data: blob: https://www.facebook.com https://link.mail.movado.com https://*.gstatic.com https://*.tangiblee.com https://*.paypalobjects.com https://*.adyen.com https://checkoutshopper-test.adyen.com https://cfvod.kaltura.com https://beta.pulseidconnect.com https://dsp.adfarm1.adition.com https://movado.pulseidconnect.com https://c1.adform.net https://image8.pubmatic.com https://connect.facebook.net https://pixel.tapad.com https://sync.srv.stackadapt.com https://cdn-assets.affirm.com https://rtb.openx.net https://saas2.pulseidconnect.com https://id5-sync.com https://www.google.nl https://matching.ivitrack.com https://*.thebrighttag.com https://*.yieldlab.net https://cm.adform.net https://www.google.co.uk https://www.google.co.in https://prregcroab.icu https://tpcs.payu.in https://pixel-sync.sitescout.com https://prreqcroab.icu https://www.ojrq.net https://www.fossil.com https://sync-tm.everesttech.net https://ad.turn.com https://ws.rqtrk.eu https://live.rezync.com https://x.dlx.addthis.com https://adgen.socdm.com https://media.istockphoto.com https://sync.ipredictive.com https://api.brandbassador.com https://www.google.com.pk https://pm.w55c.net https://jelly.mdhv.io https://adx.dable.io https://www.talkable.com https://cdn.aralego.net https://bh.contextweb.com https://cs.adingo.jp https://idsync.rlcdn.com https://sync.aralego.com https://beacon.krxd.net https://*.ibytedtos.com https://*.amazonaws.com https://match.prod.bidr.io https://public-prod-dspcookiematching.dmxleo.com https://www.googleadservices.com https://*.cooladata.com https://i6.liadm.com https://aa.agkn.com https://p.rfihub.com https://b1sync.zemanta.com https://sync.crwdcntrl.net https://d.turn.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://hb.yahoo.net https://tags.bluekai.com https://1f2e7.v.fwmrm.net https://dpm.demdex.net https://secure.adnxs.com https://ib.adnxs.com https://s.ad.smaato.net https://match.sharethrough.com https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://jadserve.postrelease.com https://exchange.mediavine.com https://i.liadm.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://*.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://*.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://*.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://contextual.media.net https://partner.mediawallahscript.com https://x.bidswitch.net https://*.googleapis.com https://track.linksynergy.com https://*.cloudfront.net https://*.pinterest.com https://*.instagram.com https://maps.googleapis.com https://*.google.com  https://*.googleusercontent.com https://*.twitter.com https://t.co https://*.riskified.com https://*.gstatic.com https://*.payments-amazon.com https://m.media-amazon.com https://pixel.quantserve.com https://www.google-analytics.com https://*.tiktok.com https://www.facebook.com https://*.quantcount.com https://www.google.com https://*.bing.com https://listen.audiohook.com https://cdn.cookielaw.org https://mediacdn.espssl.com https://logs-01.loggly.com https://www.googletagmanager.com https://*.tangiblee.com https://*.cquotient.com https://*.yotpo.com https://cdn.builder.io https://*.shopify.com https://*.doubleclick.net https://*.listrakbi.com https://bl.listrakbi.com https://*.movado.com https://pay.google.com https://id5-sync.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://*.inside-graph.com https://*.bidr.io https://*.joinclyde.com https://www.youtube.com https://*.movadocompanystore.com https://staging.movado.com https://staging-vsf.movadocompanystore.com https://*.oliviaburton.com https://*.mvmt.com https://*.imrworldwide.com; style-src 'self' 'unsafe-inline' https://*.tiktok.com https://link.mail.movado.com https://maps.googleapis.com https://*.inside-graph.com https://*.listrakbi.com https://bl.listrakbi.com https://prreqcroab.icu https://*.googleapis.com https://*.cloudfront.net https://*.riskified.com https://*.tangiblee.com https://*.typeform.com https://www.talkable.com https://code.jquery.com https://mediacdn.espssl.com https://*.bootstrapcdn.com https://*.yotpo.com https://cdnjs.cloudflare.com https://*.typekit.net https://www.google.com https://*.movado.com https://*.movadocompanystore.com https://*.cquotient.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://fonts.googleapis.com https://us-sandbox-live.inside-graph.com; base-uri 'self'; form-action 'self' https://www.facebook.com https://link.mail.movado.com https://*.adyen.com https://*.amazon.com https://*.tangiblee.com https://*.paypal.com; font-src 'self' data: https://cdn.builder.io https://*.espssl.com https://*.shopify.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com https://*.movado.com https://*.movadocompanystore.com https://*.typekit.net https://*.affirm.com https://*.joinclyde.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com https://link.mail.movado.com https://*.paypal.com https://*.adyen.com https://*.joinclyde.com https://*.tangiblee.com https://checkoutshopper-test.adyen.com https://www.talkable.com https://tsdtocl.com https://*.self-veri.com https://*.eshopworld.com https://*.inside-graph.com https://*.typeform.com https://*.affirm.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://aa.agkn.com https://live.rezync.com https://sync.crwdcntrl.net https://*.yahoo.net https://tags.bluekai.com https://*.criteo.net https://*.joinclyde.com https://*.criteo.com https://*.appdynamics.com https://www.facebook.com https://www.surveymonkey.com https://*.pinterest.com https://*.instagram.com https://maps.googleapis.com https://platform.twitter.com https://*.snapchat.com https://*.movado.com https://*.movadocompanystore.com https://*.google.com https://*.doubleclick.net https://*.linksynergy.com https://www.googletagmanager.com https://*.adsrvr.org https://*.pointmediatracker.com https://*.listrak.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.equalweb.com https://link.mail.movado.com https://*.luckyorange.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://www.googleadservices.com https://*.igodigital.com https://secure.quantserve.com https://s.pinimg.com https://api.sb.joinclyde.com https://api.joinclyde.com https://dynamic.criteo.com https://*.cloudfront.net https://widget.us.criteo.com https://www.google.nl/pagead https://www.google.nl https://sslwidget.criteo.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://bat.bing.com https://www.facebook.com https://connect.facebook.net https://cdn.noibu.com https://*.tiktok.com https://cdn.appdynamics.com https://beacon.riskified.com https://ajax.googleapis.com https://cdn.cookielaw.org/scripttemplates https://www.google-analytics.com https://init.blackcrow.ai https://*.synchronycredit.com https://www.talkable.com https://pay.google.com https://*.appdynamics.com https://www.recaptcha.net https://*.affirm.com https://*.joinclyde.com https://*.paypalobjects.com https://*.paypal.cn https://*.paypal.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://*.riskified.com https://*.inside-graph.com https://embed.typeform.com https://*.yotpo.com https://d.impactradius-event.com https://*.listrakbi.com https://bl.listrakbi.com https://www.gstatic.com https://*.cquotient.com https://*.usablenet.com https://static-na.payments-amazon.com https://*.googleapis.com https://*.cloudflare.com https://www.google.com https://*.yottaa.com https://www.googleoptimize.com https://*.cookielaw.org https://*.movado.com https://*.movadocompanystore.com https://*.googletagmanager.com https://*.tangiblee.com https://*.oliviaburton.com https://*.concord.com https://*.concord.ch https://*.collect.igodigital.com https://*.adyen.com https://www.google.com https://www.instagram.com https://www.twitter.com https://www.pinterest.com https://www.youtube.com https://maps.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com https://t.lt02.net; script-src-elem 'self' 'unsafe-inline' https://*.youtube.com https://link.mail.movado.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://*.paypal.com https://cdnapisec.kaltura.com https://*.equalweb.com https://*.ibytedtos.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://conoret.com https://www.talkable.com https://static.ads-twitter.com https://*.googletagmanager.com https://*.tangiblee.com https://*.self-veri.com https://*.evgnet.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.pulseidconnect.com https://*.fedex.com https://*.thomsonreuters.com https://acsbapp.com https://*.riskified.com https://*.cooladata.com https://oliviaburton.usablenet.com https://*.inside-graph.com https://*.typeform.com https://*.criteo.com https://*.igodigital.com https://init.blackcrow.ai https://cdn.noibu.com https://*.usedrop.io https://widget.surveymonkey.com https://www.googleadservices.com https://*.adyen.com https://www.google-analytics.com https://*.quantcount.com https://*.snapchat.com https://*.taboola.com https://api.ipify.org https://*.twitter.com https://bat.bing.com https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://s.yimg.com https://cdn.pdst.fm https://googleads.g.doubleclick.net https://secure.quantserve.com https://code.jquery.com https://api.sb.joinclyde.com https://api.joinclyde.com https://*.appdynamics.com https://movado.usablenet.com https://*.builder.io https://d.impactradius-event.com https://*.cloudfront.net https://*.rakuten.com https://*.affirm.com https://*.yotpo.com https://*.movado.com https://*.movadocompanystore.com https://www.gstatic.com https://cdn.cookielaw.org https://www.googleoptimize.com https://cdn.yottaa.com https://*.google.com https://*.pinterest.com https://*.instagram.com https://maps.googleapis.com https://*.googleapis.com https://*.gstatic.com https://static-na.payments-amazon.com https://*.cquotient.com https://*.listrakbi.com https://bl.listrakbi.com https://*.listrak.com https://*.typekit.net https://*.joinclyde.com https://*.linksynergy.com; style-src-elem 'self' 'unsafe-inline' https://*.inside-graph.com https://link.mail.movado.com https://maps.googleapis.com https://*.equalweb.com https://*.riskified.com https://www.googletagmanager.com https://*.tangiblee.com https://cdn.jsdelivr.net https://embed.typeform.com https://www.talkable.com https://*.cloudfront.net https://us-sandbox-live.inside-graph.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://mediacdn.espssl.com https://code.jquery.com https://fonts.googleapis.com https://*.movado.com https://*.movadocompanystore.com https://*.typekit.net https://*.linksynergy.com https://*.cloudflare.com https://*.joinclyde.com https://*.listrakbi.com https://bl.listrakbi.com; report-uri https://test.adyen.com/hpp/skipDetails https://cdn.cookielaw.org/scripttemplates https://*.googleapis.com https://*.movado.com https://*.movadocompanystore.com https://cdn-swell-assets.yotpo.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-modals allow-top-navigation allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation; frame-ancestors 'self' https://builder.io https://*.builder.io https://link.mail.movado.com https://test.adyen.com/hpp/skipDetails https://*.movado.com https://*.movadocompanystore.com https://*.cookielaw.org https://*.googleapis.com https://www.youtube.com https://www.facebook.com https://*.instagram.com https://*.pinterest.com https://*.tangiblee.com https://*.yotpo.com; worker-src blob: 'self' https://*.movado.com https://*.movadocompanystore.com; https://farmer.vuestorefront.cloud 2
frame-ancestors 'self' *.wrike.com 2
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com cdnjs.cloudflare.com/ajax/libs/three.js/* *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com tally.so *.tally.so *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; style-src 'self' https: 'unsafe-inline'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com cdnjs.cloudflare.com/ajax/libs/three.js/* *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com tally.so *.tally.so *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com cdnjs.cloudflare.com/ajax/libs/three.js/* *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com tally.so *.tally.so *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; font-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com cdnjs.cloudflare.com/ajax/libs/three.js/* *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com tally.so *.tally.so *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; connect-src 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com cdnjs.cloudflare.com/ajax/libs/three.js/* *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com tally.so *.tally.so *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; frame-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com cdnjs.cloudflare.com/ajax/libs/three.js/* *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com tally.so *.tally.so *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; frame-ancestors 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com cdnjs.cloudflare.com/ajax/libs/three.js/* *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com tally.so *.tally.so *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; object-src data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com cdnjs.cloudflare.com/ajax/libs/three.js/* *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com tally.so *.tally.so *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; media-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com cdnjs.cloudflare.com/ajax/libs/three.js/* *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com tally.so *.tally.so *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; worker-src 'self' data: blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com cdnjs.cloudflare.com/ajax/libs/three.js/* *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com tally.so *.tally.so *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184 2
default-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com trck.spoteffects.net www.lotto.de m.lotto.de www.youtube.com localhost:; script-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com connect.facebook.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com app.usercentrics.eu privacy-proxy.usercentrics.eu privacy-proxy-server.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.google.com data1.bresera.com data1.open-dog.com connect.facebook.net tags.tiqcdn.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com app.usercentrics.eu privacy-proxy.usercentrics.eu privacy-proxy-server.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; style-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com translate.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de 'unsafe-inline'; style-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.gstatic.com 'unsafe-inline'; connect-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com prodint.eurojackpot.de prodint.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de miframe.lotto.de iframe.lotto.de www.youtube.com trck.spoteffects.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de www.facebook.com connect.facebook.net translate.googleapis.com api.usercentrics.eu ib.adnxs.com consent-api.service.consent.usercentrics.eu privacy-proxy.usercentrics.eu privacy-proxy-server.usercentrics.eu cdn.dynamicyield.com st-eu.dynamicyield.com aggregator.service.usercentrics.eu graphql.usercentrics.eu ws://localhost:12387/ data:; font-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com fonts.gstatic.com api.rabatta.app data:; img-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com prodint.eurojackpot.de prodint.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com s.w.org ps.w.org www.gstatic.com secure.gravatar.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de eurojackpot.webtrekk.net fbc.wcfbc.net ad3.adfarm1.adition.com imagesrv.adition.com i.ytimg.com www.facebook.com connect.facebook.net fonts.gstatic.com app.usercentrics.eu uct.service.usercentrics.eu privacy-proxy-server.usercentrics.eu www.googleadservices.com adservice.google.com *.googleapis.com www.google-analytics.com translate.google.com pagead2.googlesyndication.com www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.cr www.google.co.in www.google.co.kr www.google.com www.google.co.ma www.google.com.br www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.mx www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.lk www.google.lu www.google.lv www.google.me www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk data:; child-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de blob:; frame-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de lotto.de www.youtube-nocookie.com www.facebook.com app.usercentrics.eu; base-uri 'self'; report-uri https://1934a11189c9ec9d302de0ee10e4c650.report-uri.com/r/t/csp/enforce 2
frame-ancestors 'self' https://*.mncdn.com; 2
"frame-ancestors 'none';" 2
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://*.analytics.google.com https://www.googleoptimize.com https://www.googletagmanager.com https://cdn-cookieyes.com https://fast.wistia.com https://fast.wistia.net; connect-src 'self' https://*.analytics.google.com https://*.wistia.com https://fast.wistia.net; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; frame-src 'self' https://info.featurespace.com https://player.captivate.fm; media-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; 2
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https: https://www.gstatic.com; img-src 'self' data: blob: https: https://www.google.com https://www.gstatic.com; font-src 'self' data: https:; frame-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://spaces.im https://pixplay.org https://*.pixplay.org https://ru.pixplay.org https://*.ru.pixplay.org https://mvoo.ru https://*.mvoo.ru https://nazone.mobi https://*.nazone.mobi https://mdrako.ru https://*.mdrako.ru https://www.google.com https://www.gstatic.com https://xsolla.com https://*.xsolla.com; frame-ancestors https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://spaces.im https://pixplay.org https://*.pixplay.org https://ru.pixplay.org https://*.ru.pixplay.org https://mvoo.ru https://*.mvoo.ru https://nazone.mobi https://*.nazone.mobi https://mdrako.ru https://*.mdrako.ru https://xsolla.com https://*.xsolla.com; connect-src 'self' https: wss: https://www.google.com https://www.gstatic.com https://xsolla.com https://*.xsolla.com; 2
frame-ancestors 'self' https://*.allohealth.care https://*.allohealth.care:3000 https://*.allohealth.com 2
default-src 'none';script-src 'self' https://static.frag-den-staat.de https://traffic.okfn.de https://js.stripe.com;style-src 'self' 'unsafe-inline' https://static.frag-den-staat.de;img-src 'self' data: blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://traffic.okfn.de *.tile.openstreetmap.org *.global.ssl.fastly.net i.ytimg.com https://cdn.pretix.cloud;media-src https://static.frag-den-staat.de https://media.frag-den-staat.de;worker-src 'self' blob: https://static.frag-den-staat.de;frame-src 'self' blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://www.youtube-nocookie.com https://media.ccc.de https://js.stripe.com https://hooks.stripe.com https://www.paypal.com https://datawrapper.dwcdn.net https://okfde.github.io;object-src 'self' https://media.frag-den-staat.de;connect-src 'self' wss://fragdenstaat.de https://static.frag-den-staat.de https://media.frag-den-staat.de https://sentry.okfn.de https://api.stripe.com https://traffic.okfn.de;child-src 'self' blob: https://static.frag-den-staat.de;base-uri 'none';font-src data: https://static.frag-den-staat.de;manifest-src https://static.frag-den-staat.de;form-action 'self' https://fragdenstaat.de https://forum.okfn.de https://www.paypal.com https://pretix.eu https://hooks.stripe.com https://stripe.com https://r.girogate.de;report-uri https://sentry.okfn.de/api/3/security/?sentry_key=f00c20a879414df69051163a90597a8c; 2
frame-ancestors 'self' *.trihealth.com; 2
default-src 'none'; object-src 'none'; script-src 'self' https://*.chargebee.com https://*.chargebeestatic.com https://openproject.matomo.cloud; style-src 'self' 'unsafe-inline' https://*.chargebee.com https://*.chargebeestatic.com; img-src 'self' data: https://cb-invoice-logos-prod.s3.us-east-1.amazonaws.com https://*.openproject.org https://openproject.org; media-src 'self' data: https://*.openproject.org https://openproject.org https://openproject-docs.s3.eu-central-1.amazonaws.com; frame-src 'self' https://js.chargebee.com https://www.youtube-nocookie.com https://*.chargebee.com https://*.chargebeestatic.com https://openproject.matomo.cloud https://opf.github.io; font-src 'self'; connect-src 'self' https://api.github.com/repos/opf/openproject https://*.openproject.com https://*.openproject.org https://openproject.matomo.cloud 2
frame-ancestors 'self' *.ag2rlamondiale.fr *.ppalm.fr; report-uri /csp-rapport; 2
frame-ancestors 'self' https://www.werkhaus.cc; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; upgrade-insecure-requests; base-uri 'self'; 2
frame-ancestors *.xiaopeng.com *.xiaopeng.local 2
script-src 'self' *.amnhealthcare.com dl.episerver.net maps.googleapis.com www.youtube.com unpkg.com script.crazyegg.com *.cloudfront.net *.cookielaw.org d10lpsik1i8c69.cloudfront.net api.amnhealthcare.io bat.bing.com  *.americanmobile.com *.pardot.com js.adsrvr.org snap.licdn.com dev.visualwebsiteoptimizer.com www.google.com assets.adobedtm.com www.googletagmanager.com js.zi-scripts.com www.gstatic.com www.rumiview.com *.amnhealthcare.com www.medtargetsystem.com match.deepintent.com trc.lhmos.com newton.newtonsoftware.com recruitingbypaycor.com apply.indeed.com cdn.botframework.com ajax.googleapis.com connect.facebook.net static.ads-twitter.com analytics.click2apply.net adservice.google.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com analytics.tiktok.com tag.demandbase.com ct.pinterest.com *.formsite.com cdn.optimizely.com js.monitor.azure.com *.cdn.optimizely.com cdn-assets-prod.s3.amazonaws.com app.optimizely.com apps.usw2.pure.cloud 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: 'unsafe-inline'; worker-src 'self' blob:; 2
default-src 'self'; img-src 'self' data: https://api.study-in-germany.com *.daad.de *.study-in-germany.de *.etracker.com *.etracker.de *.tile.openstreetmap.de *.google-analytics.com *.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.ytimg.com *.gravatar.com *.dw.com *.openstreetmap.de *.openstreetmap.org; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' 'self' *.etracker.com *.etracker.de 'unsafe-inline' http://tagmanager.google.com https://tagmanager.google.com *.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com *.youtube.com 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data data:;; connect-src 'self' https://api.study-in-germany.com *.etracker.de *.google-analytics.com *.googletagmanager.com; form-action 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; media-src *.youtube-nocookie.com youtu.be; frame-src *.youtube.com *.youtube-nocookie.com 2
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; default-src 'self' https://www.google.com https://fonts.gstatic.com monext.cdn.prismic.io images.prismic.io axeptio.imgix.net favicons.axept.io px.ads.linkedin.com player.ausha.co heapanalytics.com https://monext.prismic.io data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.axept.io snap.licdn.com https://cdn.us.heap-api.com https://heapanalytics.com https://www.google.com https://www.gstatic.com https://static.cdn.prismic.io https://prismic.io https://html2canvas.hertzen.com; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; connect-src 'self' https://www.google.com client.axept.io api.axept.io px.ads.linkedin.com https://c.us.heap-api.com https://heapanalytics.com https://monext.cdn.prismic.io https://static.axept.io 2
default-src 'self' chat.oesterreich.gv.at; script-src 'self' chat.oesterreich.gv.at 'unsafe-inline'; img-src data: 'self'; connect-src 'self' wss://chat.oesterreich.gv.at https://chat.oesterreich.gv.at; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com vimeo.com player.vimeo.com pubmon.a-sit.at; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.system4travel.com https://*.projectxyz.eu 2
object-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; base-uri 'none'; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/enforce; report-to csp-endpoint 2
script-src 'unsafe-eval' 'unsafe-inline' 'self' widget.trustpilot.com code.jquery.com maxcdn.bootstrapcdn.com js.createsend1.com ajax.googleapis.com maps.googleapis.com www.googleapis.com www.gstatic.com www.google.com analytics.google.com www.googletagmanager.com use.typekit.net www.google-analytics.com cse.google.com support.micron21.com www-2019.micron21.com www.micron21.com staging-2019.micron21.com www-2019.micron21.com staging.micron21.com support-staging.micron21.com cdnjs.cloudflare.com https://*.clarity.ms https://c.bing.com assets.calendly.com; style-src 'unsafe-inline' 'self' micron21.com www-2019.micron21.com www.micron21.com staging-2019.micron21.com staging.micron21.com maxcdn.bootstrapcdn.com cse.google.com support.micron21.com fonts.googleapis.com www.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: www.googletagmanager.com *; font-src 'self' data: maxcdn.bootstrapcdn.com support.micron21.com fonts.gstatic.com use.typekit.net; default-src 'self' widget.trustpilot.com www.youtube.com www.google.com support.micron21.com support-staging.micron21.com eform.pandadoc.com calendly.com https://*.clarity.ms https://c.bing.com; object-src 'none'; connect-src 'self' https://*.clarity.ms https://c.bing.com createsend.com support.micron21.com support-staging.micron21.com performance.typekit.net analytics.google.com www.google-analytics.com https://*.doubleclick.net https://*.google.com; worker-src 'self' widget.trustpilot.com maxcdn.bootstrapcdn.com www.google.com cse.google.com *.micron21.com; frame-src 'self' *.micron21.com widget.trustpilot.com www.google.com calendly.com *.youtube.com *.googletagmanager.com; frame-ancestors 'self' *.micron21.com 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.google.com *.hotjar.com https://uat.tormach.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.meetanshi.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://uat.tormach.com www.google.com https://js.hsforms.net https://js.klevu.com/core/v2/klevu.js https://js.klevu.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://static.elfsight.com *.elfsight.com td.doubleclick.net www.googletagmanager.com *.hotjar.com snap.licdn.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.tiktok.com *.facebook.net *.inimg.com *.hs-analytics.net *.bing.com bing.com *.pinimg.com *.hsadspixel.net *.usemessages.com *.hsleadflows.net *.doubleclick.net https://js.klevu.com/ js.hsforms.net www.gstatic.com js.braintreegateway.com https://js.hscta.net https://cta-service-cms2.hubspot.com *.hubspot.com *.hubapi.com *.pinterest.com youtube.com https://www.youtube.com/ *.weltpixel.com www.xtento.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.klevu.com *.ksearchnet.com services.postcodeanywhere.co.uk https://meetanshi.com/media/logo.png *.meetanshi.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.gstatic.com https://forms-na1.hsforms.com/embed https://no-cache.hubspot.com *.hubspot.com https://perf.hsforms.com *.elfsight.com *.linkedin.com www.google.al *.bing.com bing.com *.facebook.com www.facebook.com *.ytimg.com ytimg.com connect.facebook.net stats.g.doubleclick.net *.doubleclick.net www.xtento.com cdn.xtento.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.klevu.com *.ksearchnet.com api.addressy.com *.meetanshi.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://js.klevu.com youtube.com *.pcapredict.com *.hotjar.com snap.licdn.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.tiktok.com *.facebook.net connect.facebook.net *.inimg.com *.hs-analytics.net *.bing.com bing.com *.pinimg.com *.hsadspixel.net *.usemessages.com *.hsleadflows.net *.doubleclick.net https://js.hsforms.net https://js.klevu.com/ js.hsforms.net www.google.com www.gstatic.com https://static.elfsight.com *.elfsight.com https://js.hscta.net https://cta-service-cms2.hubspot.com *.hubspot.com *.pinterest.com *.googletagmanager.com *.taboola.com www.xtento.com cdn.xtento.com *.googleadservices.com *.redditstatic.com *.reddit.com *.ads-twitter.com *.clarity.ms *.klaviyo.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klevu.com *.ksearchnet.com api.addressy.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.gstatic.com www.gstatic.com *.hsforms.com https://js.hscta.net *.tagmanager.google.com *.googletagmanager.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: https://tormach.com https://forms-na1.hsforms.com/embed *.linkedin.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.klevu.com *.ksearchnet.com api.addressy.com *.meetanshi.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com https://forms.hsforms.com https://js.klevu.com/core/v2/klevu.js https://hubspot-forms-static-embed.s3.amazonaws.com statsjs.klevu.com forms.hsforms.com www.google.com https://cta-service-cms2.hubspot.com *.elfsight.com core.service.elfsight.com analytics.google.com *.linkedin.com *.hubspot.com *.hscollectedforms.net td.doubleclick.net https://js.hsforms.net https://js.klevu.com https://static.elfsight.com *.googletagmanager.com *.hotjar.com wss://ws.hotjar.com hotjar.com snap.licdn.com *.hs-scripts.com *.hs-banner.com *.tiktok.com *.facebook.net *.inimg.com *.hs-analytics.net *.bing.com bing.com *.pinimg.com *.hsadspixel.net *.usemessages.com *.hsleadflows.net *.doubleclick.net https://js.klevu.com/ js.hsforms.net www.gstatic.com js.braintreegateway.com https://js.hscta.net *.hubapi.com *.pinterest.com *.taboola.com *.hotjar.io *.redditstatic.com *.reddit.com *.twitter.com *.ads-twitter.com *.bing.net *.klaviyo.com *.clarity.ms *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self' https://content.radiosystemscorporation.com; style-src 'self' 'unsafe-inline' * 2
default-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:  https://tags.srv.stackadapt.com https://apxl.io https://px.mountain.com https://dx.mountain.com https://*.vimeo.com https://*.buzzsprout.com https://*.turtl.co https://preview.ppd.com   https://www.ppd.com https://cdn.propensity.com   https://cdnjs.cloudflare.com   https://connect.facebook.net   https://cookie-cdn.cookiepro.com   https://dev.visualwebsiteoptimizer.com   https://players.brightcove.net   https://script.hotjar.com   https://snap.licdn.com   https://static.addtoany.com   https://static.hotjar.com   https://tag.demandbase.com   https://vjs.zencdn.net   https://ws-assets.zoominfo.com   https://*.clarity.ms   https://*.googletagmanager.com   https://*.google.com   https://www.gstatic.com https://*.gstatic.com   https://*.doubleclick.net   https://*.google-analytics.com   https://*.hs-scripts.com   https://*.hs-analytics.net   https://*.hs-banner.com   https://*.hsforms.net   https://*.hsappstatic.net   https://*.hubspot.com   https://*.hsadspixel.net   https://js.zi-scripts.com   https://koi-3qnoj7ouly.marketingautomation.services   https://www.redditstatic.com   https://googleads.g.doubleclick.net   blob:;    style-src 'self'  'unsafe-inline' https://tags.srv.stackadapt.com https://*.turtl.co https://fonts.googleapis.com;    object-src 'none';   base-uri 'self';    connect-src 'self'   https://apxl.io https://tags.srv.stackadapt.com https://www.redditstatic.com https://www.facebook.com https://yoast.com   https://analytics.google.com   https://analytics.propensity.com   https://analytics.propensity-abm.com   https://api.company-target.com   wss://ws.hotjar.com https://*.hotjar.io https://*.hotjar.com https://api.hubapi.com   https://cookie-cdn.cookiepro.com   https://cta-service-cms2.hubspot.com   https://dev.visualwebsiteoptimizer.com   https://edge.api.brightcove.com   https://fastly-signed-us-east-1-prod.brightcovecdn.com   https://forms.hsforms.com   https://geolocation.onetrust.com   https://js.zi-scripts.com   https://manifest.prod.boltdns.net   https://pixel-config.reddit.com   https://px.ads.linkedin.com   https://tag-logger.demandbase.com   https://ws.zoominfo.com   https://segments.company-target.com   https://*.clarity.ms   https://*.googletagmanager.com   https://*.google.com   https://google.com   https://*.doubleclick.net   https://*.google-analytics.com   https://*.hubspot.com   https://*.hsforms.com   https://*.hsforms.net   https://stats.g.doubleclick.net   https://www.facebook.com https://*.hsappstatic.net; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://netdna.bootstrapcdn.com;  frame-ancestors 'self' https://ppd.pathfactory.com https://explore.ppd-fsp.com; frame-src 'self'   https://*.vimeo.com https://*.buzzsprout.com https://*.visualwebsiteoptimizer.com https://app.hubspot.com https://*.turtl.co https://app-3qnoj7ouly.marketingautomation.services   https://forms.hsforms.com   https://players.brightcove.net   https://s.company-target.com   https://static.addtoany.com   https://td.doubleclick.net   https://*.googletagmanager.com   https://*.google.com;   img-src 'self' data:   https://apxl.io https://ib.adnxs.com https://*.vimeocdn.com https://www.linkedin.com https://*.buzzsprout.com https://*.visualwebsiteoptimizer.com https://*.turtl.co https://www.ppd.com https://*.redditstatic.com https://*.sitescout.com https://www.facebook.com https://secure.gravatar.com   https://alb.reddit.com   https://cf-images.us-east-1.prod.boltdns.net   https://clickserv.sitescout.com   https://cookie-cdn.cookiepro.com   https://dev.visualwebsiteoptimizer.com   https://c.bing.com   https://ppd.com   https://px.ads.linkedin.com   https://px4.ads.linkedin.com   https://segments.company-target.com   https://metrics.brightcove.com   https://id.rlcdn.com   https://*.hubspot.com   https://*.hsforms.com   https://*.googletagmanager.com   https://*.google.com   https://c.clarity.ms;  manifest-src 'self'; media-src 'self' blob: data: https://*.brightcovecdn.com https://manifest.prod.boltdns.net https://*.ppd.com; worker-src blob:; 2
default-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.suizoargentina.com.ar *.suizoargentina.com suizoargentina.com *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com cdn.gtranslate.net *.mapbox.com chat-rueda.firebaseio.com *.firebaseio.com s-usc1c-nss-265.firebaseio.com *.bootstrapcdn.com caba33.suizoargentina.com.ar *.youtube.com *.log-in.com.ar *.w3.org *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com cdn.jsdelivr.net chat.suizoargentina.com *.google-analytics.com *.googletagmanager.com code.jquery.com ajax.googleapis.com connect.facebook.net *.facebook.com *.g.doubleclick.net js.hubspot.com *.amazonaws.com *.gravatar.com *.suizoargentina.com/webchat chat.suizoargentina.com/webchat/ https://suizoargentina.com/ 10.5.0.33 https://10.0.29.29; img-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.mapbox.com  http://suizoargentina.com https://suizoargentina.com https://suizoargentina.com/ caba33.suizoargentina.com.ar https://10.0.29.29 *.suizoargentina.com.ar *.suizoargentina.com *.exposuizo.com.ar *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com cdn.gtranslate.net *.bootstrapcdn.com *.amazonaws.com js.hubspot.com *.youtube.com *.log-in.com.ar chat-rueda.firebaseio.com *.firebaseio.com *.w3.org s-usc1c-nss-265.firebaseio.com *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com  connect.facebook.net *.facebook.com *.g.doubleclick.net secure.gravatar.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' inline google-analytics.com www.googletagmanager.com www.googleadservices.com google.com gstatic.com js.stripe.com checkout.stripe.com *.talkable.com *.typekit.net static.lensrentals.com staticw2.yotpo.com cdn-widgetsrepository.yotpo.com d2wy8f7a9ursnm.cloudfront.net dgpbytyl405yb.cloudfront.net d2jjzw81hqbuqv.cloudfront.net googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cloud.typography.com cdn-widgetsrepository.yotpo.com staticw2.yotpo.com static.lensrentals.com; img-src 'self' data: about:blank about blob *.stripe.com www.google-analytics.com www.googletagmanager.com www.google.com stats.g.doubleclick.net *.googleusercontent.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com i.ytimg.com static.lensrentals.com *.talkable.com cdn-yotpo-images-production.yotpo.com p.yotpo.com p.typekit.net; font-src 'self' data: fonts.gstatic.com cloud.typography.com cdn-widgetsrepository.yotpo.com cdn.shopify.com use.typekit.net; frame-src 'self' js.stripe.com checkout.stripe.com www.google.com www.googletagmanager.com www.youtube.com www.youtube-nocookie.com *.talkable.com share.lensrentals.com; connect-src 'self' www.google-analytics.com www.googletagmanager.com www.google.com www.googleadservices.com www.merchant-center-analytics.goog checkout.stripe.com api-cdn.yotpo.com share.lensrentals.com stats.g.doubleclick.net; report-to lr 2
frame-ancestors 'self' www.amway.com.au www.amway.co.nz https://pos.amway.com.au https://pos.amway.co.nz https://pos.amway.com.vn www.amway.com.vn www.amway.com.ph admin.amway.com.ph 2
frame-ancestors 'self' https://www.hdpornvideo.xxx https://www.hdpornvideoindia.pro https://www.hdpornvideo3cn.com 2
script-src 'self' https://*.churnkey.co https://*.cello.so https://*.hotjar.com https://*.hotjar.io https://*.posthog.com https://prodregistryv2.org https://featureassets.org https://api.statsig.com https://featuregates.org https://statsigapi.net https://events.statsigapi.net https://assetsconfigcdn.org https://cloudflare-dns.com https://*.ingest.sentry.io https://challenges.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://plausible.io https://*.google.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.googleusercontent.com https://*.mermaidchart.com https://vercel.live https://*.reddit.com https://www.redditstatic.com https://bat.bing.com https://www.bing.com https://c.bing.com https://www.clarity.ms 'nonce-TwqbsC+BvedTIoSOSalkwQ==', child-src 'self'; manifest-src 'self' https://supabase.mermaidchart.com https://supabase.mermaidchart.com; object-src 'none'; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' https://*.churnkey.co https://*.cello.so https://*.typekit.net 'unsafe-inline'; style-src-elem 'self' https://*.churnkey.co https://*.cello.so 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net; font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net; connect-src 'self' https://pixel-config.reddit.com https://conversions-config.reddit.com https://*.churnkey.co https://*.cello.so wss://ws.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.ingest.sentry.io https://plausible.io https://*.mixpanel.com https://*.posthog.com https://prodregistryv2.org https://featureassets.org https://api.statsig.com https://featuregates.org https://statsigapi.net https://events.statsigapi.net https://assetsconfigcdn.org https://cloudflare-dns.com https://beyondwickedmapping.org https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://google.com https://*.google.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://*.googleusercontent.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://ads.reddit.com https://alb.reddit.com https://www.redditstatic.com https://bat.bing.com https://bat.bing.net https://c.bing.com https://*.clarity.ms *.youtube.com https://supabase.mermaidchart.com wss://supabase.mermaidchart.com https://region1.google-analytics.com; frame-src 'self' https://*.posthog.com https://prodregistryv2.org https://featureassets.org https://challenges.cloudflare.com https://consentcdn.cookiebot.com https://td.doubleclick.net https://www.youtube.com https://*.mermaidchart.com https://*.mermaid.ai https://www.googletagmanager.com https://www.redditstatic.com https://bat.bing.com https://c.bing.com https://www.clarity.ms; frame-ancestors 'self' https://*.mermaidchart.com https://*.mermaid.ai https://*.ngrok-free.app https://*.ngrok.app https://test-site-confluence.atlassian.net https://*.atlassian.net http://localhost:3000 https://localhost:3000 https://*.googleusercontent.com https://*.google.com https://*.mermaidchart.com/ https://*.sharepoint.com https://onedrive.live.com https://*.officeapps.live.com https://word.cloud.microsoft https://powerpoint.cloud.microsoft; img-src * blob: data:; media-src 'self' https://static.mermaidchart.dev; report-uri https://o4504767952388096.ingest.sentry.io/api/4506547418890240/security/?sentry_key=7be454a4d9949a38e6692b3d475ba387&sentry_release=na; report-to sentry 2
frame-ancestors 'self' *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk; img-src 'self' data: *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk storage.googleapis.com cdn.realescort.com 2
default-src 'self' https: wss:;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https:;  style-src 'self' 'unsafe-inline' https:;  img-src 'self' https: blob: data:;  media-src 'self' https: blob: data:;  font-src 'self' https:;  frame-src 'self' https:;  worker-src 'self' blob:;  object-src 'none';  base-uri 'self';  form-action 'self';  frame-ancestors 'none';  upgrade-insecure-requests;  block-all-mixed-content; 2
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' *.awsstatic.com *.cdn.uis.awsstatic.com *.cdn.console.awsstatic.com d2c.aws.amazon.com a0.awsstatic.com *.feedback.console.aws.dev; object-src 'none'; 2
frame-ancestors 'self' backoffice.cmrcmm6y-boelstoph1-d1-public.model-t.cc.commerce.ondemand.com backoffice.cmrcmm6y-boelstoph1-s1-public.model-t.cc.commerce.ondemand.com backoffice.cmrcmm6y-boelstoph1-p1-public.model-t.cc.commerce.ondemand.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.b2clogin.com https://*.cmrcmm6y-boelstoph1-p1-public.model-t.cc.commerce.ondemand.com https://www.boels.com https://*.boels.com https://api.boels.com https://integratewith.boels.com https://jsapps.boels.com https://mediahub.boels.com https://prod.boels.com https://api.db-ip.com https://dc.services.visualstudio.com https://fonts.googleapis.com https://www.gstatic.com https://maps.gstatic.com https://fonts.gstatic.com https://i.ytimg.com https://recaptcha.net https://use.fontawesome.com  https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://trc.taboola.com https://*.adroll.mgr.consensu.org https://*.hotjar.io https://in.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://script.hotjar.com https://*.my.salesforce-sites.com https://*.my.salesforce.com https://*.salesforceliveagent.com https://*.vf.force.com https://service.force.com https://login.salesforce.com https://ads.yahoo.com https://adservice.google.com https://analytics.google.com https://openx.net  https://api.leadgenapp.io https://bam.nr-data.net https://bat.bing.com https://app.talkjs.com https://www.bing.com https://www.facebook.com https://www.google-analytics.com https://cbks0.googleapis.com https://cdn.jsdelivr.net https://connect.facebook.net https://dsum-sec.casalemedia.com https://eb2.3lift.com https://forms.leadgenapp.io https://geo0.ggpht.com https://graph.facebook.com https://ib.adnxs.com https://idsync.rlcdn.com https://ipv4.d.adroll.com https://js-agent.newrelic.com https://khms0.googleapis.com https://*.simpleanalyticscdn.com https://simpleanalyticsbadges.com  https://khms1.googleapis.com https://lh3.ggpht.com https://www.google.be https://www.google.com https://www.google.com.ua https://www.google.de https://www.google.dk https://www.google.fr https://www.google.lu https://www.google.nl https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imgsct.cookiebot.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pixel.advertising.com https://pixel.rubiconproject.com https://www.linkedin.com https://*.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com  https://region1.analytics.google.com https://region1.google-analytics.com https://*.adroll.com https://static.lightning.force.com https://simage2.pubmatic.com https://snap.licdn.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.doubleclick.net https://sync.outbrain.com https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com https://x.bidswitch.net https://static.hotjar.com https://*.popupsmart.com https://js.monitor.azure.com https://*.clarity.ms https://cdn-4.convertexperiments.com; frame-src 'self' https://consentcdn.cookiebot.com https://service.force.com https://*.boels.com https://recaptcha.net https://*.adroll.com https://td.doubleclick.net https://boelsrental.my.salesforce.com https://www.youtube.com https://www.googletagmanager.com/; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.digital.nuance.com mkt-api.tatrabanka.sk www.googletagmanager.com www.google-analytics.com *.google.com *.luigisbox.tech *.facebook.net track.adform.net *.hotjar.com googleads.g.doubleclick.net *.youtube.com www.gstatic.com websdk.appsflyer.com t.leady.com www.googleadservices.com s2.adform.net *.cloudfront.net *.raiffeisen.sk *.googleapis.com *.cdnjs.cloudflare.com *.jsdelivr.net *.jquery.com *.tatrabanka.sk *.zscaler.net *.mouseflow.com unpkg.com  *.vintom.com *.pinimg.com *.pinterest.com browser.sentry-cdn.com sentry-cdn.com 2
frame-ancestors 'self' https://eppendorf.e-spirit.hosting https://*.ariba.com https://*.sciquest.com https://*.oracle.com https://*.workday.com https://procure.prendio.com https://*.coupahost.com https://*.gep.com https://eprocurement.esmsolutions.com https://*.labcloudinc.com https://demo.procuredesk.com https://myprocuredesk.com https://*.umn.edu https://*.mdanderson.edu https://*.princeton.edu https://*.duke.edu https://austin.utexas.edu https://*.utmb.edu https://*.virginia.edu https://*.miami.edu https://*.moffit.org https://*.app.netsuite.com https://rcbb.psfs.lsuhsc.edu https://prd.psfs.lsuhsc.edu https://lawpe.c0xl.velocity.cloud https://lawde.c0xl.velocity.cloud https://lawdf.c0xl.velocity.cloud https://hilsapp50.qiagen.ads:8403 https://hilsapp50.qiagen.ads https://*.uni-bonn.de 2
default-src 'self'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; 2
base-uri 'none'; frame-ancestors 'none'; object-src 'none'; 2
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app https://www.googletagmanager.com https://js.hsforms.net https://f.vimeocdn.com https://embed.lu.ma https://www.clarity.ms https://*.contentsquare.net http://*.contentsquare.net https://www.chatbase.co https://static.reo.dev https://*.clarity.ms;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://embed.lu.ma;  img-src * blob: data:;  media-src *;  connect-src * https://api.reo.dev https://www.clarity.ms https://*.clarity.ms;  font-src * 'self';  frame-src * giscus.app youtube.com;  worker-src 'self' blob:;  frame-ancestors 'self' https://signoz.io https://*.us.signoz.cloud https://*.in.signoz.cloud https://*.eu.signoz.cloud; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net/npm/ https://www.googleoptimize.com/optimize.js https://sf1-eu.readspeaker.com/script/4967/ https://cdn.jsdelivr.net/gh/jackocnr/ https://prod.widgets.burgerprofiel.vlaanderen.be/api/v1/ https://consentcdn.cookiebot.com/consentconfig/ https://consent.cookiebot.com/ https://cdn-eu.readspeaker.com/script/4967/webReader/webReader.js https://www.googletagmanager.com https://cdn.popupsmart.com/bundle.js https://cdn.popupsmart.com/accounts/34422/9661/5/main.js https://cdn.jsdelivr.net/gh/stadgent/  https://www.google.com/pagead/1p-conversion/ https://cdn-eu.readspeaker.com/script/4967/webReader/r/ https://www.googleadservices.com/pagead/conversion/ https://script.hotjar.com/ https://www.clarity.ms/tag/ https://www.clarity.ms/s/ https://knrpc.olark.com/nrpc/ https://static.hotjar.com/c/hotjar-1813370.js https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net/npm/@snowplow/ https://projectaanvraag-api.uitdatabank.be https://ajax.googleapis.com/ajax/libs/jquery/ https://script.crazyegg.com/pages/ https://script.crazyegg.com/scripts/ https://js.arcgis.com https://api.olark.com https://scripts.clarity.ms https://cdn.popupsmart.com/accounts/34422/ https://unpkg.com/swiper/swiper-bundle.min.js https://unpkg.com https://cdn3.devexpress.com/jslib/ https://widget.onlineafspraken.nl/consumer/booking/book/ https://static.olark.com/ https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://tni.widgets.burgerprofiel.dev-vlaanderen.be/api/v1/ https://static.hotjar.com/c/ https://stadgent.github.io/ ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://sf1-eu.readspeaker.com/script/4967/ReadSpeaker.Styles.css https://cdn.jsdelivr.net/npm/@duetds/ https://cdn.jsdelivr.net/gh/NigelOToole/ https://cdn.jsdelivr.net/gh/jackocnr/  https://cdn-eu.readspeaker.com/script/4967/webReader/r/ https://cdn.popupsmart.com/accounts/34422/9661/5/main.css https://cdn.jsdelivr.net/gh/stadgent/ https://projectaanvraag-api.uitdatabank.be/widgets/layout/ https://unpkg.com/swiper/swiper-bundle.min.css https://js.arcgis.com/4.30/esri/themes/light/main.css https://cdn3.devexpress.com/jslib/ https://static.olark.com/ https://widget.onlineafspraken.nl/assets/ https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css https://cdn.popupsmart.com/accounts/34422/ https://chosen.css/ https://www.googletagmanager.com/debug/ https://fonts.googleapis.com/ https://unpkg.com/tippy.js@6.3.7/dist/tippy.css; img-src 'self' data:  https://sf1-eu.readspeaker.com/script/4967/img/ https://i.ytimg.com/vi_webp/ https://geo.gent.be/geoserver/  https://imgsct.cookiebot.com/1.gif  https://cdn.popupsmart.com/assets/ https://cdn.popupsmart.com/campaign_images/  https://cdn.popupsmart.com/uploaded/ https://cdn.jsdelivr.net/gh/stadgent/ https://www.googletagmanager.com/td  https://c.clarity.ms/c.gif https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.googletagmanager.com/a https://www.google-analytics.com/collect  https://translate.google.com/gen204 https://log.olark.com/jslog/log.png  https://images.uitdatabank.be https://projectaanvraag-api.uitdatabank.be/assets/images/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.google.com/pagead/1p-conversion/ http://geo.gent.be/geoserver/wms https://data.stad.gent https://media.uitdatabank.be https://c.bing.com/c.gif https://images-prod-uitdatabank.imgix.net https://udb2-media.imgix.net/static/ https://communicatie-digitaal.gent.be https://studieplekken.ugent.be/assets/ https://img.transistor.fm https://apidg.gent.be https://www.dov.vlaanderen.be/geoserver/ https://www.dov.vlaanderen.be/geoserver/wms  https://geo.api.vlaanderen.be https://wms.ngi.be/inspire/ortho/service  https://tile.openstreetmap.org https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/; media-src 'self' https://app-eu.readspeaker.com/enterprise/iframeproxy.php https://rstts-eu.readspeaker.com/cgi-bin/rspeak/ https://static.olark.com/jsclient/sounds/olark-chimes.ogg; frame-src 'self' https://app-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/ https://www.youtube-nocookie.com/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://data.stad.gent https://w.soundcloud.com https://stonly.com https://www.fietsrouteplanner.org https://static.olark.com/ https://share.transistor.fm https://forms.office.com https://open.spotify.com https://gent.maps.arcgis.com https://360-tour.be https://www.360-tour.be https://app.powerbi.com https://player.vimeo.com https://enquete.stad.gent/; child-src 'self' blob:; font-src 'self' data:  https://fonts.gstatic.com/s/ https://cdn.jsdelivr.net/gh/stadgent/ https://projectaanvraag-api.uitdatabank.be/assets/webfonts/ https://ui.vlaanderen.be/2.latest/fonts/ https://static.olark.com https://js.arcgis.com/4.30/esri/ https://cdn3.devexpress.com/jslib/ https://widget.onlineafspraken.nl/themes/a2sp/css/fonts/; connect-src 'self' https://openingsuren.gent.be/api/v1/ https://consentcdn.cookiebot.com/consentconfig/ https://region1.google-analytics.com/ https://handler-api.popupsmart.com https://cdn.popupsmart.com/accounts/34422/ https://data.stad.gent/api/records/1.0/search/ https://prod.widgets.burgerprofiel.vlaanderen.be/api/v1/ https://app-eu.readspeaker.com/cgi-bin/rsent https://www.google-analytics.com https://cdn-eu.readspeaker.com/script/4967/webReader/r/ https://rstts-eu.readspeaker.com/cgi-bin/rspeak/ https://extragis.gent.be/restproxygl/GLRestFacade2.svc/ https://vc.hotjar.io/sessions/1813370 https://www.google.com https://*.clarity.ms/collect https://knrpc.olark.com/nrpc/ https://sneeuwploeg.uitdatabank.be/publiq/t https://www.burgerprofiel.be https://script.crazyegg.com/pages/ https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com https://geo.gent.be/geoserver/ https://assets-tracking.crazyegg.com/healthcheck https://services2.arcgis.com https://static.arcgis.com/fonts/ https://www.arcgis.com https://geo.api.vlaanderen.be https://apidg.gent.be https://metrics.hotjar.io https://data.stad.gent wss://ws.hotjar.com/api https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.googletagmanager.com/gtag/js https://unpkg.com/swiper/swiper-bundle.min.js.map https://cdn.jsdelivr.net/npm/@snowplow/ https://js.arcgis.com/4.30/esri/ https://cdn.jsdelivr.net/gh/stadgent/ https://static.olark.com/ https://code.jquery.com https://widget.onlineafspraken.nl https://content.hotjar.io wss://ws.hotjar.com/api/v2/ https://www.dov.vlaanderen.be/geoserver/ https://cdn.popupsmart.com/assets/ https://probe.stad.gent https://unpkg.com/@district09/ https://tni.widgets.burgerprofiel.dev-vlaanderen.be/api/ https://unpkg.com/tippy.js@6.3.7/ https://unpkg.com/@popperjs/core@2.11.6/; report-uri /report-csp-violation; upgrade-insecure-requests 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.paddle.com/paddle/paddle.js https://gc.zgo.at/count.js https://hcaptcha.com https://*.hcaptcha.com https://plausible.simplelogin.io/js/index.js; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.paddle.com https://www.youtube.com https://app.tryhoist.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://cdn.paddle.com 2
block-all-mixed-content; child-src blob:; connect-src 'self' https://*.scene7.com https://*.limelight.com https://*.google-analytics.com https://*.bing.com https://*.mktoresp.com https://*.doubleclick.net https://*.wisepops.com https://*.medallia.com https://*.kampyle.com https://*.msanet.com https://*.mapbox.com https://*.googlevideo.com https://*.llnw.net https://*.facebook.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.onetrust.com https://*.msasafety.com https://*.zoominfo.com https://*.usetiful.com https://*.mktoutil.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://*.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.rumiview.com wss://*.hotjar.com https://*.hotjar.com https://*.csp-1.com https://csp-1.picarioxpo.com https://*.tockify.com https://tockify.com https://app.getwisp.co https://*.wisepops.net https://*.qzzr.com https://*.algolianet.com https://*.algolia.net https://*.kudoboard.com https://*.curator.io https://*.pricespider.com https://cdnjs.cloudflare.com https://*.algolia.io https://wisepops.net https://*.tiles.mapbox.com wss: https://px.ads.linkedin.com https://*.niceincontact.com https://*.uplynk.com https://pactsafe.io https://lexipol.blueconic.net https://msasafety.my.salesforce-sites.com; default-src 'self'; font-src 'self' data: https://*.gstatic.com https://*.fontawesome.com https://*.cloudfront.net https://*.typekit.net https://*.pricespider.com https://*.niceincontact.com https://webapps.msanet.com; frame-src 'self' https://*.msasafety.com https://*.msanet.com https://*.google.com https://*.doubleclick.net https://*.marketo.com https://*.bing.com https://*.hotjar.com https://*.medallia.com https://*.zoho.com https://*.metalocator.com https://*.youtube.com https://*.sierramonitor.com https://*.123formbuilder.com https://*.clickagy.com https://*.facebook.com http://*.msanet.com https://*.webdamdb.com https://*.force.com https://*.office.com https://*.csp-1.com https://msasafety.wufoo.com https://*.tockify.com https://tockify.com https://*.vimeo.com https://www.firegrantshelp.com https://*.qzzr.com https://*.riddle.com https://*.surveymonkey.com https://www.mybacharach.com https://*.kudoboard.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://*.marketingautomation.services https://*.wisepops.com https://*.wisepops.net https://wisepops.net https://insight.adsrvr.org https://msa.webdamdb.com/ https://*.niceincontact.com https://*.instagram.com https://jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com https://*.googletagmanager.com https://content.uplynk.com https://msasafety700.outgrow.us https://*.uplynk.com; img-src data: 'self' https://*.scene7.com https://*.googletagmanager.com https://*.pricespider.com https://*.googleadservices.com https://*.linkedin.com https://*.doubleclick.net https://*.bing.com https://*.facebook.com https://*.google-analytics.com https://*.cookielaw.org https://*.clarity.ms https://*.metalocator.com https://*.msasafety.com https://*.msanet.com https://*.webdamdb.com https://*.kickfire.com https://*.kampyle.com https://*.simpli.fi https://*.rumiview.com https://*.webtraxs.com https://*.analytics.google.com https://*.adroll.com https://*.g.doubleclick.net https://*.ads.linkedin.com https://*.clickagy.com https://*.msafire.com https://*.content.video.llnw.net https://*.csp-1.com https://csp-1.picarioxpo.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://blog.sierramonitor.com https://*.wisepops.net https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://*.wisepops.com https://*.mapbox.com https://safetyio.com https://*.safetyio.com blob: https://img.delvenetworks.com https://pixel-geo.prfct.co https://blog.fieldserver.com https://curator-assets.b-cdn.net https://*.curator.io https://*.niceincontact.com/ https://dummyimage.com https://*.placeholder.com https://placehold.it https://*.uplynk.com https://media.msasafety.com.cn https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://msasafety.bynder.com https://msasafety.my.salesforce-sites.com/; media-src 'self' blob: https://*.llnw.net https://*.msanet.com https://*.webdamdb.com/ https://*.curator.io https://curator-assets.b-cdn.net/ https://*.shutterstock.com https://*.uplynk.com/ https://msasafety.bynder.com assetlibrary.msasafety.com https://*.cdninstagram.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.msasafety.com https://*.scene7.com https://*.pricespider.com https://*.limelight.com https://*.marketo.com https://*.marketo.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.gstatic.com https://*.bing.com https://*.doubleclick.net https://*.hotjar.com https://*.facebook.net https://*.wisepops.com https://*.adobedtm.com https://*.licdn.com https://*.medallia.com https://*.kampyle.com https://*.kickfire.com https://*.simpli.fi https://*.google.com https://*.metalocator.com https://*.pardot.com https://*.mapbox.com https://*.sierramonitor.com https://*.zohostatic.com https://*.usersnap.com https://*.cloudfront.net https://*.youtube.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.123formbuilder.com https://*.zoominfo.com https://*.usetiful.com https://*.webtraxs.com https://*.adroll.com https://*.rumiview.com https://*.la5-c2-ia4.salesforceliveagent.com https://*.jquery.com https://*.force.com https://*.g.doubleclick.net https://*.csp-1.com https://*.tockify.com https://tockify.com https://*.wisepops.net https://app.getwisp.co https://*.qzzr.com https://cdn.jsdelivr.net https://koi-3QNJ3FOY90.marketingautomation.services https://curator.io https://*.curator.io https://*.marketingautomation.services https://wisepops.net https://cdnjs.cloudflare.com https://tag.perfectaudience.com https://js.adsrvr.org https://*.tiles.mapbox.com https://pixel-geo.prfct.co https://*.niceincontact.com https://*.instagram.com https://webapps.msanet.com https://webapps.msasafety.com https://*.uplynk.net https://*.uplynk.com https://pactsafe.io https://*.pactsafe.io https://msasafety.bynder.com https://*.blueconic.net https://msasafety.my.salesforce-sites.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.mapbox.com https://*.pricespider.com https://*.tiles.mapbox.com https://*.msasafety.com https://*.scene7.com https://www.usetiful.com https://*.msanet.com https://*.fontawesome.com https://*.googleapis.com https://*.typekit.net https://*.curator.io/ https://*.niceincontact.com https://*.uplynk.com https://*.blueconic.net https://msasafety.my.salesforce-sites.com/; upgrade-insecure-requests; worker-src 'self' blob:; report-uri /.webscale/csp-report 2
default-src http: https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src 'self' https:; 2
default-src 'self' https://cdn.vargroup.com https://*.gstatic.com https://*.adacto.it https://*.vargroup.it https://*.vargroup.com http://*.tidiochat.com https://*.tidiochat.com https://*.dynamics.com https://*.genially.com https://*.typeform.com wss://*.typeform.com ws://*.typeform.com https://*.tidio.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.vargroup.com https://*.hsforms.net https://matomo01.bizmart2.it https://matomo.ubics.app https://sc-matomo.adacto.it https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://*.googleapis.com https://*.google.com https://*.google.it https://*.gstatic.com http://*.hsforms.net https://*.hsforms.net https://*.recaptcha.net https://*.addthis.com https://*.intervieweb.it https://*.azureedge.net https://*.googletagmanager.com https://*.cloudflareinsights.com https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com http://*.tidio.co https://*.tidio.co http://*.tidiochat.com https://*.tidiochat.com https://*.youtube.com https://*.aspnetcdn.com https://*.dynamics.com https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://*.hubspot.com https://cdnjs.cloudflare.com https://*.bing.com https://*.genially.com https://*.tableau.com https://*.facebook.net https://*.facebook.com https://*.lfeeder.com https://*.typeform.com https://*.vargroup.com https://*.vargroup.it wss://*.typeform.com ws://*.typeform.com http://*.typeform.com https://*.googleadservices.com https://*.fillout.com; style-src 'self' 'unsafe-inline' https://cdn.vargroup.com https://*.googleapis.com https://*.azureedge.net https://*.genially.com https://*.typeform.com wss://*.typeform.com ws://*.typeform.com https://*.tidio.co https://*.vargroup.com https://*.vargroup.it https://*.fillout.com; img-src * data:; media-src 'self' https://cdn.vargroup.com https://sitecore.vargroup.com https://edge.sitecorecloud.io http://*.tidiochat.com https://*.tidiochat.com https://*.genially.com https://*.typeform.com wss://*.typeform.com ws://*.typeform.com https://*.tidio.co https://*.vargroup.com https://*.vargroup.it; frame-src 'self' https://www.youtube.com https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://docs.google.com https://*.google.com https://*.google.it https://*.hsforms.com https://*.recaptcha.net https://*.intervieweb.it https://*.dynamics.com https://*.googletagmanager.com https://*.microsoft.com https://*.googleadservices.com https://*.doubleclick.net https://sitecore.vargroup.com https://*.hubspot.com https://player.vimeo.com/ https://go.pardot.com/ https://*.genially.com https://*.powerbi.com https://*.tableau.com https://*.facebook.net https://*.facebook.com https://*.typeform.com wss://*.typeform.com ws://*.typeform.com https://*.tidio.co https://*.vargroup.com https://*.vargroup.it https://*.fillout.com https://sitecore.vargroup.com https://*.vargroup.it https://*.vargroup.com https://*.adacto.it https://*.vargroup.ch https://*.vargroup.de https://*.vargroup.es https://*.vargroup.ad https://*.dsec.it https://*.mediamenteconsulting.it https://*.tekneretail.it https://*.wisesecurity.com https://*.yarix.com https://*.cyres-consulting.com https://*.ubics.it https://*.infolog.it https://*.incidentresponse.com https://*.nip.io https://*.adview.mx https://*.adview.it https://cdn.vargroup.com; frame-ancestors https://sitecore.vargroup.com https://cdn.vargroup.com https://*.vargroup.it https://*.vargroup.com https://*.adacto.it https://*.vargroup.ch https://*.vargroup.de https://*.vargroup.es https://*.vargroup.ad https://*.dsec.it https://*.mediamenteconsulting.it https://*.tekneretail.it https://*.wisesecurity.com https://*.yarix.com https://*.cyres-consulting.com https://*.ubics.it https://*.infolog.it https://*.incidentresponse.com https://*.nip.io https://*.adview.mx https://*.adview.it; object-src none; connect-src 'self' https://cdn.vargroup.com https://*.hsforms.com https://www.youtube.com https://matomo01.bizmart2.it https://matomo.ubics.app https://sc-matomo.adacto.it https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://*.googleapis.com https://*.ingest.sentry.io https://*.intervieweb.it https://*.googletagmanager.com https://*.cloudflareinsights.com https://*.google.com https://*.google.it https://*.google-analytics.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.doubleclick.net http://*.tidiochat.com https://*.tidiochat.com ws://*.tidio.co wss://*.tidio.co https://*.dynamics.com https://*.azureedge.net https://sitecore.vargroup.com https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://google.com/pagead/form-data/ https://google.com/ccm/form-data/ https://googleadservices.com/ https://google.it/ https://*.hubspot.com https://*.bing.com https://*.genially.com https://*.tableau.com https://*.facebook.net https://*.facebook.com https://*.lfeeder.com https://*.typeform.com wss://*.typeform.com ws://*.typeform.com https://*.tidio.co https://*.vargroup.com https://*.vargroup.it https://*.googleadservices.com https://*.fillout.com https://*.recaptcha.net 2
font-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' https://wiki.mdigital.kg https://wiki.mbank.kg https://mtravel.kg https://test.mtravel.kg https://m-market.kg https://site.bmarket.kg https://test.bmarket.kg https://testib.mbusiness.kg https://lk-ras-test.mbank.kg https://lk-ras.mbank.kg https://smart.mbusiness.kg; 2
frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:8090 https://cdn.polyfill.io https://seal.verisign.com https://polyfill.io https://cdn.ravenjs.com; object-src 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' data: https:; connect-src 'self' dpm.demdex.net; frame-src 'self' newsquestdigital.demdex.net https://player.vimeo.com;  2
default-src https: 'unsafe-eval' 'unsafe-inline' 2
default-src 'self' webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com; block-all-mixed-content; connect-src 'self' use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com *.g.doubleclick.net www.facebook.com www.google-analytics.com *.analytics.google.com region1.analytics.google.com www.googletagmanager.com sc.lfeeder.com *.google.com *.googleadservices.com *.doubleclick.net www.google.fr plausible.io webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com www.datocms-assets.com *.rollbar.com consent.cookiebot.com consentcdn.cookiebot.com; font-src 'self' data: cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com; frame-ancestors 'none'; frame-src 'self' webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com td.doubleclick.net consent.cookiebot.com consentcdn.cookiebot.com; img-src 'self' https: data: cdn.scalingo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com www.googletagmanager.com cdn.mxpnl.com connect.facebook.net www.google-analytics.com apis.google.com plausible.io sc.lfeeder.com webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com *.rollbar.com consent.cookiebot.com consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com; upgrade-insecure-requests 2
frame-ancestors 'self' https://uxwizz.icinga.com; 2
object-src 'none'; frame-ancestors 'self'; report-uri https://www.securite-routiere.gouv.fr/report-uri/enforce 2
frame-ancestors 'self' https://teams.cloud.microsoft https://*.cloud.microsoft https://*.proctor.constructor.app https://proctor.constructor.app 2
default-src 'self'; child-src 'self' https://platform.twitter.com https://youtube.com; connect-src 'self' https://dap.digitalgov.gov https://*.doubleclick.net https://orcid.org/userStatus.json https://search.usa.gov https://translate.googleapis.com https://usda.libanswers.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' data: https://cdn.knightlab.com https://fonts.gstatic.com; frame-src 'self' https://publicdashboards.dl.usda.gov https://*.twitter.com https://usda.libanswers.com https://player.vimeo.com https://*.youtube.com; frame-ancestors 'self'; img-src 'self' data: https://cdn.knightlab.com https://feed.informer.com https://fonts.gstatic.com https://*.nal.usda.gov https://orcid.org https://info.orcid.org https://www.ssa.gov/accessibility/andi/ https://*.twitter.com https://*.usa.gov https://validator.swagger.io https://*.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; script-src 'self' https://ajax.googleapis.com https://cdn.knightlab.com https://dap.digitalgov.gov https://feed.informer.com https://*.google-analytics.com https://*.libanswers.com https://www.nal.usda.gov https://platform.twitter.com https://search.usa.gov https://www.googletagmanager.com https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/ https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/ https://dap.digitalgov.gov https://feed.informer.com https://*.libanswers.com https://www.nal.usda.gov https://publicdashboards.dl.usda.gov https://search.usa.gov https://*.twitter.com https://unpkg.com/chart.js@4.4.0/ https://unpkg.com/chartjs-adapter-date-fns@3.0.0/ https://unpkg.com/chartjs-plugin-datalabels@2.0.0/ https://*.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://www.ssa.gov/accessibility/andi/; style-src 'self' 'unsafe-inline' https://cdn.knightlab.com https://fonts.googleapis.com https://search.usa.gov; style-src-elem 'self' 'unsafe-inline' https://cdn.knightlab.com https://static-assets-us.libanswers.com https://search.usa.gov https://www.ssa.gov;; 2
frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ts1.numeroblu.it https://widget.spreaker.com https://assets.sitescdn.net https://platform.twitter.com https://platform.linkedin.com https://*.iubenda.com https://*.liveperson.net https://www.googletagmanager.com https://cdn.eye-able.com https://answers.trenord.com.pagescdn.com https://trenord.mailmnsa.com https://bat.bing.com https://connect.facebook.net https://siteimproveanalytics.com https://googleads.g.doubleclick.net https://www.clarity.ms https://snap.licdn.com https://maps.googleapis.com https://www.geocms.it https://storage.googleapis.com https://*.lpsnmedia.net https://www.google.com https://*.paypal.com https://*.paypalobjects.com https://www.gstatic.com https://s.pinimg.com https://analytics.tiktok.com https://ct.pinterest.com https://download.pi.dynamics.com/sdk/web/msei-0.js; 2
default-src 'self';    connect-src 'self' sentry.io https://*.sentry.io *.sentry.io https://apikeys.civiccomputing.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://connect.facebook.net https://clapi.civiccomputing.com https://*.azurewebsites.net https://*.wtopt.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.youtube.com https://vimeo.com https://www.google.com https://*.trussell.org.uk https://analytics.tiktok.com;    script-src 'self' 'unsafe-eval' 'unsafe-inline' https://browser.sentry-cdn.com https://js.sentry-cdn.com https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://s3.amazonaws.com https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://*.list-manage.com https://*.turn2us.org.uk https://*.google-analytics.com https://connect.facebook.net https://clapi.civiccomputing.com https://*.azurewebsites.net https://*.sentry.io https://*.hotjar.com https://www.youtube.com https://*.vimeo.com https://*.vimeocdn.com https://*.trussell.org.uk https://analytics.tiktok.com https://*.tfaforms.com https://*.tfaforms.net;    style-src 'self' 'unsafe-inline' https://at.alicdn.com https://fonts.googleapis.com https://cdn-images.mailchimp.com https://*.hotjar.com;    style-src-elem 'self' 'unsafe-inline' https://at.alicdn.com;    worker-src 'self' blob:;    img-src 'self' data: blob: https://*.trussell.org.uk https://tt-website.ddev.site https://trusselltrustdev.prod.acquia-sites.com https://trusselltruststage.prod.acquia-sites.com https://trusselltrustprod.prod.acquia-sites.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://digitalasset.intuit.com https://www.facebook.com https://*.vimeocdn.com https://i.ytimg.com https://*.hotjar.com;    font-src 'self' https://at.alicdn.com https://fonts.gstatic.com https://*.hotjar.com;    object-src 'self' data:;    base-uri 'self';    form-action 'self' https://*.list-manage.com;;    frame-src 'self' data: https://*.trussell.org.uk https://tt-website.ddev.site https://trusselltrustdev.prod.acquia-sites.com https://trusselltruststage.prod.acquia-sites.com https://trusselltrustprod.prod.acquia-sites.com https://www.youtube.com https://www.turn2us.org.uk https://player.vimeo.com https://www.google.com https://*.turn2us.org.uk https://www.googletagmanager.com https://*.issuu.com https://*.tfaforms.com https://*.tfaforms.net https://givetoday.co.uk https://*.givetoday.co.uk https://app.bankthefood.org;    frame-ancestors 'self' https://*.trussell.org.uk https://tt-website.ddev.site https://trusselltrustdev.prod.acquia-sites.com https://trusselltruststage.prod.acquia-sites.com https://trusselltrustprod.prod.acquia-sites.com;    upgrade-insecure-requests; 2
default-src 'self';script-src * 'unsafe-inline';img-src * data:;font-src 'self' data:;style-src 'self' 'unsafe-inline';frame-src * 'unsafe-inline';connect-src * 2
"default-src 'self' 'unsafe-inline'" 2
default-src 'self' api-v2.psg777.com https://www.google.com *;script-src 'self' 'unsafe-eval' blob: cdnjs.cloudflare.com https://www.google.com;img-src 'self' * blob: data: https://www.google.com;connect-src 'self' api-v2.psg777.com https://www.google.com;frame-ancestors 'self' https://www.google.com;base-uri 'self';form-action 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2
default-src https: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; img-src https: data: 2
frame-ancestors 'self' https://cdn.evgnet.com https://cdn.evergage.com https://comercialdportenissadecv.us-7.evergage.com; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 2
frame-ancestors 'self' embed.eventfrog.ch embed.eventfrog.de embed.eventfrog.at 2
frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com www.fanexpohq.events 2
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://js.navattic.com/ https://capture.navattic.com/ https://js.hs-scripts.com/ https://bat.bing.com/ https://connect.facebook.net/ https://t.visitorqueue.com/ https://js.driftt.com/ https://tracking.g2crowd.com/ https://www.clarity.ms/ https://i.clarity.ms/ https://snap.licdn.com/ https://tag.pearldiver.io/ https://googleads.g.doubleclick.net/ https://js.hs-analytics.net/ https://js.hubspot.com/ https://track.hubspot.com/ https://js.hsleadflows.net/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://js.zi-scripts.com/ https://ws-assets.zoominfo.com/ https://a.usbrowserspeed.com/ https://tags.clickagy.com/ https://js.adsrvr.org/ https://i.liadm.com/ https://js.hsforms.net/ https://*.fs1.hubspotusercontent-na1.net/ https://20898597.fs1.hubspotusercontent-na1.net/ https://js.chilipiper.com/ https://www.clickcease.com/ https://boards.greenhouse.io/ https://www.tfaforms.com/ https://www.google.com/ https://c.clarity.ms/ https://assets.adobedtm.com/ https://twin-iq.kickfire.com/ https://demo.rectanglehealth.com/ https://stackadapt.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com/ https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/ https://www.gstatic.com https://scripts.clarity.ms https://nitroscripts.com/ https://*.visitorqueue.com/ https://*.personizely.net https://www.rectanglehealth.com/; img-src 'self' data: blob: https://t.visitorqueue.com/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://perf-na1.hsforms.com/ https://www.google.com/ https://bat.bing.com/ https://track.hubspot.com/ https://aorta.clickagy.com/ https://us-u.openx.net/ https://i.liadm.com/ https://idsync.rlcdn.com/ https://dpm.demdex.net/ https://pixel-sync.sitescout.com/ https://forms-na1.hsforms.com/ https://www.googletagmanager.com/ https://images.g2crowd.com/ https://googleads.g.doubleclick.net/ https://aa.agkn.com/ https://www.linkedin.com/ https://c.clarity.ms/ https://c.bing.com/ https://d.agkn.com/ https://cm.g.doubleclick.net/ https://assets.adobedtm.com/ https://twin-iq.kickfire.com/ https://tags.srv.stackadapt.com https://*.ads.linkedin.com/ https://*.visitorqueue.com/ https://*.personizely.net https://www.rectanglehealth.com/; object-src 'self' data: blob: https://demo.rectanglehealth.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/ https://js.driftt.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://i.liadm.com/ https://s.pointerpro.com/ https://job-boards.greenhouse.io/ https://www.tfaforms.com/ https://*.personizely.net https://pcihipaa.com/ https://rectanglehealth.chilipiper.com/ https://forms.hsforms.com/ https://c.clarity.ms/ https://*.youtube.com/ https://youtube.com/ https://assets.adobedtm.com https://*.fls.doubleclick.net/ https://track.hubspot.com/ https://capture.navattic.com/ https://tags.srv.stackadapt.com https://www.google.com; frame-src 'self' data: blob: https://demo.rectanglehealth.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/ https://js.driftt.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://i.liadm.com/ https://s.pointerpro.com/ https://job-boards.greenhouse.io/ https://www.tfaforms.com/ https://*.personizely.net https://pcihipaa.com/ https://rectanglehealth.chilipiper.com/ https://forms.hsforms.com/ https://c.clarity.ms/ https://*.youtube.com/ https://youtube.com/ https://assets.adobedtm.com https://*.fls.doubleclick.net/ https://track.hubspot.com/ https://capture.navattic.com/ https://tags.srv.stackadapt.com https://www.google.com 2
style-src smurfitkappa.concludis.de *.cookiebot.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' 2
default-src 'self' www.nsinternational.com;connect-src 'self' www.nsinternational.com *.nsinternational.com browser-intake-datadoghq.eu www.datadoghq-browser-agent.com *.enterprisebot.co ws://*.enterprisebot.co www.google-analytics.com region1.google-analytics.com www.google.com www.google.nl stats.g.doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net *.ns.nl *.blueconic.net *.optimizely.com o71339.ingest.sentry.io maps.googleapis.com www.googleapis.com www.googletagmanager.com www.googleadservices.com adservice.google.com api-prd.kpn.com www.facebook.com edge.api.brightcove.com manifest.prod.boltdns.net *.brightcovecdn.com ts.tradetracker.net t.co analytics.twitter.com bat.bing.com mail.nsinternational.nl region1.analytics.google.com *.qualtrics.com *.cognigy.cloud wss://*.cognigy.cloud *.amplitude.com data:;frame-src 'self' www.nsinternational.com www.google.com www.booking.com wasabi.bstatic.com www.googletagmanager.com recaptcha.google.com a7779470749.cdn.optimizely.com ezvr.nl roundme.com translate.googleapis.com translate.google.com *.qualtrics.com;font-src 'self' www.nsinternational.com *.ns.nl *.enterprisebot.co fonts.gstatic.com data:;worker-src 'self' www.nsinternational.com blob:;img-src 'self' www.nsinternational.com ocptst.ns.nl fonts.gstatic.com www.booking.com wasabi.bstatic.com www.googletagmanager.com *.enterprisebot.co ad.doubleclick.net images.ctfassets.net googleads.g.doubleclick.net b339.nsinternational.com nshispeed.blueconic.net www.facebook.com *.google-analytics.com www.google.com www.google.nl www.google.be www.google.de www.google.fr www.google.co.uk www.google.ie www.googleadservices.com maps.gstatic.com maps.googleapis.com adservice.google.com adservice.google.nl adservice.google.be analytics.twitter.com t.co ts.tradetracker.net bat.bing.com *.boltdns.net plugins.blueconic.net translate.google.com static-ns-nl-data.fep-p.cla.ns.nl *.qualtrics.com data:;media-src 'self' www.nsinternational.com manifest.prod.boltdns.net *.brightcovecdn.com blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.nsinternational.com www.booking.com wasabi.bstatic.com www.google.com www.gstatic.com www.datadoghq-browser-agent.com *.enterprisebot.co cdn.blueconic.net/nshispeed.js b339.nsinternational.com nshispeed.blueconic.net plugins.blueconic.net cdn.optimizely.com/js/12346740180.js www.google-analytics.com www.googletagmanager.com maps.googleapis.com code.jquery.com players.brightcove.net vjs.zencdn.net translate.googleapis.com translate.google.com static-ns-nl-data.fep-p.cla.ns.nl *.qualtrics.com *.amplitude.com;style-src 'self' 'unsafe-inline' www.nsinternational.com *.amplitude.com www.googletagmanager.com *.enterprisebot.co fonts.googleapis.com b339.nsinternational.com plugins.blueconic.net static-ns-nl-data.fep-p.cla.ns.nl;object-src 'none';form-action 'self' ns.qualtrics.com;frame-ancestors 'self' b339.nsinternational.com nshispeed.blueconic.net app.contentful.com;upgrade-insecure-requests 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src 'self' data:; connect-src https: wss: blob:; media-src https: data: blob:; object-src 'none'; child-src https: blob:; frame-src https: data:; upgrade-insecure-requests; base-uri 'none' 2
frame-ancestors 'self' https://cc-cms.videoland.com; 2
script-src 'self' gameloft.com *.gameloft.com gameloft.org *.gameloft.org *.google.com *.gstatic.com *.youtube.com *.doubleclick.net *.amazonaws.com *.googletagmanager.com *.privacy-center.org *.crazyegg.com *.tiktok.com *.ads-twitter.com *.facebook.net *.singular.net *.gsght.com *.cloudflare.com 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob:; 2
default-src 'self' 'unsafe-inline' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' 'unsafe-inline' data: blob: https://logowanie.zpe.gov.pl https://platforma.zpe.gov.pl https://static.zpe.gov.pl https://static.epodreczniki.pl https://www.google-analytics.com https://www.googletagmanager.com https://kronika.gov.pl;connect-src 'self' ws: blob: https://logowanie.zpe.gov.pl https://platforma.zpe.gov.pl https://moje.zpe.gov.pl https://static.zpe.gov.pl https://static.epodreczniki.pl https://sandbox.zpe.gov.pl https://sr-production.contentplus.io https://*.google-analytics.com;media-src 'self' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;worker-src 'self' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;frame-src * data:;frame-ancestors 'self' https://logowanie.zpe.gov.pl 2
script-src 'self' blob: *.citysbs.com *.19lou.com *.cqmmgo.com *.19louimg.cn *.baidu.com *.baidustatic.com api.map.baidu.com *.bdstatic.com *.pstatp.com c.mipcdn.com tjs.sjs.sinajs.cn c.cnzz.com  s22.cnzz.com res.wx.qq.com apis.map.qq.com c.dun.163.com cstaticdun.126.net s11.cnzz.com static.geetest.com api.geetest.com *.alicdn.com  *.bdimg.com c.dun.163yun.com jsapi.qq.com mat1.gtimg.com analytics.snssdk.com app.citybrain.hangzhou.gov.cn 19lou.xyani.com 'unsafe-inline' 'unsafe-eval'; report-uri https://www.19lou.com/report 2
img-src *.analytics.google.com/ *.bing.com/ *.doubleclick.net/ *.flippingbook.com *.googleadservices.com *.intercomcdn.com/ *.vimeocdn.com/ data: https://*.clarity.ms https://*.google-analytics.com/ https://d17lvj5xn8sco6.cloudfront.net https://downloads.intercomcdn.com https://i.ytimg.com/ https://logws1309.ati-host.net/ https://o.twimg.com https://pbs.twimg.com/ https://px.ads.linkedin.com https://ssl.gstatic.com https://static.intercomassets.com/ https://syndication.twitter.com https://www.buzzsprout.com/ https://www.google.co.uk https://www.google.com/ 'self' www.googletagmanager.com www.linkedin.com;connect-src *.analytics.google.com/ *.doubleclick.net/ *.flippingbook.com *.googleadservices.com *.googlesyndication.com/ apikeys.civiccomputing.com data: https://*.clarity.ms https://*.google-analytics.com/ https://*.in.applicationinsights.azure.com https://adservice.google.com/ https://api-iam.intercom.io/ https://cdn.linkedin.oribi.io https://js.zi-scripts.com/unified/v1/master/getSubscriptions https://ka-f.fontawesome.com https://nexus-websocket-a.intercom.io/ https://nexus-websocket-b.intercom.io/ https://px.ads.linkedin.com https://ws.zoominfo.com/ https://www.google.co.uk https://www.google.com/ 'self' wss://nexus-websocket-a.intercom.io/ wss://nexus-websocket-b.intercom.io/ wss://primary-realtime.intercom-messenger.com/;script-src *.doubleclick.net/ *.flippingbook.com *.googleadservices.com *.intercom.io *.vimeo.com *.youtube.com *.youtube-nocookie.com blob: cdn.jsdelivr.net cdnjs.cloudflare.com https://*.clarity.ms https://*.google-analytics.com/ https://ajax.googleapis.com https://apis.google.com https://cc.cdn.civiccomputing.com https://d33i2vgywgme2s.cloudfront.net https://js.intercomcdn.com/ https://js.monitor.azure.com https://js.zi-scripts.com/zi-tag.js https://kit.fontawesome.com https://logws1309.ati-host.net/ https://platform.twitter.com https://snap.licdn.com/li.lms-analytics/ https://syndication.twitter.com https://vimeo.com/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.nccgroup.com pi.pardot.com 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com;frame-src *.doubleclick.net/ *.flippingbook.com *.youtube-nocookie.com https://*.nccgroup.com/ https://export.highcharts.com/ https://intercom-sheets.com/ https://nccgroup.wavecast.io/ https://platform.twitter.com https://player.vimeo.com/ https://polaris.brighterir.com/ https://syndication.twitter.com https://videopress.com/ https://www.facebook.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/ 'self' www.googletagmanager.com;default-src *.intercom.io *.vimeo.com *.vimeocdn.com/ *.youtube.com *.youtube-nocookie.com https://*.google-analytics.com/ https://pbs.twimg.com/ https://platform.twitter.com https://syndication.twitter.com 'self';font-src *.intercomcdn.com/ cdn.jsdelivr.net https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://js.intercomcdn.com/ https://ka-f.fontawesome.com 'self';frame-ancestors explore.tanium.com https://*.nccgroup.com/;style-src https://fonts.googleapis.com/ https://platform.twitter.com 'self' 'unsafe-inline';media-src https://js.intercomcdn.com/ https://pbs.twimg.com/ https://platform.twitter.com https://syndication.twitter.com 'self';object-src 'self' 2
frame-ancestors 'self' cooksongold.com cooksongold.answerbase.com cooksongold.services.answerbase.com localhost:3000  avisor.pro *.franceclatdata.fr faq.cooksongold.com 2
frame-ancestors 'self' recaptcha.net www.recaptcha.net csp.withgoogle.com withgoogle.com play.google.com https://play.google.com youtube.com www.youtube.com https://www.youtube.com cloud.mail.axa.co.uk sgtm.axa.co.uk https://sgtm.axa.co.uk soundcloud.com w.soundcloud.com api.soundcloud.com open.spotify.com https://open.spotify.com spotify.com https://insight.adsrvr.org insight.adsrvr.org https://match.adsrvr.org match.adsrvr.org; frame-src 'self' recaptcha.net www.recaptcha.net csp.withgoogle.com withgoogle.com https://a247752487.cdn.optimizely.com https://247752487.cdn.optimizely.com https://a247752487.cdn-pci.optimizely.com sgtm.axa.co.uk https://sgtm.axa.co.uk/ https://play.google.com youtube.com www.youtube.com https://www.youtube.com cloud.mail.axa.co.uk soundcloud.com w.soundcloud.com api.soundcloud.com https://www.google.com widget.trustpilot.com open.spotify.com https://open.spotify.com spotify.com https://insight.adsrvr.org insight.adsrvr.org https://match.adsrvr.org match.adsrvr.org https://v4in1-ti.click4assistance.co.uk https://csp.withgoogle.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com; 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: *.crazyegg.com; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com https://cdn.cookielaw.org https://c.amazon-adsystem.com https://sc-static.net https://www.redditstatic.com https://lightning.mortalkombat.com https://*.snapchat.com; style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://cdn.fonts.net; img-src 'self' data: https://www.mortalkombat.com https://cdn-mk1.mortalkombat.com https://d3tex00qsove6i.cloudfront.net https://cdn.cookielaw.org https://alb.reddit.com https://*.snapchat.com https://ad.doubleclick.net https://adservice.google.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.fonts.net; media-src 'self' data: https://www.mortalkombat.com https://cdn-mk1.mortalkombat.com https://d3tex00qsove6i.cloudfront.net; frame-src 'self' https://www.googletagmanager.com https://dc.mortalkombat.com https://aax-eu.amazon-adsystem.com https://www.youtube-nocookie.com/ https://www.youtube.com/; connect-src 'self'   https://prod-network-api.wbagora.com https://dc.mortalkombat.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.google.com https://*.reddit.com https://www.redditstatic.com https://*.snapchat.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://atlas.ngtv.io https://wmff.warnermediacdn.com https://receive.wmcdp.io; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; 2
frame-ancestors 'self' monpasscrea.bpifrance-creation.fr; frame-src 'self' www.onlineassessmenttool.com static.addtoany.com www.easy-lms.com openn.qls.cloud.bpifrance.fr www.slideshare.net view.genial.ly view.genially.com fr.slideshare.net www.youtube.com www.youtube-nocookie.com 3242--mon-entreprise.netlify.app cdn.trustcommander.net aides-entreprises.fr embauche.beta.gouv.fr mon-entreprise.urssaf.fr www.onlineassessmenttool.com ace.easy-lms.com www.ultimedia.com *.ubembed.com monpasscrea.bpifrance-creation.fr; 2
default-src 'self'; script-src 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://*.googletagmanager.com assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M=' 'sha256-YCNoU9DNiinACbd8n6UPyB/8vj0kXvhkOni9/06SuYw=' 'sha256-PZjP7OR6mBEtnvXIZfCZ5PuOlxoDF1LDZL8aj8c42rw='; script-src-elem 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://*.googletagmanager.com assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M=' 'sha256-YCNoU9DNiinACbd8n6UPyB/8vj0kXvhkOni9/06SuYw=' 'sha256-PZjP7OR6mBEtnvXIZfCZ5PuOlxoDF1LDZL8aj8c42rw='; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' developer.allizom.org bcd.developer.allizom.org bcd.developer.mozilla.org updates.developer.allizom.org updates.developer.mozilla.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://incoming.telemetry.mozilla.org https://observatory-api.mdn.allizom.net https://observatory-api.mdn.mozilla.net https://api.github.com/search/issues stats.g.doubleclick.net https://api.stripe.com; font-src 'self'; frame-src 'self' mdn.github.io *.mdnplay.dev *.mdnyalp.dev *.play.test.mdn.allizom.net https://v2.scrimba.com https://scrimba.com jsfiddle.net www.youtube-nocookie.com codepen.io survey.alchemer.com https://js.stripe.com; img-src 'self' data: *.githubusercontent.com *.googleusercontent.com *.gravatar.com mozillausercontent.com firefoxusercontent.com profile.stage.mozaws.net profile.accounts.firefox.com developer.mozilla.org mdn.dev wikipedia.org upload.wikimedia.org https://mdn.github.io/shared-assets/ https://mdn.dev/ https://*.google-analytics.com https://*.googletagmanager.com www.gstatic.com; manifest-src 'self'; media-src 'self' archive.org videos.cdn.mozilla.net https://mdn.github.io/shared-assets/; child-src 'self'; worker-src 'self'; 2
default-src 'self' *; img-src * 'self' data: https: blob:; worker-src 'self' blob:; child-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflareinsights.com *.google.com *.youtube.com *.vimeo.com *.gstatic.com *.googletagmanager.com *.onetrust.com *.cookiebot.com *.cookielaw.org *.clarity.ms *.visitorqueue.com *.detailsdata7.com *.intelligence-7syndicate.com *.euroland.com *.eurolandir.com *.userway.org *.yano.digital; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; frame-src *; 2
script-src 'self' https://2checkout.com http://* https://*  'unsafe-inline' 'report-sample' disqus.com c.disquscdn.com platform.instagram.com cdnjs.cloudflare.com z.moatads.com tpcf.feedify.net cdn.feedify.net feedify.net www.google.com/ www.gstatic.com/ call.chatra.io code.jquery.com cdn.amcharts.com code.highcharts.com kenwheeler.github.io cdn.jsdelivr.net a.disquscdn.com go.disqus.com platform.twitter.com cdn.syndication.twimg.com gist.github.com/ScottHelme/ static.cloudflareinsights.com js.stripe.com https://unpkg.com/@tryghost/; style-src 'self' 'unsafe-inline' 'report-sample' c.disquscdn.com a.disquscdn.com fonts.googleapis.com cdnjs.cloudflare.com cdn.feedify.net feedify.net kenwheeler.github.io platform.twitter.com assets-cdn.github.com github.githubassets.com; img-src 'self' data: www.gravatar.com cdn.feedify.net feedify.net links.services.disqus.com referrer.disqus.com a.disquscdn.com cdn.syndication.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com www.google-analytics.com stripe.com/ 2checkout.com/; frame-ancestors 'none'; report-uri https://cdn.feedify.net.report-uri.com/r/d/csp/enforce; report-to default 2
frame-ancestors 'self'; base-uri 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src * blob: data:; script-src blob: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2
form-action https:; upgrade-insecure-requests 2
connect-src 'self' *.bigid.com *.bigidprivacy.cloud *.dspm.ai *.hsforms.com *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.fontawesome.com *.document360.io *.gopronto.io *.googleapis.com *.gstatic.com *.jsdelivr.net *.iconify.design *.bigid.tools *.talentlms.com *.algolianet.com *.algolia.net *.google.com *.googletagmanager.com *.google-analytics.com *.stackadapt.com byspotify.com *.byspotify.com clearbitjs.com *.clearbitjs.com *.spotify.com *.6sc.co *.linkedin.com *.clarity.ms *.clearbit.com vimeo.com *.vimeo.com *.doubleclick.net *.metadata.io metadata.io ahrefs.com *.auth0.com auth0.com *.gostellar.app gostellar.app *.floik.com *.getwarmly.com ads-twitter.com *.ads-twitter.com *.bat.bing.com *.bat.r.bing.com *.navattic.com *.redditmedia.com *.redditstatic.com *.reddit.com *.ads.linkedin.com *.licdn.com analytics.twitter.com t.co *.hotjar.com *.hotjar.io *.usercentrics.eu *.reactful.com *.yoast.com *.bump.sh https://*.bigidcmp.cloud https://bigidcmp.cloud https://pixels.spotify.com; 2
object-src 'none'; frame-ancestors 'none'; form-action 'self'; 2
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'none'; 2
default-src * 'self' data: blob:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline'; img-src * data: blob:; font-src * data: blob:; frame-src *; 2
default-src 'self' *.mediavalet.com; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.ads-twitter.com *.adroll.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net  https://fonts.googleapis.com https://cdn.jsdelivr.net; media-src 'self' *.qualified.com *.mediavalet.com; script-src 'self' 'unsafe-inline' *.mida.so *.zerobounce.net *.amplitude.com *.hsadspixel.net *.hs-analytics.net static.hsappstatic.net *.hubspot.com js.hscta.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.hubspot.net https://murf.ai https://cdn.jsdelivr.net https://www.googletagmanager.com https://js.usemessages.com https://boards.greenhouse.io https://stats.wp.com https://mediavalet.chilipiper.com https://js.hsforms.net *.adroll.com https://connect.facebook.net https://js.hs-scripts.com https://js.storylane.io https://www.google-analytics.com https://bat.bing.com https://snap.licdn.com *.ads-twitter.com https://sc.lfeeder.com https://js.zi-scripts.com https://static.hotjar.com https://s3-us-west-2.amazonaws.com https://tracking.g2crowd.com https://c.sf-syn.com https://js.qualified.com https://app.factors.ai https://js.hsadspixel.net https://js.hs-banner.com https://js.hubspot.com https://js.hs-analytics.net https://script.hotjar.com https://googleads.g.doubleclick.net https://www.youtube.com https://js.chilipiper.com blob: data:; img-src 'self' 'unsafe-inline' js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://www.google-analytics.com https://www.googletagmanager.com https://secure.gravatar.com https://pixel.wp.com https://www.mediavalet.com *.adroll.com https://forms-na1.hsforms.com https://dsum-sec.casalemedia.com https://x.bidswitch.net https://ml314.com https://pixel.tapad.com https://sync.outbrain.com https://us-u.openx.net https://sync.taboola.com https://image2.pubmatic.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://www.facebook.com https://eb2.3lift.com https://ib.adnxs.com https://pixel.tapad.com https://idsync.rlcdn.com https://dpm.demdex.net https://cs.media.net https://rtb.adentifi.com https://c.bing.com https://tags.rd.linksynergy.com https://cm.adgrx.com https://a.tribalfusion.com * data:; child-src 'self' *.hsforms.com; frame-src 'self' *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com https://murf.ai https://app.storylane.io https://app.hubspot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://td.doubleclick.net https://js.usemessages.com https://mediavalet.chilipiper.com https://c.sf-syn.com https://app.qualified.com https://job-boards.greenhouse.io https://js.hsforms.net https://www.youtube.com https://forms.hsforms.com; connect-src 'self' *.mida.so *.facebook.com *.amplitude.com *.ip-api.com *.hubapi.com *.hs-banner.com *.hscollectedforms.net js.hscta.net *.google-analytics.com *.googletagmanager.com *.hubspot.com *.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://stats.wp.com *.chilipiper.com *.adroll.com https://www.google.com https://analytics.google.com https://js.zi-scripts.com https://px.ads.linkedin.com https://app.qualified.com wss://ws5.qualified.com https://api.factors.ai https://vc.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://ws.zoominfo.com https://cta-service-cms2.hubspot.com https://api.hubapi.com https://static.hsappstatic.net https://metrics.hotjar.io https://stats.g.doubleclick.net https://api.chilipiper.com https://js.chilipiper.com https://api.storylane.io https://tracking-api.g2.com; font-src 'self' https://fonts.gstatic.com data:; worker-src 'self' blob:; 2
default-src 'self' data: *.rokka.io *.jquery.com *.cloudflare.com jquery.com doubleclick.net *.doubleclick.net google.com *.google.com google.nl *.google.nl google.at *.google.at google.co.uk *.google.co.uk google.ch *.google.ch google.de *.google.de google.fr *.google.fr google.it *.google.it google.li *.google.li *.googleapis.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.tealiumiq.com *.tiqcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ajax.aspnetcdn.com *.algolia.net *.algolianet.com bam.eu01.nr-data.net *.cloudflare.com *.cookielaw.org *.dynatrace.com doubleclick.net *.doubleclick.net *.evenito.com evenito.com *.facebook.com *.facebook.net google.com *.google.com google.nl *.google.nl google.at *.google.at google.co.uk *.google.co.uk google.ch *.google.ch google.de *.google.de google.fr *.google.fr google.it *.google.it google.li *.google.li *.google-analytics.com *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.jacando.jobs jquery.com *.jquery.com *.jsdelivr.net *.linkedin.com *.licdn.com mobi24.ch *.mobi24.ch mobiliar.ch *.mobiliar.ch mobiliere.ch *.mobiliere.ch mobiliare.ch *.mobiliare.ch *.mobiliar-preprod.ch *.newrelic.com *.pusher.com protekta.ch *.protekta.ch *.rawgit.com *.ticketpark.ch rtclauncher.luware.com *.tealiumiq.com *.tiqcdn.com unpkg.com *.youtube.com *.ytimg.com; object-src 'none'; style-src 'self' 'unsafe-inline' data: *.algolia.net *.algolianet.com *.cloudflare.com *.evenito.com *.googleapis.com *.hotjar.com *.hotjar.io *.jsdelivr.net unpkg.com; img-src 'self' data: *.algolia.net *.algolianet.com *.analytics.google.com *.cookielaw.org doubleclick.net *.doubleclick.net *.facebook.com *.facebook.net *.githubusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io i.ytimg.com *.jsdelivr.net *.licdn.com *.linkedin.com mobiliar-pub.ch mobiliar.ch *.mobiliar.ch mobiliare.ch *.mobiliare.ch mobiliere.ch *.mobiliere.ch secure.mobiliar.ch *.rawgit.com *.rokka.io google.com *.google.com google.nl *.google.nl google.at *.google.at google.co.uk *.google.co.uk google.ch *.google.ch google.de *.google.de google.fr *.google.fr google.it *.google.it google.li *.google.li *.googleapis.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.tealiumiq.com *.tiqcdn.com *.tdbtrk.com; frame-src 'self' data: anchor.fm die-mobiliar.stg.tools.factsheetslive.com die-mobiliar.tools.factsheetslive.com doubleclick.net *.doubleclick.net eko.com *.essd.ch *.evenito.com *.evenito.site *.facebook.com gateway.zscloud.net giphy.com *.googletagmanager.com google.com *.google.com google.nl *.google.nl google.at *.google.at google.co.uk *.google.co.uk google.ch *.google.ch google.de *.google.de google.fr *.google.fr google.it *.google.it google.li *.google.li *.hotjar.com *.jacando.jobs mobi-check-hochwasserschutz.whatwedo.io mobi24.ch *.mobi24.ch mobiliar.ch *.mobiliar.ch mobiliare.ch *.mobiliare.ch mobiliere.ch *.mobiliere.ch pay.datatrans.com podcasters.spotify.com *.spotify.com *.ticketpark.ch *.simplex.tv zswpmanager.wip.mmc.com *.vimeo.com *.linkedin.com *.licdn.com youtube.com *.youtube.com *.swissphotoart.ch; frame-ancestors https://*.mobiliar.ch https://*.mobiliere.ch https://*.mobiliare.ch https://*.protekta.ch http://avatarionmobiliar.ibex.dienstleistungen.ws https://*.apps.mobiliar.ch https://*.mobiliar-int.ch https://*.mobiliare-int.ch https://*.mobiliere-int.ch https://*.mobiliard10.lndo.site https://*.mobiliered10.lndo.site https://*.mobiliared10.lndo.site https://*.mobiliar.d.clients.liip.ch https://*.mobiliere.d.clients.liip.ch https://*.mobiliare.d.clients.liip.ch https://*.homegate.ch https://*.immoscout24.ch https://mobiliar-int.mpp360.cloud mobiliar.mpp360.cloud; font-src 'self' data: *.github.com *.googleusercontent.com fonts.gstatic.com *.hotjar.com *.hotjar.io; connect-src 'self' data: 127.0.0.1 *.akamai.tiqcdn.com *.algolia.net *.algolianet.com bam.eu01.nr-data.net cdn.linkedin.oribi.io *.cookielaw.org doubleclick.net *.doubleclick.net *.d.clients.liip.ch *.dynatrace.com *.facebook.com *.facebook.net google.com microsoft.com *.microsoft.com *.google.com google.nl *.google.nl google.at *.google.at google.co.uk *.google.co.uk google.ch *.google.ch google.de *.google.de google.fr *.google.fr google.it *.google.it google.li *.google.li *.google-analytics.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hotjar.io jquery.com *.jquery.com localhost *.licdn.com *.linkedin.com mobiliar.ch *.mobiliar.ch mobiliare.ch *.mobiliare.ch mobiliere.ch *.mobiliere.ch *.mobiliar-preprod.ch orientedhosting.com *.orientedhosting.com *.onetrust.com *.pusher.com rdtds.net rtclauncherapi.luware.com wss://rtclauncherapi.luware.com *.sentry.io *.tdbtrk.com *.tealiumiq.com *.tiqcdn.com *.ticketpark.ch wss://*.hotjar.com; worker-src 'self' blob:; report-uri /report-csp-violation 2
frame-ancestors 'self' https://www.steris.com https://ww1.steris.com https://healthcaredesign.steris.com https://gateway.steris.com https://sitecore-healthcare-xm-centralus-prod-cd.azurewebsites.net/; 2
frame-ancestors 'self' userecho.com *.userecho.com userecho.ru *.userecho.ru; report-uri /tools/csp/ 2
frame-ancestors 'self' *.muse.ai 2
upgrade-insecure-requests; frame-src 'self' https://www3.mogroup.com https://www3.metso.com https://irs.tools.investis.com https://otp.tools.investis.com https://viz.tools.investis.com https://secure.flife.de https://browserapps.mogroup.com https://browserapps.metso.com https://service.force.com https://vars.hotjar.com https://www.google.com https://www.youtube.com https://player.youku.com https://www.facebook.com https://live.mogroup.com https://live.metso.com https://cloud.mc.metso.com *.doubleclick.net *.videosync.fi *.maze.co https://metso--dev.sandbox.my.salesforce.com https://metso--uat.sandbox.my.salesforce.com https://metso.my.salesforce.com https://www.googletagmanager.com 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; object-src * data: blob: 'unsafe-inline' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com *.quantummetric.com https://www.google.com/recaptcha *; object-src 'none' ; connect-src *; font-src *; frame-ancestors https://www.youtube.com/; style-src 'self' 'unsafe-inline' https://*.typekit.net https://sslwidgetmaster.investorroom.com/css *; img-src * 'self' data: blob:; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;worker-src blob:; frame-src https://www.youtube.com/embed/ https://www.google.com/recaptcha *; child-src blob:; 2
object-src 'none'; base-uri 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com fonts.intercomcdn.com https://*.hotjar.com; frame-ancestors 'self' https://*.hygraph.com; manifest-src 'self'; worker-src 'none'; report-to default; 2
default-src * 'unsafe-inline' 'unsafe-eval' data: 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' data: 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://powerconnect.ai https://*.powerconnect.ai https://unpkg.com https://petcolove.org https://*.petcolove.org *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com https://*.hotjar.io https://*.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktacdn.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com;style-src 'self' 'unsafe-inline' *.petcolove.org *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com;object-src 'self'; base-uri 'self'; connect-src 'self' https://powerconnect.ai https://*.powerconnect.ai wss://*.powerconnect.ai https://*.hotjar.io wss://*.hotjar.com https://petcolove.org https://*.petcolove.org wss://*.petcolove.org *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io https://*.livehelpnow.net wss://app.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com;img-src 'self' 'unsafe-inline' data: https://petcolove.org https://*.petcolove.org *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.wpmudev.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com; manifest-src 'self'; media-src 'self' https://*.petcolove.org *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com;frame-src 'self' https://petcolove.org https://*.petcolove.org *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com; font-src 'self' *.gstatic.com *.doubleclick.net *.livehelpnow.net *.hotjar.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us *.recyclebycity.com 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval';img-src * data: blob: *.mczbf.com *.emjcd.com *.dotomi.com;worker-src * blob: *.mczbf.com;connect-src * wss: https: *.mczbf.com *.sjwoe.com;script-src * 'unsafe-inline' 'unsafe-eval' https: *.mczbf.com *.cj.com;style-src * 'unsafe-inline' https: *.cj.com;font-src * data: https: *.cj.com;child-src * https: *.cj.com;frame-ancestors *;form-action *; 2
object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 2
default-src https: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com; img-src https: data:; connect-src wss://*.tawk.to *.tawk.to *.lobbes.nl *.lobbesspeelgoed.be *.lobbesspielzeug.de *.lobbesjouet.fr *.icecat.biz bat.bing.com www.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net squeezely.tech *.trustedshops.com *.trustbadge.com *.clic2buy.com trustbadge.api.etrusted.com *.etrusted.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google.com https://google.com *.googlesyndication.com *.bing.net *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.click2buy.com *.clic2drive.com *.convertexperiments.com *.plausible.io https://googleads.g.doubleclick.net *.cookiebot.com https://cookiebot.com https://plausible.io *.beslist.nl maps.googleapis.com *.clarity.ms; worker-src *.convertexperiments.com blob:; frame-ancestors 'self' https://pwisao1609.prd.corp; 2
default-src 'self'; script-src 'self'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' metager.org metager.de 2
frame-ancestors 'self' https://*.deuter.com https://*.gonso.de https://*.maier-sports.com https://*.ortovox.com https://*.arrabiata.de; 2
default-src https: 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;style-src * 'self' data: 'unsafe-inline';script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com; object-src 'none' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com *.googletagmanager.com *.youtube.com *.google-analytics.com *.licdn.com *.calendly.com; object-src 'self'; 2
object-src 'self'; frame-ancestors 'self' http://*.publicissapient.com https://*.publicissapient.com www.publicissapient.fr publicissapient.fr sites-us.lumapps.com vox.publicissapient.com vox.publicis.sapient.com; 2
frame-ancestors backoffice.c1xjddw2-majidalfu1-p1-public.model-t.cc.commerce.ondemand.com 2
default-src 'self' *.fontawesome.com *.cloudflare.com https://www.youtube.com https://destinilocators.com *.typekit.net *.gstatic.com data:; frame-src 'self' https://* *.sitescout.com *.knotch.it *.adobedtm.com *.amazon-adsystem.com *.pinterest.com *.doubleclick.net *.addtoany.com *.addthis.com *.addthisedge.com *.adsrvr.org https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com https://destinilocators.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://* *.linkedin.com *.sitescout.com *.tysonfoodservice.com *.tyson.com *.youtube.com www.facebook.com *.gstatic.com *.googleapis.com *.pinterest.com www.google.com www.google.com.mx www.googletagmanager.com www.google-analytics.com *.typekit.net i.ytimg.com data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* *.marketo.com https://www.googleoptimize.com *.cloudflare.com *.adobedtm.com *.pinimg.com *.hotjar.com *.amazonaws.com *.addtoany.com *.moatads.com https://connect.facebook.net https://assets.pinterest.com https://rawgit.com https://unpkg.com *.googleapis.com *.addthisedge.com *.addthis.com https://mpsnare.iesnare.com https://code.jquery.com *.adsrvr.org https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com *.typekit.net https://destinilocators.com data:; connect-src 'self' 'unsafe-inline' data: https://* *.swiftype.com *.demdex.net *.pinterest.com *.hotjar.io *.googleapis.com *.doubleclick.net *.amazonaws.com www.google-analytics.com; style-src 'self' 'unsafe-inline' blob: data: https://* *.fontawesome.com *.typekit.net *.jsdelivr.net *.typography.com *.cloudflare.com *.bootstrapcdn.com *.cloudfare.com *.myfonts.net *.googleapis.com; base-uri 'self'; form-action 'self'; 2
base-uri 'none'; frame-src https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.youtube.com; object-src 'none'; frame-ancestors 'self'; script-src 'self' https://cdn.getsmartcontent.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://munchkin.marketo.net https://s.getsmartcontent.com https://s.swiftypecdn.com https://snap.licdn.com https://snippet.ramblechat.com https://tracker.mrpfd.com https://vidassets.terminus.services https://opench.bamboohr.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://www.gartner.com https://fonts.googleapis.com https://fonts.gstatic.com https://js.zi-scripts.com https://nitroscripts.com https://ws-assets.zoominfo.com https://www.open-systems.com https://go.open-systems.com 'sha256-OgXVTwzrfBookX6SB49ROonv+Zinta8azX7ZmUVIQdo=' 'sha256-XEv97RgRE7LvRdVirlf5iDvkTD8Xfyz96Gx74+CJabU=' 'sha256-ePIV0FYYoaOspB+xkkW4633h6aC3pfUDV+LFBQqHZtc=' 'sha256-sBbdEvS/Li8bJ3YjwR4ZMawbjLuXqOB8jov/BLgmqfE=' 'sha256-xwO/YFCZa7ioT18s3xb8rDlsBOmhCEykk7p5afWjVz4=' 'sha256-CcoGB1CgHXBJH0WTWDyApDh828BK7wqn/kVM1j/gWZQ=' 'sha256-O4qIMZ+92ftotOGrxgJ+/YFQu0Urse5IuO9HIOG0xFE=' 'sha256-acFHQku58VX4xanNgx2jYbBclMJy3tZqyi/9uXvevRQ=' 'sha256-A3wx0SV/HQ+ZXyozZicR4160D4YyLSwTovASny1FDk8=' 'sha256-0moNlE/vLhXO1rTyI8o4hHbt8rrp89ilvjqvYE1EPwM=' 'sha256-Gd/5iFyUtlDyRUEHmyBj1vqfoshnjge11xOvy5ZWETk=' 'sha256-QvCHvGoc9GSZH9tayRSG2Oyoo6NMGPUMv9AVRPIPgSs=' 'sha256-ofbjRZ+bO/76CXsSusb9b2Jf1v5ladYNWaAqoHnOZIs=' 'sha256-fA0/bZeBkfDnO/cta3PqN+Rw+Th8QFOzV0+9QJHORkI=' 2
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src * data: blob:; font-src * data:; connect-src *; media-src *; frame-src *; worker-src * blob:; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; 2
default-src 'none'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.googleapis.com https://firebase.googleapis.com https://fcm.googleapis.com https://insights-api.rebid.co https://advertising.amazon.co.uk https://www.amazon.in https://www.amazon.com https://advertising.amazon.in https://advertising.amazon.com https://www.googletagmanager.com paynimo.com; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://www.googleapis.com https://firebase.googleapis.com https://fcm.googleapis.com https://insights-api.rebid.co https://advertising.amazon.co.uk https://www.amazon.in https://www.amazon.com https://advertising.amazon.in https://advertising.amazon.com https://snap.licdn.com https://*.netcoresmartech.com https://connect.facebook.net https://app.yellowmessenger.com https://cdn.yellowmessenger.com https://www.paynimo.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://bat.bing.com https://*.clarity.ms https://cdpanalytics.novactech.in https://*.notifyvisitors.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maps.googleapis.com https://www.paynimo.com https://cloud.yellow.ai https://cdn.yellowmessenger.com;font-src 'self' https://cdn.yellowmessenger.com https://cdn.shriramlife.com https://www.paynimo.com https://fonts.gstatic.com data:;media-src 'self' https://cdn.yellowmessenger.com; connect-src 'self' https://www.gstatic.com https://www.googleapis.com https://firebase.googleapis.com https://fcm.googleapis.com https://insights-api.rebid.co https://*.googleapis.com https://*.netcoresmartech.com https://*.oribi.io https://*.google.com https://*.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com wss://app.yellowmessenger.com https://uatcopsapi.shriramlife.me https://api.shriramlife.com https://app.yellowmessenger.com https://kalam.shriramlife.com https://www.paynimo.com https://securepg.paynimo.com https://shriramlife.com https://www.shriramlife.com https://px.ads.linkedin.com https://*.clarity.ms https://cloud.yellow.ai wss://cloud.yellow.ai data:; img-src 'self' https://prod-cdp-assets.rebid.co https://advertising.amazon.co.uk https://www.amazon.in https://www.amazon.com https://advertising.amazon.in https://advertising.amazon.com https://i.ytimg.com https://*.googleapis.com https://*.linkedin.com https://*.facebook.com https://*.doubleclick.net https://cdn.yellowmessenger.com https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://maps.gstatic.com https://maps.googleapis.com https://www.paynimo.com https://www.shriramlife.com https://cdn.shriramlife.com https://shriamlife.com https://*.netcoresmartech.com https://bat.bing.com https://c.clarity.ms https://c.bing.com data:; frame-ancestors 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; worker-src 'self' https://www.gstatic.com https://www.googleapis.com https://firebase.googleapis.com https://fcm.googleapis.com blob:; manifest-src 'self'; frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://www.youtube.com; 2
frame-ancestors 'self' http://localhost:8080 https://*.birds.cornell.edu https://*.ornith.cornell.edu 2
default-src 'self'; script-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com blob: https://*.jioaicloud.com blob: https://*.jiocloud.com  https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.jiocloud.com *.jioaicloud.com https://*.cdn-apple.com https://*.facebook.net https://*.cloudfront.net https://*.wzrkt.com https://*.akamaized.net 'unsafe-inline' 'unsafe-eval' https://www.pagespeed-mod.com; img-src 'self' https://*.api-setu.in https://*.digitallocker.gov.in https://www.facebook.com https://scontent.xx.fbcdn.net https://www.google.co.in https://*.jiocloud.com https://*.jioaicloud.com https://*.officeapps.live.com https://*.cdn.office.net https://*.googletagmanager.com https://*.ytimg.com *.google-analytics.com *.googleusercontent.com blob: https://*.jiocloud.com https://*.jioaicloud.com blob: https://*.jioaicloud.com data: ; style-src 'self' https://cdnjs.cloudflare.com https://*.jiocloud.com https://*.jioaicloud.com https://maxcdn.bootstrapcdn.com 'unsafe-inline'; connect-src 'self' blob: https://*.jiocloud.com blob: https://*.jioaicloud.com *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com https://photosapi.jio.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://stats.g.doubleclick.net https://*.facebook.com wss://*.jiocloud.com wss://*.jioaicloud.com https://*.jiocloud.com https://*.jioaicloud.com https://www.facebook.com data:; font-src 'self' data: https://*.jiocloud.com data: https://*.jioaicloud.com ; media-src 'self' blob: https://*.jiocloud.com blob: https://*.jioaicloud.com; frame-src 'self' personal.jiocloudpc.in testhylite.accops.com *.tejdrive.com *.google.com https://*.googleapis.com https://*.jiocloud.com https://*.jioaicloud.com https://youtube.com https://*.youtube.com https://*.officeapps.live.com https://*.cdn.office.net; frame-ancestors 'self' personal.jiocloudpc.in testhylite.accops.com *.tejdrive.com *.google.com https://*.jiocloud.com https://*.jioaicloud.com; form-action 'self' *.google.com https://*.jiocloud.com https://*.jioaicloud.com https://*.officeapps.live.com https://*.cdn.office.net https://*.jio.com https://*.jiolabs.com; worker-src 'self' blob: https://*.jiocloud.com blob: https://*.jioaicloud.com; 2
default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; 2
frame-ancestors 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.hs-analytics.net https://*.hsadspixel.net https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://feedback-eu1.hubapi.com https://*.hotjar.com; script-src-elem 'self' 'unsafe-inline' https://boards.greenhouse.io https://job-boards.greenhouse.io https://*.googletagmanager.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://*.clarity.ms https://*.hsforms.net https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hubspot.com https://js.hscta.net https://js-eu1.hscta.net https://static.hsappstatic.net https://*.usemessages.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://connect.facebook.net https://snap.licdn.com https://www.redditstatic.com https://analytics.tiktok.com https://*.hotjar.com https://t.contentsquare.net https://static.ads-twitter.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://cdn2.hubspot.net https://*.hotjar.com; object-src 'self' data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' https://nebius.directus.app *.nebius.ai assets.nebius.com data: https://*.googletagmanager.com https://*.google-analytics.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.analytics.google.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://google.com https://*.google.com https://*.google.co.uk https://*.google.co.in https://*.google.com.au https://*.google.ca https://*.google.de https://*.google.fr https://*.google.it https://*.google.es https://*.google.co.jp https://*.google.pl https://*.google.nl https://*.google.se https://*.google.no https://*.google.dk https://*.google.fi https://*.google.ch https://*.google.cz https://*.google.hu https://*.google.ge https://*.bing.com https://*.clarity.ms https://js.hscta.net https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://*.hsforms.net https://*.hsforms.com https://*.facebook.com https://px.ads.linkedin.com https://www.linkedin.com https://alb.reddit.com https://*.hotjar.com https://*.twitter.com https://t.co; media-src 'self' https://nebius.directus.app *.nebius.ai assets.nebius.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com; child-src 'self' www.youtube.com https://nebius.directus.app *.nebius.ai assets.nebius.com https://*.hsforms.com; frame-src 'self' www.youtube.com https://nebius.directus.app *.nebius.ai assets.nebius.com https://boards.greenhouse.io https://job-boards.greenhouse.io https://*.googletagmanager.com https://td.doubleclick.net https://*.google.com https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://*.hubspot.net https://play.hubspotvideo.com https://play-eu1.hubspotvideo.com https://*.hsforms.net https://*.hsforms.com https://*.facebook.com https://charts3.equitystory.com https://irpages2.eqs.com; frame-ancestors 'self' https://nebius.directus.app *.nebius.ai assets.nebius.com; connect-src 'self' https://nebius.directus.app *.nebius.ai assets.nebius.com https://boards-api.greenhouse.io https://googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://*.google.com https://*.google.co.uk https://*.google.co.in https://*.google.com.au https://*.google.ca https://*.google.de https://*.google.fr https://*.google.it https://*.google.es https://*.google.co.jp https://*.google.pl https://*.google.nl https://*.google.se https://*.google.no https://*.google.dk https://*.google.fi https://*.google.ch https://*.google.cz https://*.google.hu https://*.google.ge https://td.doubleclick.net https://*.clarity.ms https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://*.hubapi.com https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsforms.com https://*.facebook.com https://px.ads.linkedin.com https://pixel-config.reddit.com https://www.redditstatic.com https://analytics.tiktok.com https://gw.stape.run https://capig.stape.host https://charts3.equitystory.com https://irpages2.eqs.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.twitter.com https://*.typesense.net; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://www.google.com https://www.gstatic.com https://*.auglio.com https://*.virtooal.com; style-src 'self' 'unsafe-inline' https: data: https://www.gstatic.com https://*.auglio.com https://*.virtooal.com; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: data: https://www.google.com https://www.gstatic.com https://*.auglio.com https://*.virtooal.com; media-src 'self' https: blob: data:; frame-src 'self' https: blob: data: https://www.google.com https://*.auglio.com https://*.virtooal.com; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://www.paypal.com https://virtooal.us7.list-manage.com https://www.facebook.com/tr/; 2
frame-ancestors 'self' https://www.youtube.com/ 2
frame-ancestors 'self' https://*.webjet.com.au https://*.webjet.co.nz https://webjettest.my.connect.aws https://offlinesales.my.connect.aws https://wj-ccaas-dev.my.connect.aws https://webjet-ccaas-prod.my.connect.aws; report-to csp-report; report-uri https://services.webjet.com.au/api/logger/log/platform/policy-csp 2
default-src 'none'; script-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.cookiebot.com *.cookiebot.eu *.marketo.net *.adition.com *.google.com assets.adobedtm.com connect.facebook.net snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com https://*.demdex.net https://*.youtube.com https://*.marketo.com https://cm.everesttech.net https://static.widget.trengo.eu https://stats.pusher.com https://assets.sitescdn.net https://assets.eu.sitescdn.net https://answers-embed.techem.de.pagescdn.com https://answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://*.mouseflow.com https://bat.bing.com https://documentservices.adobe.com https://acrobatservices.adobe.com https://api.staging.pso-empfehlen.dev https://api.pso-empfehlen.net https://techem-empfehlen.de https://www.techem-empfehlen.de https://pso-empfehlen.staging.pso-vertrieb.de https://empfehlen-admin.pso-vertrieb.de https://*.etracker.com https://*.etracker.de https://static.xingcdn.com https://*.intuitioncreative-52.com https://fastly.jsdelivr.net https://cdn.jsdelivr.net https://podio.com https://techem.traffit.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.2o7.net *.omtrdc.net *.scene7.com *.techem.com https://*.marketo.com https://www.gstatic.com https://fonts.googleapis.com https://assets.sitescdn.net https://assets.eu.sitescdn.net; font-src 'self' *.2o7.net *.omtrdc.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.bunny.net https://cdn.jsdelivr.net data:; img-src 'self' *.2o7.net *.omtrdc.net blob: data: https: *.adspirit.de; frame-src  'self' *.2o7.net *.omtrdc.net *.cookiebot.com *.cookiebot.eu *.techem.com *.youtube.com *.youtube-nocookie.com *.yextpages.net *.marketo.com *.google.com *.googletagmanager.com *.googleadservices.com *.facebook.com https://outlook.office.com https://*.demdex.net bid.g.doubleclick.net techem.prospective.de answers-embed.techem.de.pagescdn.com answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://documentservices.adobe.com https://acrobatservices.adobe.com https://techem-experts.rogsurvey.de https://techem-atlas.vercel.app https://podio.com https://techem.traffit.com https://traffit.com blob:; manifest-src 'self'; connect-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.google.com *.googleadservices.com *.marketo.com *.facebook.com *.pusher.com *.friendlycaptcha.com *.mktoutil.com googleads.g.doubleclick.net https://cm.everesttech.net https://assets.adobedtm.com https://acrobatservices.adobe.com https://*.demdex.net https://*.mktoresp.com https://*.cookiebot.com https://*.cookiebot.eu https://*.trengo.eu https://*.amazonaws.com https://*.westeurope.logic.azure.com https://*.yext.com https://answers.yext-pixel.com https://cdn.linkedin.oribi.io https://*.mouseflow.com https://px.ads.linkedin.com https://analytics.techem.de https://www.eu.yextevents.com https://prod-cdn.eu.yextapis.com https://viewlicense.adobe.io/viewsdklicense/jwt https://*.etracker.de https://widget.trustpilot.com https://techem.traffit.com https://techem-empfehlen.de https://www.techem-empfehlen.de; media-src 'self' https://static.widget.trengo.eu https://*.scene7.com *.techem.com blob:; frame-ancestors 'self' https://techem.events.rooom.com https://www.rooom.com https://*.etracker.com *.edge.agora.io:6443 *.edge.agora.io:9591 *.edge.agora.io:9593 *.edge.sd-rtn.com:6443 *.edge.sd-rtn.com:9591 *.edge.sd-rtn.com:9593 webcollector-rtm.agora.io:6443 webcollector-rtm.agora.io:9591 webcollector-rtm.agora.io:9593 ; 2
frame-ancestors 'self' https://*.kameleoon.com 2
frame-ancestors 'self' https://my.axelos.com https://www.languagecert.org https://selt.languagecert.org 2
default-src 'self' https://*.google-analytics.com https://*.twitter.com https://*.windows.net https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://www.jobapscloud.com https://api.uptimerobot.com https://*.nr-data.net https://*.curator.io browser-update.org https://*.reflector.workers.dev https://unpkg.com https://*.list-manage.com https://*.cot.workers.dev https://api.municode.com https://*.livestream.com https://*.ads.cot https://*.google.com https://*.monsido.com https://*.fontawesome.com https://pubsvc.tampagov.net https://stats.g.doubleclick.net https://apps.tampagov.net https://www.gstatic.com https://controlpanel.opengov.com https://www.arcgis.com/ https://kendo.cdn.telerik.com https://viewlicense.adobe.io https://cdn-images.mailchimp.com/ https://*.adobe.com https://webapp.recyclecoach.com https://us-web.apigw.recyclecoach.com https://cdn.recyclecoach.com https://vimeo.com; connect-src 'self' https://*.google-analytics.com https://*.twitter.com https://*.windows.net https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://www.jobapscloud.com https://api.uptimerobot.com https://*.nr-data.net https://*.curator.io browser-update.org https://*.reflector.workers.dev https://unpkg.com https://*.list-manage.com https://*.cot.workers.dev https://api.municode.com https://*.livestream.com https://*.ads.cot https://*.google.com https://*.monsido.com https://*.fontawesome.com https://pubsvc.tampagov.net https://stats.g.doubleclick.net https://apps.tampagov.net https://www.gstatic.com https://controlpanel.opengov.com https://www.arcgis.com/ https://kendo.cdn.telerik.com https://viewlicense.adobe.io https://cdn-images.mailchimp.com/ https://*.adobe.com https://webapp.recyclecoach.com https://us-web.apigw.recyclecoach.com https://cdn.recyclecoach.com https://vimeo.com https://www.google-analytics.com; font-src 'self' data: https:; frame-src 'self' https://*.tampa.gov https://*.tampagov.net https://www.youtube-nocookie.com https://*.google.com https://twitter.com https://platform.twitter.com https://livestream.com https://syndication.twitter.com https://tampa.maps.arcgis.com https://app.powerbigov.us https://*.recollect.net https://visualping.io https://www.youtube.com https://w3.mp.lura.live https://player.vimeo.com https://*.apptoto.com https://cityeconomy.org https://cityoftampa-my.sharepoint.com https://*.arcgis.com/ https://*.opengov.com/ https://api-us.one.network https://vimeo.com https://acrobatservices.adobe.com https://tip411.com https://stream.office.com https://www.microsoft365.com https://city-data-dashboards-82c6cb91d9c1.herokuapp.com/ https://app.polimorphic.com https://www.recaptcha.net https://*.mykronos.com; img-src 'self' about: data: https: http://www.tampa.gov http://www.tampagov.net blob:; media-src 'self' https://*.livestream.com https://curator-assets.b-cdn.net https://video.twimg.com https://*.s3.amazonaws.com https://*.vimeo.com; object-src 'self' http://www.tampa.gov; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.windows.net https://maps.floridadisaster.org https://*.tampa.gov https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdn.syndication.twimg.com/ https://syndication.twitter.com https://bam.nr-data.net https://*.surveymonkey.com browser-update.org https://stats.g.doubleclick.net https://bam-cell.nr-data.net https://*.list-manage.com https://*.google.com https://*.recollect.net https://pagecorrect.monsido.com https://spark.adobe.com https://cdn.apptoto.com blob: https://*.arcgis.com/ https://*.amazonaws.com/downloads.mailchimp.com/ https://kendo.cdn.telerik.com https://use.fontawesome.com/* https://*.vimeo.com https://connect.facebook.net/en_US/sdk.js https://webapp.recyclecoach.com https://www.recaptcha.net https://cdn.recyclecoach.com https://www.gstatic.com acrobatservices.adobe.com cdn.jsdelivr.net https://app-script.monsido.com https://cdn.curator.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://controlpanel.opengov.com https://kit.fontawesome.com https://maps.googleapis.com https://polyfill-fastly.io https://translate.google.com https://unpkg.com https://use.fontawesome.com https://www.google.com maps.googleapis.com mdbootstrap.com; style-src 'self' 'unsafe-inline' https://cdn.curator.io https://translate.googleapis.com https://*.mailchimp.com https://recollect.a.ssl.fastly.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://apps.tampagov.net https://kendo.cdn.telerik.com https://vuetampaservices2.z13.web.core.windows.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://static2.sharepointonline.com https://unpkg.com mdbootstrap.com use.fontawesome.com; frame-ancestors 'self' https://*.opengov.com https://*.mykronos.com; upgrade-insecure-requests 2
frame-ancestors 'self' https://gulfstream.aero https://*.gulfstream.aero https://gulfstream.com https://*.gulfstream.com https://gacwebteam2.com https://*.gacwebteam2.com https://gulfstreamnews.com https://*.gulfstreamnews.com https://d1mn5rjbyyxhhs.cloudfront.net 2
connect-src 'self' www.recaptcha.net consent-pref.trustarc.com consent.trustarc.com consent-reporting.trustarc.com ingest.quantummetric.com rl.quantummetric.com www.greatamericaninsurancegroup.com p.typekit.net use.typekit.net maxcdn.bootstrapcdn.com play.vidyard.com www.linkedin.com px.ads.linkedin.com cdn.linkedin.oribi.io www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com www.google.com translate.googleapis.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; font-src 'self' data: consent.trustarc.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com use.typekit.net www.greatamericaninsurancegroup.com; form-action 'self' gaigauthor.gaig.com login.gaig.com; frame-ancestors 'self'; default-src 'self' play.vidyard.com; frame-src 'self' www.recaptcha.net consent-pref.trustarc.com players.brightcove.net td.doubleclick.net fast.wistia.net cloud.specialtypc.gaig.com mcrs18s4jyq010hs26x1kpc87hk8.pub.sfmc-content.com creators.spotify.com www.linkedin.com www.googletagmanager.com www.facebook.com anchor.fm platform.twitter.com play.vidyard.com www.google.com www.youtube.com www.google-analytics.com region1.google-analytics.com; img-src 'self' www.recaptcha.net consent-pref.trustarc.com consent.trustarc.com consent.truste.com region1.analytics.google.com www.google.co.ao analytics.google.com stats.g.doubleclick.net gaigauthor.gaig.com a.b0e8.com data: blob: a1.b0e8.com www.linkedin.com www.gstatic.com translate.google.com ssl.google-analytics.com syndication.twitter.com fonts.gstatic.com px.ads.linkedin.com region1.google-analytics.com px4.ads.linkedin.com p.typekit.net play.vidyard.com www.google-analytics.com www.google.com www.googletagmanager.com www.policysweet.com www.greatamericaninsurancegroup.com cdn.vidyard.com i.ytimg.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.caigo.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; script-src-elem 'self' www.recaptcha.net consent.trustarc.com cdn.quantummetric.com code.jquery.com bam.nr-data.net fast.wistia.net cdn.b0e8.com apis.google.com js-agent.newrelic.com snap.licdn.com ssl.google-analytics.com connect.facebook.net ajax.googleapis.com platform.twitter.com play.vidyard.com use.typekit.net www.google-analytics.com region1.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'unsafe-inline' www.youtube.com; style-src-elem 'self' data: p.typekit.net use.typekit.net www.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; script-src-attr 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' 'self' consent.trustarc.com www.recaptcha.net cdn.quantummetric.com code.jquery.com fast.wistia.net bam.nr-data.net ajax.googleapis.com platform.twitter.com region1.google-analytics.com www.google-analytics.com www.gstatic.com snap.licdn.com cdn.b0e8.com www.google.com js-agent.newrelic.com connect.facebook.net www.googletagmanager.com use.typekit.net play.vidyard.com; style-src-attr 'unsafe-inline' www.greatamericaninsurancegroup.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com p.typekit.net use.typekit.net www.gstatic.com; object-src 'self'; media-src 'self' data: ssl.gstatic.com; child-src 'self' www.recaptcha.net play.vidyard.com www.google.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests; report-uri https://greatamericaninsurancegroup.report-uri.com/r/t/csp/enforce 2
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com tally.so *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; style-src 'self' https: 'unsafe-inline'  *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com tally.so *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com tally.so *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; font-src 'self' data:  *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com tally.so *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; connect-src 'self'  *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com tally.so *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; frame-src 'self' data:  *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com tally.so *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; frame-ancestors 'self'  *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com tally.so *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; object-src data:  *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com tally.so *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; media-src 'self' data:  *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com tally.so *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; worker-src 'self' data: blob:  *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net demo-1.conversionsapigateway.com *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com tally.so *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com 2
frame-ancestors 'self' https://app.grovecms.org/ https://donate.lpm.org/ 2
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' code.jquery.com www.google-analytics.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.google.com browser.sentry-cdn.com rum-static.pingdom.net googletagmanager.com *.googletagmanager.com dynasend.com *.dynasend.com dynasend.netlify.app b.sf-syn.com snap.licdn.com; script-src-elem 'self' 'unsafe-inline' code.jquery.com www.google-analytics.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.google.com browser.sentry-cdn.com rum-static.pingdom.net googletagmanager.com *.googletagmanager.com dynasend.com *.dynasend.com dynasend.netlify.app www.gstatic.com b.sf-syn.com snap.licdn.com; worker-src 'self' blob: data:; frame-src 'self' www.google.com td.doubleclick.net; connect-src 'self' *.pingdom.net stats.g.doubleclick.net google-analytics.com *.google-analytics.com analytics.google.com px.ads.linkedin.com; img-src 'self' data: stationerycentral.com cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com google.com *.google.com dynasend.com *.dynasend.com dynasend.netlify.app b.sf-syn.com www.google.com.ar px.ads.linkedin.com; font-src 'self' data: fonts.gstatic.com cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com dynasend.com *.dynasend.com dynasend.netlify.app; manifest-src 'self'; style-src 'unsafe-inline' 'self' fonts.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; form-action 'self' 2
frame-ancestors 'self' *.amplience.net www.europaweg.ch www.randa.ch 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com *.fbevents.js bat.bing.com *.facebook.net *.cookiebot.com *.cookiebox.ro *.listafirme.ro *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ro *.googleadservices.com *.doubleclick.net *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com; object-src 'self' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.cookiebot.com *.cookiebox.ro *.listafirme.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.fontawesome.com *.cloudflare.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com www.googleadservices.com bat.bing.com *.cookiebot.com *.cookiebox.ro *.linkedin.com *.listafirme.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com *.facebook.com *.facebook.net; media-src 'self'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.listafirme.ro *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.ytimg.com *.facebook.com *.facebook.net; child-src 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gts.ro *.cookiebot.com bat.bing.com *.cloudflare.com *.linkedin.com *.googlesyndication.com *.googletagmanager.com *.google.com google.com www.googleadservices.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.fontawesome.com; font-src 'self' *.fontawesome.com *.cloudflare.com; 2
frame-ancestors 'self' fnbo.com *.fnbo.com banking.scsbnet.com *.banking.scsbnet.com banking.houghtonstatebank.com *.banking.houghtonstatebank.com banking.crawfordcountybank.com *.banking.crawfordcountybank.com banking.fsbloomis.com *.banking.fsbloomis.com banking.landmands.com *.banking.landmands.com banking.sibleystatebank.com *.banking.sibleystatebank.com banking.washingtoncountybank.com *.banking.washingtoncountybank.com banking.yorkstatebank.com *.banking.yorkstatebank.com banking.fandmstatebank.com *.banking.fandmstatebank.com banking.fnbodirect.com *.banking.fnbodirect.com 2
default-src 'self' *.amazonaws.com *.tarteel.ai *.tarteel.io *.mixpanel.com *.stripe.com *.sentry.io *.wasabisys.com tarteel.zendesk.com https://vercel.live/ https://vercel.com https://*.vercel.com wss://*.pusher.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-eval' *.mixpanel.com *.stripe.com *.appsflyer.com https://vercel.live/ https://vercel.com https://*.vercel.com; style-src 'self' 'unsafe-inline' *; img-src 'self' tarteel.ai *.tarteel.ai *.wasabisys.com https://vercel.live/ https://vercel.com https://*.vercel.com https://sockjs-mt1.pusher.com/ https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com data: blob: *.ytimg.com *.tiktokcdn.com *.tiktokcdn-us.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.unsplash.com unpkg.com; object-src 'self' data:; frame-src 'self' *.cloudflare.com *.tiktok.com *.stripe.com https://vercel.live/ https://vercel.com https://*.vercel.com *.youtube.com *.youtube-nocookie.com *.instagram.com *.facebook.com; script-src-elem 'self' blob: 'unsafe-inline' *; worker-src 'self' blob:; frame-ancestors 'self' https://challenges.cloudflare.com; 2
frame-ancestors 'self' https://dotcms.com/ https://auth.dotcms.dev/ https://corpsites-headless.dotcms.cloud/ https://new-dotcms-com.vercel.app/ https://staging-trunk.dotcms.cloud/ https://staging-latest.dotcms.cloud/ 2
font-src 'self'; frame-ancestors 'self' https://*.azurewebsites.net https://*.sst.dk https://*.etiskraad.dk https://*.dataetiskraad.dk https://*.videnskabsetik.dk; upgrade-insecure-requests; 2
upgrade-insecure-requests; frame-ancestors 'self' https://*.ed.gov http://*.ed.gov; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; object-src 'self' 'unsafe-eval' 'unsafe-inline' https:; script-src-elem 'unsafe-inline' blob: https:; 2
frame-ancestors https://app.contentful.com https://contentpath.siemens.com https://content.sw.siemens.com 2
default-src 'self' *.hs-mittweida.de blob: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; frame-src 'self' *.hs-mittweida.de *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; img-src 'self' *.hs-mittweida.de data: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; style-src 'self' *.hs-mittweida.de 'unsafe-inline' *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; script-src 'self' *.hs-mittweida.de 'unsafe-inline' 'unsafe-eval' blob: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; 2
frame-ancestors https://*.twistys.com 2
frame-ancestors 'self' nationaalarchief.sr *.nationaalarchief.sr; report-uri /report-csp-violation 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.uk.exponea.com https://static.cloudflareinsights.com https://ep2.adtrafficquality.google https://longform.atptour.com/ https://snippet.minute.ly/publishers/90700/mi-1.17.1.220.js https://apv-launcher.minute.ly/api/launcher/MIN-90700.js https://www.googletagservices.com https://cdn.cookielaw.org https://fonts.gstatic.com http://sb.scorecardresearch.com http://static.ads-twitter.com http://news.atptour.com https://news.atptour.com https://tunein.com https://r1-t.trackedlink.net/ https://bam-cell.nr-data.net/ https://vjs.zencdn.net/ https://itp-atp-sls.infosys-platforms.com/ https://www.riddle.com https://e.infogram.com https://www.googletagmanager.com/ https://imasdk.googleapis.com/ https://script.crazyegg.com/ https://googleads.g.doubleclick.net/ https://securepubads.g.doubleclick.net/ https://connect.facebook.net/ https://sb.scorecardresearch.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://www.google-analytics.com/ https://livestream.com https://mail.tennisunited.co https://s0.2mdn.net/instream/video/client.js https://adservice.google.com.mx/adsid/integrator.js https://imasdk.googleapis.com/js/sdkloader/ima3.js https://proxy.beyondwords.io/npm/@beyondwords/player@latest/dist/umd.js https://proxy.beyondwords.io/npm/@beyondwords/player@0.3.18/dist/style.js https://proxy.beyondwords.io/npm/@beyondwords/player@0.3.18/dist/hls.light.min.js https://js-agent.newrelic.com/ https://www.googleadservices.com/ https://bs.serving-sys.com/ https://adservice.google.com/ https://players.brightcove.net/ https://secure-ds.serving-sys.com/ https://tpc.googlesyndication.com/ https://c1.rfihub.net/ https://analytics.twitter.com/ https://www.instagram.com/ https://platform.twitter.com/ https://pagead2.googlesyndication.com/ https://r1.marketing-pages.com https://www.gstatic.com/ https://static.smartframe.io https://*.brightcove.com https://*.brightcove.net https://*.sportradar.com https://*.livestream.com https://*.shorthandstories.com https://*.shorthand.com https://*.sf-ads.io https://*.sf-insights.io https://*.sf-logs.io http://*.minute.ly https://apv-launcher.minute-ly.com https://*.snackly.co https://*.tldw.me http://*.snackly.co http://*.tldw.me http://*.spoteam.com https://*.spoteam.com https://snippet.minute-ly.com/;style-src 'self' 'unsafe-inline' https://itp-atp-sls.infosys-platforms.com/ https://fonts.googleapis.com/ https://www.riddle.com https://news.atptour.com/ https://e.infogram.com https://avplayer-cdn.sportradar.com/ https://*.typekit.net https://*.shorthandstories.com https://*.shorthand.com  http://*.minute.ly https://apv-launcher.minute-ly.com https://*.snackly.co https://*.tldw.me http://*.snackly.co http://*.tldw.me  http://*.spoteam.com https://*.spoteam.com;worker-src blob: 2
: frame-ancestors 'self' 2
default-src 'self' https://cdn.dogonews.com;img-src 'self' data: https://*.dogomedia.com https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://*.googlesyndication.com https://*.gstatic.com https://www.mailjet.com https://i.ytimg.com https://i.vimeocdn.com https://images-na.ssl-images-amazon.com https://m.media-amazon.com https://ep1.adtrafficquality.google https://www.redditstatic.com https://alb.reddit.com;style-src 'self' https://cdn.dogonews.com https://fonts.googleapis.com https://www.googletagmanager.com https://accounts.google.com https://cdn.jsdelivr.net 'unsafe-inline';connect-src 'self' https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://www.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://js.stripe.com https://noembed.com https://cdn.plyr.io https://accounts.google.com https://*.adtrafficquality.google https://*.gstatic.com https://www.redditstatic.com https://pixel-config.reddit.com https://ads.reddit.com;frame-ancestors 'self' https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://*.dogogames.com https://*.dogonews.co.kr https://dogonews.co.kr https://partner.googleadservices.com https://*.googlesyndication.com https://admanager.google.com https://*.sanako.com https://accounts.google.com;frame-src *;script-src 'self' https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://www.googletagmanager.com https://www.googletagservices.com https://www.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://js.stripe.com https://static.cloudflareinsights.com https://www.youtube.com https://teams.microsoft.com https://player.vimeo.com https://console.googletagservices.com https://accounts.google.com https://*.adtrafficquality.google https://www.redditstatic.com 'unsafe-eval' 'unsafe-inline';font-src 'self' https://fonts.gstatic.com https://cdn.dogonews.com;media-src 'self' https://cdn.dogonews.com 2
frame-ancestors http://*.bestbuy.com https://*.bestbuy.com http://*.bestbuy.ca https://*.bestbuy.ca https://*.google.com https://*.gstatic.com https://*.adobemc.com https://*.adobe.com https://cdn.automat-ai.com https://app.automat.ai https://staging.automat-ai.com; style-src * blob: 'unsafe-inline'; 2
default-src *.antarctica.gov.au *.aad.gov.au *.marinemammals.gov.au use.typekit.net p.typekit.net cdn.plyr.io 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src *.antarctica.gov.au *.aad.gov.au *.marinemammals.gov.au data: blob: 2
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; connect-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; media-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; report-uri *; child-src *; form-action *; frame-ancestors *; object-src *; frame-src *; worker-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream: blob:; manifest-src *; navigate-to *; base-uri *; upgrade-insecure-requests 2
base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com tracking-api.g2.com www.facebook.com https://lottie.host https://unpkg.com cdn.jsdelivr.net *.onetrust.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us www.googletagmanager.com;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://unpkg.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob: https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 2
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com static.hayhouse.com static.hayhouse.co.uk static.hayhouse.com.au static.hayhouseu.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.jotform.com/ 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.certcapture.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com td.doubleclick.net insight.adsrvr.org analytics.hayhouse.com *.facebook.com *.jotform.com/ connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com maps.gstatic.com maps.googleapis.com *.facebook.com fonts.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com *.google.com google.com connect.facebook.net cdn.cookielaw.org *.hayhouse.com *.hayhouse.co.uk *.hayhouse.com.au *.hayhouseu.com *.rebeccacampbell.me *.colettebaronreid.com cdn.plyr.io hayhouse.zendesk.com static.zdassets.com assets.aftership.com graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.certcapture.com acds-events.adobe.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com cdn.cookielaw.org geolocation.onetrust.com static.zdassets.com api.smooch.io maps.googleapis.com content-us-1.content-cms.com script.crazyegg.com *.googletagmanager.com tagmanager.google.com www.google.com widget-mediator.zopim.com static.hayhouse.com static.hayhouse.co.uk static.hayhouse.com.au static.hayhouseu.com connect.facebook.net analytics.tiktok.com https://pay.google.com www.facebook.com graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com *.googletagmanager.com cdn.cookielaw.org static.hayhouse.com static.hayhouse.co.uk static.hayhouse.com.au static.hayhouseu.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net static.zdassets.com hayhouse.akamaized.net hhfiles-a.akamaihd.net hhfiles-a.akamaisd.net hhradioapp-lh.akamaihd.net hdzeri-f.akamaihd.net hdios-i.akamaihd.net media.hayhouse.com media.hayhouse.co.uk media.hayhouse.com.au media.hayhouseu.com blob: cdn.plyr.io api.smooch.io 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.zdassets.com hayhouse.zendesk.com wss://api.smooch.io wss://widget-mediator.zopim.com hayhouse.akamaized.net hhfiles-a.akamaihd.net hhfiles-a.akamaisd.net hhradioapp-lh.akamaihd.net hdzeri-f.akamaihd.net hdios-i.akamaihd.net maps.googleapis.com script.crazyegg.com tracking.crazyegg.com *.brilliantcollector.com analytics.hayhouse.com *.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com static.hayhouse.com static.hayhouse.co.uk static.hayhouse.com.au static.hayhouseu.com cdn.plyr.io colettebaron-reid.zendesk.com rebeccacampbell.zendesk.com www.facebook.com connect.facebook.net analytics.tiktok.com https://pay.google.com graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.de cdn.cookielaw.org www.google.it adservice.google.com *.onetrust.com *.imperva.com www.google.com.et www.google.co.il www.google.com.sa munchkin.marketo.net cdn.bizible.com www.google.pl *.doubleclick.net www.google.com.co www.google.com.np edge.fullstory.com www.google.com.ph www.google.fr www.google-analytics.com www.google.co.th www.google.com.br www.google.es *.mktoresp.com www.brighttalk.com region1.analytics.google.com translate.google.com www.google.com.ua www.google.nl www.google.com.eg *.optimizely.com www.google.com.hk www.youtube.com jscloud.net *.adroll.com www.google.com.pk *.googleapis.com www.google.com.ng rs.fullstory.com *.vimeo.com www.google.com.au www.google.ie www.google.com.gh www.google.co.kr www.google.com.vn www.google.com www.google.se www.google.com.my *.mktoutil.com imperva.piwik.pro www.google.co.in www.googletagmanager.com *.gstatic.com www.google.com.tw imperva.containers.piwik.pro js.driftt.com bam.nr-data.net privacy-policy.truste.com www.google.co.uk www.google.co.il analytics.google.com gc.kis.v2.scr.kaspersky-labs.com www.google.ca cdn.bizibly.com js-agent.newrelic.com *.gravatar.com code.highcharts.com go.imperva.com imperva.substack.com *.vimeocdn.com *.demandbase.com *.company-target.com id.rlcdn.com yoast.com *.hcaptcha.com demostack.app snap.licdn.com *.linkedin.com *.6sense.com *.navattic.com netdna.bootstrapcdn.com *.6sc.co static.oktopost.com *.soundcloud.com *.thalesgroup.com *.bttrack.com bttrack.com ; form-action 'self' *.salesforce.com ; frame-ancestors 'self' http://thalesgroup.lookbookhq.com https://thalesgroup.lookbookhq.com http://thalesgroup.pathfactory.com https://thalesgroup.pathfactory.com http://hub-cpl.thalesgroup.com https://hub-cpl.thalesgroup.com demostack.app ; 2
base-uri none; font-src self https: data:; form-action self; frame-ancestors self; object-src none; upgrade-insecure-requests; frame-src self https://www.googletagmanager.com/ https://gum.criteo.com/ https://dynamic.criteo.com/ https://fledge.criteo.com/ https://fledge.us.criteo.com/ https://api.mapbox.com/ https://www.youtube.com/ https://consent.trustarc.com https://consent-pref.trustarc.com https://cdn.segment.com/ https://web.btncdn.com/ https://analytics.ahrefs.com/ https://www.facebook.com/; 2
frame-ancestors https://*.singlestore.com https://*.contentstack.com; 2
frame-ancestors 'self';                      script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://ssl.google-analytics.com http://maps.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.plyr.io https://www.youtube.com https://pennyelectra.com https://*.azureedge.net https://*.dynamics.com https://snap.licdn.com https://*.hotjar.com;                      object-src *;                      style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.typekit.net https://*.bootstrapcdn.com https://cdn.plyr.io https://pennyelectra.com https://*.azureedge.net https://*.dynamics.com;                      media-src * blob:;                      frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com https://consentcdn.cookiebot.com https://maps.google.com https://vimeo.com https://*.azureedge.net https://*.dynamics.com https://forms.microsoft.com https://www.googletagmanager.com https://cdn.forms-content-1.sg-form.com;                      font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://*.typekit.net https://*.googleapis.com;                      connect-src 'self' data: https://www.google-analytics.com https://analytics.google.com https://www.facebook.com https://consentcdn.cookiebot.com https://api.openai.com https://api.getimg.ai https://cdn.plyr.io https://noembed.com https://*.pennyelectra.com https://*.azureedge.net https://*.dynamics.com https://*.google.com https://px.ads.linkedin.com https://px.ads.linkedin.com wss://ws.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://pagead2.googlesyndication.com;        worker-src blob:; 2
frame-ancestors 'self'; object-src 'self' https://on-site.com https://*.on-site.com https://*.realpage.com; report-uri /pub/csp_reports 2
worker-src blob:; img-src https: blob: data:; default-src 'self' ogletree.com data: https: 'unsafe-eval' 'unsafe-inline'; frame-src blob: https:; 2
default-src 'self'; script-src 'self' 2
default-src 'self' https://logrhythm.com https://*.exabeam.com https://*.cookieyes.com https://*.6sc.co https://*.6sense.com; connect-src 'self' https://logrhythm.com https://*.exabeam.com wss://ws.hotjar.com https://*.trustarc.com https://*.hotjar.io https://analytics.ahrefs.com https://ws.zoominfo.com https://analytics3.wpmudev.com https://directory.cookieyes.com https://cdn-cookieyes.com https://log.cookieyes.com https://js.zi-scripts.com https://cdn-app.pathfactory.com https://epsilon-cloudfront.6sense.com https://cdn.jsdelivr.net https://unpkg.com https://*.wovn.io https://www.googleadservices.com https://secure.adnxs.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://epsilon-globalaccelerator.6sense.com https://*.6sense.com https://google.com https://cdn.linkedin.oribi.io https://www.google.com https://px.ads.linkedin.com https://*.privacymanager.io https://epsilon.6sense.com https://*.6sc.co https://analytics.google.com https://*.googlesyndication.com https://bat.bing.com https://spcollector.pathfactory.com https://adservice.google.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://stats.g.doubleclick.net https://*.yoast.com https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.exabeam.com https://*.typekit.net https://*.sharepointonline.com https://fonts.gstatic.com https://cdn-app.pathfactory.com https://*.fontawesome.com https://www.gartner.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: *.trustarc.com; media-src 'self' blob: https://*.logrhythm.com https://*.exabeam.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://analytics.ahrefs.com https://js.zi-scripts.com https://static.hotjar.com https://script.hotjar.com https://builder-assets.unbounce.com https://code.jquery.com https://cdn.bizible.com https://connect.facebook.net https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://analytics.wpmucdn.com https://www.gstatic.com https://*.wovn.io https://f.vimeocdn.com https://*.vimeocdn.com https://*.exabeam.com https://cdn-cookieyes.com https://*.trustarc.com https://launchpad.privacymanager.io https://launchpad-wrapper.privacymanager.io https://jobs.jobvite.com https://yoast.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://*.logrhythm.com https://cdn.jsdelivr.net https://*.exabeam.com https://*.wovn.io https://builder-assets.unbounce.com https://gtranslate.io https://app-abc.marketo.com https://fonts.bunny.net https://*.fontawesome.com https://yoast.com https://cdn-app.pathfactory.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://www.gartner.com https://*.googleapis.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://brighttalk.com https://player.captivate.fm https://demostack.app https://*.trustarc.com https://*.exabeam.com https://app-abc.marketo.com https://*.doubleclick.net https://www.googletagmanager.com https://player.vimeo.com https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://forms.office.com https://jobs.jobvite.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; frame-ancestors 'self' explore.logrhythm.com https://*.pathfactory.com explore.exabeam.com https://www.g2.com https://*.logrhythm.com https://*.exabeam.com; 2
frame-ancestors 'self' https://slfscreen.wsl.ch 2
frame-ancestors 'self' *.oakgov.com *.okta.com *.g2gcloud.com; 2
frame-ancestors 'self' landmarkglobal.be; 2
base-uri 'self' https://*.exponea.com; font-src 'self' data: https://*.omq.de https://*.paypalobjects.com https://*.abtasty.com https://*.reviews.io; form-action 'self' https://*.adyen.com https://*.facebook.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://*; object-src 'none'; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https://*.aboutyou.cloud https://*.adyen.com https://*.omq.de https://*.googletagmanager.com https://fonts.googleapis.com https://*.reviews.io https://*.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.babymarkt.com https://*.scayle.cloud https://*.aboutyou.cloud https://*.adyen.com https://*.paypal.com https://*.omq.de https://api.exponea.com https://*.googletagmanager.com https://www.dwin1.com https://www.awin1.com https://the.sciencebehindecommerce.com https://*.googleadservices.com https://*.sovendus.com https://*.abtasty.com; upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://*.adyen.com https://*.paypal.com https://*.paypalobjects.com https://*.babymarkt.com https://*.scayle.cloud https://*.awin1.com https://td.doubleclick.net https://*.criteo.com https://*.sovendus-benefits.com https://*.sovendus-connect.com https://*.trustpilot.com https://*.abtasty.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.babymarkt.com https://*.scayle.cloud https://*.aboutyou.cloud https://*.adyen.com https://*.paypal.com https://*.paypalobjects.com https://*.omq.de https://api.exponea.com https://*.googletagmanager.com https://www.dwin1.com https://www.awin1.com https://the.sciencebehindecommerce.com https://*.googleadservices.com https://*.facebook.net https://*.criteo.com https://*.sovendus.com https://*.bing.com https://*.abtasty.com https://*.reviews.io https://mpsnare.iesnare.com https://*.trustpilot.com https://insitez.blob.core.windows.net https://maps.googleapis.com https://places.googleapis.com https://*.clarity.ms https://*.vchfy.com; connect-src 'self' https://*.babymarkt.com https://*.scayle.cloud https://*.aboutyou.cloud/ https://*.adyen.com https://*.paypal.com https://*.paypalobjects.com https://x.klarnacdn.net https://*.vhwmcs.net https://*.omq.de https://sockjs-us3.pusher.com https://*.exponea.com https://*.googletagmanager.com https://*.econda-monitor.de https://region1.google-analytics.com https://*.wepowerconnections.com https://the.sciencebehindecommerce.com https://*.google.com https://*.doubleclick.net https://*.criteo.com https://*.sovendus.com https://*.abtasty.com https://*.walz.de https://*.mixpanel.com https://*.informizely.com https://*.reviews.io https://maps.googleapis.com https://places.googleapis.com https://*.clarity.ms https://*.vchfy.com https://*.storyblok.com https://*.trustpilot.com; media-src https://a.storyblok.com https://*.walz.de; 2
frame-ancestors 'self'  https://v2.bisa.lu/ https://bisav2.baloise.lu/ https://acc-v2.bisa.lu/ https://int-bisaapp-lu.balgroupit.com/ 2
frame-ancestors https://*.x-cart.com 2
frame-ancestors 'self' arthrex.com *.arthrex.com orthoillustrated.com *.jointpreservation.com *.orthoillustrated.com surgicaloutcomesystem.com *.surgicaloutcomesystem.com arthrex-celltherapy.com *.arthrex-celltherapy.com arthrex.xyz *.arthrex.xyz arthrex.io *.mwprod.arthrex.io *.arthrex.io orthopedia.com *.orthopedia.com anklesprain.com *.anklesprain.com arthrex.virtualevents-hub.com arthrexemea.sharepoint.com arthrex.sharepoint.com myarthrex.sharepoint.com arthrexapac.sharepoint.com bunionpain.com *.bunionpain.com shoulderreplacement.com *.shoulderreplacement.com acltear.com *.acltear.com arthrex-russia.ru arthrex.at arthrex.be arthrex.co.jp arthrex.co.uk arthrex.com.au arthrex.cz arthrex.dk arthrex.fr arthrex.it arthrex.mx arthrex.nl arthrex.pl arthrex.pt arthrex.se *.arthrex-russia.ru *.arthrex.at *.arthrex.be *.arthrex.co.jp *.arthrex.co.uk *.arthrex.com.au *.arthrex.cz *.arthrex.dk *.arthrex.fr *.arthrex.it *.arthrex.mx *.arthrex.nl *.arthrex.pl *.arthrex.pt *.arthrex.se hallux-valgus-behandlung.de *.hallux-valgus-behandlung.de mis-bunion-patient-site.webflow.io arthroplasty-narrative-home.webflow.io discover.acp-therapie.de mis-bunion-patient-site.webflow.io mis-bunion-surgeon-site-c07373b5fb6b0bc.webflow.io arthrex-design-system-4dd8ae96a06c10be9.webflow.io anklesprain.webflow.io srlp.webflow.io arthroplasty-narrative-home.webflow.io korea-global-landing-page.webflow.io global-landingpage-mexico.webflow.io inc-acltear-patient-en-working.webflow.io arthrex-jobs-site.webflow.io marketingintakeportal.webflow.io orthopedia-landing-page1.webflow.io arthrex-history.webflow.io arthrex-design-system.webflow.io arthrex-design-system-de8e093c0a3bf70d8.webflow.io arthrex-endoscopy.webflow.io case-reports.webflow.io synergy-integrated-or.de *.synergy-integrated-or.de arthrex.kr *.arthrex.kr gmbh-pct.webflow.io *.gmbh-pct.webflow.io sis-preview-03-809ae25532a090913a51d7a6.webflow.io *.sis-preview-03-809ae25532a090913a51d7a6.webflow.io arthrex-technical-support-services.webflow.io *.arthrex-technical-support-services.webflow.io digital-agenda-emea.webflow.io *.digital-agenda-emea.webflow.io thenanoexperience.com *.thenanoexperience.com arthrexmexico.webflow.io arthrexbrazil.webflow.io arthrex-australia.webflow.io arthrex.com.br *.arthrex.com.br arthrex-joint-pres.webflow.io jointpreservation.arthrex.com arthrex-synergy-staging-bdaff93973d3e28.webflow.io jointpreservation.com synergynew.arthrex.com.s3-website-us-east-1.amazonaws.com sternalclosure.arthrex.com.s3-website-us-east-1.amazonaws.com synergynewdev.arthrex.com.s3-website-us-east-1.amazonaws.com sternalclosuredev.arthrex.com.s3-website-us-east-1.amazonaws.com s3.amazonaws.com/synergynewdev.arthrex.com s3.amazonaws.com/sternalclosuredev.arthrex.com s3.amazonaws.com/synergynew.arthrex.com s3.amazonaws.com/sternalclosure.arthrex.com arthrex-synergy.webflow.io synergy.arthrex.com *.arthrexendoscopicspine.com arthrex-spine.webflow.io arthrexendoscopicspine.com branch--home-arthrex-spine-6a28ac.webflow.io *.branch--home-arthrex-spine-6a28ac.webflow.io shoulder-replacement.webflow.io aesthetics.arthrex.com *.aesthetics.arthrex.com case-reports.arthrex.com arthrex-emea-joint-preservation-surgeon.webflow.io *.arthrex-emea-joint-preservation-surgeon.webflow.io joint-preservation.de *.joint-preservation.de gmbh-pct-b390519d0b438c360cdf2e4a5ad25b.webflow.io *.gmbh-pct-b390519d0b438c360cdf2e4a5ad25b.webflow.io *.case-reports.webflow.io dev-arthrex-arthroplasty.webflow.io *.shoulderarthroplasty.arthrex.de *.arthrex-spine-staging.webflow.io arthrex-spine-staging.webflow.io *.spine.arthrex.com spine.arthrex.com *.dev-acp-therapie-arthrex.webflow.io dev-acp-therapie-arthrex.webflow.io *.acp-therapie.de acp-therapie.de *.arthrex-aesthetics.webflow.io arthrex-aesthetics.webflow.io aesthetics-arthrex.webflow.io *.aesthetics-arthrex.webflow.io anklesprain-5d00c1acac14e85faef249f081.webflow.io *.anklesprain-5d00c1acac14e85faef249f081.webflow.io *.acl-solutions.arthrex.com acl-solutions.arthrex.com acl-solutions.arthrex.io *.acl-solutions.arthrex.io arthrexchile-f65971612d4-1453b7a9421f4.webflow.io *.arthrexchile-f65971612d4-1453b7a9421f4.webflow.io acl-solutions.webflow.io *.acl-solutions.webflow.io arthrex.cl *.arthrex.cl *.bio.arthrex.com bio.arthrex.com; 2
default-src 'self' data: blob: https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.chatbase.co/; connect-src 'self' http://localhost/ http://localhost:3000/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.ingest.sentry.io/ https://*.sentry.io/ wss://*.piesocket.com wss://*.ffrtz.com https://*.pingdom.net/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://*.izooto.com/ https://t.adcell.com/ https://*.ad4m.at https://*.trafficjunky.net/ wss://knpb-media.zammad.com/ https://*.vxcdn.org/ https://*.mmapiws.com/ wss://*.tantumpay.com/ https://*.chatbase.co/; font-src 'self' data: http://localhost/ http://localhost:3000/ https://*.hotjar.com/ https://fonts.gstatic.com/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.chatbase.co/; frame-src 'self' antennapod-subscribe: castros: downcast: gpodder: icatcher: instacast: overcast: playerfm: pktc: podcastaddict: podcastguru: podcat: podkicker: rssradio: podcast: https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://cdn.izooto.com https://*.hotjar.com/ https://ad.ad-srv.net/ https://*.tantumpay.com https://*.chatbase.co/; img-src 'self' data: blob: android-webview-video-poster: http://localhost/ http://localhost:3000/ http://localhost:10001/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://via.placeholder.com/ https://source.unsplash.com/ https://images.unsplash.com/ https://loremflickr.com/ https://*.hotjar.com/ https://*.trafficjunky.net/ https://syndication.exoclick.com/ https://syndication.realsrv.com/ https://syndication.exdynsrv.com/ https://tsyndicate.com/ https://*.vxcdn.org/ https://*.chatbase.co/; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://localhost/ http://localhost:3000/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ http://mac.fritz.box http://mbpvonchristian.fritz.box https://www.gstatic.com/ https://*.sentry-cdn.com/ https://*.pingdom.net/ https://t.adcell.com/ https://www.adcell.de/ https://ad4m.at/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.izooto.com/ https://static.trafficjunky.com/ https://*.exoclick.com/ https://device.maxmind.com/ https://knpb-media.zammad.com/ https://*.tantumpay.com https://cdn.jsdelivr.net/npm/ua-parser-js/dist/ua-parser.min.js https://*.chatbase.co/; style-src 'self' 'unsafe-inline' data: http://localhost/ http://localhost:3000/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://knpb-media.zammad.com/ https://*.chatbase.co/; media-src 'self' blob: data: https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.vxcdn.org/; form-action 'self' https:; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://*.ffrtz.com; child-src 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' data: blob: https://cdn.jsdelivr.net https://*.linkedin.com https://*.google.com https://www.google.com https://www.youtube.com https://youtube.com https://*.googlesyndication.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://j.6sc.co https://js.qualified.com https://snap.licdn.com https://bat.bing.com https://*.clarity.ms https://js.hs-scripts.com https://js.hsforms.net https://*.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net https://js.zi-scripts.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.linkedin.com https://fonts.googleapis.com https://www.gstatic.com; img-src 'self' data: https://cdn.jsdelivr.net https://*.linkedin.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://*.google.com https://*.googletagmanager.com https://px.ads.linkedin.com https://bat.bing.com https://b.6sc.co https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://track.hubspot.com https://c.bing.com https://www.gstatic.com https://*.gravatar.com https://*.wp.com https://*.hsforms.com https://*.hscollectedforms.net https://*.clarity.ms; font-src 'self' data: https://cdn.jsdelivr.net https://*.linkedin.com https://fonts.gstatic.com https://harver.com https://www.gstatic.com https://*.wp.com; connect-src 'self' https://cdn.jsdelivr.net https://*.linkedin.com https://bat.bing.com https://js.zi-scripts.com https://pagead2.googlesyndication.com https://app.qualified.com wss://ws5.qualified.com https://px.ads.linkedin.com https://www.googleadservices.com https://c.6sc.co https://ipv6.6sc.co https://consentcdn.cookiebot.com https://*.google.com https://*.youtube.com https://*.google-analytics.com https://ws.zoominfo.com https://js.hs-banner.com https://googleads.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://www.gstatic.com https://*.hsforms.com https://*.hscollectedforms.net https://*.clarity.ms; frame-src 'self' https://cdn.jsdelivr.net https://*.linkedin.com https://player.vimeo.com https://www.youtube.com https://youtube.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://app.qualified.com https://*.google.com https://*.hsforms.com https://*.hscollectedforms.net; media-src 'self' https://cdn.jsdelivr.net https://*.linkedin.com https://app.qualified.com; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://*.hsforms.com https://*.hscollectedforms.net; upgrade-insecure-requests; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdnjs.cloudflare.com/ https://www.youtube.com/ https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://app-script.monsido.com/ https://cdn-apac.onetrust.com/ https://u.heatmap.it/ https://cdn.yellowmessenger.com/ https://www.google.com/ https://www.gstatic.com/ https://static.elfsight.com/platform/platform.js https://elfsightcdn.com/platform.js https://www.petronas.com/608242b4-6b3e-4aff-8979-014519414d0c https://app-script.monsido.com/ https://static.elfsight.com/ https://api.swiftype.com/ https://geotargetly-api-1.com/ https://g10498469755.co/ https://code.jquery.com/; object-src 'none'; upgrade-insecure-requests 2
script-src 'unsafe-inline' 'self' 'unsafe-eval' *.googleapis.com *.facebook.net *.union-investment.de *.usercentrics.eu *.doubleclick.net *.meininvest.de *.frontend.live *.googletagmanager.com *.podigee-cdn.net *.highcharts.com https://safemicronkk2022prod.z6.web.core.windows.net/ http://localhost:* https://fe-calculator-prod.azureedge.net https://bplv.fe.union-investment.de https://internal.api.union-investment.de mktdplp102cdn.azureedge.net https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://apps.mypurecloud.de/genesys-bootstrap/genesys.min.js https://apps.mypurecloud.de/journey/messenger-plugins/offersHelper.min.js https://apps.mypurecloud.de/genesys-bootstrap/plugins/genesysvendors.min.js; 2
default-src 'self' blob: https: https://curriculums.everfi.net https://courses.everfi.net https://admin.homeroom.everfi.net https://everfi-curriculums.s3.amazonaws.com https://d1vyejqi0lnyjd.cloudfront.net https://help.everfi.com https://everfi.com; font-src 'self' blob: https: data: https://heapanalytics.com; img-src 'self' blob: https: data: https://content.pendo.everfi.net https://data.pendo.everfi.net https://cdn.pendo.io https://data.pendo.io https://pendo-static-4770002992234496.storage.googleapis.com https://app.pendo.io data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://content.pendo.everfi.net https://data.pendo.everfi.net https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com https://pendo-static-4770002992234496.storage.googleapis.com https://data.pendo.io https://app.pendo.io https://cdn.us.heap-api.com https://heapanalytics.com; style-src 'self' blob: https: 'unsafe-inline' https://content.pendo.everfi.net https://pendo-io-static.storage.googleapis.com https://pendo-static-4770002992234496.storage.googleapis.com https://app.pendo.io https://heapanalytics.com; connect-src 'self' blob: https: https://curriculums.everfi.net https://courses.everfi.net https://admin.homeroom.everfi.net data.pendo.io https://content.pendo.everfi.net https://data.pendo.everfi.net https://pendo-static-4770002992234496.storage.googleapis.com https://data.pendo.io https://app.pendo.io https://c.us.heap-api.com https://heapanalytics.com; worker-src 'self' blob: https:; frame-src 'self' blob: https: https://app.pendo.io https://portal.pendo.io 2
default-src https:; img-src 'self' data: cdn.cookielaw.org cookie-cdn.cookiepro.com i.vimeocdn.com maps.gstatic.com *.googleapis.com *.ggpht.com *.linkedin.com *.google.com *.google.co.in *.google.com.sg *.crazyeggcdn.com *.crazyegg.com *.google.ca; script-src 'self' admin.ceros.com *.preview.ceros.com sharejs.ceros.com 104.18.33.58 172.64.154.198 172.64.144.4 104.18.43.252 view.ceros.com tools.euroland.com tools.eurolandir.com *.googleadservices.com *.google.com *.googleapis.com *.gstatic.com vimeo.com *.vimeo.com *.worley.com snap.licdn.com *.pardot.com *.googletagmanager.com *.doubleclick.net *.crazyegg.com cdn.cookielaw.org cookie-cdn.cookiepro.com 'unsafe-eval' 'unsafe-inline' blob:;  style-src 'self' fonts.googleapis.com *.typekit.net *.crazyegg.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com *.typekit.net; media-src i.vimeocdn.com *.crazyegg.com; connect-src 'self' *.google.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.googletagmanager.com *.doubleclick.net *.linkedin.com px.ads.linkedin.com *.pardot.com *.vimeo.com vimeo.com *.worley.com tools.euroland.com tools.eurolandir.com view.ceros.com *.ceros.com admin.ceros.com sharejs.ceros.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.my.onetrust.com *.crazyegg.com *.crazyeggcdn.com; frame-src 'self' *.google.com *.googletagmanager.com *.vimeo.com vimeo.com view.ceros.com tools.euroland.com tools.eurolandir.com *.ceros.com admin.ceros.com *.worley.com *.crazyegg.com *.crazyeggcdn.com; object-src i.vimeocdn.com; upgrade-insecure-requests; block-all-mixed-content; 2
frame-ancestors 'self' https://reown.sanity.studio https://*.walletconnect.com https://*.walletconnect.org https://*.reown.com https://widget.solflare.com/ 2
script-src *.buckaroo.io https://*.cookiebot.com/ https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.hsadspixel.net/ https://*.hs-banner.com/ https://*.hsforms.net/ https://*.hs-scripts.com/ https://*.hubspot.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ 'self' 'unsafe-eval' 'unsafe-inline';img-src *.buckaroo.io *.clarity.ms *.googlesyndication.com *.gstatic.com *.vimeocdn.com data: https://*.cookiebot.com/ https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.hsforms.com https://*.hubspot.com/ https://*.usercentrics.eu/ https://i.ytimg.com/ https://px.ads.linkedin.com https://via.placeholder.com/ https://www.facebook.com/ https://www.google.nl https://www.google-analytics.com/ https://www.googletagmanager.com/ 'self';script-src-elem *.clarity.ms *.googleadservices.com *.kapa.ai https://*.cookiebot.com/ https://*.cookiebot.eu https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.hotjar.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hscta.net/ https://*.hsforms.net/ https://*.hs-scripts.com/ https://*.hubspot.com/ https://*.leadinfo.net/ https://*.marketingautomation.services/ https://*.usemessages.com/ https://connect.facebook.net/ https://snap.licdn.com https://unpkg.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ 'self' 'unsafe-inline';connect-src *.clarity.ms *.googlesyndication.com *.kapa.ai https://*.cookiebot.com/ https://*.cookiebot.eu https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.google-analytics.com https://*.hsforms.com https://*.hubapi.com https://*.hubspot.com/ https://*.leadinfo.com/ https://*.leadinfo.net/ https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app/ https://lottie.host https://px.ads.linkedin.com https://static.hsappstatic.net https://www.facebook.com/ https://www.google.nl 'self';frame-src *.hsforms.net https://*.cookiebot.com/ https://*.cookiebot.eu https://*.doubleclick.net/ https://*.google.com/ https://*.hsforms.com https://*.hubspot.com/ https://new10.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://www.youtube.com/ 'self';media-src *.vimeocdn.com https://player.vimeo.com/ 'self';font-src data: https://designlibrary.tres.nl/ https://fonts.gstatic.com/ 'self';style-src https://*.formstack.io/ https://fonts.googleapis.com/ 'self' 'unsafe-inline';base-uri 'self';default-src 'self';manifest-src 'self';report-uri https://buckaroo.report-uri.com/r/t/csp/reportOnly 2
default-src 'self'; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 2
base-uri 'none'; form-action 'self' *.facebook.com; object-src 'none'; script-src-attr 'none'; script-src 'self' 'nonce-CG+8GjGGQ2spLvbmjZJJJw==' https://assets.chatmind.tech/prod_mapify/ *.kwai-pro.com *.sentry.io *.cdn-apple.com *.googletagmanager.com *.yimg.jp 'unsafe-eval' https: 'sha256-vUwRxAFvgjHI2X/VlsljlJwqcPr23MexjNfybtsNujU=' 'sha256-hLwoC4cCa7HFGa0L+koi1YkPrO0N5ksGdFzq8Sg4jxs=' 'sha256-RbFAE9w9iniW3rftiwHeS36KlxxNy9wHDR7/erq/KVA=' 'sha256-EO1b9YijxcjNiPsyJbU7lexZBExAvbBS7Mtrn43HQSQ=' 'sha256-9AfVDL57WSeqfcfVnIF4kHdm1swN74QR/WJTJNfOsCk=' 'sha256-BYslVZasdwTCpHYP9Sy6F9s83tDTwQTUxpBOS7b3VKE=' 'sha256-oYfWKwJNCDSn49s0pF/3KOrONP4cz6jCSLHd062xu90=' 'sha256-ffrMO2cfuam9x5gxSUsMwPI0SYWjrbuNVouLejqX4MU=' 'sha256-dCAcyKbuJ0bGgL2k6dUZ7tdZ+jSZeaYt6uX2OyVgPpE=' 'sha256-cepnJH6WCuS6jWv1ILqqDKJjPLDslkMeoNUuZWbNUsk=' 'sha256-m4lkySWjevgouy2UkFw8PWDJYWjNrViUWhH+HXPLbTw=' 'sha256-GWyDadVkL0QpcpiOJWFClR7qjvXGwkcz85OuHGT6jZo=' 'sha256-4xUQQabZCtQ3X+SV/NRCpyGnDjFCdP67Bup/PMcM3j8=' 'sha256-qH9kafJzH2tlRf9HOO1olJ3MaZ+WymksQrEjTsF4qJ0=' 'sha256-Gi/nYCICyD4LRGFj9MsNVvca6TNBdFh0D4/fdz2euRI=' 'sha256-kTrBEEwMPEiOZ0BWgnHczhvynrGZ5irUPf8vSchyNiU='; upgrade-insecure-requests; report-uri /api/security/csp-report; 2
child-src blob: ; style-src 'self' 'unsafe-inline' https://*.bmfsfj.de https://*.bmbfsfj.bund.de https://egr-assets-production.object.storage.eu01.onstackit.cloud/ ; connect-src 'self' https://*.bmfsfj.de https://*.bmbfsfj.bund.de https://analytics.init.de https://eu.frcapi.com https://egr-assets-production.object.storage.eu01.onstackit.cloud ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' https://*.bmfsfj.de https://*.bmbfsfj.bund.de https://analytics.init.de https://cdn.jsdelivr.net/npm/ https://egr-assets-production.object.storage.eu01.onstackit.cloud ; worker-src blob: ; media-src 'self' blob: data: https://*.bmfsfj.de https://*.bmbfsfj.bund.de https://*.streamfarm.net ; frame-src 'self' https://*.bmfsfj.de https://*.bmbfsfj.bund.de https://*.video.taxi https://infotool-familie.de https://www.infotool-familie.de https://c19.bundesbots.de/ https://familienbot.bundesbots.de https://familienbot.azr.juacvoe.net/ https://*.cloudfront.net https://eu.frcapi.com ; frame-ancestors 'self' https://*.bmfsfj.de https://*.bmbfsfj.bund.de https://infotool-familie.de https://www.infotool-familie.de ; img-src 'self' data: 'unsafe-inline' https://*.bmfsfj.de https://*.bmbfsfj.bund.de https://*.bitvtest.de https://bitvtest.de https://egr-assets-production.object.storage.eu01.onstackit.cloud ; default-src 'self' blob: ; font-src 'self' data: https://*.bmfsfj.de https://*.bmbfsfj.bund.de 2
default-src 'self'; connect-src 'self' *.google-analytics.com *.googlesyndication.com api.leadinfo.com *.leadinfo.net *.lndrflp.net *.hubspot.com *.hsforms.com *.hscollectedforms.net *.oribi.io *.usercentrics.eu *.nelioabtesting.com *.google.com *.google.de *.facebook.com *.lfeeder.com *.doubleclick.net *.linkedin.com *.ads.linkedin.com yoast.com *.mouseflow.com salesviewer.org salesviewer.com *.salesviewer.com *.salesviewer.org bot-iagent.novomind.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mouseflow.com *.leadinfo.net cdn.leadinfo.net *.mouseflow.com *.googletagmanager.com *.google-analytics.com *.hsforms.net *.hs-scripts.com *.hsleadflows.net *.hubspot.com *.hsappstatic.net *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.licdn.com *.usercentrics.eu *.doubleclick.net *.lfeeder.com *.facebook.net *.licdn.net *.lndrflp.net cdn.lndrflp.net salesviewer.org salesviewer.com ecdn.novomind.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.novomind.com *.hubspot.com *.hsappstatic.net; img-src 'self' data: *.novomind.com *.lfeeder.com tr-rc.lfeeder.com *.salesviewer.org salesviewer.org *.salesviewer.com salesviewer.com *.google-analytics.com *.hubspot.com *.hsforms.com *.forms-na1.hsforms.com *.perf-na1.hsforms.com *.usercentrics.eu *.service.usercentrics.eu *.google.com *.google.de *.googleadservices.com *.ads.linkedin.com *.doubleclick.net *.mouseflow.com; font-src 'self' data: *.mouseflow.com; frame-src 'self' *.googletagmanager.com *.novomind.com bot-iagent.novomind.cloud *.doubleclick.net *.hubspot.com *.hsforms.com *.hsappstatic.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.mouseflow.com; child-src *.mouseflow.com; 2
default-src * 'self' data: 'unsafe-inline'; 2
base-uri 'self'; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://maps.gstatic.com https://script.hotjar.com/ https://in.hotjar.com/ wss://ws.hotjar.com https://content.hotjar.io/ https://vc.hotjar.io/ https://metrics.hotjar.io/ https://picsum.photos https://rs.fullstory.com https://edge.fullstory.com https://edge.eu1.fullstory.com https://fullstory.com https://*.fullstory.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://static.hotjar.com https://in.hotjar.com/ wss://ws.hotjar.com https://content.hotjar.io/ https://vc.hotjar.io/ https://metrics.hotjar.io/ https://cloudflareinsights.com https://rs.fullstory.com https://edge.fullstory.com https://edge.eu1.fullstory.com https://fullstory.com https://*.fullstory.com ws://localhost:24678/; frame-src 'self' https://www.youtube.com/ https://td.doubleclick.net https://www.googletagmanager.com; script-src 'self' https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://static.hotjar.com https://script.hotjar.com/ https://in.hotjar.com/ wss://ws.hotjar.com https://content.hotjar.io/ https://vc.hotjar.io/ https://metrics.hotjar.io/ https://static.cloudflareinsights.com https://rs.fullstory.com https://edge.fullstory.com https://edge.eu1.fullstory.com https://fullstory.com https://*.fullstory.com 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' *.ariba.com *.gn.com 2
frame-ancestors 'self' *.senecacollege.ca *.senecapolytechnic.ca; 2
script-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self' 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ *.s3.amazonaws.com *.optimizely.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://*.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com https://gba4ya26.micpn.com/p/js/ https://tr.snapchat.com/config/ https://www.google.com/pagead/ https://bat.bing.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://analytics.tiktok.com https://m5srpdpi.micpn.com https://tags.crwdcntrl.net https://ynnpkxoz.micpn.com https://tag.demandbase.com https://mi.chamberlain.edu https://static.hotjar.com https://s.adroll.com https://script.hotjar.com https://d.adroll.com https://marvel-b2-cdn.bc0a.com https://geoip-js.com *.avaamo.com https://munchkin.marketo.net https://ict.infinity-tracking.net https://js.adsrvr.org https://s.yimg.com https://waldenuniversity.referralrock.com https://cdn.mouseflow.com https://tag.mtrcs.samba.tv https://pixel.mathtag.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://pixel.admedia.com *.googlesyndication.com *.storelocatorwidgets.com https://ajax.googleapis.com https://home-c20.incontact.com https://gateway.on24.com https://www.riddle.com/ *.b0e8.com https://embedr.flickr.com https://widgets.flickr.com *.infinity-tracking.com https://c.hrzn-nxt.com https://public.flourish.studio https://www.redditstatic.com t.contentsquare.net app.contentsquare.com https://www.esyoh.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co *.mnixdata.com https://optimizely-hrd.appspot.com https://aa.trkn.us *.bttrack.com https://bttrack.com https://assets-pcor-dev.adtalem.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.googleapis.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://api.wire.spbx.app *.contentsquare.net  *.ofgreencolumn.com *.fouanalytics.com https://cdn.mobius.highereducation.com/mobius-latest.min.js  https://cdn.us.heap-api.com https://heapanalytics.com https://cdn.eu.heap-api.com; object-src 'none'; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com *.salesforceliveagent.com https://rossu.secure.force.com https://auc--fullsanbox.sandbox.my.salesforce.com https://test.salesforce.com https://login.salesforce.com https://rossu.my.salesforce.com/ *.my.salesforce.com *.my.site.com/ *.force.com/; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/ https://hello.myfonts.net/ https://fast.fonts.net/ https://cdnjs.cloudflare.com/ https://optimize.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdn.storelocatorwidgets.com *.googletagmanager.com https://*.crazyegg.com  *.my.salesforce.com *.my.site.com/ *.force.com/ https://unpkg.com https://use.typekit.net/ https://heapanalytics.com; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com/ https://www.adtalem.com/ https://*.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://www.google-analytics.com https://optimize.google.com https://webtracking.medical.rossu.edu https://analytics.tiktok.com https://rossu.secure.force.com https://webtrackingvet.rossu.edu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://ipv4.d.adroll.com https://pt.ispot.tv *.amazonaws.com https://sp.analytics.yahoo.com https://webtracking.chamberlain.edu https://pixel.mtrcs.samba.tv https://cu.secure.force.com https://bidagent.xad.com https://data.adxcel-ec2.com https://pixel.mathtag.com https://cdnjs.cloudflare.com https://img.storelocatorwidgets.com https://www.googleadservices.com https://arttrk.com ads-api.twitter.com analytics.twitter.com  ads-twitter.com https://bam.nr-data.net *.cookielaw.org *.b0e8.com *.salesforce-sites.com https://trkn.us *.contentsquare.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://live.staticflickr.com https://d.adroll.com https://ad.doubleclick.net https://public.flourish.studio https://l.hrzn-nxt.com https://alb.reddit.com https://analytics.pangle-ads.com *.force.com/ https://px0.pbbl.co https://aa.agkn.com *.t.eloqua.com/ *.my.site.com/ *.adnxs.com/ *.tapad.com/ *.adsrvr.org/ *.bttrack.com/ https://storage.googleapis.com/ https://di.rlcdn.com/ https://assets-pcor-dev.adtalem.com https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.gstatic.com https://maps.googleapis.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://api.wire.spbx.app  *.ofgreencolumn.com https://ml314.com/ https://dpm.demdex.net/ https://heapanalytics.com https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com; media-src 'self' *.avaamo.com; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com https://vr.showmecaribbean.com/ https://e.issuu.com/ https://optimize.google.com *.cdn.optimizely.com https://waldenuniversity.referralrock.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://match.adsrvr.org https://pixel.mathtag.com https://cdn.hypemarks.com https://widget.spreaker.com https://app.calconic.com https://www.google.com *.avaamo.com https://home-c20.incontact.com https://www.riddle.com https://gateway.on24.com https://cdn.yoshki.com https://massinteract.com https://www.flickr.com https://*.siteimprove.com https://public.flourish.studio https://flo.uri.sh https://www.massinteract.com https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co https://unibuddy.co https://events.waldenu.edu https://investors.adtalem.com https://aa.trkn.us *.bttrack.com https://bttrack.com https://www.googletagmanager.com https://app.tintup.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://view-awesome-table.com/ https://gtm.waldenu.edu/ https://www.tiktok.com https://fundraise.givesmart.com; frame-ancestors 'self'; child-src 'self' *.youtube.com blob:; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net https://fonts.gstatic.com *.avaamo.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://cdn.mouseflow.com   *.contentsquare.net https://heapanalytics.com; connect-src 'self' wss://wsp43.hotjar.com https://gtm.waldenu.edu https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://*.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/ https://analytics.google.com https://bam.nr-data.net https://ipinfo.io https://www.facebook.com/tr/ https://analytics.tiktok.com https://cdn.linkedin.oribi.io *.optimizely.com https://api.company-target.com https://vc.hotjar.io https://wsp43.hotjar.com https://s.yimg.com *.mktoresp.com https://ict.infinity-tracking.net https://nas.lon.infinity-tracking.net https://pixel.mtrcs.samba.tv https://in.hotjar.com https://segments.company-target.com https://geoip-js.com *.mouseflow.com https://api.tintup.com *.amazonaws.com https://ad.doubleclick.net https://pixel.admedia.com *.mapbox.com *.storelocatorwidgets.com ads-api.twitter.com ads-twitter.com analytics.twitter.com https://917-jig-558.mktoutil.com *.infinity-tracking.com *.contentsquare.net *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://embedr.flickr.com https://bat.bing.com https://discover.waldenu.edu https://www.esyoh.com https://gtm.chamberlain.edu https://gtm.aucmed.edu https://gtm.veterinary.rossu.edu https://gtm.medical.rossu.edu https://analytics.pangle-ads.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://px.ads.linkedin.com/ https://tr6.snapchat.com/ *.mnixdata.com https://integrations.optimizely-edge.com https://www.redditstatic.com https://conversions-config.reddit.com https://www.redditstatic.com *.reddit.com *.bttrack.com https://bttrack.com https://assets-pcor-dev.adtalem.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.googleapis.com https://pcor-dev.adtalem.com https://pcor-qa.adtalem.com https://pcor.adtalem.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://dev-atge-outage.adtalem.com https://qa-atge-outage.adtalem.com https://atge-outage.adtalem.com https://mapsresources-pa.googleapis.com data:  *.ofgreencolumn.com *.fouanalytics.com https://privacyportal.onetrust.com https://api.mobius.highereducation.com/ https://apix.b2c.com/ https://analytics-ipv6.tiktokw.us/ https://cdn.hypemarks.com/ https://www.facebook.com/privacy_sandbox/ https://cdnjs.cloudflare.com/ https://app.unpkg.com/tippy.js@6.3.7 https://unpkg.com/@popperjs/ https://c.us.heap-api.com https://heapanalytics.com https://c.eu.heap-api.com https://careers.covista.com 2
frame-ancestors 'self' https://*.hauts-de-seine.fr/ https://*.passmalin.fr/ https://*.akstat.io/; 2
default-src 'self'; script-src 'self' www.googletagmanager.com www.googleadservices.com maps.googleapis.com www.redditstatic.com appleid.cdn-apple.com *.g.doubleclick.net static.ads-twitter.com platform.iteratehq.com tagmanager.google.com googletagmanager.com connect.facebook.net www.facebook.com cdnjs.cloudflare.com snippet.maze.co *.smooch.io *.verygoodvault.com *.gladly.com api.mapbox.com cdn.segment.com cdn.plaid.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net analytics.tiktok.com websdk.appsflyer.com static.elfsight.com universe-static.elfsightcdn.com fpnpmcdn.net static.visible.xyz *.taboola.com sc-static.net tr.snapchat.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' static.visible.xyz fonts.googleapis.com tagmanager.google.com *.gladly.com 'unsafe-inline'; img-src 'self' www.google.com www.google.pt www.google.com.ua www.googletagmanager.com www.googleadservices.com www.facebook.com connect.facebook.net *.g.doubleclick.net static.visible.xyz t.co *.twitter.com *.gstatic.com *.amazonaws.com *.event.prod.bidr.io *.reddit.com *.gladly.com *.smooch.io *.adyen.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net assets.wisepops.net *.ytimg.com files.elfsightcdn.com sync.intentiq.com *.taboola.com analytics.tiktok.com t.vibe.co tr.snapchat.com blob: data:; connect-src 'self' https://api.rent.app/api/ google.com www.google.com maps.googleapis.com analytics.google.com *.analytics.google.com *.google-analytics.com *.g.doubleclick.net iteratehq.com *.reddit.com *.tiktokw.us connect.facebook.net www.facebook.com www.redditstatic.com *.conversionsapigateway.com mpc-prod-21-1053047382554.us-central1.run.app conversions-config.reddit.com wa.onelink.me prompts.maze.co www.googletagmanager.com www.googleadservices.com googletagmanager.com assets.visible.xyz *.smooch.io *.verygoodvault.com gladly-production.sinter-collect.com *.gladly.com *.gladly.chat *.mapbox.com *.segment.io *.segment.com browser-intake-us5-datadoghq.com auth.rent.app *.auth0.com events.launchdarkly.com app.launchdarkly.com clientstream.launchdarkly.com *.adyen.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net ads.tiktok.com analytics.tiktok.com *.appsflyer.com *.elfsight.com api.fpjs.io *.api.fpjs.io *.taboola.com t.vibe.co *.snapchat.com ws: blob:; font-src 'self' static.visible.xyz fonts.gstatic.com *.gladly.com analytics.tiktok.com data:; frame-src 'self' assets.visible.xyz www.google.com www.googletagmanager.com www.facebook.com td.doubleclick.net *.verygoodvault.com *.plaid.com auth.rent.app *.auth0.com notifications.wisepops.com wisepops.net *.adyen.com calendly.com youtube.com www.youtube.com www.m.youtube.com tsdtocl.com tr.snapchat.com blob:; object-src 'self' assets.visible.xyz blob:; media-src *.gladly.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; worker-src blob:; block-all-mixed-content; upgrade-insecure-requests; report-uri /_/csp-reports; 2
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: 'self' blob:; frame-src https: 'self' blob:; 2
default-src 'self' 'unsafe-inline';frame-src 'self' 'unsafe-inline' mailto: tel: https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au https://*.akamaihd.net https://*.adsrvr.org https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://www.googletagmanager.com https://profir.it.infrontfinance.com *.apnic.net www.formations-irisbus-iveco.com https://insight.adsrvr.org https://rdap.registro.br https://dealerchatbothd-qual.iveco.com https://dealerchatbothd.iveco.com https://welcome-c.iveco.com https://welcome.iveco.com https://rdap.lacnic.net https://13750033.fls.doubleclick.net *.fls.doubleclick.net *.doubleclick.net https://iveco.com.br https://maps.google.com https://c.contentsquare.net https://t.contentsquare.net https://cnhidcx.fra1.qualtrics.com https://www.facebook.com https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com  https://cpqr.ivecogroup.com https://cpqr.iveco.com  https://open.spotify.com  https://iveco.ubiest.com  https://tools.eurolandir.com  https://vimeo.com  https://www.youtube-nocookie.com  https://www.youtube.com https://player.vimeo.com https://www.stockexpert.it https://stockexpert.it https://www.google.com https://servizi2.message-asp.com;img-src 'self' 'unsafe-inline' https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au https://*.akamaihd.net https://*.adsrvr.org https://fonts.gstatic.com https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://welcome-c.iveco.com https://welcome.iveco.com https://cpqr-cert.iveco.com https://cpqr.iveco.com blob: https://purecatamphetamine.github.io *.contentsquare.net https://cpqr-cert.ivecogroup.com *.clarity.ms https://www.clarity.ms https://www.google.pl https://ad.doubleclick.net *.contentsquare.net https://l.contentsquare.net https://c.contentsquare.net https://maps.gstatic.com https://siteintercept.qualtrics.com https://maps.googleapis.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.google.it https://px4.ads.linkedin.com https://www.facebook.com https://www.google.com  https://www.googletagmanager.com https://fra1.qualtrics.com  https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://tmpprod-eucompwaf010.azureedge.net data:;style-src 'self' 'unsafe-inline' https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au https://*.akamaihd.net https://*.adsrvr.org https://www.googletagmanager.com https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://privacyportal-eu-cdn.onetrust.com https://fonts.googleapis.com;font-src 'self' 'unsafe-inline' data: https://privacyportal-eu-cdn.onetrust.com https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;script-src-elem 'self' 'unsafe-inline' https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au https://*.akamaihd.net https://*.adsrvr.org https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://www.googletagmanager.com https://profir.it.infrontfinance.com *.apnic.net www.formations-irisbus-iveco.com https://js.adsrvr.org https://www.clarity.ms https://s.go-mpulse.net https://www.googleadservices.com https://client.rum.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://c.contentsquare.net https://app.contentsquare.com https://t.contentsquare.net https://maps.googleapis.com https://snap.licdn.com https://connect.facebook.net  https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com   https://cpqr.iveco.com https://cpqr.ivecogroup.com  https://player.vimeo.com https://zn4pjepjt86sqmlks-fptindustrial.siteintercept.qualtrics.com  https://siteintercept.qualtrics.com https://privacyportal-eu-cdn.onetrust.com  https://zn4pjepjt86sqmlks-fptindustrial.siteintercept.qualtrics.com https://vimeo.com https://www.google-analytics.com https://www.youtube.com https://cdn.cookielaw.org https://www.google.com https://www.gstatic.com https://geolocation.onetrust.com https://www.googletagmanager.com https://static.site24x7rum.eu;connect-src 'self' 'unsafe-inline' https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au *.adfixus.com https://privacyportal-eu.onetrust.com https://*.akamaihd.net https://*.adsrvr.org https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://mw-fanshop.ivecogroup.com https://www.googletagmanager.com https://profir.it.infrontfinance.com *.apnic.net www.formations-irisbus-iveco.com https://trial-eum-clienttons-s.akamaihd.net https://trial-eum-clientnsv4-s.akamaihd.net https://rdap.registro.br https://dealerchatbothd-qual.iveco.com https://dealerchatbothd.iveco.com https://rdap.lacnic.net https://welcome-c.iveco.com https://welcome.iveco.com https://cpqr-cert.iveco.com https://cpqr.iveco.com https://dealerchatbothd-qual.iveco.com https://dealerchatbothd.iveco.com data: https://az-eu-sitec-app-p-020.azurewebsites.net *.clarity.ms https://www.clarity.ms https://westeurope-sandbox.ordercloud.io https://westeurope-production.ordercloud.io https://az-eu-sitec-app-c-010.azurewebsites.net https://adservice.google.com *.googlesyndication.com https://www.google.com https://api.ipify.org https://rdap.arin.net https://maps.googleapis.com https://rdap.db.ripe.net *.akstat.io https://c.go-mpulse.net https://analytics.google.com https://dataplane.rum.eu-central-1.amazonaws.com https://sts.eu-central-1.amazonaws.com https://cognito-identity.eu-central-1.amazonaws.com https://px.ads.linkedin.com https://13750033.fls.doubleclick.net *.fls.doubleclick.net *.doubleclick.net https://www.facebook.com *.contentsquare.net https://iveco.com.br https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://c.contentsquare.net https://maps.googleapis.com https://region1.analytics.google.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com  https://cpqr.iveco.com https://cpqr.ivecogroup.com https://player.vimeo.com https://siteintercept.qualtrics.com https://privacyportal-eu-cdn.onetrust.com https://vimeo.com https://region1.google-analytics.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.google-analytics.com https://geolocation.onetrust.com https://col.site24x7rum.eu https://www.youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au https://*.akamaihd.net https://*.adsrvr.org https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://www.googletagmanager.com https://profir.it.infrontfinance.com https://privacyportal-eu.onetrust.com *.apnic.net www.formations-irisbus-iveco.com https://js.adsrvr.org https://insight.adsrvr.org https://trial-eum-clienttons-s.akamaihd.net https://trial-eum-clientnsv4-s.akamaihd.net https://rdap.registro.br https://www.googleadservices.com https://client.rum.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://player.vimeo.com https://t.contentsquare.net https://app.contentsquare.com https://maps.googleapis.com   https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com   https://cpqr.iveco.com https://cpqr.ivecogroup.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://geolocation.onetrust.com https://www.youtube.com; child-src blob:; worker-src blob:;frame-ancestors 'self' astra-trucks.com www.astra-trucks.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.razorpay.com https://sdk.cashfree.com https://*.cashfree.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.clarity.ms https://scripts.clarity.ms https://googleads.g.doubleclick.net https://www.googleadservices.com; worker-src 'self' blob:; frame-src 'self' https://www.youtu.be https://www.youtube.com https://www.youtube-nocookie.com https://quantman-resources-new.blr1.cdn.digitaloceanspaces.com https://*.google.com https://*.razorpay.com https://*.cashfree.com https://www.googletagmanager.com https://www.google.com https://www.facebook.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://ka-p.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://cdnjs.cloudflare.com https://ka-p.fontawesome.com; img-src 'self' data: https://www.youtu.be https://www.youtube.com https://www.youtube-nocookie.com https://quantman-resources-new.blr1.cdn.digitaloceanspaces.com https://www.googletagmanager.com https://www.google-analytics.com https://*.google.com https://*.google.co.in https://www.googleadservices.com https://www.gstatic.com https://www.facebook.com https://c.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net; connect-src 'self' https://*.google.com https://*.razorpay.com https://*.cashfree.com ws://www.local.com:3035 http://www.local.com:3035 https://*.ingest.sentry.io https://*.ingest.us.sentry.io https://www.googletagmanager.com https://www.google-analytics.com https://www.clarity.ms https://scripts.clarity.ms https://*.clarity.ms https://ka-p.fontawesome.com https://googleads.g.doubleclick.net https://www.google.com https://*.google.com https://www.googleadservices.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.facebook.com https://www.google.co.in http://localhost:8083 http://www.localhost:3002; 2
Content-Security-Policy:  default-src 'self' *.clic2buy.com *.click2buy.com *.clic2drive.com 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ams-stage.itchotels.com https://*.affilired.com https://*.denomatic.com https://*.doubleclick.net https://*.google.com https://rum.hlx.page https://cdn.cookielaw.org https://www.googletagmanager.com https://secure.adnxs.com https://web-resources-dyn.offer18a.net https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://readtargeting.com https://secure.datawrkz.com https://connect.facebook.net *.triptease.io https://script.hotjar.com https://static.hotjar.com https://assets.adobedtm.com https://www.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.gstatic.com https://dynamic.criteo.com https://itclimited.sc.omtrdc.net https://sslwidget.criteo.com https://www.youtube.com https://www.jscache.com https://www.tripadvisor.com https://www.tripadvisor.in https://static.tacdn.com; frame-ancestors 'self' https://www.itchotels.com 2
default-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; script-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com 'unsafe-inline' 'unsafe-eval' https://*.ada.support https://*.bing.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.launchdarkly.com https://optimize.google.com https://www.googleoptimize.com https://js-agent.newrelic.com https://bam.nr-data.net https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.pdst.fm https://tracker.adreadyclick.com https://www.googleadservices.com https://cdn.pbbl.co https://websdk.appsflyer.com https://banner.appsflyer.com https://www.youtube.com https://creatives-cdn.appsflyer.com https://googleads.g.doubleclick.net https://www.google.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://cdn.jsdelivr.net https://pixel.mathtag.com https://collector-20545.tvsquared.com https://*.google.com/; style-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://optimize.google.com https://cdn.jsdelivr.net https://banner.appsflyer.com https://creatives-cdn.appsflyer.com; frame-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://*.ada.support https://www.facebook.com https://cdn.pbbl.co https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://pixel.mathtag.com https://collector-20545.tvsquared.com; connect-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://*.ada.support https://stats.g.doubleclick.net https://www.google-analytics.com https://*.bing.com https://bam.nr-data.net https://www.facebook.com https://pixelconnector.adready.com https://tracker.adreadyclick.com https://us-central1-adaptive-growth.cloudfunctions.net https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com wss://*.connect.us-east-1.amazonaws.com https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://participant.connect.us-east-1.amazonaws.com https://wa.onelink.me https://wa.appsflyer.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://*.google.com/; img-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://secure.gravatar.com https://m1.com data: https://m1.com https://*.bing.com https://s3.amazonaws.com https://www.google-analytics.com https://www.googleanalytics.com https://www.google.com https://www.googletagmanager.com https://optimize.google.com https://trkn.us https://t.co https://www.facebook.com https://secure.adnxs.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://analytics.twitter.com https://pixel.mathtag.com https://collector-20545.tvsquared.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://cdnappicons.appsflyer.com https://impressions.onelink.me https://*.google.com/; font-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://fonts.googleapis.com https://fonts.gstatic.com data: https://www.googletagmanager.com https://optimize.google.com https://cdn.appsflyer.com; object-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; media-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; 2
default-src 'self' deskline.net concierge.goodguys.ai 'unsafe-inline' 'unsafe-eval' https: data: blob:; connect-src 'self' https: wss: blob:; 2
default-src 'none'; style-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self' 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: blob: https:;media-src 'self' data:;connect-src 'self' data: https: wss:;font-src 'self' data: https:;frame-src 'self' https:;frame-ancestors 'self' https://eshop.biano.cz;worker-src 'self' blob:;report-to csp-endpoint;base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 2
default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 2
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.publiclands.com *.dickssportinggoods.com *.akamaihd.net *.scene7.com *.bazaarvoice.com *.iso.gp01.pcf.dcsg.com *.radar.com *.googleapis.com *.pub-cdn.dksfed.com pub-cdn.dksfed.com *.certona.net *.certona.com res-x.com maxcdn.bootstrapcdn.com c.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com utt.impactcdn.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net dsg.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com *.criteo.com *.criteo.net static.ads-twitter.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com cdn.hlserve.com b.hlserve.com www.google.com googleads.g.doubleclick.net adservice.google.com c.riskified.com ws.sessioncam.com www.googleadservices.com cdn.brandingbrand.com dsg2m.btttag.com publiclands500z.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net www.paypal.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.liveperson.net *.lpsnmedia.net *.zoovu.com assets-barracuda-runner.azureedge.net *.adobedc.net *.adoberesources.net *.attn.tv analytics.tiktok.com *.micpn.com *.collectivevoice.com accounts.google.com ln-rules.rewardstyle.com creatives.attn.tv *.monetate.net mczbf.com sjwoe.com cj.dotomi.com emjcd.com idsync.rlcdn.com *.mczbf.com *.cj.com; frame-ancestors *.publiclands.com *.dickssportinggoods.com *.techlab-cdn.com; child-src *.monetate.net acrobatservices.adobe.com documentservices.adobe.com *.attn.tv dcsg.jotform.com *.dickssportinggoods.com *.publiclands.com *.cj.com *.quantummetric.com *.adyen.com *.afterpay.com *.paypal.com *.paypalobjects.com *.cardinalcommerce.com *.liveperson.net *.lpsnmedia.net dickssportinggoods.demdex.net *.criteo.com *.criteo.net maps.google.com accounts.google.com hosted.where2getit.com mobile.where2getit.com fit.dksxchange.com www.thinglink.com dicks-cti.gvcommerce.com www.youtube.com *.truefitcorp.com *.affirm.com *.doubleclick.net *.g.doubleclick.net *.pinterest.com *.googleapis.com tr.snapchat.com resources.digital-cloud.medallia.com *.hlserve.com *.facebook.com static.ads-twitter.com *.tagdelivery.com *.fls.doubleclick.net prod.accdab.net www.cdn-net.com *.googlesyndication.com *.safeframe.googlesyndication.com www.google.com *.anyroad.com *.mycustomizer.com *.techlab-cdn.com 2
frame-ancestors 'self' https://mc.yandex.ru https://ser3.express.pptrf.ru 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.jsdelivr.net kit.fontawesome.com ka-p.fontawesome.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com uicdn.toast.com backgroundimages.concretecms.com picsum.photos *.picsum.photos google.com *.google.com youtube.com *.youtube.com cloudflare.com *.cloudflare.com googletagmanager.com *.googletagmanager.com cookiebot.com *.cookiebot.com google-analytics.com *.google-analytics.com doubleclick.net *.doubleclick.net google.nl *.google.nl linkedin.com *.linkedin.com licdn.com *.licdn.com svrdntfctn.com *.svrdntfctn.com leadinfo.net *.leadinfo.net leadinfo.com *.leadinfo.com ldnfrpl.com *.ldnfrpl.com amazonaws.com *.amazonaws.com xelion.com *.xelion.com xelion.nl *.xelion.nl *.redditstatic.com *.clarity.ms *.bing.com *.bing.net *.reddit.com *.zohoapis.eu googlesyndication.com *.googlesyndication.com *.enorm:5173 *.test:5173; worker-src 'self' blob:; connect-src 'self' wss://*.enorm:5173 wss://*.test:5173 cookiebot.com *.cookiebot.com google-analytics.com *.google-analytics.com google.com *.google.com linkedin.com *.linkedin.com licdn.com *.licdn.com svrdntfctn.com *.svrdntfctn.com leadinfo.net *.leadinfo.net leadinfo.com *.leadinfo.com ldnfrpl.com *.ldnfrpl.com amazonaws.com *.amazonaws.com *.redditstatic.com *.clarity.ms *.bing.com *.bing.net *.reddit.com *.zohoapis.eu googlesyndication.com *.googlesyndication.com wss://*.xelion.nl; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: 2
default-src 'self'; script-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline' https://static.lightning.force.com/ https://service.force.com/ https://bicx.secure.force.com/ https://bi.force.com/ https://cdn-ukwest.onetrust.com/scripttemplates/ https://dl.episerver.net/ https://id.siteimprove.com/ https://my2.siteimprove.com/ https://cdn.siteimprove.net/ https://ajax.googleapis.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ http://play.google.com/ https://play.google.com/ https://*.vo.msecnd.net/ https://player.vimeo.com/ http://login.edialog24.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ http://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.no/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://d8ejoa1fys2rk.cloudfront.net/ https://siteimproveanalytics.com/ https://unpkg.com/@gobistories/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://res.cloudinary.com/gobi-technologies-as/ https://api.useberry.com/ blob:  https://app-bino-prod.azurewebsites.net/ https://app-bino-prod-staging.azurewebsites.net/ https://www.bi.no/ https://bicx.my.salesforce.com/ https://bicx.my.salesforce-sites.com/ https://external-bi-prod.azureedge.net/ https://d.la1-c1-cdg.salesforceliveagent.com/ https://widget.gobistories.com/ https://bicx.my.site.com/ https://api.useberry.com/ https://*.linkedin.com/; style-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline' https://static.lightning.force.com/ https://service.force.com/ https://bicx.secure.force.com/ https://bi.force.com/ https://cdn-ukwest.onetrust.com/scripttemplates/ https://dl.episerver.net/ https://id.siteimprove.com/ https://my2.siteimprove.com/ https://cdn.siteimprove.net/ https://ajax.googleapis.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ http://play.google.com/ https://play.google.com/ https://*.vo.msecnd.net/ https://player.vimeo.com/ https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl3m9ZW-/www-widgetapi.js http://login.edialog24.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ http://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.no/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://d8ejoa1fys2rk.cloudfront.net/ https://siteimproveanalytics.com/ https://unpkg.com/@gobistories/ https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://web-sdk-eu.aptrinsic.com/ https://cdn.jsdelivr.net/  https://app-bino-prod.azurewebsites.net/ https://app-bino-prod-staging.azurewebsites.net/ https://www.bi.no/ https://bicx.my.site.com/eswsbino/; object-src 'none'; base-uri 'self'; connect-src 'self'  https://sgtm.bi.no/ https://*.applicationinsights.azure.com/ https://bicx.secure.force.com/ https://static.lightning.force.com/ https://bicx.my.salesforce.com/ https://bicx.my.salesforce-sites.com/ https://*.global.siteimproveanalytics.io/ https://id.siteimprove.com/ https://my2.siteimprove.com/ https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://privacyportal-uk.onetrust.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ http://play.google.com/ https://play.google.com/ https://www.google.com/ https://www.google.no/ https://region1.google-analytics.com/ https://www.google-analytics.com/ https://vimeo.com/ https://player.vimeo.com/ https://dc.services.visualstudio.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://d8ejoa1fys2rk.cloudfront.net/ https://sentry10.bynder.cloud/ https://media.bi.no/ https://jsonplaceholder.typicore.com/ https://easycruit.com/ https://api.gobistories.com/ https://media-proxy.gobistories.com/ https://pagead2.googlesyndication.com/ https://esp-eu.aptrinsic.com/rte/v1/configuration/ https://googleads.g.doubleclick.net/ https://easycruit.com/api/ https://www.easycruit.com/ https://web-sdk-eu.aptrinsic.com/ https://esp-eu.aptrinsic.com/ https://res.cloudinary.com/gobi-technologies-as/ https://bilogin.b2clogin.com/  https://bicx.my.salesforce-scrt.com/; font-src 'self' data: https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/npm/bi-web-components@latest/ https://d8ejoa1fys2rk.cloudfront.net/ https://dl.episerver.net/ https://dhm5hy2vn8l0l.cloudfront.net/graphik/ https://dhm5hy2vn8l0l.cloudfront.net/lato/  https://app-bino-prod.azurewebsites.net/ https://app-bino-prod-staging.azurewebsites.net https://www.bi.no; frame-src 'self' https://sgtm.bi.no/ https://bicx--compoc.sandbox.my.site.com/ https://bicx--compoc.sandbox.lightning.force.com/ https://bicx--compoc.sandbox.my.salesforce.com/ https://service.force.com/ https://bicx.secure.force.com/ https://bi.force.com/ http://play.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://5995713.fls.doubleclick.net/ https://my2.siteimprove.com/ https://bi.easycruit.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/ https://www.linkedin.com/  https://bicx.my.site.com/ https://bicx.file.force.com/; img-src 'self' data: https://media.bi.no/ https://www.bi.no/ https://6000471.global.siteimproveanalytics.io/ https://d2csxpduxe849s.cloudfront.net/ https://img.youtube.com/ https://i.ytimg.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.no/ https://dl.episerver.net/ https://media-proxy.gobistories.com/ https://cdn-ukwest.onetrust.com/ https://www.bynder.com/ https://ad.doubleclick.net/ http://www.w3.org/2000/svg/ https://res.cloudinary.com/gobi-technologies-as/ https://www.linkedin.com/  https://app-bino-prod.azurewebsites.net/ https://app-bino-prod-staging.azurewebsites.net/; manifest-src 'self'; media-src 'self' https://res.cloudinary.com/gobi-technologies-as/ https://media-proxy.gobistories.com/ blob:; report-uri https://631adb1029ad77a9b5a12c7b.endpoint.csper.io/?v=0/; worker-src blob:; 2
frame-ancestors https://app.storyblok.com/ https://web.ruttl.com/ https://www.wingsforlifeworldrun.com 2
base-uri 'none'; font-src 'self' https: data: https://heapanalytics.com; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https: images.ctfassets.net https://heapanalytics.com; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' https://heapanalytics.com; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' https://cdn.heapanalytics.com https://heapanalytics.com; upgrade-insecure-requests; default-src 'self'; frame-src 'self' https:; worker-src blob:; connect-src 'self' https: http://cdn.cookielaw.org wss: https://heapanalytics.com; media-src blob: 'self' https:; 2
default-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self'; media-src 'self' b.peatio.com assets.peatio.com assets.big.zone static.big.zone static.peatio.com static.zdassets.com data: blob:; img-src 'self' b.peatio.com assets.peatio.com assets.big.zone static.big.zone static.peatio.com mixin-images.zeromesh.net images.mixin.one storage.googleapis.com static.geetest.com static.geevisit.com v2assets.zopim.io bigone.zendesk.com static.zdassets.com www.google-analytics.com fourier.alibaba.com blob: data: https://assets.coingecko.com/coins/images/ https://s3.bmp.ovh/imgs/ https://parachains.info/images/; font-src 'self' b.peatio.com at.alicdn.com data:; frame-ancestors 'self'; frame-src 'self' bridge-loaded.b1.run bigone-queue-message.b1.run www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net/recaptcha/ recaptcha.net/recaptcha/; style-src 'self' 'unsafe-inline' static.big.zone static.peatio.com assets.peatio.com b.peatio.com static.geetest.com static.geevisit.com; script-src-elem 'self' static.big.zone assets.peatio.com static.peatio.com b.peatio.com storage.googleapis.com www.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net/recaptcha/ recaptcha.net/recaptcha/ static.zdassets.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com s.go-mpulse.net s2.go-mpulse.net go-mpulse.net www.datadoghq-browser-agent.com g.alicdn.com/AWSC/ retcode.alicdn.com widget-mediator.zopim.com cf.aliyun.com/nocaptcha/ ynuf.aliapp.org/w/ 8ldr8y.tdum.alibaba.com; script-src-attr 'none'; connect-src 'self' bigone.com big.one info.big.one info.bigone.com info.b1.zone info.big.zone outerlands.b1.zone mixin-api.zeromesh.net api.mixin.one c.go-mpulse.net browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com rum.browser-intake-datadoghq.com monitor.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com yumchina.geetest.com www.google-analytics.com ekr.zdassets.com bigone.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com api.blockchair.com/bitcoin/stats www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net/recaptcha/ recaptcha.net/recaptcha/ www.googletagmanager.com https://api.qiniu.com https://uplog.qbox.me https://upload-z2.qiniup.com; form-action 'self' https://account.volet.com; 2
worker-src 'self' blob: ;script-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com; object-src 'none'; 2
default-src 'self' https: data: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https:; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://smartcaptcha.yandexcloud.net;style-src 'self' 'unsafe-inline' https: https://smartcaptcha.yandexcloud.net;img-src 'self' data: blob: https: https://smartcaptcha.yandexcloud.net;font-src 'self' https:;connect-src 'self' https: wss: https://smartcaptcha.yandexcloud.net;media-src 'self' blob:;frame-src https://smartcaptcha.yandexcloud.net;frame-ancestors 'none';base-uri 'self';form-action 'self'; 2
default-src 			'self'; 		script-src 			'self' 			'unsafe-inline' 			'unsafe-eval' 			https://clickhelp.com 			https://*.clickhelp.com 			https://*.googletagmanager.com 			https://*.google-analytics.com 			https://www.youtube.com 			https://*.youtube.com 			https://*.ytimg.com 			https://*.google.com 			https://*.gstatic.com 			https://js.posthog.com 			https://*.recaptcha.net 			https://chimpstatic.com 			https://*.mailchimp.com 			https://*.calendly.com 			https://*.chatbase.co 			https://d3h3meckw07nf.cloudfront.net 			https://kit.fontawesome.com 			https://connect.facebook.net 			https://*.redditstatic.com 			https://googleads.g.doubleclick.net; 		style-src 			'self' 			'unsafe-inline' 			https://fonts.googleapis.com 			https://use.fontawesome.com 			https://d3h3meckw07nf.cloudfront.net 			https://*.calendly.com; 		img-src 			'self' 			data: 			https://*.youtube.com 			https://*.google.com 			https://connect.facebook.net 			https://www.googletagmanager.com 			https://backend.chatbase.co 			https://www.facebook.com 			https://alb.reddit.com 			https://*.ytimg.com 			https://www.google.ru 			https://www.google.com 			https://www.gstatic.com 			https://www.google-analytics.com 			https://*.mailchimp.com 			https://*.calendly.com; 		font-src 			'self' 			data: 			https://*.googleusercontent.com/ 			https://*.gstatic.com 			https://*.fontawesome.com; 		connect-src 			'self' 			https://www.googleadservices.com 			https://www.datadoghq.com 			https://browser-intake-datadoghq.com 			https://*.browser-intake-datadoghq.com 			https://*.doubleclick.net 			https://*.facebook.com 			https://analytics.google.com 			https://*.analytics.google.com 			https://google-analytics.com 			https://*.google-analytics.com 			https://app.posthog.com 			https://api.posthog.com 			https://verifalia.com 			https://api.verifalia.com 			https://ka-p.fontawesome.com 			https://d3h3meckw07nf.cloudfront.net 			https://pixel-config.reddit.com 			https://www.redditstatic.com 			https://pagead2.googlesyndication.com 			https://www.google.com 			https://www.chatbase.co; 		frame-src 			https://chatbase.co 			https://*.chatbase.co 			https://clickhelp.com 			https://*.clickhelp.com 			https://www.googletagmanager.com 			https://www.google.com 			https://recaptcha.google.com 			https://calendar.google.com 			https://calendly.com 			https://*.calendly.com 			https://youtube.com 			https://*.youtube.com; 		form-action 			'self'; 		object-src 			'none'; 		base-uri 			'self'; 		frame-ancestors 			'self' 			https://clickhelp.com 			https://*.clickhelp.com 			https://*.google.com 			https://recaptcha.google.com 			https://calendar.google.com 			https://www.youtube.com 			https://*.calendly.com 			https://calendly.com; 		report-uri /wp-json/clickhelp/v1/csp-report 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeocdn.com;  style-src 'self' http: 'unsafe-inline' *.googleapis.com;  img-src 'self' data: *; frame-src mailto: *.doubleclick.net *.vimeo.com *.youtube.com *.arri.com *.facebook.com *.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' blob: *.licdn.com *.doubleclick.net *.pingdom.net *.6sc.co *.crazyegg.com *.facebook.net *.gstatic.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.googleapis.com unpkg.com *.arri.com *.youtube.com;  connect-src 'self' *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.usercentrics.eu *.6sc.co *.ads.linkedin.com *.crazyegg.com *.6sense.com *.doubleclick.net *.pingdom.net *.googleapis.com *.arri.com *.facebook.com *.facebook.net *.vimeocdn.com *.google-analytics.com; worker-src 'self' blob: 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2
default-src 'self' *.sprinklr.com; script-src 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net; script-src-elem 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net 2
worker-src *.cpapsupplies.com *.motifmedical.com blob: aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br dhv2ziothpgrr.cloudfront.net *.fontawesome.com *.yotpo.com *.googleapis.com https://fonts.bunny.net bam-cell.nr-data.net/jserrors/1/1be9de6ba3 bam-cell.nr-data.net/resources/1/1be9de6ba3 cdn.ivaws.com *.klaviyo.com lazysizes-umd.min.js maxcdn.bootstrapcdn.com www.facebook.com/tr *.five9nonprod.net googletagmanager.com aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.motifmedical.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com d2mjzob2nc713b.cloudfront.net braze-images.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.maskfitar.com https://plumrocket.com *.yotpo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com medchatapp.com tr.snapchat.com/cm/i aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.motifmedical.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.motifmedical.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com *.aeroflow.dev *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.affirm.com *.affirm.ca t.sharethis.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br *.meetanshi.com https://plumrocket.com *.yotpo.com *.weltpixel.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de lootly.io www.affirm.com cmp.osano.com ct.pinterest.com *.doubleclick.net *.five9.net graph.instagram.com *.googlesyndication.com *.healthline.com medchatapp.com mozbar.moz.com www.paypalobjects.com tr.snapchat.com ws.sharethis.com www.facebook.com www.youtube.com www.youtube-nocookie.com aeroflow-breastpumps.gorgias.help help-center.gorgias.help www.instagram.com players.brightcove.net www.tiktok.com aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.motifmedical.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com www.nbcnews.com/news/embedded-video/ ep2.adtrafficquality.google *.authorize.net https://*.online-metrix.net https://imgs.signifyd.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net upload-widget.cloudinary.com https: 'self' 'unsafe-inline';, img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.affirm.com *.affirm.ca *.sharethis.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br *.meetanshi.com https://s3.amazonaws.com/idme/developer/idme-buttons/assets/* dhv2ziothpgrr.cloudfront.net magefan.com cm.magefan.com https://meetanshi.com/media/logo.png *.disqus.com *.yotpo.com www.emjcd.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://img.youtube.com https://firebasestorage.googleapis.com d.agkn.com analytics.twitter.com api2.authorize.net *.bing.com cdn.ivaws.com cdnjs.cloudflare.com *.cloudfront.net ct.pinterest.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.elfsightcdn.com *.ticktokcdn-us.com scontent-atl3-1.xx.fbcdn.net www.facebook.com www.google.fr maps.googleapis.com lh3.googleusercontent.com *.googlesyndication.com googletagmanager.com secure-us.imrworldwide.com l.sharethis.com/pview *.pinterest.com px.adentifi.com *.ads.linkedin.com www.linkedin.com *.reddit.com req.easywebinar.com sp.analytics.yahoo.com/sp.pl tags.w55c.net t.co/i/adsct tr.snapchat.com/p tvspix.com/t.png ws.sharethis.com motifmedical.com www.shareasale.com idsync.rlcdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat i.pinimg.com www.gstatic.com ssl.gstatic.com blob: aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.motifmedical.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com gtm.aeroflowbreastpumps.com gtm.aeroflowdiabetes.com cfvod.kaltura.com media-cldnry.s-nbcnews.com braze-images.com ep2.adtrafficquality.google https://imgs.signifyd.com https://*.online-metrix.net https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net data: https: 'self' 'unsafe-inline';, script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.affirm.com *.affirm.ca *.sharethis.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br *.meetanshi.com https://s3.amazonaws.com/idme/developer/idme-buttons/assets/* dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.disqus.com *.yotpo.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de lootly.io *.avada.io *.kameleoon.io *.kameleoon.com *.acsbapp.com cdn.acsbapp.com/cache/app/breastpump.dev.m2.aeroflow.dev/config.json *.aeroflowonline.com analytics.tiktok.com bam.nr-data.net bam-cell.nr-data.net/1/1be9de6ba3 *.bing.com cdnjs.cloudflare.com cmp.osano.com connect.facebook.net *.cpapsupplies.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.dwin1.com static.elfsight.com *.elfsightcdn.com *.ticktokcdn-us.com ewpcdn-ecs.easywebinar.com fast.wistia.com/embed/medias/clvoh0pei7.json *.five9.net *.googlesyndication.com graph.instagram.com www.gstatic.com/firebasejs h64.online-metrix.net js-agent.newrelic.com js.appboycdn.com *.klaviyo.com maps.googleapis.com snippet.maze.co medchatapp.com/widget/widget.js *.noibu.com s.pinimg.com ct.pinterest.com *.redditstatic.com sc-static.net/scevent.min.js snap.licdn.com/li.lms-analytics/insight.min.js static.ads-twitter.com/uwt.js s.yimg.com tr.snapchat.com mc.us4.list-manage.com/subscribe/form-settings ws.sharethis.com *.zdassets.com d38xvr37kwwhcm.cloudfront.net snap.licdn.com *.adtrafficquality.google *.pinimg.com widgets.pinterest.com assets.pinterest.com cdn.jsdelivr.net/npm/canvas-confetti@1.9.2/dist/confetti.browser.min.js googletagmanager.com tagmanager.google.com aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.motifmedical.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com d2mjzob2nc713b.cloudfront.net addshoppers.s3.amazonaws.com shop.pe cdnapisec.kaltura.com api.ipify.org aeroflow-breastpumps.gorgias.help help-center.gorgias.help *.authorize.net https://www.googletagmanager.com unpkg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net widget.cloudinary.com/v2.0/global/all.js blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com *.sharethis.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br https://s3.amazonaws.com/idme/developer/idme-buttons/assets/* dhv2ziothpgrr.cloudfront.net *.fontawesome.com *.yotpo.com *.googleapis.com https://fonts.bunny.net ewpcdn-ecs.easywebinar.com *.klaviyo.com maxcdn.bootstrapcdn.com medchatapp.com *.tiktokcdn-us.com googletagmanager.com tagmanager.google.com aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.motifmedical.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com addstrap-ui.addshoppers.com d2mjzob2nc713b.cloudfront.net *.five9.net https://fonts.googleapis.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com static.zdassets.com aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.motifmedical.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com blob: 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline';, connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.affirm.com *.affirm.ca *.sharethis.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br *.meetanshi.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.yotpo.com www.mczbf.com pipedream.wistia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de us-autocomplete-pro.api.smarty.com lootly.io https://get.geojs.io *.avada.io adservice.google.com *.aeroflowapi.org doctor-lookup.aeroflow.ninja warranties-prod-warrantyuploads3bucket-pwksm63i2jcr.s3.amazonaws.com analytics.tiktok.com api.motifmedical.com/api/fullmotiflookuptool app.launchdarkly.com *.bing.com sdk.iad-02.braze.com bt.signifyd.com:11103 cdn.acsbapp.com *.osano.com www.cloudflare.com/cdn-cgi/trace data.stbuttons.click *.elfsight.com *.elfsightcdn.com www.facebook.com *.five9.net *.five9.com www.google.com *.doubleclick.net maps.googleapis.com *.googlesyndication.com graph.instagram.com *.klaviyo.com l.sharethis.com/pview *.lactationlink.com *.motifmedical.com motifmedical.zendesk.com *.noibu.com wss://*.noibu.com ct.pinterest.com prompts.maze.co req.easywebinar.com s.yimg.com *.snapchat.com dev.visualwebsiteoptimizer.com wss://widget-mediator.zopim.com *.zdassets.com *.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com www.pinterest.com trail.grin.co *.adtrafficquality.google *.gstatic.com sentry.io *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.pumpingessentials.com *.aeroflowdiabetes.com shop.aeroflowinc.com gtm.aeroflowbreastpumps.com gtm.aeroflowdiabetes.com www.babylist.com cdnapisec.kaltura.com cfvod.kaltura.com browser-intake-datadoghq.com *.authorize.net *.google-analytics.com https://imgs.signifyd.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net portal.aeroflow.online https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.affirm.com *.aeroflow.io *.aeroflow.org *.doubleclick.net *.googlesyndication.com aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.motifmedical.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net portal.aeroflow.online data: https: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pube9332b0833174b6c2524f3d03729b01d&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Aadobe-commerce%2Cenv%3Aprod; report-to report-endpoint; 2
default-src 'self' https://*.wpenginepowered.com *.wpengine.com *.pleg.es https://*.indragroup-usa.com https://indragroup-usa.com https://*.indragroup.com https://*.indramind.com https://*.minsait.com; connect-src 'self' https://*.pleg.es https://*.wpenginepowered.com *.wpengine.com *.minsait.com *.indracompany.com *.pardot.com https://www.googletagmanager.com *.google-analytics.com https://ipinfo.io https://www.google.com https://vimeo.com https://www.youtube-nocookie.com https://www.youtube.com *.indragroup-usa.com https://*.indragroup.com https://*.indramind.com; script-src 'self' 'nonce-36945097-35f1-4ea2-b09e-cccd0147b378' 'strict-dynamic' *.euroland.com *.eurolandir.com *.minsait.com *.indracompany.com *.pardot.com https://www.googletagmanager.com *.google-analytics.com https://www.google.com https://www.gstatic.com *.ytimg.com https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://vimeo.com https://player.vimeo.com *.indragroup-usa.com https://indragroup-usa.com https://*.indragroup.com https://*.indramind.com; style-src 'self' 'unsafe-inline' *.ytimg.com; img-src 'self' data: https://*.pleg.es *.wpengine.com https://*.wpenginepowered.com https://www.googletagmanager.com *.google-analytics.com *.minsait.com *.indracompany.com *.pardot.com *.ytimg.com https://i.vimeocdn.com https://*.indragroup-usa.com https://indragroup-usa.com https://*.indragroup.com https://*.indramind.com; font-src 'self' https://fonts.gstatic.com; frame-src *.euroland.com *.eurolandir.com https://www.google.com https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://*.indragroup-usa.com https://indragroup-usa.com https://*.indragroup.com https://*.indramind.com; frame-ancestors 'self'; object-src 'none'; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'self' https: data:; connect-src 'self' wss://*.tawk.to wss://ws.hotjar.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; 2
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com https://*.petrolplus.ru https://*.gpc-rus.ru https://*.transitcard.ru https://*.resheno.xyz https://*.petrolplus.kz 2
upgrade-insecure-requests; report-to https://www.codium.ai; report-uri https://www.codium.ai; 2
frame-ancestors 'self' *.luxair.lu *.luxairtours.lu 2
frame-ancestors 'self' *.humacom.com *.iofbonehealth.org *.osteoporosis.foundation 2
img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschcarservice.com *.dxtservice.com *.bosch.com *.snap.licdn.com *.licdn.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.nr-data.net *.youtube.com *.translate.google.com *.google.com; object-src 2
default-src 'self'; child-src blob:; connect-src 'self' data https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.googleadservices.com https://stats.g.doubleclick.net https://*.hscollectedforms.net https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://js.zi-scripts.com https://analytics.inzynk.io https://collector4.leadinfo.net https://collector.leadinfo.net https://api.leadinfo.com https://ws.zoominfo.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; font-src 'self' data: data fonts.gstatic.com; frame-src https://*.youtube.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://prod1.solutions.webfg.ch https://*.google.com https://td.doubleclick.net https://www.coface.fr https://pwm-image.trendmicro.com https://edge.media-server.com; img-src 'self' data: data blob https://tr.line.me https://*.lfeeder.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://*.hsforms.com https://*.hubspot.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; object-src 'none'; script-src 'self' blob 'sha256-r5XNBZKG5SuRALRop397WzCpL6A7PPnVeJHjxu4dYoM=' 'sha256-PvjejqLYd3NWAQbuI5ztPkrH0+NbIyvfHcohUy/cDgY=' 'sha256-ixt9cJSW7l/TjcAHQwIkthvmNXKVhbctw0KIBmfT3vI=' 'sha256-TBFB22YzPYBT6rIyeICABgKnf6AS2XlCon7PlKpqwx0=' 'sha256-Mdr7Elzu0r9o/uLCgHaqqkGF/Cjybl8xHE3xxAJOpvE=' 'sha256-Fac3ZJh9Y/mUcXMm30RrYwSt3wFvJ7dvzNvifF3wz9o=' 'sha256-j7hX0Eb40FknxDtJlw+/vJUvnDRI62XPkRyAgR5yDPs=' 'sha256-7vg2+gdz1/ftFJq3ZBimCuYwW04BTLPk0Z8E7kVeGHY=' 'sha256-VyY8SEWR8lMYk6OETYa7fhiLcLnQwdZtN03ECJL48t0=' 'sha256-XbnphNbfccFW7zQZOKk1NECfmmjWeq0cg1FwHrMZZ3A=' 'sha256-nVZbCRzRQSuWk+9W2ls61mQODCppOVf74kz9tIVcvD8=' 'sha256-oIOkXW3jJVB3WzdBAFDW1Y+ploUa4qVp1mqHQeZ7U+Q=' 'sha256-uILB4C9XYyBWeOx5+XQDrAjrU4EsdqN9Ms3lKdPVl58=' 'sha256-fEneWIDmgpMHym15EtxErZC6ZUMtKxivpJeC0XmqQGc=' 'sha256-tAWD8lytuBP8gEXDAj+ZibUssoc3mxK0Qpx5aFn8TT4=' https://*.lfeeder.com https://tags.inzynk.io https://cdn.leadinfo.net https://plugin.sopro.io https://d.line-scdn.net https://js.zi-scripts.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://googleads.g.doubleclick.net https://*.gstatic.com https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hs-scripts.com https://*.linkedin.com https://*.licdn.com https://*.google.com https://*.google.fr https://*.upsun-eu-5.observability-pipeline.blackfire.io; style-src 'self' 'unsafe-inline'; worker-src blob: 2
default-src 'self';     style-src 'self' 'unsafe-inline' static.inteliwise.com fonts.googleapis.com *.googletagmanager.com;     img-src 'self' data: syndication.twitter.com www.facebook.com *.tile.openstreetmap.org www.gravatar.com *.googletagmanager.com *.google-analytics.com *.google.com www.google.pl cdn.livechat-files.com *.g.doubleclick.net *.gstatic.com fonts.gstatic.com px.ads.linkedin.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com static.addtoany.com z.moatads.com *.googletagmanager.com maps.googleapis.com platform.twitter.com *.facebook.net www.google-analytics.com *.livechatinc.com *.livechat.com www.google.com www.gstatic.com *.hotjar.com googleads.g.doubleclick.net cdn.jsdelivr.net static.inteliwise.com *.amazonaws.com www.instagram.com snap.licdn.com m.addtoany.com;     font-src 'self' *.livechatinc.com fonts.gstatic.com;     connect-src 'self' *.addthis.com stats.addtoany.com nominatim.openstreetmap.org www.google-analytics.com www.facebook.com maps.googleapis.com *.google-analytics.com static.inteliwise.com rail-publisher.app.inteliwi.se www.ewt.gov.pl ewt.gov.pl *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com pagead2.googlesyndication.com rail-publisher.app.inteliwise.se;     frame-src 'self' *.addthis.com *.addtoany.com www.youtube.com platform.twitter.com www.facebook.com web.facebook.com www.google.com ankiety.org *.livechatinc.com *.livechat.com player.liveaffect.pl *.amazonaws.com open.spotify.com ankietaprzedsiebiorcy.alfavox.app www.googletagmanager.com td.doubleclick.net *.amazonws.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' px.ads.linkedin.com *.ads.linkedin.com *.cookiebot.com *.facebook.com *.facebook.net *.g.doubleclick.net *.gigya.com *.go-mpulse.net *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.ivoclar.com *.ivoclarvivadent.com *.ownid.com *.pardot.com *.purechat.com *.purechatcdn.com *.vimeo.com *.youtube.com api.ipify.org cdn.fusedeck.net challenges.cloudflare.com g.doubleclick.net io.fusedeck.net js.hsforms.net script.hotjar.com service.excentos.com snap.licdn.com static.hotjar.com www.eventbrite.com www.googletagmanager.com www.linkedin.com yastatic.net *.stackadapt.com qvdt3feo.com tags.srv.stackadapt.com *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net iytimg.com *.clarity.ms *.qualtrics.com fd.ivoclar.com server.fillout.com;img-src 'self' data: px.ads.linkedin.com cdn.jsdelivr.net *.ivoclar.com *.ivoclarvivadent.com *.gigya.com *.google.com google.com *.google.at *.gstatic.com *.googleapis.com *.google-analytics.com *.purechat.com *.purechatcdn.com *.googleapis.com *.facebook.net *.facebook.com *.google-analytics.com *.pardot.com *.google.co.uk *.g.doubleclick.net g.doubleclick.net *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.youtube.com *.ads.linkedin.com *.vimeo.com *.excentos.com excentos.com *.google.com.sa google.com.sa *.google.de google.de cdn01.basis.net *.stackadapt.com qvdt3feo.com tags.srv.stackadapt.com *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net yastatic.net iytimg.com *.cookiebot.com *.clarity.ms *.siteintercept.qualtrics.com fd.ivoclar.com;style-src 'self' data: blob: 'unsafe-inline' px.ads.linkedin.com cdn.jsdelivr.net *.google.com *.googleapis.com *.ivoclarvivadent.com *.ivoclar.com *.google.co.uk *.g.doubleclick.net g.doubleclick.net *.googleadservices.com *.googlesyndication.com cdn.fusedeck.net *.youtube.com *.vimeo.com *.excentos.com cdn01.basis.net tags.srv.stackadapt.com www.google.co.th *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net yastatic.net iytimg.com *.clarity.ms *.siteintercept.qualtrics.com fd.ivoclar.com;object-src 'self';upgrade-insecure-requests ;frame-ancestors 'self' data: px.ads.linkedin.com *.google.com *.gstatic.com *.googletagmanager.com *.youtube.com *.gigya.com *.cookiebot.com *.purechat.com *.purechatcdn.com *.googleapis.com *.google-analytics.com *.go-mpulse.net *.ivoclarvivadent.com *.ivoclar.com *.vimeo.com challenges.cloudflare.com *.clarity.ms *.siteintercept.qualtrics.com fd.ivoclar.com;connect-src 'self' wss: https:;default-src https: mailto:;base-uri 'self';form-action 'self' https:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' playcanvas.com msg.playcanvas.com code.playcanvas.com relay.playcanvas.com https://js.stripe.com https://*.google.com https://*.google-analytics.com https://www.googletagmanager.com https://s3-eu-west-1.amazonaws.com https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src https://playcanvas.com 'self' data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api-gateway.scriptintel.io https://s.webexperiences.com https://www.redditstatic.com https://fe.sitedataprocessing.com https://ml314.com https://go.vbrick.com https://rp.liadm.com https://pi.pardot.com https://px.ads.linkedin.com https://cdn.webexperiences.com https://snap.licdn.com https://frontend.id-visitors.com https://code.visitor-track.com https://trk.techtarget.com https://static.ads-twitter.com https://a.usbrowserspeed.com https://kit.fontawesome.com https://app.ardalio.com https://tag.demandbase.com https://redditstatic.com https://cdn-cookieyes.com https://nitroscripts.com https://s.company-target.com https://d-code.liadm.com https://unpkg.com/ platform.instagram.com www.instagram.com www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://s.w.org https://px.ads.linkedin.com https://cnv.event.prod.bidr.io https://id.rlcdn.com https://alb.reddit.com https://segments.company-target.com https://plugin-updates.wpengine.com https://cdn-cookieyes.com https://www.linkedin.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://px.ads.linkedin.com https://rp.liadm.com https://app.ardalio.com https://ibc-flow.techtarget.com https://www.google.com https://ka-p.fontawesome.com https://pixel-config.reddit.com https://www.redditstatic.com https://kit.fontawesome.com https://api.company-target.com https://redditstatic.com https://log.cookieyes.com https://cdn-cookieyes.com https://to.getnitropack.com https://lottie.host/ https://cdn.jsdelivr.net/ *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://ka-p.fontawesome.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' ; frame-src 'self' https://go.vbrick.com https://s.company-target.com https://vision.rev.vbrick.com https://www.ardalio.net www.instagram.com *.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.googletagmanager.com; manifest-src 'self' ; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; base-uri 'self' ; form-action 'self' ; frame-ancestors 'self' ; report-uri https://vbrick.com?gdsih-csp-report; 2
frame-ancestors 'self' https://app.storyblok.com http://app.storyblok.com/; font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data: https://fast.wistia.net/ https://www.sjwoe.com; 2
object-src 'none'; frame-ancestors https://*.ncrvoyix.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.oney.io *.staging.oney.io bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://fonts.gstatic.com https://*.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com *.facil-iti.app *.facil-iti.com *.flymenu.fr 'self' data: assets.merci-app.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://www.googletagmanager.com https://www.facebook.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com *.hipay-tpp.com *.hipay.com *.googleapis.com bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://www.googletagmanager.com https://www.google.com https://www.google.fr https://googleads.g.doubleclick.net https://ad.ad-srv.net https://hal9000.redintelligence.net https://tags.dynamo.one https://ad4m.at https://ad4mat.net https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://cl.avis-verifies.com https://www.facebook.com *.tradedoubler.com https://v.calameo.com/ *.facil-iti.app *.facil-iti.com *.spotify.com *.flymenu.fr td.doubleclick.net tr.snapchat.com docs.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.hipay.com *.googleapis.com *.oney.io *.staging.oney.io *.hsforms.net *.hsforms.com bio.coop *.bio.coop https://toq.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr https://www.google.com https://www.google.fr https://maps.googleapis.com https://maps.gstatic.com https://cl.avis-verifies.com https://bat.bing.com https://googleads.g.doubleclick.net https://track.adform.net https://ad4m.at *.ad4m.at https://cm.g.doubleclick.net https://ih.adscale.de https://rtb-csync.smartadserver.com https://dsum-sec.casalemedia.com https://a.twiago.com https://dmp.ad4mat.net https://www.googletagmanager.com blob: https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://dpm.demdex.net https://match.justpremium.com https://x.bidswitch.net https://sync.1rx.io https://sync.targeting.unrulymedia.com https://id5-sync.com https://ice.360yield.com https://www.facebook.com *.clarity.ms *.bing.com *.doubleclick.net https://i.ytimg.com/ *.facil-iti.app *.facil-iti.com *.digital-metric.net *.cookielaw.org/ *.flymenu.fr 'self' data: www.facebook.com adservice.google.com *.googleusercontent.com www.google.pl www.google.ch www.google.be www.google.es www.google.de www.google.mg tr.snapchat.com trk.datnova.com pagead2.googlesyndication.com *.linkedin.com px.ads.linkedin.com connect.facebook.net www.google.sn a.imgstatics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.oney.io *.staging.oney.io *.hsforms.net *.hsforms.com bio.coop *.bio.coop https://toq.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr https://www.google.com https://www.google.fr https://maps.googleapis.com https://www.googletagmanager.com https://cl.avis-verifies.com https://bat.bing.com https://googleads.g.doubleclick.net https://img.metaffiliation.com https://tags.dynamo.one https://profiling.veoxa.com https://js.sddan.com https://pixel.social-media-system.com https://ad4mat.de https://ad4m.at *.ad4m.at https://sddan.mgr.consensu.org https://mon.social-media-system.com https://sv.ciblelink.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.gstatic.com https://tracking.veoxa.com https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://forms.sbc30.net https://connect.facebook.net https://analytics.optimalpeople.fr https://vu.adschoom.com https://svht.tradedoubler.com *.clarity.ms *.facil-iti.app *.facil-iti.com *.digital-metric.net *.aticdn.net https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.cookielaw.org/ *.flymenu.fr *.gstatic.com api.flymenu.fr sc-static.net apicit.net p.gsitrix.com tr.snapchat.com cdn.cookielaw.org xir.prixclub.com bat.bing.com tags.clickintext.net tag.aticdn.net o.gsitrix.com swrap.tradedoubler.com trk.datnova.com gateway.taginsight.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.hipay.com *.googleapis.com bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://fonts.googleapis.com https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com *.facil-iti.app *.facil-iti.com *.flymenu.fr *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com *.googleapis.com bio.coop *.bio.coop https://toq.bio.coop www.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr www.biocoop.fr https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com *.facil-iti.app *.facil-iti.com *.flymenu.fr www.bing.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com https://www.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.oney.io *.staging.oney.io t.elasticsuite.io *.hsforms.net *.hsforms.com bio.coop *.bio.coop https://toq.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr https://stats.g.doubleclick.net https://img.metaffiliation.com https://bam.nr-data.net https://action.metaffiliation.com https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://analytics.optimalpeople.fr *.clarity.ms *.pvnsolutions.com https://stage-secure-gateway.hipay-tpp.com https://secure-gateway.hipay-tpp.com *.facil-iti.app *.facil-iti.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.cookielaw.org/ *.onetrust.com/ *.flymenu.fr *.google-analytics.com api.flymenu.fr logc412.xiti.com www.facebook.com bat.bing.com p.gsitrix.com *.onetrust.com adservice.google.com *.snapchat.com pagead2.googlesyndication.com gateway.taginsight.com rum.hlx.page px.ads.linkedin.com googleads.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: ; worker-src 'self' blob: ; 2
frame-ancestors 'self' http://localhost 2
frame-ancestors 'self' https://*.youtube.com 2
frame-ancestors 'self' https://app-eu1.hubspot.com https://www.googletagmanager.com https://www.einpresswire.com https://*.vercel.app 2
base-uri 'self';frame-ancestors 'self'; 2
frame-ancestors 'self' https://*.sherweb.com https://cumulus.sherweb.com https://cloudmanagerportal.com https://cumulus.ismgrid.com https://techdata.sherweb.com https://control.intellam.com https://cumulus.fusenetworks.com https://cloud.itpartners.com https://portal.massiveit.com https://control.careservtech.com https://billing.rak4cloud.com https://control.gocareserv.help 2
frame-ancestors 'self' https://dealerexperience.cadillac.com 2
frame-ancestors 'self' *.inforcloudsuite.com 2
script-src 'self' https://chat.seznam.cz https://*.hit.gemius.pl https://www.stream.cz/static/embed/ https://h.seznam.cz https://c.imedia.cz; report-uri /cspreport; 2
frame-ancestors 'self' localhost:* 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.userway.org https://iframely.shorthand.com https://cdn.cookielaw.org https://haymarketimpact.shorthandstories.com https://player.vimeo.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://use.typekit.com https://*.typekit.net; img-src 'self' data: https:; frame-src https://www.youtube.com https://player.vimeo.com https://iframely.shorthand.com; media-src 'self' https://haymarketimpact.shorthandstories.com; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; 2
frame-ancestors capacitor://hybrid.etisalat.eg http://hybrid.etisalat.eg https://hybrid.etisalat.eg https://www.etisalat.eg https://etisalat.eg https://*.etisalat.eg http://www.etisalat.eg http://etisalat.eg http://*.etisalat.eg https://www.eand.com.eg https://eand.com.eg http://www.eand.com.eg http://eand.com.eg https://eandbusiness.com.eg http://eandbusiness.com.eg https://www.eandbusiness.com.eg http://www.eandbusiness.com.eg; 2
frame-ancestors 'self' https://*.model-t.cc.commerce.ondemand.com https://*.freedom.com.au 2
default-src 'self' data: webform-euc.freshsales.io euc-assets.freshsales.io vartastoragegmbh.myfreshworks.com px.ads.linkedin.com cdn.linkedin.oribi.io region1.analytics.google.com varta.matomo.cloud metrics.hotjar.io csmetrics.hotjar.com content.hotjar.io wss://ws.hotjar.com wss://wsp19.hotjar.com csmetrics.hotjar.com wss://ws32.hotjar.com wss://ws5.hotjar.com in.hotjar.com csp.withgoogle.com www.salesviewer.com salesviewer.org dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com www.facebook.com region1.google-analytics.com maps.googleapis.com stats.g.doubleclick.net www.google-analytics.com irs.tools.investis.com static.b-ite.com www.youtube.com jobs.b-ite.com config1.veinteractive.com cookiee1.veinteractive.com sessionapi.veinteractive.com dtrc.veinteractive.com www.google.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: files.qualifio.com data: webform-euc.freshsales.io euc-assets.freshsales.io vartastoragegmbh.myfreshworks.com snap.licdn.com script.hotjar.com static.hotjar.com clients1.google.com cse.google.com dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com connect.facebook.net maps.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net www.youtube.com static.b-ite.com cs-assets.b-ite.com config1.veinteractive.com https://partner.googleadservices.com https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com  https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net; font-src  'self' 'unsafe-inline' data: dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com  fonts.gstatic.com googleads.g.doubleclick.net;  img-src 'self' 'unsafe-inline' data: https://stats.g.doubleclick.net biz2.service.varta-ag.com connect.facebook.net www.linkedin.com px.ads.linkedin.com region1.analytics.google.com cse.google.com clients1.google.com www.googleapis.com ssl.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com fonts.gstatic.com dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com www.varta-microbattery.com www.facebook.com biz.service.varta-consumer.com cs-assets.b-ite.com https://google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com  https://www.google-analytics.com https://www.google.de https://region1.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com; style-src https: 'unsafe-inline' dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com; frame-src 'self' dev-varta-ag.varta-ag.com www.varta-ag.com www.varta.de www.powerone-household.com dev-powerone-household.varta-ag.com www.v4smart.com clearon.qualifioapp.com driveuploader.com www.google.com irs.tools.investis.com www.youtube-nocookie.com www.youtube.com vartastoragegmbh.myfreshworks.com https://www.googletagmanager.com https://td.doubleclick.net varta.fangamesbyhulan.com hulan.beer frame-ancestors 'self' dev-varta-ag.varta-ag.com www.varta-ag.com https://varta-sales-spot.hald.de https://sales-spot.varta-ag.com; child-src blob: 'self' vars.hotjar.com cse.google.com dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com www.youtube-nocookie.com www.youtube.com config1.veinteractive.com www.google.com cdn.matomo.cloud irs.tools.investis.com webform-euc.freshsales.io euc-assets.freshsales.io vartastoragegmbh.myfreshworks.com; connect-src https://www.powerone-household.com https://dev-powerone-household.varta-ag.com https://www.youtube-nocookie.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://px.ads.linkedin.com  https://salesviewer.org https://www.varta-ag.com https://dev-varta-ag.varta-ag.com https://jobs.b-ite.com https://content.hotjar.io wss://ws.hotjar.com https://www.youtube.com/iframe_api; 2
frame-ancestors 'self' https://parentline.com.au https://www.parentline.com.au https://kidshelpline.com.au https://*.kidshelpline.com.au; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; connect-src 'self' https://*; img-src 'self' data: blob: https://*; style-src 'self' 'unsafe-inline' https://*; font-src 'self' https://*; frame-src 'self' https://*; 2
default-src 'self'; script-src 'self'; object-src 'none'; 2
default-src 'self';                script-src 'self' https: 'unsafe-inline' 'unsafe-eval';                style-src 'self' https: 'unsafe-inline';                img-src 'self' https: data: blob:;                media-src 'self' https://www.youtube.com https://*.vimeo.com;                connect-src 'self' https:;                frame-src 'self' https:;                frame-ancestors 'none';                font-src 'self' https://identity.mandai.com;                object-src 'none'; 2
frame-ancestors 'self' newapp.etracker.com; 2
frame-ancestors 'self'; object-src 'self'; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com static.cloudflareinsights.com cdnjs.cloudflare.com cdn.tailwindcss.com www.google.com www.gstatic.com fonts.gstatic.com ajax.googleapis.com cdn.jsdelivr.net region-resource.optoma.com code.jquery.com assets.calendly.com; 2
frame-ancestors resources.levelaccess.com 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net blob: https://tracking.g2crowd.com *.nitrocdn.com https://nitroscripts.com https://code.highcharts.com https://static.addtoany.com https://js.intercomcdn.com https://js.hubspot.com/web-interactives-embed.js https://js.adsrvr.org *.vidyard.com https://cdn.wmxtools.com https://widget.intercom.io https://cdn.jsdelivr.net/npm/hockeystack@latest/ https://a.usbrowserspeed.com https://www.levelaccess.com https://www.influ2.com https://ct.capterra.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://gdata.youtube.com https://www.adnxs-simple.com https://www.adnxs.com https://www.googletagservices.com https://www.googleadservices.com https://www.doubleclick.net https://www.google.com https://t.influ2.com https://ajax.googleapis.com *.greenhouse.io https://bat.bing.com https://cdnjs.cloudflare.com https://cta-service-cms2.hubspot.com https://code.jquery.com https://connect.facebook.net https://cdn.bizible.com https://content.linkedin.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://dsp-creative.demandbase.com https://d.adroll.com https://forms.hsforms.com https://graph.facebook.com https://googleads.g.doubleclick.net https://google-analytics.com https://googletagmanager.com https://js.hscta.net https://js.facebook.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://js.qualified.com https://j.6sc.co https://resources.levelaccess.com https://a.levelaccess.com https://learn.levelaccess.com https://m.youtube.com https://stackpath.bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://app.qualified.com/ https://platform.linkedin.com https://r.bing.com https://src.litix.io https://stackpath.bootstrapcdn.com https://s.adroll.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://www.hsforms.net https://www.hsforms.com https://cdnjs.cloudflare.com https://levelaccess.com/a/ https://levelaccess.com/a/previous-channels-assets/ *.googlesyndication.com *.googleadservices.com https://resources.levelaccess.com www.googletagmanager.com *.google.nl *.google.ca https://cdn.jsdelivr.net/npm/canvas-confetti@1.6.0/dist/confetti.browser.min.js  *.cookiebot.com *.addtoany.com *.formhq.net *.google-analytics.com *.zoominfo.com https://js.adsrvr.org https://jsv3.recruitics.com/ https://cdn.rollbar.com/rollbarjs/refs/tags/v2.22.0/rollbar.min.js https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://unpkg.com/lottie-web@5.12.0/build/player/lottie.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://dev.visualwebsiteoptimizer.com https://load.sgtm.levelaccess.com https://sgtm.levelaccess.com https://content.hotjar.io https://browser.sentry-cdn.com;connect-src 'self' https://content.hotjar.io https://data.hockeystack.com/send https://cdn.jsdelivr.net/sm/ https://nitropack.io https://cta-service-cms2.hubspot.com https://nitropack.io  https://insight.adsrvr.org https://vc.hotjar.io https://ipapi.co/json/ https://api-iam.intercom.io https://www.googletagmanager.com *.nitrocdn.com *.litix.io https://epsilon.6sense.com/v3/company/details https://px.ads.linkedin.com https://www.google-analytics.com https://c.6sc.co https://ipv6.6sc.co *.getnitropack.com https://t.influ2.com https://ws.qualified.com https://app.qualified.com https://js.qualified.com https://stats.g.doubleclick.net wss://ws.qualified.com wss://ws1.qualified.com wss://ws.hotjar.com https://sgtm.levelaccess.com https://tracking.g2crowd.com https://hubspot-forms-static-embed.s3.amazonaws.com data: https://forms.hsforms.com https://api.formhq.net https://api.hubapi.com *.hubapi.com https://ws.zoominfo.com https://analytics.google.com *.nitrocdn.com https://api.hubapi.com *.hubapi.com https://googleads.g.doubleclick.net *.doubleclick.net https://fast.wistia.net *.wistia.com https://yoast.com/ *.bing.com https://www.google.com https://google.com https://regional.google-analytics.com *.google-analytics.com *.googlesyndication.com *.google.nl *.google.ca *.googleadservices.com *.cookiebot.com https://dev.visualwebsiteoptimizer.com https://www.facebook.com https://tracking-api.g2.com;object-src embedwistia-a.akamaihd.net;child-src 'self' data: blob: https://www.google.com https://www.doubleclick.net https://www.googlesyndication.com https://www.adnxs.com https://www.facebook.com app.hubspot.com connect.facebook.net forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net www.youtube.com www.ub-assets.com www.cloudfront.net www.unbounce.com www.static.addtoany.com www.googletagmanager.com *.cookiebot.com;base-uri 'self' https://www.adnxs.com;form-action 'self' https://www.google.com https://www.facebook.com connect.facebook.net download.essentialaccessibility.com forms.hubspot.com forms.hsforms.com;worker-src 'self' blob: https://www.google.com;frame-src 'self' data: https://insight.adsrvr.org/ https://fast.wistia.com https://fast.wistia.net https://play.vidyard.com https://static.addtoany.com/ https://match.adsrvr.org/ https://www.googletagmanager.com/ https://td.doubleclick.net https://www.youtube.com https://www.cloudfront.net/ https://www.unbounce.com/ https://www.surveymonkey.com https://www.ub-assets.com/ https://app.qualified.com/ https://gdata.youtube.com *.greenhouse.io https://www.hubspot.com https://www.hsforms.net https://www.hsforms.com https://cdnjs.cloudflare.com https://www.facebook.com/ https://consentcdn.cookiebot.com/ https://vars.hotjar.com/ forms.hsforms.com   https://cdn.rollbar.com/rollbarjs/refs/tags/v2.22.0/rollbar.min.js https://jsv3.recruitics.com/ https://code.jquery.com/jquery-3.3.1.min.js https://dev.visualwebsiteoptimizer.com blob: https://sgtm.levelaccess.com;style-src 'self' 'report-sample' 'unsafe-inline' blob: *.google.com *.licdn.com *.nitrocdn.com *.cloudfront.net *.unbounce.com *.ub-assets.com *.qualified.com *.bing.com *.bootstrapcdn.com https://cdn.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com code.jquery.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://code.jquery.com/jquery-3.3.1.min.js https://js.adsrvr.org  https://js.adsrvr.org/up_loader.1.1.0.js https://fast.wistia.com gdata.youtube.com fonts.googleapis.com https://levelaccess.com/a/previous-channels-assets/ https://levelaccess.com/a/previous-channels-assets/ https://resources.levelaccess.com www.googletagmanager.com;manifest-src 'self';media-src 'self' https://www.levelaccess.com blob: https://app.qualified.com data: https://*.wistia.com https://*.wistia.net;img-src 'self' https://fonts.gstatic.com https://www.levelaccess.com/a/ https://forms-na1.hsforms.com *.nitrocdn.com https://stats.g.doubleclick.net https://perf-na1.hsforms.com https://www.google.co.il https://www.google.de https://play.vidyard.com/ *.vidyard.com https://ps.w.org https://levelaccess.com https://cdn.addevent.com https://uploads-ssl.webflow.com https://imgsct.cookiebot.com *.nitrocdn.com  *.linkedin.com https://s.w.org *.hubspot.com *.bing.com *.6sc.co *.facebook.com *.google.co.in *.google.com *.google.ca *.google.nl *.px.ads.linkedin.com https://www.google.com https://www.google.co.in https://forms.hsforms.com data: *.wistia.com https://*.wistia.net https://www.googletagmanager.com *.capterra.com https://www.google-analytics.com https://*.googleapis.com https://*.google.com https://dev.visualwebsiteoptimizer.com https://sgtm.levelaccess.com https://googleads.g.doubleclick.net;font-src 'self' https://stackpath.bootstrapcdn.com/ https://fonts.gstatic.com https://fast.wistia.com https://s0.wp.com https://cdn.rollbar.com/ https://jsv3.recruitics.com/ *.wistia.com https://cdnjs.cloudflare.com https://fast.wistia.net *.google.nl *.google.ca *.nitrocdn.com data:; 2
frame-ancestors 'self' alanhealth.cloudflareaccess.com/ app.intercom.com/ app.eu.intercom.com/ cdp-eu.customer.io/ localhost:9999 *.eu.saleor.cloud 2
upgrade-insecure-requests; report-uri /csp/report; 2
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.formstack.com; frame-ancestors 'self'; img-src 'self' data: https://res.cloudinary.com https://images.contentstack.io https://cdn.userway.org https://api.mapbox.com *.mouseflow.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' *.mouseflow.com; upgrade-insecure-requests; 2
default-src 'self' ka-p.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com connect.facebook.net *.doubleclick.net *.linkedin.com *.licdn.com *.criteo.com *.criteo.net kit.fontawesome.com consent.cookiebot.eu consentcdn.cookiebot.eu; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; img-src 'self' data: *.google.com *.gwallet.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.it *.googletagmanager.com *.doubleclick.net hicmobile.go2cloud.org track.hicmobile.com www.facebook.com imgsct.cookiebot.com ciphercoin.com img.sct.eu1.usercentrics.eu; frame-src 'self' *.google.com *.googletagmanager.com *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.elegantthemes.com *.yousign.com *.criteo.com www.facebook.com consentcdn.cookiebot.eu app.powerbi.com; font-src 'self' data: fonts.gstatic.com ka-p.fontawesome.com; connect-src 'self' sst.bbbell.it *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com ka-p.fontawesome.com www.facebook.com connect.facebook.net googleads.g.doubleclick.net *.doubleclick.net consentcdn.cookiebot.eu; 2
default-src 'none' ; script-src 'self' 'unsafe-inline' https://princestrust-opa--upgrade.custhelp.com https://partner-tools.moneyadviceservice.org.uk https://debt-advice-locator.moneyhelper.org.uk https://tool.moneyhelper.org.uk https://tools.moneyhelper.org.uk https://static.hotjar.com https://script.hotjar.com https://cc.cdn.civiccomputing.com https://www.gstatic.com https://www.google.com https://kit.fontawesome.com https://princestrust.widget.custhelp.com https://js.stripe.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://snap.licdn.com https://s7.addthis.com https://static.hotjar.com https://static.hotjar.io https://script.hotjar.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.silktide.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://www.rnengage.com; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://fonts.googleapis.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://princestrust.widget.custhelp.com; img-src 'self' data: https://i.ytimg.com https://www.fundraisingregulator.org.uk https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://www.linkedin.com https://downloads.ctfassets.net https://images.ctfassets.net https://downloads.ctfassets.net https://maps.gstatic.com https://maps.googleapis.com https://img.youtube.com https://www.google.co.uk https://www.google.co.in https://www.google.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.rnengage.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://fonts.gstatic.com; connect-src 'self' https://analytics-ipv6.tiktokw.us https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://metrics.hotjar.io https://surveystats.hotjar.io https://ask.hotjar.io https://static.hotjar.io https://static.hotjar.com https://www.google.com https://candidateportal.kingstrust.org.uk https://api.getthedata.com https://www.googleapis.com https://clapi.civiccomputing.com https://apikeys.civiccomputing.com https://candidateportal.princestrust.org.uk https://pagead2.googlesyndication.com https://graphql.contentful.com https://downloads.ctfassets.net https://images.ctfassets.net https://ka-p.fontawesome.com https://api.stripe.com https://drzyrklbmz-dsn.algolia.net https://drzyrklbmz-1.algolianet.com https://drzyrklbmz-2.algolianet.com https://drzyrklbmz-3.algolianet.com https://maps.googleapis.com https://fonts.gstatic.com https://analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.tiktok.com https://cdn.linkedin.oribi.io https://vc.hotjar.io https://a.eu.silktide.com wss://ws.hotjar.com https://content.hotjar.io https://princestrust-opa--uat.custhelp.com https://princestrust--uat.custhelp.com https://princestrust-opa.custhelp.com https://js.stripe.com https://px.ads.linkedin.com; frame-src https://debt-advice-locator.moneyhelper.org.uk https://tool.moneyhelper.org.uk https://tools.moneyhelper.org.uk https://www.googletagmanager.com https://www.google.com https://princestrust-opa--uat.custhelp.com https://princestrust-opa.custhelp.com https://princes-trust-digital.co.uk https://js.stripe.com https://hooks.stripe.com https://partner-tools.moneyadviceservice.org.uk https://r1.dotdigital-pages.com https://www.youtube.com https://*.doubleclick.net https://www.getmyfirstjob.co.uk https://www.youtube-nocookie.com https://www.youtube-nocookie.com/embed/ https://www.facebook.com/ *.google.com; media-src https://assets.ctfassets.net https://videos.ctfassets.net; 2
default-src https: data: 'unsafe-inline'; 2
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.knorr-bremse.com:* https://cdn.cookielaw.org https://responder.wt-safetag.com https://fbc.wcfbc.net https://*.gstatic.com https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://n0c357rmy1njbuit2friqwu.blob.core.windows.net; frame-ancestors 'self' https://www.threesixty-events.de/selectron_innotrans/; 2
frame-ancestors 'self' https://*.voya.com https://mybetterworld.es https://*.mybetterworld.es; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; base-uri 'none'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://api.openai.com https://*.boxever.com https://*.coveo.com https://global.ketchcdn.com https://cdn.ketchjs.com https://public.tableau.com https://*.cloudfront.net https://*.bound360.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.getsmartcontent.com https://play.vidyard.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://cdn.linkedin.oribi.io https://*.litix.io https://*.pardot.com https://*.questionpro.com https://*.rfihub.com https://*.rfihub.net https://*.sitecorecontenthub.cloud https://*.vizientinc.com https://*.wistia.com https://*.wistia.net https://ad.ipredictive.com https://ajax.googleapis.com https://analytics.twitter.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cnv.event.prod.bidr.io https://code.jquery.com https://connect.facebook.net https://*.sitecorecloud.io https://match.adsrvr.org https://maxcdn.bootstrapcdn.com https://snap.licdn.com https://static.ads-twitter.com https://cm.vizient.localhost http://www.vizient.localhost http://www.vizient.localhost:* ws://www.vizient.localhost:* http://localhost http://localhost:* ws://localhost:* https://t.co https://tracking.intentsify.io https://vhatv.vha.com https://vitals.vercel-insights.com https://www.cvent.com https://www.ethosce.com https://www.facebook.com https://www.google.ca https://www.google.com https://*.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://www.thinglink.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://tag.demandbase.com https://api.company-target.com https://company.target.com https://rlcdn.com https://id.rlcdn.com https://scripts.demandbase.com https://segments.company-target.com https://tag-logger.demandbase.com https://www.juicer.io https://www.podbean.com https://datawrapper.dwcdn.net https://embed.acast.com https://assets.juicer.io https://static.juicer.io https://media.licdn.com https://a.usbrowserspeed.com https://img.genially.com https://view.genially.com https://view.genial.ly https://*.simpli.fi https://cdn.knightlab.com https://vizient.wispform.com https://*.6sc.co https://secure.adnxs.com https://epsilon.6sense.com https://embed.podcasts.apple.com https://app.powerbi.com https://s.company-target.com https://unpkg.com https://vizient-chatbot.vercel.app; media-src 'self' data: blob: https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; 2
frame-ancestors 'self' https://digizone.sacombank.local https://digizone.sacombank.com 2
default-src 'self' *; img-src * 'unsafe-eval' 'unsafe-inline' mediastream: filesystem: data: blob: ;  connect-src 'self' * wss://nexus-websocket-a.intercom.io accounts.google.com https://api-iam.intercom.io https://mc.yandex.ru https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' * https://maxcdn.bootstrapcdn.com fonts.gstatic.com data:; frame-src 'self' * https://www.google.com https://bid.g.doubleclick.net; manifest-src 'self'; media-src 'self' https://js.intercomcdn.com/; object-src 'self'; script-src 'self' * 'unsafe-eval' 'unsafe-inline' blob: https://js.intercomcdn.com https://onesignal.com https://widget.intercom.io https://cdn.onesignal.com  https://www.googletagmanager.com https://mc.yandex.ru https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.jsdelivr.net/ https://www.googleadservices.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' * img123.s3.amazonaws.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com data: https://fonts.googleapis.com; base-uri 'none'; frame-ancestors 'self' https://metrika.yandex.ru/; upgrade-insecure-requests 2
default-src 'none'; script-src 'self' *.unpkg.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com 'nonce-c2NyaXB0X2dvb2dsZV9hbmFsaXR5Y3M=' 'nonce-c2NyaXB0X2dydXBvY3JpYXI=' 'nonce-c2NyaXB0X21haW5fZ3J1cG9jcmlhcg==' 'nonce-c2NyaXB0X3JlY2FwdGNoYQ==' 'nonce-c2NyaXB0X3JlY2FwdGNoYV9pbnZpc2libGU=' 'nonce-aG9tZS1zY3JpcHQ=' 'nonce-c2NyaXB0LXRyYWJhbGhlLWNvbm9zY28=' 'nonce-c2NyaXB0LW91dmlkb3JpYQ==' 'nonce-c2NyaXB0LW5hdGFs'; style-src 'self' *.googleapis.com 'nonce-c3R5bGVfZ3J1cG9jcmlhcg==' 'nonce-c3R5bGUtYS1oaXN0b3JpYQ==' 'nonce-c3R5bGUtaW5pY2lv' 'nonce-c3R5bGUtdHJlaW5hbWVudG8=' 'nonce-c3R5bGUtdmlkZW8=' 'nonce-c3R5bGUtY2xpcHBpbmc='; img-src 'self' data: *.gstatic.com *.google.com.br *.googletagmanager.com; frame-src 'self' *.google.com *.grupocriar.com.br https://localhost; connect-src 'self' *.analytics.google.com *.google-analytics.com *.doubleclick.net *.google.com; font-src 'self' *.googleapis.com *.gstatic.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' *.unpkg.com *.google.com; object-src 'self'; media-src 'self' 2
frame-ancestors 'self' https://app.rewire.to https://app3.rewire.to 2
frame-ancestors 'self' https://www.livesupportteam.com 2
default-src 'self' *.vanguard.com:* *.vgcontent.info:* *.vanguard.com *.vanguardinvestor.co.uk *.vanguard.co.uk *.kampyle.com;base-uri 'self';font-src 'self' https: data: *.vanguard.com:* *.vgcontent.info:* https://www.gstatic.com https://ssl.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com;form-action 'self';frame-ancestors 'self';img-src 'self' data: vanguard.d2.sc.omtrdc.net *.amazon-adsystem.com www.facebook.com *.doubleclick.net www.google.com *.adservice.google.com *.ytimg.com sjs.bizographics.com *.linkedin.com snap.licdn.com P.adsymptotic.com insight.adsrvr.org *.vanguard.com:* *.vgcontent.info:* *.vanguard.com *.vanguard.co.uk  ade.googlesyndication.com *.kampyle.com https://*.vanguardinvestor.co.uk https://alb.reddit.com https://match.adsrvr.org/ https://ib.adnxs.com https://www.googlesyndication.com https://www.google.com https://pagead2.googlesyndication.com;object-src 'none';script-src 'self' 'unsafe-inline' *.vgdynamic.info connect.facebook.net www.googleadservices.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net *.youtube.com/ *.vanguard.com:* *.vgcontent.info:* corp-pmj-ukpi.web.vanguard.com corp-pmj-ukpi.webt.vanguard.com *.kampyle.com https://*.vanguardinvestor.co.uk cdn.botframework.com/botframework-webchat/latest/webchat.js https://solutions.eu.invocacdn.com https://td.doubleclick.net https://www.redditstatic.com https://www.amcharts.com https://www.gstatic.com https://www.google.com https://tagmanager.google.com https://fonts.googleapis.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' *.vanguard.com:* *.vgcontent.info:* *.kampyle.com https://fonts.googleapis.com;connect-src *.demdex.net vanguard.d2.sc.omtrdc.net *.tt.omtrdc.net *.vanguard.com *.vanguard.co.uk static.vgcontent.info cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com corp-pmj.webt.vanguard.com corp-pmj-ukpi.web.vanguard.com corp-pmj-ukpi.webt.vanguard.com corp.etm.testassets.vgdynamic.info corp.etm.assets.vgdynamic.info corp.at2.assets.vgdynamic.info *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.kampyle.com *.medallia.com *.medallia.eu 'self' https://*.vanguardinvestor.co.uk https://*.vanguardinvestor.com https://*.vanguard.com directline.botframework.com https://pnapi.eu.invoca.net https://ad.doubleclick.net https://google.com https://www.redditstatic.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://www.googleapis.com https://tagmanager.google.com https://connect.facebook.net https://googletagmanager.com;frame-src *.demdex.net *.youtube.com insight.adsrvr.org 'self' *.vanguard.com *.kampyle.com vanguard-pf-git-vgpf-prod-raindrop-tech.vercel.app vanguard-pf-git-vgpf-dev-raindrop-tech.vercel.app https://www.googletagmanager.com https://td.doubleclick.net https://4598102.fls.doubleclick.net https://13621799.fls.doubleclick.net https://www.googlesyndication.com https://www.google.com https://pagead2.googlesyndication.com;upgrade-insecure-requests 2
default-src https: 'self' blob:;script-src https: 'unsafe-inline' 'unsafe-eval' 'self';script-src-elem https: 'self' 'unsafe-inline';object-src https: 'self' blob:;frame-src 'self' blob: https:;style-src 'unsafe-inline' https: data: 'self';font-src https: data:;img-src * data: 'self';connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://*.usw2.pure.cloud wss://intercept-api.questionpro.com; frame-ancestors https://embed.questionpro.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.xpressbet.com *.xpressbetonline.com *.xb-online.com *.youtube.com *.kaltura.com *.paysafecard.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.typekit.net *.livehelpnow.net *.xbselect.com *.redditstatic.com *.twitter.com *.polyfill.io *.paypal.com *.optimove.net *.radar.com *.plaid.com *.braintreegateway.com wss:; img-src * data:; font-src *; style-src * 'unsafe-inline'; media-src * blob:; worker-src * blob 2
default-src 'self' https://api.ibep-dev.com wss://u0f66ngvbb.execute-api.us-east-2.amazonaws.com/dev cms.ibep-dev.com diebibel-auth.ibep-dev.com https://api.ibep-prod.com wss://hd0agw1xri.execute-api.us-east-2.amazonaws.com/prod cms.ibep-prod.com diebibel-auth.ibep-prod.com https://api.ibep-staging.com wss://cny3wvor6f.execute-api.us-east-2.amazonaws.com/staging cms.ibep-staging.com diebibel-auth.ibep-staging.com https://api.ibep-test.com wss://e5cbjrq6gk.execute-api.us-east-2.amazonaws.com/test cms.ibep-test.com diebibel-auth.ibep-test.com www.youtube.com www.youtube-nocookie.com player.vimeo.com open.spotify.com public-player-widget.webradiosite.com streamyard.com *.lovable.app *.vercel.com *.vercel.app *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-sites-eu1.com hubspot-forms-static-embed-eu1.s3.amazonaws.com forms.office.com *.jotform.com developers.kakao.com *.kakaocdn.net story.kakao.com kapi.kakao.com *.kakao.com digiaccess.org *.eu.mautic.net *.digiaccess.org matomo.rackfish.com *.acast.com *.die-bibel.de static.ads-twitter.com nexus.ensighten.com td.doubleclick.net stats.g.doubleclick.net spenden.twingle.de *.customgpt.ai *.licdn.com www.gstatic.com www.google.com surveys.enalyzer.com *.omappapi.com optinmonster.com http://engage.biblijosdraugija.lt https://engage.biblijosdraugija.lt code.etracker.com www.etracker.de facebook.com *.facebook.com connect.facebook.net cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com file-examples.com www.googletagmanager.com www.bytesroute.com app.bytesroute.com bytesroute-backend.herokuapp.com use.typekit.net *.typekit.net *.google-analytics.com analytics.google.com *.analytics.google.com *.ingest.sentry.io d1weibdish4e0y.cloudfront.net d3t5ogzx22a7ri.cloudfront.net d1hkpuz2o5a2xw.cloudfront.net d1bxy2pveef3fq.cloudfront.net mautic.bijbelgenootschap.nl fonts.googleapis.com www.google.pt fonts.gstatic.com prezi-nocookies.com *.prezicdn.net wss://ws.hotjar.com *.hotjar.com *.hotjar.io buzzsprout.com www.buzzsprout.com cdn.onesignal.com onesignal.com bytesroute.com *.bytesroute.com *.webradiosite.com widget.spreaker.com *.spreaker.com *.canva.com *.clarity.ms *.linkedin.com *.tiktok.com *.debijbel.nl *.bijbelgenootschap.nl m.debijbel.nl ofertas.sbb.org.br docs.google.com forms.clickup.com app-cdn.clickup.com 'unsafe-inline'; img-src * data:; frame-src 'self' https://api.ibep-dev.com wss://u0f66ngvbb.execute-api.us-east-2.amazonaws.com/dev cms.ibep-dev.com diebibel-auth.ibep-dev.com https://api.ibep-prod.com wss://hd0agw1xri.execute-api.us-east-2.amazonaws.com/prod cms.ibep-prod.com diebibel-auth.ibep-prod.com https://api.ibep-staging.com wss://cny3wvor6f.execute-api.us-east-2.amazonaws.com/staging cms.ibep-staging.com diebibel-auth.ibep-staging.com https://api.ibep-test.com wss://e5cbjrq6gk.execute-api.us-east-2.amazonaws.com/test cms.ibep-test.com diebibel-auth.ibep-test.com www.youtube.com www.youtube-nocookie.com player.vimeo.com open.spotify.com public-player-widget.webradiosite.com streamyard.com *.lovable.app *.vercel.com *.vercel.app *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-sites-eu1.com hubspot-forms-static-embed-eu1.s3.amazonaws.com forms.office.com *.jotform.com developers.kakao.com *.kakaocdn.net story.kakao.com kapi.kakao.com *.kakao.com digiaccess.org *.eu.mautic.net *.digiaccess.org matomo.rackfish.com *.acast.com *.die-bibel.de static.ads-twitter.com nexus.ensighten.com td.doubleclick.net stats.g.doubleclick.net spenden.twingle.de *.customgpt.ai *.licdn.com www.gstatic.com www.google.com surveys.enalyzer.com *.omappapi.com optinmonster.com http://engage.biblijosdraugija.lt https://engage.biblijosdraugija.lt code.etracker.com www.etracker.de facebook.com *.facebook.com connect.facebook.net cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com file-examples.com www.googletagmanager.com www.bytesroute.com app.bytesroute.com bytesroute-backend.herokuapp.com use.typekit.net *.typekit.net *.google-analytics.com analytics.google.com *.analytics.google.com *.ingest.sentry.io d1weibdish4e0y.cloudfront.net d3t5ogzx22a7ri.cloudfront.net d1hkpuz2o5a2xw.cloudfront.net d1bxy2pveef3fq.cloudfront.net mautic.bijbelgenootschap.nl fonts.googleapis.com www.google.pt fonts.gstatic.com prezi-nocookies.com *.prezicdn.net wss://ws.hotjar.com *.hotjar.com *.hotjar.io buzzsprout.com www.buzzsprout.com cdn.onesignal.com onesignal.com bytesroute.com *.bytesroute.com *.webradiosite.com widget.spreaker.com *.spreaker.com *.canva.com *.clarity.ms *.linkedin.com *.tiktok.com *.debijbel.nl *.bijbelgenootschap.nl m.debijbel.nl ofertas.sbb.org.br docs.google.com forms.clickup.com app-cdn.clickup.com 2
default-src 'self' blob: *.powerentity.com *.energieag.at news.netzooe.at energieag.picturepark.com energieag.cdn.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com static.cloudflareinsights.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com *.eye-able.com *.digiaccess.org *.ksrndkehqnwntyxlhgto.com *.openstreetmap.org *.tiktok.com  *.tiktokw.us *.snapchat.com *.adnxs.com 'unsafe-inline' 'unsafe-eval' data: 2
frame-ancestors 'none'; frame-src 'self'  https://production.neocomapp.com/ https://*.youtube-nocookie.com https://www.google.com https://www.googletagmanager.com https://*.mollie.com https://*.paypal.com https://*.facebook.com https://shopware-app.releva.nz; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self' 2
default-src 'self';style-src 'self' 'unsafe-eval' 'unsafe-inline' *.usercentrics.eu www.dachser.com translate.googleapis.com;object-src 'self';base-uri 'self';font-src 'self' data: fonts.gstatic.com github.com player.podigee-cdn.net pouch-global-font-assets.s3.eu-central-1.amazonaws.com static3.avast.com;frame-src 'self' dachser-warehouse.atrivio.net app.usercentrics.eu veronline.me players.brightcove.net player.podigee-cdn.net players.brightcove.net dachser-warehousekapazitaeten.atrivio.net;img-src 'self' data:  https://px.ads.linkedin.com *.usercentrics.eu *.dachser.ch cf-images.eu-west-1.prod.boltdns.net metrics.brightcove.com app.usercentrics.eu www.dachser.com www.gstatic.com translate.google.com images.podigee-cdn.net www.dachser.com.tr www.etracker.de webtr.dachser.com www.facebook.com;manifest-src 'self';media-src blob: 'self';worker-src blob: ;connect-src mailto: 'self' www.dachser.com maps.googleapis.com bcboltbde696aa-a.akamaihd.net manifest.prod.boltdns.net edge.api.brightcove.com *.usercentrics.eu www.etracker.de webtr.dachser.com dachser-locations.atrivio.net www.google-analytics.com www.googletagmanager.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' webtr.dachser.com code.etracker.com app.usercentrics.eu edge.api.brightcove.com vjs.zencdn.net api.signalize.com players.brightcove.net maps.googleapis.com www.dachser.com 3001.scriptcdn.net s3-us-west-2.amazonaws.com s3.amazonaws.com www.google-analytics.com www.googletagmanager.com www.pagespeed-mod.com 2508t.dsp7c.com connect.facebook.net maps.googleapis.com www.dachser.com www.etracker.de webtr.dachser.com https://code.etracker.com/t.js https://dmr-notification.atrivio.net/js/main.js https://maps.googleapis.com/maps/api/js https://static.etracker.com/code/e.js https://www.etracker.de/cntcc;script-src-attr 'self' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com webtr.dachser.com www.googletagmanager.com edge.api.brightcove.com vjs.zencdn.net api.signalize.com players.brightcove.net app.usercentrics.eu cdn.podigee.com player.podigee-cdn.net maps.googleapis.com najiwu.xeyutezepo.com www.dachser.com dmr-notification.atrivio.net static.etracker.com www.etracker.de data1.pamurt.com bopati.xuyobidexe-vipopucec.com code.etracker.com data1.scopich.com images.podigee-cdn.net www.dachser.com.tr www.etracker.de www.facebook.com www.gstatic.com;style-src-attr 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' webtr.dachser.com code.etracker.com player.podigee-cdn.net www.dachser.com cdn.podigee.com; report-uri https://atrivio.report-uri.com/r/d/csp/reportOnly https://atrivio.report-uri.com/r/d/csp/wizard; 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' st.dynamicyield.com assets.adobedtm.com snap.licdn.com api-mastercard-dxp.nd.nudatasecurity.com pi.pardot.com go.mastercardservices.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com cdn.jsdelivr.net https://asset.forms.mastercard.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://unpkg.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' s.go-mpulse.net st.dynamicyield.com pi.pardot.com go.mastercardservices.com snap.licdn.com *.6sc.co *.6sense.com 6sense.com 6sc.co https://api-mastercard-dxp.nd.nudatasecurity.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com cdn.jsdelivr.net https://asset.forms.mastercard.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://unpkg.com platform.instagram.com platform.twitter.com; frame-ancestors 'self' https://thoughtleadership.forrester.com; report-uri https://www.mastercardservices.com/en/report-uri/enforce 2
frame-ancestors 'self' https://www.escanav.com; 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem:; 2
frame-ancestors https://*.wika.com/ 'self'; 2
default-src 'self'; script-src 'self' *.livechatinc.com *.mouseflow.com https://*.googletagmanager.com https://challenges.cloudflare.com https://maps.googleapis.com https://fonts.google.com; connect-src 'self' *.livechatinc.com *.mouseflow.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googleapis.com https://maps.googleapis.com https://ipapi.co controlpanel.voipfone.co.uk api.voipfone.co.uk controlpanel.voipfone.co.uk api.voipfone.co.uk controlpanel.voipfone.co.uk api.voipfone.co.uk controlpanel.voipfone.co.uk api.voipfone.co.uk controlpanel.voipfone.co.uk api.voipfone.co.uk; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; child-src 'self' *.livechatinc.com; frame-src 'self' *.livechatinc.com https://*.google.com https://challenges.cloudflare.com https://www.youtube.com; frame-ancestors 'none'; font-src 'self' https://fonts.gstatic.com; report-uri https://api.voipfone.co.uk/v1/csp-report; report-to csp-report 2
default-src 'self' *.6sc.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com apis.google.com *.cloudflare.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api *.pardot.com *.demandbase.com my.hellobar.com snap.licdn.com bat.bing.com *.doubleclick.net *.healthstream.com *.crazyegg.com *.driftt.com *.zoominfo.com *.clarity.ms www.clickcease.com *.ceros.com scout-cdn.salesloft.com https://cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/lazyload.js *.mountain.com https://js-agent.newrelic.com *.cookiebot.com www.youtube.com www.googleadservices.com www.google.com/jsapi www.gstatic.com healthstream.formstack.com sdk.signupgenius.com https://dec.azureedge.net cdn.ampproject.org *.cloudfront.net cdn.prod.website-files.com cdn.prod.website-files.com https://www.google.com/recaptcha/api.js https://cdn.jsdelivr.net https://cdn.intellimize.co/snippet/117301488.js j.6sc.co tr.capterra.com cdn.propensity.com https://cdn.propensity.com *.surveymonkey.com *.surveymonkey.net ajax.googleapis.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com www.google.com *.googleapis.com *.gstatic.com *.crazyegg.com https://dec.azureedge.net my.hellobar.com *.typekit.net web-chat.nativechat.com cdn.prod.website-files.com cdn.prod.website-files.com; img-src 'self' data: blob: *.gstatic.com *.google-analytics.com *.google.com *.googleapis.com *.google.ca www.googletagmanager.com www.facebook.com www.linkedin.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png px.ads.linkedin.com *.crazyegg.com *.ads.linkedin.com *.clarity.ms c.bing.com bat.bing.com bat.bing.net aorta.clickagy.com tr-rc.lfeeder.com https://dec.azureedge.net imgsct.cookiebot.com *.healthstream.com brand-assets.capterra.com *.hellobar.com click.s12.exacttarget.com googleads.g.doubleclick.net *.ytimg.com cdn.prod.website-files.com cdn.prod.website-files.com connect.facebook.net b.6sc.co prod.smassets.net; font-src 'self' data: fonts.gstatic.com go.pardot.com cdn.prod.website-files.com cdn.prod.website-files.com use.typekit.net cdn.smassets.net; frame-src 'self' data: *.googletagmanager.com *.pardot.com *.healthstream.com *.doubleclick.net *.google.com consentcdn.cookiebot.com *.crazyegg.com *.facebook.com *.g2.com *.ceros.com https://healthstream.formstack.com healthstream.tfaforms.net *.driftt.com datainsights-cdn.dm.aws.gartner.com https://www.youtube.com *.signupgenius.com cdn.embedly.com 117301488.intellimizeio.com *.surveymonkey.com; connect-src 'self' accounts.google.com *.google-analytics.com www.google.com *.doubleclick.net *.crazyegg.com hs.healthstream.com go.pardot.com *.clarity.ms cdn.linkedin.oribi.io ws.zoominfo.com analytics.google.com pagead2.googlesyndication.com px.ads.linkedin.com scout.salesloft.com www.redditstatic.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 bam.nr-data.net google.com *.cookiebot.com *.bing.com googletagmanager.com api.hellobar.com pro.ip-api.com sugapi.signupgenius.com sdk.signupgenius.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.11/iframeResizer.map https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js.map *.algolia.net www.facebook.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.1/iframeResizer.map https://*.intellimize.co/ https://bat.bing.net/ c.6sc.co ipv6.6sc.co *.6sense.com *.capterra.com https://analytics.propensity-abm.com https://a.usbrowserspeed.com https://*.surveymonkey.com; media-src 'self' data: blob: *.youtube.com; child-src 'self' blob: https://www.youtube.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com; form-action 'self' healthstream--hstm.my.salesforce.com webto.salesforce.com *.facebook.com; frame-ancestors 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-src 'none'; object-src 'none' 2
script-src 'nonce-DV4XHBTpdgHwfdxMlMFd6Q==' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' http: https:; base-uri none; frame-ancestors https://app.contentful.com; require-trusted-types-for 'script' 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src *; img-src * 'self' http: https: data:; frame-src *; style-src 'self' 'unsafe-inline'; font-src 'self'; base-uri 'self'; form-action 'self' *.hsforms.com; object-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 2
default-src 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' www.gstatic.com cdn.evgnet.com *.evergage.com wompi.us-6.evergage.com https://cdn.jsdelivr.net https://npmcdn.com https://www.googletagmanager.com https://www.google.com http://www.googletagmanager.com https://snap.licdn.com http://www.google-analytics.com https://connect.facebook.net https://static.zdassets.com;media-src 'self' https://static.zdassets.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net galatea-dev.apps.ambientesbc.com;frame-src 'self' www.google.com *.evergage.com wompi.us-6.evergage.com cdn.evgnet.com *.email.wompi.com recaptcha.google.com youtube.com https://td.doubleclick.net https://www.youtube.com blob: data:; img-src 'self' https://wompi.com *.email.wompi.com public-assets.wompi.com https://www.linkedin.com data: https://www.googletagmanager.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.com.co; font-src 'self' data: galatea-dev.apps.ambientesbc.com wompi.us-6.evergage.com; object-src 'self'; base-uri 'self';form-action 'self'; frame-ancestors 'self' *.evergage.com wompi.us-6.evergage.com *.email.wompi.com cdn.evgnet.com; connect-src 'self' ekr.zdassets.com cdn.evgnet.com wompi.us-6.evergage.com www.google.com https://*.wompi.co https://*.wompi.dev https://zendesk-eu.my.sentry.io https://wompipa.zendesk.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com px.ads.linkedin.com analytics.google.com ekr.zdassets.com https://px.ads.linkedin.com/wa wompi.zendesk.com wss://widget-mediator.zopim.com https://stats.g.doubleclick.net https://www.google.com.co https://hook.us1.make.com;report-to https://api.wompi.co/v1/csp-report;report-uri https://api.wompi.co/v1/csp-report; 2
upgrade-insecure-requests; frame-src *; 2
frame-ancestors 'self' https://*.obsbot.com 2
base-uri 'self';default-src 'self';object-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline' https://gstatic.com https://*.google.com https://*.googleapis.com code.gist.build;font-src 'self' data: https://fonts.gstatic.com;img-src 'self' data: blob: https: *.customer.io;script-src 'self' https://*.mollie.com https://*.adyen.com https://*.bing.com https://*.bing.net https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cvwizard.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://*.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms https://applepay.cdn-apple.com *.customer.io code.gist.build customerioforms.com 'nonce-ANDSNRn94ZUYESfAwT0qxw==' 'nonce-VLn/35kAbp+M64eA+zcEiw==' 'nonce-9czD6sTosdf0koKtRXHQ+w==' 'nonce-mpR6DgjD5ECeW9n/3hnksA==' 'nonce-SVSRjVLnP6maFgMedQl1cQ==' 'sha256-3plJBhqO9pYy4GbXJtuQhM3g/yksi0RyVGpeDp0SRe0=' 'sha256-RTHqs2JArCwrv7ZmWKJ2T4UYcP7LMMIRIa9Ny73UZ9Y=';child-src 'self' data: https:;frame-src 'self' data: https: renderer.gist.build code.gist.build;connect-src 'self' https://*.mollie.com https://*.adyen.com https://*.bing.com https://*.bing.net https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cvwizard.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://*.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms https://applepay.cdn-apple.com *.customer.io code.gist.build customerioforms.com https://*.google-analytics.com https://*.doubleclick.net https://frstre.com https://*.linkedin.oribi.io https://googleadservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net *.customer.io customerioforms.com *.api.gist.build *.cloud.gist.build; 2
default-src 'self' telit.com *.telit.com telit.di.partsearch.oemsecretsapi.com *.oemsecrets.com blob: bing.com *.bing.com licdn.com  google-analytics.com *.google-analytics.com demandbase.com *.demandbase.com company-target.com *.company-target.com *.licdn.com *.recaptcha.net recaptcha.net gstatic.com *.gstatic.com google.com youtube-nocookie.com *.youtube-nocookie.com  youtube.com *.youtube.com ggpht.com *.ggpht.com googleapis.com *.googleapis.com ytimg.com *.ytimg.com *.doubleclick.net googletagmanager.com *.googletagmanager.com pardot.com *.pardot.com osano.com *.osano.com *.sharethis.com sharethis.com driftt.com *.driftt.com oribi.io *.oribi.io linkedin.com *.linkedin.com rlcdn.com *.rlcdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat gravatar.com *.gravatar.com w.org *.w.org wpengine.com *.wpengine.com yoast.com *.yoast.com jsdelivr.net *.jsdelivr.net wistia.com *.wistia.com helpscout.net *.helpscout.net *.litix.io litix.io cloudfront.net *.cloudfront.net *.devmobo.com cinterion.com *.cinterion.com securityscorecard.com *.securityscorecard.com *.googlesyndication.com googlesyndication.com *.facebook.net *.facebook.com *.alicdn.com *.typekit.net *.vimeo.com *.indeed.com *.killadsapi.com *.zi-scripts.com *.zoominfo.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://telit-newsletter.devmobo.com/l.php; base-uri 'self';frame-ancestors 'self' 2
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: googletagmanager.com tagmanager.google.com *.googletagmanager.com www.googleadservices.com www.google.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.typekit.net *.episerver.net zefzhat.appspot.com *.hotjar.com *.hotjar.io *.google-analytics.com analytics.google.com code.jquery.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com *.googleapis.com googleapis.com api.siteattention.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net *.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net eu1.snoobi.com ethn.io siteimproveanalytics.com www.gstatic.com *.giosgusercontent.com optimize.google.com *.lfeeder.com *.leadfeeder.com code.createjs.com *.vimeo.com go.upmspecialtypapers.com upm.leadfamly.com hm.baidu.com *.giosg.com t.lianacem.com static.ws.apsis.one static.ws-apac.apsis.one s3.amazonaws.com/beacon.pmmimediagroup.com/ static.ads-twitter.com js.monitor.azure.com ccchat-fi.telia.ee fonts.gstatic.com analytics.google.com bugcrowd.com assets.bugcrowdusercontent.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; font-src 'self' data: fonts.gstatic.com *.typekit.net storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.giosg.com *.giosgusercontent.com googleapis.com ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; img-src 'self' data: blob: about: googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se *.google.it www.googletagmanager.com www.google.com pagead2.googlesyndication.com www.googleadservices.com google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se www.google.it *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io *.analytics.google.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com *.googleapis.com googleapis.com maps.gstatic.com fonts.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com cdn.datatables.net s3.amazonaws.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com i.ytimg.com *.episerver.net cdn2.siteattention.com  amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com.hk www.linkedin.com 6049499.global.siteimproveanalytics.io assets.upm.com eu1.snoobi.com ml-eu.globenewswire.com mb.cision.com gateway.zscloud.net *.lfeeder.com *.leadfeeder.com go.upmspecialtypapers.com p.adsymptotic.com upm.leadfamly.com *.fbcdn.net *.flockler.com scontent.cdninstagram.com *.giosgusercontent.com *.giosg.com analytics.twitter.com t.co ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se *.google.it pagead2.googlesyndication.com www.googleadservices.com www.google.com google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se www.google.it *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com api.siteattention.com upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com restdev.siteattention.com *.mktoresp.com events.mapbox.com *.facebook.com *.typekit.net *.giosgusercontent.com *.giosg.com prospector.pmmimediagroup.com audience.ws.apsis.one t.lianacem.com googleapis.com maps.googleapis.com cdn.linkedin.oribi.io analytics.twitter.com wss://ccchat-fi.telia.ee ccchat-fi.telia.ee px.ads.linkedin.com wss://www.upm.com t.lianacem.com px.ads.linkedin.com *.monitor.azure.com ixfd2-api.bc0a.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com googletagmanager.com tagmanager.google.com fonts.googleapis.com livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com *.episerver.net use.fontawesome.com stackpath.bootstrapcdn.com cdn.jsdelivr.net cdn.datatables.net optimize.google.com *.giosg.com *.giosgusercontent.com ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-src 'self' data: www.googletagmanager.com *.doubleclick.net www.facebook.com connect.facebook.net www.google.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tools.euroland.com tagmanager.google.com pr.globenewswire.com *.youku.com *.vimeo.com *.metsasoppi.com *.arbonaut.com optimize.google.com ethn.io web.microsoftstream.com *.giosgusercontent.com *.giosg.com go.upmspecialtypapers.com open.spotify.com upm.leadfamly.com form.apsis.one player.simplecast.com v.qq.com selectscience.net googleapis.com tools.eurolandir.com w.soundcloud.com bugcrowd.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-ancestors 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; media-src 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; upgrade-insecure-requests; report-uri https://upmcms.report-uri.com/r/d/csp/enforce 2
object-src 'none'; upgrade-insecure-requests; 2
script-src 'self' 'unsafe-eval' unpkg.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com *.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://rebilly.github.io https://ws.sharethis.com maps.googleapis.com platform.instagram.com platform.twitter.com 'nonce-wSJbFP7FrTlHLRbtHETXjQ' 'sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=' 'sha256-rJWF1HTwzCkij/YjN5I/DlTS2OasS08kh3e2pM1Qj/Q=' 'sha256-xQbGZ2VRgYFIBPZn2GyIMrpvD1EZ9CHxEO7U/gwUvnM=' 'sha256-UL5iGLPIaIuci6xCCNMRZfZ/HFxYdnKuPELYWO6Eh/0=' 'sha256-YuT8PtTQSQVdoGr0bfv0HLis2eHoKlqMf8WDm3JOL3o='; script-src-attr 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-eval' unpkg.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com *.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://rebilly.github.io https://ws.sharethis.com maps.googleapis.com platform.instagram.com platform.twitter.com 'nonce-wSJbFP7FrTlHLRbtHETXjQ' 'sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=' 'sha256-rJWF1HTwzCkij/YjN5I/DlTS2OasS08kh3e2pM1Qj/Q=' 'sha256-xQbGZ2VRgYFIBPZn2GyIMrpvD1EZ9CHxEO7U/gwUvnM=' 'sha256-UL5iGLPIaIuci6xCCNMRZfZ/HFxYdnKuPELYWO6Eh/0=' 'sha256-YuT8PtTQSQVdoGr0bfv0HLis2eHoKlqMf8WDm3JOL3o='; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.googleapis.com https://cdnjs.cloudflare.com; worker-src 'self' blob: 2
default-src 'self'; img-src 'self' data: https://web-solutions.com.pl https://web-solutions.eu https://chat.web-solutions.eu https://*.w.org https://www.google.com https://bat.bing.com https://bat.bing.net https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self' https://*.google.com; frame-src 'self' https://www.google.com; connect-src 'self' https://web-solutions.eu https://web-solutions.com.pl https://clients.web-solutions.eu https://*.sentry.io https://cdn.jsdelivr.net https://bat.bing.com https://bat.bing.net https://*.googletagmanager.com https://*.google-analytics.com; object-src 'none' 2
default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; connect-src * 'self'; frame-src * 'self'; font-src * 'self'; media-src * 'self'; object-src * 'self'; worker-src 'self' blob:; 2
navigate-to hercrentals.com 2
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de lbb-hb.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com *.sli.do *.jsdelivr.net; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.lbb-hb.de; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do lbb-hb.de; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com yommaserver.synology.me:5001 *.sli.do; frame-ancestors 'self'; 2
script-src 'self' 'unsafe-inline' *.cookiebot.com *.hacon.de 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js www.googletagmanager.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.fontawesome.com use.fontawesome.com www5.smartadserver.com www.smartadserver.com https://id5-sync.com/ https://ced.sascdn.com/ *.sascdn.com www.congressweb.com https://embed.podcasts.apple.com https://form.asana.com video.theassociationpartner.com *.salespanel.io *.visitorqueue.io *.marinsm.com *.licdn.com *.adnxs.com *.contextweb.com *.amazonaws.com *.inspectlet.com *.googlesyndication.com *.prfct.co *.moatads.com *.googleadservices.com *.doubleclick.net *.processwebsitedata.com *.datasteam.io *.sitedataprocessing.com *.id5-sync.com *.ads-twitter.com *.liadm.com *.usbrowserspeed.com https://www.k12insight.com/ cdnjs.cloudflare.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com www5.smartadserver.com www.congressweb.com video.theassociationpartner.com *.sitedataprocessing.com https://www.k12insight.com/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.aasa.org *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com placeimg.com www5.smartadserver.com *.sascdn.com picsum.photos *.picsum.photos *.adnxs.com *.pontiac.media *.googletagmanager.com *.smartadserver.com *.linkedin.com *.thrtle.com *.prfct.co *.twitter.com *.addthis.com *.yahoo.com *.openx.net *.rubiconproject.com *.doubleclick.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com use.fontawesome.com; frame-src 'self' *.doubleclick.net *.youtube.com video.theassociationpartner.com/ *.snapwidget.com snapwidget.com *.apple.com *.podbean.com *.soundcloud.com *.sascdn.com https://www.googletagmanager.com/ *.k12insight.com https://i.liadm.com/ *.padlet.com padlet.com *.padlet.net padlet.net web-chat.nativechat.com; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://www.google.com https://www.googleadservices.com/ *.mktoresp.com *.fontawesome.com www5.smartadserver.com www.congressweb.com https://embed.podcasts.apple.com https://id5-sync.com analytics.google.com *.smartadserver.com *.ipify.org *.ipinfo.io *.inspectlet.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://www.youtube.com video.theassociationpartner.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www5.smartadserver.com https://id5-sync.com www.congressweb.com https://embed.podcasts.apple.com video.theassociationpartner.com https://snapwidget.com www.podbean.com 'self' web-chat.nativechat.com; frame-ancestors 'self' 2
frame-ancestors 'self' *.vietgiaitri.com *.vgt.vn 2
default-src 'self' https://www.citybankplc.com/ https://docs.google.com/ https://ibank.citybankplc.com/ https://www.google-analytics.com/ https://www.citytouch.com.bd/ https://www.google.com https://www.youtube.com/ https://stats.g.doubleclick.net/ https://lankabd.com/ https://analytics.google.com/; script-src 'self' https://cdn.datatables.net/ https://www.citybankplc.com/  https://www.googletagmanager.com/  https://www.google-analytics.com/ https://www.youtube.com/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.datatables.net/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' data: https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://fonts.gstatic.com/; frame-src https://www.youtube.com/  https://www.youtube-nocookie.com/ https://lankabd.com/ https://www.citytouch.com.bd/ https://ibank.thecitybank.com/ https://docs.google.com/; img-src 'self' data: https://www.google-analytics.com/ https://img.youtube.com/ https://www.google.com.bd/ https://www.facebook.com/ https://cityalo.com/; 2
default-src https: blob: data: ws: wss: 'self' 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://*.ftm.nl https://*.ftm.eu 2
default-src 'self'; connect-src 'self' https://api.newsletter2go.com; frame-ancestors 'self'; form-action 'self'; img-src 'self' https://files.newsletter2go.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.newsletter2go.com; style-src 'self' 'unsafe-inline'; 2
frame-ancestors 'self' https://*.microsoft.com https://*.instructure.com https://*.schoology.com https://*.brightspace.com https://*.elearningontario.ca; 2
default-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; child-src 'self' 'unsafe-inline'; frame-src 'self' https:; connect-src 'self' blob: https: http://platforms-info.jelastic.com/api/GetCurrency; img-src 'self' blob: https: data: 2
default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://sampatapi.areeo.ac.ir https://cdn.goftino.com *.goftino.com https://cdn.userway.org https://cdn77.api.userway.org https://panel.sofiamind.ir; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://panel.sofiamind.ir https://analytics.ihcs.ac.ir http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://*.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://*.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://*.goftino.com https://panel.sofiamind.ir https://cdn.userway.org https://widget-react.raychat.io https://analytics.ihcs.ac.ir; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com https://*.google-analytics.com www.google-analytics.com *.google-analytics.com https://analytics.ihcs.ac.ir data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com https://*.google-analytics.com www.google-analytics.com *.google-analytics.com https://samta.samt.ac.ir https://sampatapi.areeo.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com wss://*.goftino.com https://panel.sofiamind.ir https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io wss://ws10.goftino.com https://analytics.ihcs.ac.ir; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir https://panel.sofiamind.ir https://analytics.ihcs.ac.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 2
frame-ancestors 'self' *.zinghr.com teams.microsoft.com *.teams.microsoft.com *.skype.com; 2
default-src 'self' *; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js * https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdnjs.cloudflare.com 'self' cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com * 'self' 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://www.google.co.ve:* https://www.googletagmanager.com:* https://www.google.com:* https://cdnjs.cloudflare.com:* https://px.ads.linkedin.com:* https://www.achssalud.cl:* https://achssalud.cl:* https://www.google.com.ar https://connect.facebook.net https://www.google.cl *.linkedin.com 'self'; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *; frame-src https://www.google.com:* https://www.youtube.com:* https://td.doubleclick.net:* https://www.googletagmanager.com:* https://externo.achs.cl:* https://apps.sae1.pure.cloud:* https://dyo3z5271kl7e.cloudfront.net:* https://iframe.lfi-app.cl:* https://app.powerbi.com https://achs.my.salesforce-sites.com:* 'self'; connect-src accounts.google.com * *.mktoresp.com https://www.googletagmanager.com:* 'self'; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://td.doubleclick.net:* https://www.googletagmanager.com:* 'self'; frame-ancestors https://www.google.com:* https://www.youtube.com:* https://td.doubleclick.net:* https://www.googletagmanager.com:* https://externo.achs.cl:* https://apps.sae1.pure.cloud:* https://dyo3z5271kl7e.cloudfront.net:* https://iframe.lfi-app.cl:* https://app.powerbi.com 'self' 2
frame-ancestors 'self' *.virginmedia.ie  *.upc.biz; 2
frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 2
script-src 'self' 'unsafe-eval' 'unsafe-inline'      api.smulderstextiel.nl      beheer.smulderstextiel.nl      static.smulderstextiel.nl      static.smulderstextiel.be      static.smulderstextiles.be      static.smulderstextiles.fr      www.smulderstextiel.nl      www.smulderstextiel.be      www.smulderstextiles.be      www.smulderstextiles.fr      www.smulderstextiles.com      activate.smulderstextiel.nl      activate.smulderstextiel.be      activate.smulderstextiles.be      activate.smulderstextiles.fr       *.kameleoon.com      *.kameleoon.io      *.kameleoon.eu      www.mollie.com      squeezely.tech      bat.bing.com      bat.bing-int.com      c.clarity.ms      p.clarity.ms      www.clarity.ms      cdn.mouseflow.com      static.hotjar.com      script.hotjar.com      chimpstatic.com      dynamic.criteo.com      fledge.eu.criteo.com      gum.criteo.com      measurement-api.criteo.com      sslwidget.criteo.com      fonts.googleapis.com      googleads.g.doubleclick.net      maps.googleapis.com      maps.gstatic.com      pagead2.googlesyndication.com      region1.analytics.google.com      region1.google-analytics.com      stats.g.doubleclick.net      td.doubleclick.net      tpc.googlesyndication.com      www.google.com      www.google.nl      www.google-analytics.com      www.googleadservices.com      www.googletagmanager.com      www.gstatic.com      www.youtube.com       tr.snapchat.com      www.facebook.com      connect.facebook.net      ct.pinterest.com      s.pinimg.com      sc-static.net      static.ads-twitter.com      t.co      analytics.twitter.com      analytics.tiktok.com       scripts.clarity.ms;       frame-ancestors 'self'      https://app.kameleoon.com      https://kameleoon.com      https://www.kameleoon.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.analytics.google.com https://*.azure.com https://*.clarity.ms https://*.convert.com https://*.convertexperiments.com https://*.cookiebot.com https://*.doubleclick.net https://*.evolv.ai https://*.g.doubleclick.net https://*.google.be https://*.google.co.uk https://*.google.com https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.vimeo.com https://analytics-eu.clickdimensions.com https://api.uk.exponea.com https://assets-eu-01.kc-usercontent.com https://c.bing.com https://cdn-eu.clickdimensions.com https://connect.facebook.net https://dc.services.visualstudio.com https://discoverireland-f5cnbffec6cca8cn.a03.azurefd.net https://fonts.gstatic.com https://googleapis.com https://maps.gstatic.com https://preview-assets-eu-01.kc-usercontent.com https://www.facebook.com https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com wss://*.hotjar.com/api/v2/client/ws wws://*.hotjar.com/api/v2/client/ws; img-src 'self' data: blob: https://*.cloudfront.net https://*.crowdriff.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://*.analytics.google.com https://*.azure.com https://*.clarity.ms https://*.convert.com https://*.convertexperiments.com https://*.cookiebot.com https://*.doubleclick.net https://*.evolv.ai https://*.g.doubleclick.net https://*.google.be https://*.google.co.uk https://*.google.com https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.vimeo.com https://analytics-eu.clickdimensions.com https://api.uk.exponea.com https://assets-eu-01.kc-usercontent.com https://c.bing.com https://cdn-eu.clickdimensions.com https://connect.facebook.net https://dc.services.visualstudio.com https://discoverireland-f5cnbffec6cca8cn.a03.azurefd.net https://fonts.gstatic.com https://googleapis.com https://maps.gstatic.com https://preview-assets-eu-01.kc-usercontent.com https://www.facebook.com https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com wss://*.hotjar.com/api/v2/client/ws wws://*.hotjar.com/api/v2/client/ws; frame-ancestors 'none'; form-action 'self' https://analytics-eu.clickdimensions.com https://www.facebook.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.realperson.cloud code.jquery.com static.cloudflareinsights.com ajax.cloudflare.com *.cookiebot.com www.googletagmanager.com ssl.google-analytics.com analytics.regiohelden.de data: https://*.openstreetmap.org 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: source.unsplash.com images.unsplash.com usercontent.realperson.cloud www.googletagmanager.com www.google.de www.google.com ssl.google-analytics.com analytics.regiohelden.de imgsct.cookiebot.com https://*.openstreetmap.org; base-uri 'self'; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com www.linkedin.com www.chatnode.ai embed.chatnode.ai; form-action 'self'; style-src 'self' 'unsafe-inline' *.realperson.cloud *.cookiebot.com 'report-sample'; font-src 'self' data: *.realperson.cloud; worker-src 'self' blob:; connect-src 'self' https://chat2180.realperson.cloud wss://chat2180.realperson.cloud https://charts3.equitystory.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://analytics.regiohelden.de data: https://*.openstreetmap.org; frame-ancestors 'self'; report-uri https://www.stroeer.de/@http-reporting?csp=report&requestTime=1770397980435057&requestHash=da082e57074013e82dfd9d206b888605e34e3a3f 2
frame-ancestors 'self' https://*.pospal.cn https://*.pospal.ai https://honeymi.com.cn 2
default-src * 'unsafe-inline'; img-src http://* https://* data:; child-src 'none'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://* data:; frame-src https://*; worker-src https://* blob:; 2
default-src 'self'; script-src 'self' *.optimizely.com https://player.vimeo.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.typekit.net *.loyalhealth.com maps.googleapis.com *.tealiumiq.com; font-src 'self' *.typekit.net fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.optimizely.com *.typekit.net fonts.googleapis.com *.tiqcdn.com; img-src 'self' data: https://i.vimeocdn.com *.azureedge.net *.loyalhealth.com *.typekit.net www.baptist-health.com maps.googleapis.com maps.gstatic.com *.cms.optimizely.com *.ytimg.com *.wpenginepowered.com; connect-src 'self' data: *.optimizely.com https://vimeo.com *.typekit.net *.loyalhealth.com api-js.mixpanel.com *.googleapis.com *.tealiumiq.com *.tiqcdn.com; frame-src 'self' https://player.vimeo.com *.ypo.education youtube.com www.youtube.com youtu.be; object-src 'none'; frame-ancestors 'self' *.optimizely.com *.vimeo.com; worker-src 'self' blob:; form-action 'self' *.eloqua.com *.t.eloqua.com ; 2
default-src 'self' cdn.jsdelivr.net jsdelivr.net c.disquscdn.com disqus.com translations.signapsesolutions.com; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' js.sitesearch360.com cdn.sitesearch360.com translations.signapsesolutions.com js.monitor.azure.com disqus.com c.disquscdn.com https://*.clarity.ms https://c.bing.com highwaysagency.disqus.com emea3.recruitmentplatform.com s.ytimg.com www.youtube.com maps.googleapis.com unpkg.com apis.google.com www.google-analytics.com widgets.flickr.com wsstatic.govmetric.com www.gstatic.com cdn.syndication.twimg.com platform.twitter.com embedr.flickr.com www.google.com www.googletagmanager.com wsstatic.servmetric.com ajax.aspnetcdn.com cc.cdn.civiccomputing.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net hitcounter.govmetric.com cdn.jsdelivr.net jsdelivr.net websurveys2.govmetric.com websurveys2.servmetric.com www.browsealoud.com; style-src 'unsafe-inline' 'report-sample' 'self' wsstatic.servmetric.com cdn.jsdelivr.net jsdelivr.net c.disquscdn.com emea3.recruitmentplatform.com fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com unpkg.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ton.twimg.com platform.twitter.com p.typekit.net use.typekit.net websurveys2.govmetric.com websurveys2.servmetric.com; object-src 'none'; base-uri 'self'; connect-src 'self' www.googletagmanager.com js.monitor.azure.com global.sitesearch360.com insights.sitesearch360.com cdn.sitesearch360.com i0lne9atrk.execute-api.eu-west-2.amazonaws.com o4506903028891648.ingest.us.sentry.io uksouth-1.in.applicationinsights.azure.com https://*.clarity.ms https://c.bing.com region1.google-analytics.com maps.googleapis.com clapi.civiccomputing.com hitcounter.govmetric.com stats.g.doubleclick.net www.google-analytics.com emea3.recruitmentplatform.com plusqa.browsealoud.com www.browsealoud.com speech.speechstream.net embedr.flickr.com apikeys.civiccomputing.com plus.browsealoud.com; font-src 'self' emea3.recruitmentplatform.com fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net; frame-src 'self' player.vimeo.com green-hill-00bcb1d03.4.azurestaticapps.net podcasters.spotify.com web.powerva.microsoft.com anchor.fm app.powerbi.com content.googleapis.com www.arcgis.com *.arcgis.com arcgis.com disqus.com websurveys2.govmetric.com w.soundcloud.com www.google.com syndication.twitter.com platform.twitter.com www.facebook.com www.youtube.com; img-src data: 'self' i.vimeocdn.com insights.sitesearch360.com cdn.sitesearch360.com *.youtube.com img.youtube.com fonts.gstatic.com c.disquscdn.com referrer.disqus.com www.googletagmanager.com emea3.recruitmentplatform.com maps.gstatic.com maps.googleapis.com websurveys2.servmetric.com www.browsealoud.com stats.g.doubleclick.net abs.twimg.com www.google-analytics.com ton.twimg.com pbs.twimg.com platform.twitter.com syndication.twitter.com live.staticflickr.com i.ytimg.com websurveys2.govmetric.com; manifest-src 'self'; media-src 'self' blob: prod-sign-backend-signapisinterpretationwebtransl-1qw8ws199jmxo.s3.eu-west-2.amazonaws.com; worker-src 'none'; 2
default-src 'self' ; style-src https: 'unsafe-inline'; script-src https://*.ispserver.com/ https://*.ispserver.ae/ https://ispserver.ae/ https://ispserver.ru/ https://ispserver.com/  wss://*.chathost.ru/  https://*.chathost.ru/ https://*.carrotquest.app/ https://chat.hoztnode.net:3000 https://chat.ispsystem.net:3001 https://www.googletagmanager.com/ https://www.google.com/ https://my.ispserver.ru/ https://my.ispserver.com/ https://my.ispserver.ae/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://tag.marinsm.com/ https://mc.yandex.ru/ https://top-fwz1.mail.ru/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://pixel-geo.prfct.co/ 'unsafe-inline';	img-src * data:; connect-src 'self' https://api.carrottrack.app/ wss://*.chathost.ru/  https://*.chathost.ru/ https://*.carrottrack.io/ https://chat.hoztnode.net:3000/ wss://chat.hoztnode.net:3000/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://top-fwz1.mail.ru/ https://mc.yandex.ru/; frame-src 'self' https://www.google.com/ https://bid.g.doubleclick.net/; font-src 'self' https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'self'; frame-ancestors 'self' https://metrika.yandex.ru; 2
frame-ancestors 'self' https://*.public.emerios.com; 2
frame-ancestors 'self' https://jobcloud.ch https://www.jobcloud.ch https://jobs.ch https://www.jobs.ch https://jobup.ch https://www.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://www.jobscout24.ch https://jobscout24.ch https://impieghi.ch https://www.impieghi.ch https://www.stellenmarkt.ch https://stellenmarkt.ch https://www.jobbasel.ch https://www.jobbern.ch https://www.jobmittelland.ch https://www.myjob.ch https://www.ostjob.ch https://www.zentraljob.ch https://www.rhenus.com https://rhenus.com https://www.rhenus-truckerjobs.com https://www.lager-mitarbeiter.de 2
frame-ancestors 'self' www.dbresearch.com www.dbresearch.de *.zoom.us *.db.com *.db.com:* localhost:* localhost *research-db-a2.wsodqa.com; 2
frame-ancestors 'self' https://inevent.com https://app.inevent.com; 2
default-src 'self';script-src 'self' https://www.havas.com https://www.havas.fr https://www.youtube.com https://yt.zone-secure.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.matomo.cloud/matomo.js https://unpkg.com/friendly-challenge@0.9.11/widget.module.min.js 'unsafe-inline' 'unsafe-eval';style-src 'self' https://cdnjs.cloudflare.com 'unsafe-inline';object-src 'none';base-uri 'self'; connect-src 'self' https://region1.google-analytics.com https://www.google-ana lytics.com  https://havasgroup-site.matomo.cloud https://www.havas.com https://www.havas.fr;font-src 'self' data:;frame-src 'self' https://sdk.companywebcast.com https://gateway.euronext.com https://www.dailymotion.com https://www.youtube-nocookie.com https://geo.dailymotion.com https://player.vimeo.com https://sdk.co mpanywebcast.com;img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://s2.dmcdn.net/ https://s1.dmcdn.net/;manifest-src 'self';media-src 'self'; 2
frame-ancestors 'self' https://*.gls.de external.centralstationcrm.net; default-src 'self' external.centralstationcrm.net; style-src 'self' 'unsafe-inline' external.centralstationcrm.net cdn.eye-able.com; script-src 'self' 'unsafe-inline' *.gls.de connect.facebook.net www.facebook.com external.centralstationcrm.net cdn.eye-able.com 'wasm-unsafe-eval'; img-src 'self' *.gls.de connect.facebook.net www.facebook.com external.centralstationcrm.net cdn.eye-able.com data: https://i.vimeocdn.com https://rtc.maptoolkit.net external.centralstationcrm.net; font-src 'self' data:; connect-src 'self' *.gls.de external.centralstationcrm.net documents.anevis-solutions.com https://api.friendlycaptcha.com/api/v1/puzzle; object-src 'self'; base-uri 'none'; frame-src 'self' *.glsbank.de *.gls.de *.gls-bank.de https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://vimeocdn.com https://vr-international.vr-bankenportal.de *.frcapi.com; form-action 'self'; worker-src blob:; child-src blob:; 2
frame-ancestors 'self' https://*.notifica.re 2
connect-src 'self' https://*.clarity.ms/collect https://*.doubleclick.net https://*.dynamics.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.linkedin.oribi.io https://*.pagestrip.com https://*.tiktok.com https://*.usercentrics.eu https://*.youtube.com https://api.ustp.at https://api.visitlead.com https://bat.bing.com https://bat.bing.net https://cdn.ustp.at https://cis.ustp.at https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/eur https://mein.clickskeks.at https://my2.siteimprove.com https://pagead2.googlesyndication.com https://pagestrip.com https://px.ads.linkedin.com https://region1.google-analytics.com https://rest.visitlead.com https://sentry.ustp.at https://ws.visitlead.com https://www.google-analytics.com https://www.google.at/pagead/ https://www.google.com/pagead/ https://www.googleadservices.com https://www.recaptcha.net wss://*.visitlead.com wss://www.ustp.at; default-src 'self' https://*.ustp.at https://mein.clickskeks.at; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://*.pagestrip.com https://app.visitlead.com https://cdn.ustp.at https://www.ustp.at; frame-src 'self' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.issuu.com https://*.soundcloud.com https://*.tiktok.com https://*.twitter.com https://*.vimeo.com https://*.youtube-nocookie.com https://*.youtube.com https://3983ae0c4cda4253acf0d1c9fa481d64.svc.dynamics.com/ https://cba.media/ https://cis.ustp.at https://mein.clickskeks.at https://my2.siteimprove.com/ https://sjs.bizographics.com https://snap.licdn.com https://stream.visitlead.com https://www.googletagmanager.com/ https://www.podbean.com https://www.recaptcha.net https://www.yumpu.com; img-src 'self' data: https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.ggpht.com https://*.google-analytics.com https://*.google.at https://*.google.com https://*.googleusercontent.com https://*.gstatic.com https://*.linkedin.com https://*.pagestrip.com https://*.tiktokcdn.com https://*.usercentrics.eu https://*.ytimg.com https://ade.googlesyndication.com https://app.visitlead.com https://bat.bing.com https://bat.bing.net https://c.bing.com/c.gif https://c.clarity.ms https://cdn.ustp.at https://mein.clickskeks.at https://pagead2.googlesyndication.com https://www.filmspektakel.at https://www.googletagmanager.com https://www.ustp.at; media-src 'self' data: https://*.pagestrip.com https://app.visitlead.com https://cdn.ustp.at; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.doubleclick.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://*.pagestrip.com https://*.pubble.io https://*.youtube.com https://*.ytimg.com https://app.visitlead.com https://bat.bing.com https://browser-update.org https://campus-stp.at https://cdn.siteimprove.net/cms/overlay.js https://cdn.socket.io https://cdn.ustp.at https://code.jquery.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/eur https://googleads.g.doubleclick.net https://mein.clickskeks.at https://mktdplp102cdn.azureedge.net/public/latest/js/ws-tracking.js https://scripts.clarity.ms https://sjs.bizographics.com https://snap.licdn.com https://unpkg.com https://web.cmp.usercentrics.eu https://www.campus-stp.at https://www.clarity.ms https://www.googleadservices.com https://www.recaptcha.net https://www.ustp.at; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.pagestrip.com https://*.ytimg.com https://app.visitlead.com https://cdn.ustp.at https://mein.clickskeks.at https://www.campus-stp.at https://www.ustp.at; worker-src blob: https://www.ustp.at;  2
default-src: 'none' 2
default-src 'self' :data; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de web.cmp.usercentrics.eu app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: assets.kununu.com widgets.kununu.com uct.service.usercentrics.eu app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' web.cmp.usercentrics.eu app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 2
default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' blob: *; style-src 'unsafe-inline' *; object-src 'self'; font-src 'self' data: *; connect-src *; img-src 'self' data: *; frame-src *; media-src *; 2
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://js.hsforms.net https://player.dacast.com https://iframe.dacast.com https://prod-nplayer.dacast.com https://cdn.dacast.com https://cdn.plyr.io https://*.tradingview.com https://*.hubspot.com https://www.tickcounter.com https://*.wisekey.com https://*.hsleadflows.net https://*.certifyid.com https://www.brighttalk.com https://cdn.jsdelivr.net https://unpkg.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net/ https://z.moatads.com https://cdnjs.cloudflare.com https://*.twitter.com/ https://*.twimg.com https://s.ytimg.com https://*.google.com https://rawgit.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://*.facebook.net https://*.youtube.com https://www.recaptcha.net; style-src 'self' 'unsafe-inline' https://prod-nplayer.dacast.com https://cdn.plyr.io https://*.tradingview.com https://unpkg.com https://cdnjs.cloudflare.com/ https://*.twimg.com https://*.twitter.com https://*.bootstrapcdn.com https://*.googleapis.com https://cdn.wisekey.com; img-src 'self' data: https://licensing.theoplayer.com https://prod-nplayer.dacast.com https://universe-files.dacast.com https://cdn.dacast.com https://player.dacast.com https://*.tradingview.com https://www.googletagmanager.com https://*.linkedin.com https://*.hsforms.com https://www.google.com.vn https://*.certifyid.com https://api.mapbox.com https://unpkg.com https://maps.googleapis.com https://maps.google.com https://forms.hubspot.com https://perf.hsforms.com https://www.google.com https://px.ads.linkedin.com https://secure.gravatar.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com https://ml-eu.globenewswire.com/ https://hugin.info https://track.hubspot.com https://forms.hsforms.com https://*.twimg.com https://*.twitter.com https://*.facebook.com https://*.youtube.com https://*.gstatic.com https://cdn.wisekey.com; font-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com/ https://*.gstatic.com https://*.bootstrapcdn.com https://d3o11irj9639cz.cloudfront.net https://cdn.wisekey.com https://*.googleapis.com; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://www.recaptcha.net https://*.dacast.com https://player.dacast.com https://iframe.dacast.com https://*.tradingview.com https://www.tickcounter.com https://cdnapisec.kaltura.com https://*.doubleclick.net https://*.certifyid.com https://www.brighttalk.com https://app.eu.veertly.com https://s.tradingview.com https://forms.hsforms.com https://js.hsforms.net https://webcasts.weforum.org/ https://twitter.com https://*.twitter.com https://*.facebook.com https://*.youtube-nocookie.com/ https://*.youtube.com https://*.google.com https://livestream.com https://*.wisekey.com; form-action 'self' https://*.twitter.com https://cdn.wisekey.com/ https://forms.hsforms.com; connect-src 'self' https://kinesis.us-east-1.amazonaws.com https://api.ipify.cn https://api.ipify.org https://cdn-eu-west-prod-ingest-infra-dacast-com.akamaized.net https://stats.g.doubleclick.net https://unpkg.com https://static.hsappstatic.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://api.hubapi.com https://forms.hsforms.com https://js.hsforms.net https://px.ads.linkedin.com https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js.map https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js.map https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js.map https://player.dacast.com https://iframe.dacast.com https://prod-nplayer.dacast.com https://cdn.dacast.com https://*.dacast.com https://cta-service-cms2.hubspot.com https://px.ads.linkedin.com https://*.googlesyndication.com https://*.hscollectedforms.net https://cdn.linkedin.oribi.io https://js.hs-banner.com https://*.twitter.com https://www.google-analytics.com https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com; media-src 'self' https://player.dacast.com https://iframe.dacast.com https://cdn.dacast.com https://prod-nplayer.dacast.com https://*.dacast.com https://*.wisekey.com; object-src 'self' https://*.certifyid.com; worker-src 'self' blob:; frame-ancestors 'self' https://*.tradingview.com; 2
child-src 'self' https://ksms-p-001.sitecorecontenthub.cloud/;connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.moatads.com localhost:44001 *.hotjar.com *.hotjar.io *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.sumo.com sumo.com *.bc0a.com *.brightedge.com *.vidyard.com *.comm100.io *.googleadservices.com *.google.com *.milestoneinternet.com share.kelsey-seybold.com   https://ksms-p-001.sitecorecontenthub.cloud/ *.sumome.com https://sumome.com *.surveymonkey.com *.fontawesome.com google.com *.rakanto.com *.demdex.net https://unitedhealthgroup.tt.omtrdc.net https://capturelogger-prod-usa.localiq.com https://unitedhealthgroup.tt.omtrdc.net;default-src 'self' *.googleapis.com *.gstatic.com fonts.gstatic.com *.vidyard.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.gstatic.com www.google.com *.comm100.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' share.kelsey-seybold.com  https://apps.sitecore.net https://ksms-p-001.sitecorecontenthub.cloud/;font-src 'self' https://fonts.gstatic.com https://script.hotjar.com *.fontawesome.com;frame-ancestors 'self' *.kelsey-seybold.com  *.promotionsdev.com promotionsdev.com *.whyilike.com whyilike.com *.mykelseyonline.com https://www.clinicadekelsey.com https://temp-www.kelsey-seybold.com temp-www.kelsey-seybold.com www.mykelseyonline.com https://www.kelsey-seybold.com *.kelsey-seybold.com *.mycharttst.kelsey-seybold.com/ *.mycharttst.kelsey-seybold.com https://uat-www.clinicadekelsey.com share.kelsey-seybold.com   https://ksms-p-001.sitecorecontenthub.cloud/ *.sitecorecontenthub.cloud  ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.ksnet.com;frame-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net fonts.gstatic.com www.googletagmanager.com *.addthis.com *.addthisedge.com *.moatads.com *.hotjar.com *.vidyard.com *.addthis.com *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.google.com *.kelsey-seybold.com *.mykelseyonline.com *.whyilike.com whyilike.com *.promotionsdev.com promotionsdev.com *.googleservices.com *.doubleclick.net webto.salesforce.com *.salesforce.com *.podsnack.com *.flipsnack.com *.youtube.com *.understand.com  *.typeform.com  *.mykelseyonline.com https://www.clinicadekelsey.com https://www.kelsey-seybold.com *.kelsey-seybold.com https://www.facebook.com https://mykelseyonline.com/ *.adsrvr.org *.mycharttst.kelsey-seybold.com/ *.mycharttst.kelsey-seybold.com https://uat-www.clinicadekelsey.com https://temp-www.kelsey-seybold.com share.kelsey-seybold.com www.kelsey-seybold.com   https://ksms-p-001.sitecorecontenthub.cloud/  *.sitecorecontenthub.cloud  *.surveymonkey.com ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.ksnet.com;img-src 'self' *.addthis.com *.addthisedge.com *.moatads.com *.googleapis.com *.gstatic.com fonts.gstatic.com data: *.doubleclick.net *.google-analytics.com www.googletagmanager.com *.vidyard.com *.kelsey-seybold.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.b0e8.com *.simpli.fi *.googleadservices.com *.bc0a.com *.pro-market.net  *.igodigital.com *.google.com *.3lift.com *.tremorhub.com *.tapad.com *.agkn.com *.advertising.com *.intentiq.com *.pubmatic.com *.stickyadstv.com *.exelator.com *.yahoo.com *.bfmio.com  *.bluekai.com *.crwdcntrl.net *.lijit.com *.spotxchange.com *.adnxs.com *.rubiconproject.com *.openx.net *.pippio.com pippio.com *.apxlv.com *.trueleadid.com *.cogocast.net *.comm100.io  *.hotjar.com https://*.hotjar.com https://usermatch.krxd.net https://beacon.krxd.net https://sync.mathtag.com *.adsrvr.org *.nextdoor.com share.kelsey-seybold.com   https://ksms-p-001.sitecorecontenthub.cloud/ https://sumome.com *.sumome.com *.surveymonkey.com https://s3-eu-west-1.amazonaws.com  ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com smetrics.optum.com;media-src 'self' *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net  share.kelsey-seybold.com   https://ksms-p-001.sitecorecontenthub.cloud/;script-src 'self' *.addthis.com *.addthisedge.com *.moatads.com *.google-analytics.com *.googleapis.com *.gstatic.com www.googletagmanager.com code.jquery.com 'unsafe-eval' 'unsafe-inline' *.hotjar.com unpkg.com *.cloudflare.com *.vidyard.com *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.googleservices.com *.doubleclick.net *.google.com *.sumo.com sumo.com *.bc0a.com *.b0e8.com *.igodigital.com *.googleadservices.com geo-targetly.com  *.mykelseyonline.com *.comm100.com *.comm100vue.com  *.typeform.com browser-update.org *.milestoneinternet.com mykelseyonline.com *.mykelseyonline.com kelsey-seybold.com *.nextdoor.com *.kelsey-seybold.com *.adsrvr.org *.googletagmanager.com  mycharttst.kelsey-seybold.com *.mycharttst.kelsey-seybold.com *.kelsey-seybold.com temp-www.kelsey-seybold.com  share.kelsey-seybold.com www.kelsey-seybold.com *.sumome.com *.surveymonkey.com *.fontawesome.com  ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.rakanto.com *.adobedtm.com;style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline' *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net  *.typeform.com mykelseyonline.com *.mykelseyonline.com temp-www.kelsey-seybold.com *.kelsey-seybold.com  mycharttst.kelsey-seybold.com www.kelsey-seybold.com share.kelsey-seybold.com  ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.fontawesome.com; 2
default-src 'self' https://tngr.co https://*.yellow.ai; connect-src 'self' https://develop--whimsical-donut-f2fd99.netlify.app https://uat--whimsical-donut-f2fd99.netlify.app https://uat.tanger.com https://api.tanger.com https://www.tanger.com https://account.tanger.com *.mappedin.com data: *.onetrust.com https://cdn.cookielaw.org https://images.contentstack.io https://d1p5cqqchvbqmy.cloudfront.net https://api-gateway.mappedin.com https://cdn.mappedin.com https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net https://js.stripe.com/ https://ingesteer.services-prod.nsvcs.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sojern.com *.doubleclick.net *.adnxs.com https://www.google.com/recaptcha/ https://aw-services.us.vibes.com//api/ https://aw-services.us.vibes.com//authenticate https://aw-services.us.vibes.com//widgets/ wss://*.yellow.ai https://*.yellow.ai https://*.liadm.com https://us01.records.in.treasuredata.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://d1p5cqqchvbqmy.cloudfront.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.cookielaw.org https://cdn.vibes.com https://connect.facebook.net https://analytics.tiktok.com https://resources.fidel.uk https://js.stripe.com https://js.adsrvr.org siteimproveanalytics.com https://*.hotjar.com *.sojern.com *.doubleclick.net *.adnxs.com https://*.yellowmessenger.com https://b-code.liadm.com cdn.mappedin.com http://cdn.treasuredata.com https://www.youtube.com/ blob:; worker-src 'self' blob:; frame-src 'self' https://www.google.com https://resources.fidel.uk https://js.stripe.com/ https://13250566.fls.doubleclick.net https://td.doubleclick.net https://insight.adsrvr.org *.sojern.com *.doubleclick.net *.adnxs.com https://tngr.co https://cdn.tangeroutlet.com/ https://i.liadm.com https://www.youtube.com/ https://www.youtube-nocookie.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' cdn.mappedin.com https://d1p5cqqchvbqmy.cloudfront.net https://*.hotjar.com https://fonts.googleapis.com https://*.yellowmessenger.com; img-src 'self' blob: https://www.google-analytics.com https://r4.app.yellow.ai https://r4-ym-uploads.s3-us-west-2.amazonaws.com https://r4-ym-confidential.s3.amazonaws.com https://*.yellowmessenger.com https://*.liadm.com *.mappedin.com data: https://www.tanger.com https://images.contentstack.io https://cdn.cookielaw.org https://cdn.mappedin.com https://www.facebook.com https://ad.ipredictive.com https://ad.doubleclick.net https://ciqtracking.com https://secure.adnxs.com https://adservice.google.com https://insight.adsrvr.org *.siteimproveanalytics.io https://*.hotjar.com *.sojern.com *.doubleclick.net *.adnxs.com https://analytics.tiktok.com/ https://upload.wikimedia.org/wikipedia/commons/6/6f/Tanger_logo.svg https://tngr.co https://cdn.tangeroutlet.com https://d2xs7zaan7w9gl.cloudfront.net; font-src 'self' cdn.mappedin.com https://d1p5cqqchvbqmy.cloudfront.net https://*.hotjar.com https://fonts.gstatic.com https://*.yellowmessenger.com; form-action 'self'; manifest-src 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wize.bot https://*.wizebot.tv https://cdn.cookie-script.com https://cdnjs.cloudflare.com; worker-src 'self' blob:; 2
frame-ancestors 'self' *, object-src 'none', font-src 'self' https://fonts.gstatic.com https://script.hotjar.com/, frame-src 'self' https://www.google.com/ https://www.googletagmanager.com/  https://consentcdn.cookiebot.com/ https://outlook.office365.com/ https://sflink.maltego.com/ https://www.youtube.com/ https://app.vwo.com/ https://www.youtube-nocookie.com/ https://forms.office.com/ https://maltego.jobs.personio.de/ https://cdn.openwidget.com/ https://open.spotify.com/ https://keycloak-invx.dev.maltego.com/ https://app.netlify.com/ https://identity.maltego.com/, img-src 'self' data: https://analytics.twitter.com https://chart.googleapis.com https://company.g2.com https://dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com https://t.co https://useruploads.visualwebsiteoptimizer.com https://wingify-assets.s3.amazonaws.com https://www.google.com https://www.google.com.br https://imgsct.cookiebot.com/ https://www.google-analytics.com/ https://px4.ads.linkedin.com/ https://bat.bing.com/ https://www.fbi.gov/ https://static.maltego.com/cdn/ 2
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com https://play.vidyard.com/ https://td.doubleclick.net/ https://*.api.useinsider.com/; 2
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; 2
default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de ;img-src 'self' data: *.materna.de *.bmbf.de *.bmftr.bund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 2
default-src 'self' data: blob: *.chaoxing.com *.conac.cn *.bdimg.com *.360eol.com  *.gov.cn *.jiathis.com *.baidu.com *.map.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2
upgrade-insecure-requests; base-uri 'self'; img-src 'self' https: blob: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.idec.com idecusa.my.site.com service.force.com *.salesforce.com *.doubleclick.net *.google.com tpc.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.go-mpulse.net browser-update.org *.salesforceliveagent.com snap.licdn.com *.webtraxs.com api.ipify.org cdn.doofinder.com rw1.marchex.io h.online-metrix.net *.cybersource.com s.yimg.jp yubinbango.github.io *.feedbackify.com consent.cookiebot.com platform-api.sharethis.com code.jivosite.com www.gstatic.com consentcdn.cookiebot.com buttons-config.sharethis.com t.sharethis.com s3.amazonaws.com 684d0d41.akstat.io orbitvu.co *.orbitvu.co *.go-mpulse.net hm.baidu.com bat.bing.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.hubspot.com js.hsadspixel.net *.contentsquare.net js.hsforms.net cdn.jsdelivr.net *.imagino.com *.newrelic.com; frame-ancestors 'self' *.contentful.com; worker-src 'self' blob:; 2
default-src 'self'; font-src 'self' fonts.gstatic.com; frame-ancestors 'self'; img-src 'self' source.unsplash.com images.unsplash.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com; worker-src blob:; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=hbp_IHyOCLsWuex26NR4K6Sqd75F3rkhVb3yhxfH&env=production; 2
frame-ancestors 'self' https://www.mibaby.de/ https://jupiter.kk.lan/ 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline';connect-src * 'unsafe-inline'; frame-src * 2
frame-ancestors 'self' https://2gis.ru https://zoon.ru https://sravni.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: chrome-extension:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data: blob: about:; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'self' https:; frame-src 'self' https:; connect-src 'self' https: wss: blob: https://ilc-event-relay-prod.core-prod.imaginelearning.com; worker-src 'self' https: data: blob:; manifest-src 'self'; default-src 'self' 2
default-src 'self' https://gleen.ai https://*.gleen.ai https://alhena.ai https://*.alhena.ai https://*.helix.im https://*.clearbitjs.com https://*.clearbit.com data:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gleen.ai https://*.gleen.ai https://*.amazonaws.com https://*.cloudflareinsights.com https://*.cloudflare.com https://alhena.ai https://*.alhena.ai https://*.helix.im https://*.apollo.io https://*.clearbitscripts.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://*.clearbitjs.com https://*.clearbit.com https://*.facebook.net  https://cdn-cookieyes.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hubspot.com https://*.g2.com  https://snap.licdn.com https://b-code.liadm.com https://opps-widget.getwarmly.com https://*.adroll.com https://*.redditstatic.com https://*.unifyintent.com; style-src 'self' 'unsafe-inline' https://alhena.ai https://*.alhena.ai https://*.helix.im https://fonts.cdnfonts.com https://fonts.googleapis.com https://*.clearbitjs.com https://*.clearbit.com https://www.googletagmanager.com; img-src 'self' data: *; font-src 'self' https://gleen.ai https://*.gleen.ai https://alhena.ai https://*.alhena.ai https://*.helix.im https://fonts.cdnfonts.com https://fonts.gstatic.com https://*.clearbitjs.com https://*.clearbit.com; connect-src *; frame-src 'self' https://gleen.ai https://*.gleen.ai https://alhena.ai https://*.alhena.ai https://*.helix.im https://td.doubleclick.net https://www.google.com https://*.cloudflare.com https://*.clearbitjs.com https://*.clearbit.com https://www.googletagmanager.com https://www.youtube.com https://x.adroll.com https://calendly.com https://*.calendly.com; frame-ancestors 'self'; base-uri 'none'; form-action 'none'; object-src 'self' data:; 2
default-src blob: https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval';img-src 'self' data: https:;font-src 'self' data: https:;worker-src blob: https:;frame-ancestors 'self' 2
default-src 'self' 'unsafe-eval' http://localhost:3000; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3000 https://consent.cookiebot.com https://consentcdn.cookiebot.com https://static.hotjar.com https://script.hotjar.com https://challenges.cloudflare.com https://static.cloudflareinsights.com https://eu2.snoobi.eu http://eu2.snoobi.eu; worker-src 'self' blob:; style-src 'self' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; img-src 'self' data: blob: https://images.ctfassets.net https://imgsct.cookiebot.com https://luontoon-fi-assets.s3.eu-north-1.amazonaws.com https://luontoon-fi-cms-production.druid.fi https://lipas-data.s3.eu-north-1.amazonaws.com https://s3.eu-central-1.amazonaws.com https://cdn-datahub.visitfinland.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; font-src 'self' https://script.hotjar.com; connect-src 'self' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://challenges.cloudflare.com https://static.cloudflareinsights.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://luontoon-fi-cms-production.druid.fi https://eu2.snoobi.eu https://luontoon.fi https://www.luontoon.fi https://tiles.stadiamaps.com; frame-src https://consent.cookiebot.com https://consentcdn.cookiebot.com https://challenges.cloudflare.com https://www.youtube.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; 2
frame-ancestors 'self' https://banner.interactivmanager.net 2
default-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2
default-src 'self' https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com *.qqcw.us;                                    connect-src 'self' https://*.ads.linkedin.com https://www.googleadservices.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com https://sdk.iad-07.braze.com https://js.appboycdn.com https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com https://*.qqcw.us https://js.stripe.com https://m.stripe.network https://m.stripe.com https://api.stripe.com https://*.googleapis.com https://cdn.sanity.io https://*.google.com https://*.gstatic.com https://unpkg.com https://*.mouseflow.com https://api.segment.io/v1/m https://connect.facebook.net/en_US/fbevents.js https://*.facebook.net https://*.facebook.com https://qqcw.report-uri.com/r/t/csp/reportOnly https://www.googletagmanager.com https://tagmanager.google.com https://*.fbot.me https://cdn.feathery.io https://api.feathery.io https://cdn.jsdelivr.net https://www.google-analytics.com https://google.com https://*.doubleclick.net data: blob:;                                    font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com https://js.stripe.com https://m.stripe.network https://m.stripe.com https://*.fbot.me;                                    img-src 'self' https://d3st4nmzrq9nfk.cloudfront.net https://*.ads.linkedin.com https://analytics.tiktok.com https://sdk.iad-07.braze.com https://js.appboycdn.com https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com https://*.qqcw.us https://*.googleapis.com https://*.gstatic.com https://cdn.sanity.io *.google.com *.facebook.net www.facebook.com *.googleusercontent.com https://www.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://www.googletagmanager.com https://*.fbot.me data: blob:;                                    media-src 'self' https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com https://*.qqcw.us https://*.fbot.me;                                    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ads.linkedin.com https://snap.licdn.com https://analytics.tiktok.com  https://sdk.iad-07.braze.com https://js.appboycdn.com https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com https://*.qqcw.us https://js.stripe.com https://m.stripe.network https://m.stripe.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://unpkg.com https://cdn.mouseflow.com *.googleusercontent.com https://connect.facebook.net/en_US/fbevents.js *.facebook.net https://www.googletagmanager.com https://tagmanager.google.com/ https://*.fbot.me https://*.feathery.io https://cdn.jsdelivr.net https://www.google-analytics.com https://*.doubleclick.net https://googleadservices.com https://www.youtube.com blob:;                                    style-src 'self' 'unsafe-inline' https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com https://use.fontawesome.com https://fonts.googleapis.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://*.fbot.me data: blob:;                                    frame-src 'self' https://www.facebook.com https://js.stripe.com https://m.stripe.network https://m.stripe.com *.google.com  https://www.googletagmanager.com https://tagmanager.google.com/ https://*.fbot.me https://cdn.feathery.io https://cdn.jsdelivr.net https://*.doubleclick.net https://www.youtube-nocookie.com/ https://keycloak.dev.qqcw.us https://auth.dontdrivedirty.com;                                    frame-ancestors 'self' https://keycloak.dev.qqcw.us https://auth.dontdrivedirty.com; 2
frame-ancestors 'self' http://emprotest:8080 http://emprolive:8080 http://emprodev:8080 http://ecm-live:8080 http://ecm-test:8080 2
default-src * data: 'unsafe-inline'; frame-ancestors 'self'; 2
upgrade-insecure-requests; frame-ancestors https:; 2
default-src 'self' data: *.google-analytics.com  analytics.google.com crm.assist.ru crm.assist.kz *.googletagmanager.com mc.yandex.ru mc.yandex.md bitrix.info; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com analytics.google.com *.googletagmanager.com mc.yandex.ru mc.yandex.md bitrix.info; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' crm.assist.ru crm.assist.kz; base-uri 'self'; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: data: mc.yandex.ru mc.yandex.md *.google-analytics.com analytics.google.com *.doubleclick.net https:; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; connect-src 'self' bitrix.info mc.yandex.ru mc.yandex.md *.google-analytics.com analytics.google.com *.doubleclick.net; child-src 'self' blob: mc.yandex.ru mc.yandex.md crm.assist.ru crm.assist.kz; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com bitrix.info mc.yandex.ru mc.yandex.md; 2
default-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com fonts.static.com www.google-analytics.com webchat.dstnyengage.com res.cloudinary.com; 2
base-uri  'none'; connect-src  'self' https://*.algolia.net https://*.amplitude.com https://cdn.cookielaw.org https://api.crazyegg.com https://script.crazyegg.com https://tracking.crazyegg.com https://*.g.doubleclick.net https://www.facebook.com https://google.com https://*.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://js.hs-banner.com https://forms.hsforms.com https://7272273.hs-sites.com https://api.hubapi.com https://*.hubspot.com https://*.intentiq.com https://px.ads.linkedin.com https://*.litix.io https://geolocation.onetrust.com https://plausible.io https://*.split.io https://*.taboola.com https://*.wistia.com https://*.wistia.net https://o703207.ingest.us.sentry.io; font-src  'self' data: https://fonts.gstatic.com https://cdn.scite.ai https://use.typekit.net https://*.wistia.com; frame-src  'self' https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://forms.hsforms.com https://forms.hubspot.com https://7272273.hs-sites.com https://www.instagram.com https://pa.taboola.com https://tsdtocl.com https://platform.twitter.com https://fast.wistia.com https://fast.wistia.net https://widgets.wp.com https://*.youtube-nocookie.com; img-src  data: 'self' https://*.chanzuckerberg.com https://chanzuckerberg.com https://cdn.cookielaw.org https://*.g.doubleclick.net https://www.facebook.com https://*.analytics.google.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hsforms.com https://*.hubspot.com https://static.hsappstatic.net https://*.liadm.com https://*.intentiq.com https://*.linkedin.com https://t.co https://trc.taboola.com https://*.twitter.com https://*.wistia.com https://*.wistia.net https://pixel.wp.com https://i.ytimg.com; object-src  'none'; script-src  'self' 'unsafe-inline' blob: https://static.ads-twitter.com https://*.amplitude.com https://cdn.cookielaw.org https://script.crazyegg.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google-analytics.com https://*.googletagmanager.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscta.net https://js.hsforms.net https://js.hsleadflows.net https://js.hubspot.com https://cta-service-cms2.hubspot.com https://*.instagram.com https://platform.instagram.com https://snap.licdn.com https://plausible.io https://*.sentry-cdn.com https://*.split.io https://cdn.taboola.com https://trc.taboola.com https://platform.twitter.com https://*.wistia.com https://*.wistia.net https://stats.wp.com https://s0.wp.com; style-src  'unsafe-inline' 'self' https://*.typekit.net https://s0.wp.com; report-to  csp-endpoint; report-uri  https://https://o703207.ingest.us.sentry.io/api/4508501588705280/security/?sentry_key=9e0053618651fe03da44f314e765a452; 2
frame-src * https://bid.g.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com; default-src 'self' https://sentry-prod.cryptology.com/; script-src 'self' blob: 'unsafe-inline' https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://apis.google.com https://*.googleapis.com https://fonts.gstatic.com https://stats.g.doubleclick.net/ https://*.googleadservices.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://*.firebaseio.com wss://*.firebaseio.com https://connect.facebook.net https://www.redditstatic.com https://static.hotjar.com https://script.hotjar.com https://s.adroll.com https://d.adroll.com https://*.cookiebot.com/ https://wchat.freshchat.com https://hcaptcha.com https://*.hcaptcha.com https://sentry-prod.cryptology.com/api/embed/error-page/ https://sentry-dev.cryptology.com/api/embed/error-page/ https://pay.google.com https://static.tracknow.io ; style-src 'self' blob: https://*.cryptology.com https://*.tothemoon.com 'unsafe-inline' https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://fonts.googleapis.com https://wchat.freshchat.com/widget/css/ https://wchat.freshchat.com/css/ https://hcaptcha.com https://*.hcaptcha.com; worker-src 'self' blob:; connect-src 'self' blob: https://*.cryptology.com https://cryptology.com https://*.tothemoon.com https://tothemoon.com wss://*.cryptology.com https://*.cryptology.com:2083 https://*.tothemoon.com:2083 https://s3.eu-central-1.amazonaws.com/public-files.prod.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.staging.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.dev.payments.cryptology.com/ https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://apis.google.com https://*.googleapis.com https://fonts.gstatic.com https://stats.g.doubleclick.net/ https://analytics.google.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google.* https://google.* https://pagead2.googlesyndication.com https://*.firebaseio.com wss://*.firebaseio.com https://www.facebook.com/tr/ https://api.coinmarketcap.com https://us.ahows.co/ https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://d.adroll.com https://content.hotjar.io https://*.cookiebot.com/ https://wchat.freshchat.com/js/ https://wchat.freshchat.com/widget/js/ https://wchat.freshchat.com/widget/css/ https://wchat.freshchat.com/css/ https://api.devnet.solana.com/ wss://api.devnet.solana.com/ https://api.stakewiz.com/validator/ https://go.getblock.io/54954a21758f48439cb2d7b6f035fe5f wss://go.getblock.io/257d3b77eac845f889203a7eed7216ec https://hcaptcha.com https://*.hcaptcha.com https://locales.dev.tothemoon.com/ https://locales.prod.tothemoon.com/ https://locales.staging.tothemoon.com/ https://sentry-prod.cryptology.com/ https://sentry-dev.cryptology.com/ https://*.sentry.io/ https://pay.google.com localhost:*; object-src 'none'; child-src 'self' https://cryptology-9a846.firebaseapp.com https://cryptology-9a846.firebaseio.com https://cryptology-dev.firebaseapp.com https://cryptology-dev.firebaseio.com https://cryptology-prod.firebaseapp.com https://cryptology-prod.firebaseio.com https://www.facebook.com/ https://staticxx.facebook.com/; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com/public-files.prod.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.staging.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.dev.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/banners-files.prod.banners.cryptology.com/ https://s3.eu-central-1.amazonaws.com/banners-files.staging.banners.cryptology.com/ https://s3.eu-central-1.amazonaws.com/gamification-files.staging.gamification.cryptology.com/ https://s3.eu-central-1.amazonaws.com/gamification-files.prod.gamification.cryptology.com/ https://s3.eu-central-1.amazonaws.com/reward-center-files.prod.reward-center-admin.cryptology.com/ https://s3.eu-central-1.amazonaws.com/reward-center-files.staging.reward-center-admin.cryptology.com/ https://s3.eu-central-1.amazonaws.com/reward-center-files.dev.reward-center-admin.cryptology.com/ https://*.cryptology.com https://cryptology.com https://*.tothemoon.com https://tothemoon.com https://t.co https://analytics.twitter.com https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.gstatic.com https://*.googleusercontent.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://www.google.* https://google.* https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/ https://tsyndicate.com/ https://d.adroll.com https://*.cookiebot.com/ https://downloads.intercomcdn.com https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/; font-src data: https://cryptology.com https://*.cryptology.com https://tothemoon.com https://*.tothemoon.com https://fonts.gstatic.com https://script.hotjar.com localhost:*; form-action 'self' https://connect.facebook.net https://www.facebook.com/tr/; report-uri https://sentry-prod.cryptology.com/api/5/security/?sentry_key=cdbfe589f11e4bff93578e39556691c6 2
frame-ancestors 'self' https://*.retrogames.onl https://gam.onl; 2
default-src 'self'; script-src 'self' 'unsafe-inline' js-agent.newrelic.com *.nr-data.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https: *.pantheonsite.io; font-src 'self' data: fonts.gstatic.com *.pantheonsite.io https:; connect-src 'self' *.pantheonsite.io *.nr-data.net bam.nr-data.net; media-src 'self' *.pantheonsite.io; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 2
object-src 'none'; frame-ancestors 'none'; 2
manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content;, frame-ancestors 'self'; 2
default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://yandex.st https://api-maps.yandex.ru https://yastatic.net https://*.maps.yandex.net https://cdnjs.cloudflare.com https://cdn.flmngr.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https://api-maps.yandex.ru https://*.maps.yandex.net https://cdn.flmngr.com https://data.flmngr.com; frame-src 'self' https://api-maps.yandex.ru https://w.soundcloud.com https://www.youtube.com https://yandex.ru 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://s.pinimg.com https://ecncdn.b-cdn.net https://monitor.econda-monitor.de https://plugins.flockler.com https://googleads.g.doubleclick.net https://*.cloudflare.com https://*.googleapis.com https://l.ecn-ldr.de https://*.welthungerhilfe.de https://snap.licdn.com https://*.datawrapper.de https://flockler.com https://*.flockler.com https://*.tiktok.com https://*.bing.com https://www.flipsnack.com https://*.mapbox.com https://embed.typeform.com https://player.podigee-cdn.net https://cdn.podigee.com https://cdn.ablyft.com https://*.usercentrics.eu https://connect.facebook.net https://www.youtube.com https://www.verizonmedia.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://ct.pinterest.com; frame-ancestors 'self'; worker-src blob: 'self'; 2
connect-src 'self' blob: tomba.io *.tomba.io google.com *.google.com *.doubleclick.net *.intercom.io wss://*.intercom.io  *.paddle.com *.spreedly.com *.localizecdn.com *.sentry.io *.googletagmanager.com www.google-analytics.com *.google.com *.partnero.com; default-src 'self'; font-src 'self' tomba.io *.tomba.io  *.intercomcdn.com fonts.gstatic.com; frame-src 'self' *.paddle.com *.cloudflare.com  *.googletagmanager.com *.google.com *.doubleclick.net recaptcha.net/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.getsmartcue.com; img-src 'self' blob: data: tomba.io *.tomba.io *.intercomassets.com *.betterstack.com *.intercomcdn.com *.facebook.com *.partnero.com *.google.com  placehold.co *.gstatic.com *.gravatar.com/; manifest-src 'self'; media-src 'self' blob: tomba.io *.tomba.io *.vine.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' tomba.io *.tomba.io cdn.jsdelivr.net *.facebook.net *.partnero.com *.paddle.com *.cloudflare.com  *.intercom.io *.intercomcdn.com *.doubleclick.net recaptcha.net/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com *.google.com; style-src 'self' 'unsafe-inline' *.google.com tomba.io *.tomba.io  *.paddle.com; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; 2
worker-src 'self' 2
default-src 'self' privacy-policy.truste.com truste.com *.google.com/ccm/ googleads.g.doubleclick.net cdn.mouseflow.com *.mouseflow.com pi.pardot.com leapevent.tech go.leapevent.tech static.cloudflareinsights.com *.licdn.com rdcdn.com *.ads.linkedin.com *.cloudflareinsights.com *.google-analytics.com api.marker.io/ fonts.gstatic.com *.gravatar.com browser.sentry-cdn.com player.vimeo.com  ajax.cloudflare.com *.cloudflare.com assets.apollo.io *.cloudflareinsights.com *.google.com aplo-evnt.com *.google.com.au alocdn.com *.liadm.com *.googletagmanager.com d-code.liadm.com edge.marker.io huemor.rocks  *.googleapis.com *.jsdelivr.net *.trustarc.com *.floridapanthers.com *.exacttarget.com  'unsafe-inline' 'unsafe-eval' data: blob: 2
default-src 'self' atos.net *.atos.net eviden.com *.atos-consulting.net cdn.jsdelivr.net *.cloudflare.com *.cloudfront.net *.vimeo.com *.vimeocdn.com *.akamaized.net *.tiny.cloud *.tinymce.com *.bootstrapcdn.com yoast.com *.yoast.com data: 'unsafe-inline' 'unsafe-eval' blob: code.jquery.com *.gravatar.com ps.w.org ams.wpml.org *.marketo.net *.mktoresp.com *.mktoweb.com tools.eurolandir.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com *.linkedin.com *.google.com *.accountinsight.cloud *.licdn.com w.soundcloud.com *.aio-events.com *.appspot.com *.microsoft.com *.azureedge.net *.botframework.com *.bizzabo.com updates.themepunch-ext-c.tools updates.themepunch-ext-b.tools updates.themepunch-ext-a.tools updates.themepunch.tools optanon.blob.core.windows.net *.glassdoor.com indd.adobe.com smartslider3.com *.googleusercontent.com yt3.ggpht.com *.cdninstagram.com *.matomo.cloud cdn.linkedin.oribi.io; frame-ancestors 'self' atos.net *.atos.net atos365.sharepoint.com; 2
default-src 'self'; img-src * blob: data: https://*.google-analytics.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' data: https://*.googleapis.com; style-src-elem 'self' 'unsafe-inline' data: https://*.gstatic.com https://*.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.usercentrics.eu https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com https://*.usercentrics.eu https://*.google-analytics.com https://*.googletagmanager.com https://svrdntfctn.com; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://*.usercentrics.eu https://*.gstatic.com https://dialogflow.cloud.google.com https://svrdntfctn.com; frame-src 'self'; object-src 'none'; 2
default-src https: wss: ws: data: blob: 'self'; script-src https: 'self' https://cache.exmoney.com 'unsafe-inline'; style-src https: 'self' https://cache.exmoney.com 'unsafe-inline'; frame-src 'self' blob: https:; object-src 'self' blob:; 2
frame-ancestors 'self' https://www.herroom.com https://www.hisroom.com; 2
default-src 'self' https://*.membership.io https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; style-src-elem 'self' 'unsafe-inline' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; connect-src 'self' https: wss:; frame-src 'self' https:; object-src 'none'; base-uri 'self' 2
base-uri 'self'; default-src 'self'; frame-src 'self' smgov.maps.arcgis.com public.tableau.com youtu.be www.youtube-nocookie.com www.youtube.com www.google.com santamonicacity.wufoo.com smplca.patronpoint.com; script-src 'self' 'unsafe-inline' js.monitor.azure.com 'unsafe-eval' blob: unpkg.com maxcdn.bootstrapcdn.com fastly.jsdelivr.net code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net www.gstatic.com; style-src 'self' 'unsafe-inline' unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com fonts.cdnfonts.com fastly.jsdelivr.net cdnjs.cloudflare.com cdn.jsdelivr.net; form-action 'self' smpl.bibliocommons.com https://*.list-manage.com smplca.patronpoint.com login.microsoftonline.com; img-src 'self' data: www.santamonica.gov santamonica.gov *.arcgis.com www.google.com translate.google.com translate.googleapis.com www.googletagmanager.com www.gstatic.com fonts.gstatic.com *.clarity.ms c.bing.com cdn.jsdelivr.net *.getbynder.com *.openstreetmap.org; object-src 'none'; frame-ancestors 'self'; connect-src 'self' *.applicationinsights.azure.com *.arcgis.com public.tableau.com data.santamonica.gov ka-f.fontawesome.com translate-pa.googleapis.com translate.googleapis.com region1.google-analytics.com www.google-analytics.com dc.services.visualstudio.com js.monitor.azure.com *.clarity.ms sentry10.bynder.cloud d8ejoa1fys2rk.cloudfront.net cityofsantamonica.getbynder.com unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com fonts.cdnfonts.com fastly.jsdelivr.net cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com; script-src-elem 'self' 'unsafe-inline' kit.fontawesome.com cdn.jsdelivr.net code.jquery.com unpkg.com *.arcgis.com js.monitor.azure.com www.googletagmanager.com www.clarity.ms translate.google.com translate.googleapis.com translate-pa.googleapis.com scripts.clarity.ms www.google-analytics.com public.tableau.com secure.wufoo.com smplca.patronpoint.com www.google.com d8ejoa1fys2rk.cloudfront.net www.gstatic.com; font-src 'self' ka-f.fontawesome.com *.arcgis.com d8ejoa1fys2rk.cloudfront.net fonts.gstatic.com fonts.googleapis.com fonts.cdnfonts.com cdnjs.cloudflare.com cdn.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' *.arcgis.com cdn.jsdelivr.net fonts.googleapis.com smplca.patronpoint.com www.gstatic.com d8ejoa1fys2rk.cloudfront.net 2
default-src https:;img-src 'self' https: data:;connect-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:;style-src 'self' 'unsafe-inline' https:;frame-src 'self' https:;font-src 'self' data: https:;worker-src 'self' https: blob: 2
base-uri 'none'; connect-src 'self' https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://sts.us-east-1.amazonaws.com https://a0.awsstatic.com/ https://vs.aws.amazon.com https://aws.amazon.com/ https://d2c.aws.amazon.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://api.builder.aws.com https://api-v2.builderprofile.aws.dev https://prod-api.cosmic.aws.dev https://ext-prod-api.cloudbuilder.region-services.aws.a2z.com https://react-tweet.vercel.app/api/tweet/; default-src 'none'; font-src 'self' data:; frame-ancestors 'none'; frame-src https://dpm.demdex.net https://aws.demdex.net https://www.youtube-nocookie.com/ https://player.twitch.tv/; img-src 'self' blob: https://community.aws https://*.community.aws https://*.cosmic.aws.dev https://*.builderprofile.aws.dev https://pbs.twimg.com https://a0.awsstatic.com/ https://d2c.aws.amazon.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net; media-src https://video.twimg.com; object-src 'none'; script-src 'self' https://a0.awsstatic.com/ https://d2c.aws.amazon.com 'sha256-r+YFmlfvRAS4Cp62UcpRe7fqrkwgguIM0uspMyqrb1A='; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 2
frame-ancestors https://*.trend.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 2
default-src 'self'; style-src 'self'; script-src 'self' 2
default-src 'none'; font-src https: data:; img-src https:; script-src-elem https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; connect-src https:; frame-src https:; script-src https:; 2
default-src * data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2
base-uri 'none'; font-src 'self' https: data:; form-action https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://www.facebook.com; frame-ancestors 'self'; img-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://mautic.netcup.news https://px.ads.linkedin.com 'self' blob: data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://measure.netcup.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://widget.trustpilot.com https://cdn.brevo.com/js/sdk-loader.js 'self' 'wasm-unsafe-eval' 'nonce-KZ8zUXwpTFsMLm+e8es6D4Z+'; upgrade-insecure-requests; connect-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://www.google.com https://in-automate.brevo.com https://measure.netcup.com https://google.com https://px.ads.linkedin.com https://*.clarity.ms/ 'self' https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://eu-api.friendlycaptcha.eu https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.cookielaw.org https://adservice.google.com https://pagead2.googlesyndication.com https://www.redditstatic.com https://pixel-config.reddit.com https://analytics.tiktok.com https://ads.tiktok.com https://bat.bing.com https://widget.trustpilot.com; worker-src blob:; child-src blob: https://td.doubleclick.net; script-src-elem https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.brevo.com/js/sdk-loader.js https://sibautomation.com/sa.js https://sibforms.com/ https://www.googleadservices.com https://www.redditstatic.com 'self' 'unsafe-inline' https://*.googletagmanager.com https://static.ads-twitter.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://*.clarity.ms https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://analytics.tiktok.com https://ads.tiktok.com https://measure.netcup.com https://www.youtube.com https://pagead2.googlesyndication.com https://widget.trustpilot.com; frame-src https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://measure.netcup.com https://www.youtube-nocookie.com/ https://widget.trustpilot.com https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com; 2
object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; connect-src * 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.rexx-recruitment.com https://cdn.jsdelivr.net/ cdnjs.cloudflare.com https://*.rexx-systems.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://*.youtube.com https://www.google-analytics.com https://sas.ikb.at https://*.branchly.io https://cdn.matomo.cloud https://www.googleadservices.com https://ajax.googleapis.com https://www.gstatic.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com/recaptcha https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline' https://cdn.honey.io https://sas.ikb.at https://www.gstatic.com https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdnjs.cloudflare.com https://*.branchly.io https://api.branchly.io https://yoast.com https://*.googleadservices.com https://region1.analytics.google.com https://*.googletagmanager.com wss://sas.ikb.at https://*.google.it https://*.google.co.il https://*.google.com https://www.google.es https://www.google.ch https://google.com https://www.facebook.com https://www.google.com https://www.google.de https://www.google.at https://maps.googleapis.com https://branchly-api.azurewebsites.net https://*.doubleclick.net https://doubleclick.net https://api.holzweg.tv https://ikb.matomo.cloud https://prod.spline.design https://unpkg.com https://*.hotjar.io https://*.hotjar.io:443 https://services.infeo.at https://sas.ikb.at https://www.google-analytics.com https://www.google.lv; frame-src 'self' https://api.lapis-analytics.com https://player.podigee-cdn.net https://player.simplecast.com https://player.vimeo.com https://www.lightpollutionmap.info https://www.eversports.at https://ikb.viewer.cit-fusion.com https://gis.ikb.at https://docs.google.com https://www.google.com https://*.rexx-systems.com https://*.youtube.com https://*.feratel.com https://www.googletagmanager.com https://sas.ikb.at https://ocilion.com https://www.facebook.com https://*.doubleclick.net https://emobility.ikb.at https://www.e-laden-tirol.at; frame-ancestors 'self' https://www.e-laden-tirol.at https://emobility.ikb.at; media-src 'self' data:; report-to csp-endpoint; report-uri https://hw-api.holzweg.tv/csp; 2
upgrade-insecure-requests; frame-ancestors 'self' https://*.octapharma.com https://app.storyblok.com; 2
frame-ancestors https://tiger-corporation.com https://*.tiger-corporation.com https://community.tigerbottles.com; 2
frame-ancestors 'self' *; default-src 'self' data: wss: int.freekassa.net int.duckgo.io fk.money mc.yandex.ru mc.yandex.com fpnpmcdn.net cdnwbstts.com *.hcaptcha.com *.fptls.com *.cdnwbstts.com *.fpjs.io *.fpapi.io *.youtube.com finana.io fokusdoom.ru pay.finana.io *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com freekassa.ru freekassa.com duckgo.io *.freekassa.ru *.freekassa.com *.freekassa.net *.duckgo.io *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; script-src 'self' blob: mc.yandex.ru mc.yandex.com mzm.fk.money fmw.freekassa.net fmw.duckgo.io fmw.fmt.me fpnpmcdn.net fokusdoom.ru hcaptcha.com *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com *.freekassa.ru *.freekassa.com *.googleapis.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *googletagmanager.com *.jivosite.com *.google.com.ua *.freekassa.ru *.freekassa.net *.duckgo.io *.freekassa.com; font-src 'self' data: *.gstatic.com 'unsafe-inline'; style-src-elem 'self' data: *.jivosite.com *.freekassa.net *.duckgo.io *.kassa.ai *.googleapis.com *.freekassa.ru *.freekassa.com 'unsafe-inline'; base-uri 'none'; form-action 'self' *; style-src 'self' *.googleapis.com *.freekassa.ru *.freekassa.com *.googletagmanager.com *.jivosite.com 'unsafe-inline' ; style-src-attr 'self' *.googleapis.com *.freekassa.ru *.freekassa.com freekassa.ru freekassa.com 'unsafe-inline'; connect-src 'self' data: wss: wss://cdnwbstts.com fmw.fmt.me mzm.fk.money newassets.hcaptcha.com checkout.paythrone.com mc.yandex.ru cdnwbstts.com openfpcdn.io api.fpjs.io tls-use1.fpapi.io *.fptls.com *.freekassa.net *.duckgo.io *.freekassa.ru *.jivosite.com *.google.com *.google-analytics.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.google.com *.gstatic.com *.googleapis.com *.onenorth.com https://goodwinlaw102u0.admin.oniqa.com *.oniqa.com *.onistaged.com public.flourish.studio *.amazonaws.com public.flourish.studio flo.uri.sh *.googletagmanager.com *.google-analytics.com *.google.com *.ceros.com *.cvent.com *.cventevents.com assets-usa.mkt.dynamics.com public-usa.mkt.dynamics.com *.azureedge.net clarity.ms *.clarity.ms *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.simplecast.com *.cookielaw.org *.typekit.net cdnjs.cloudflare.com us1.siteimprove.com cdnjs.cloudflare.com *.brightcove.net siteimproveanalytics.com cdn.yoshki.com 61282325.global.siteimproveanalytics.io w.soundcloud.com goodwin.photoshelter.com photoshelter.com player.vimeo.com cdn.cookielaw.org geolocation.onetrust.com drive.google.com code.jquery.com yoshki.com *.adnxs.com *.6sc.co *.hotjar.com *.hotjar.io *.cvent.com wss://*.hotjar.com ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com *.parsely.com https://my.walls.io *.coveo.com https://snap.licdn.com https://px.ads.linkedin.com *.linkedin.com https://cdn.jwplayer.com https://public.tableau.com ; img-src * data:; font-src 'self' data: *.typekit.net; 2
frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.npfsb.ru https://npfsberbanka.ru https://*.sbernpf.ru https://mc.yandex.ru https://yastatic.net  https://api-maps.yandex.ru https://st.top100.ru https://top-fwz1.mail.ru/js/code.js https://bitrix.info; 2
frame-ancestors canvas.mdu.se https://eu.smartsigncloud.com; 2
frame-ancestors 'self' memberapp.exerp.com webtracapp.myvscloud.com *.myfitapp.de *.myfitapp.com *.myfitapp.ch cockpit.mobilepro.uk.com myfitapp.brightlime.com mobileapp.legendonlineservices.co.uk; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; style-src 'self' 'unsafe-inline' https: data:; img-src * data: blob:; font-src * data:; connect-src *; frame-src *; media-src * blob: data:; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://www.youtube.com https://siteimproveanalytics.com https://kit.fontawesome.com https://analytics.rubensteintech.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://*.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com https://consent.cookiebot.com https://e.infogram.com https://prezi.com https://consentcdn.cookiebot.com https://app.wistia.com https://googleads.g.doubleclick.net ; style-src 'self' 'unsafe-inline' http://hello.myfonts.net https://cloud.typenetwork.com https://fonts.googleapis.com https://tagmanager.google.com https://*.crazyegg.com ; font-src 'self' data: https://*.wistia.com https://ka-f.fontawesome.com https://cloud.typenetwork.com https://fonts.gstatic.com ; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://i.vimeocdn.com https://embed-ssl.wistia.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://*.crazyegg.com https://embed-fastly.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data: https://bclplaw.vuturevx.com https://www.bclplaw.com https://www.bryancave.com https://imgsct.cookiebot.com https://www.google.com ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://cdn.plyr.io https://ka-f.fontawesome.com https://*.crazyegg.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fast.wistia.com https://embed-ssl.wistia.com https://www.google-analytics.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://embed-cloudfront.wistia.com https://*.googlesyndication.com https://www.google.com ; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com https://e.infogram.com https://prezi.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://fast.wistia.net https://*.crazyegg.com https://services.bclplaw.marketing/infographics/ https://www.googletagmanager.com https://td.doubleclick.net/ ; child-src 'self' blob: ; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net ; frame-ancestors 'self' https://fast.wistia.com https://fast.wistia.net ; 2
script-src 'self' 'unsafe-eval' https://swyftx.com https://stg.swyftx-dev.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apps.rokt.com https://apps.rokt-api.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://amazon-adsystem.com https://*.amazon-adsystem.com https://paa-reporting-advertising.amazon https://*.paa-reporting-advertising.amazon; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem safe data: 'unsafe-inline' https://swyftx.com https://widget.swyftx.com https://metrics.swyftx.com https://stg.swyftx-dev.net https://app.intotheblock.com https://yoast.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net https://www.redditstatic.com https://static.ads-twitter.com https://cdn.branch.io https://analytics.tiktok.com https://bat.bing.com https://cdn.pdst.fm https://app.link https://static.hotjar.com https://script.hotjar.com https://cdn.callrail.com/ https://js.callrail.com/ https://g10102301085.co https://cdn.veritonic.com https://widget.intercom.io https://js.intercomcdn.com https://apps.rokt.com https://apps.rokt-api.com https://secure.quantserve.com https://rules.quantcount.com https://*.optimizely.com https://thanks.is https://amazon-adsystem.com https://*.amazon-adsystem.com https://paa-reporting-advertising.amazon https://*.paa-reporting-advertising.amazon; frame-src 'self' blob: data: https://metrics.swyftx.com https://widget.swyftx.com https://www.google.com/ https://*.youtube.com https://platform.twitter.com https://11770793.fls.doubleclick.net https://td.doubleclick.net https://apps.rokt.com https://apps.rokt-api.com https://rklrpx.com https://a5342079895732224.cdn.optimizely.com https://a5342079895732224.cdn-pci.optimizely.com https://youtu.be https://amazon-adsystem.com https://*.amazon-adsystem.com https://paa-reporting-advertising.amazon https://*.paa-reporting-advertising.amazon; font-src 'self' data: https://fonts.gstatic.com https://www.googletagmanager.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://analytics.tiktok.com; connect-src 'self' https://swyftx.com https://apic.swyftx.com https://metrics.swyftx.com https://analytics.tiktok.com https://ads.tiktok.com https://atr.veritonicmetrics.com https://ip.veritonicmetrics.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://my.yoast.com https://dev.visualwebsiteoptimizer.com https://js.callrail.com https://api.intotheblock.com https://pixel.quantcount.com https://pixel.quantserve.com https://logx.optimizely.com https://*.optimizely.com https://thanks.is https://apps.rokt.com https://apps.rokt-api.com https://amazon-adsystem.com https://*.amazon-adsystem.com https://paa-reporting-advertising.amazon https://*.paa-reporting-advertising.amazon; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; media-src 'self' https://swyftx.com https://js.intercomcdn.com; img-src * 'self' data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://*.optimizely.com https://thanks.is; 2
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 2
default-src *.ipredictive.com *.amazon-adsystem.com *.cdn.content.amplience.net cdn.media.amplience.net cdn.static.amplience.net *.staging.bigcontent.io *.attn.tv 'self' 'unsafe-eval' https://service.force.com/ https://capig.shoestation.com *.bazaarvoice.com uk.cdn-net.com six.cdn-net.com mpsnare.iesnare.com https://secure.cataboom.com/ *.my.site.com shoecarnivalsf360.my.salesforce.com *.facebook.com *.facebook.net ad.doubleclick.net td.doubleclick.net 9132531.fls.doubleclick.net *.googleapis.com *.googletagmanager.com *.doubleclick.net *.google.com *.youtube.com https://na-assets.playground.klarnaservices.com js.klarna.com js.playground.klarna.com x.klarnacdn.net *.klarnaservices.com *.klarna.com *.clarity.ms *.paypal.com *.paypalobjects.com https://account.venmo.com *.pbbl.co *.pinterest.com api.radar.io https://us.creativecdn.com/ *.sentry.io services.sheerid.com https://cdn.sitevibes.com tcapi.io *.wisepops.com https://wisepops.net *.zmags.com;script-src *.ipredictive.com *.jsdelivr.net *.amazon-adsystem.com *.amplience.net *.staging.bigcontent.io *.attn.tv 'self' 'unsafe-eval' static.lightning.force.com *.salesforceliveagent.com https://runtime.commercecloud.com *.demandware.net *.shoecarnival.com *.shoestation.com *.bazaarvoice.com *.iesnare.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.1/iframeResizer.min.js *.my.site.com *.evgnet.com *.evergage.com *.facebook.net *.facebook.com https://*.forter.com https://dalv4le16pzj2.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://dlthst9q2beh8.cloudfront.net https://d2w2nqfk3z9hdt.cloudfront.net https://edge.fullstory.com https://rs.fullstory.com *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.youtube.com js.klarna.com js.playground.klarna.com x.klarnacdn.net *.klarnaservices.com *.klarna.com *.bing.com *.clarity.ms *.mountain.com https://cdn.cookielaw.org/ *.paypal.com *.paypalobjects.com cdn.pbbl.co *.pbbl.co *.pinterest.com *.pinimg.com api.radar.io *.creativecdn.com tags.creativecdn.com https://us.creativecdn.com/ *.sentry.io 'unsafe-inline' *.sitevibes.com https://cdn.plyr.io cdn.sitevibes.com *.thrive.today https://d13vs86ckfnvoz.cloudfront.net *.tiktok.com *.tiktokw.us *.upsellit.com *.wisepops.com https://wisepops.net *.adroll.com *.zmags.com;connect-src *.ipredictive.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.cdn.content.amplience.net *.bigcontent.io *.amplience.net *.attn.tv *.attentivemobile.com 'self' *.shoecarnival.com *.shoestation.com *.mobify-storefront.com www.cloudflare.com https://capig.shoestation.com api.cquotient.com https://runtime.commercecloud.com *.bazaarvoice.com wss://mpsnare.iesnare.com https://ixfd-api.bc0a.com *.salesforce-scrt.com *.evgnet.com *.evergage.com *.facebook.net *.facebook.com https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://d3lqotgbn3npr.cloudfront.net https://d11bdev7tcn7wh.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d2lxqodqbpy7c2.cloudfront.net https://dzgwautxzdtn9.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://d3banl4fzuxsjl.cloudfront.net https://1.1.1.1 https://d94qwxh6czci4.cloudfront.net https://d1yz9u4jf6oqub.cloudfront.net https://wtp.siteperformancetest.net https://d6wfl40rgh70w.cloudfront.net https://siteperformancetest.net https://d1rk8r7fwbocot.cloudfront.net https://d1ezzflfzltk6e.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net https://edge.fullstory.com https://rs.fullstory.com https://analytics.google.com https://google.com https://googleads.g.doubleclick.net *.gstatic.com *.youtube.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.googleadservices.com *.doubleclick.net js.klarna.com js.playground.klarna.com x.klarnacdn.net *.klarnaservices.com *.klarnaevt.com *.klarna.com *.addressy.com *.bing.com *.bing.net *.clarity.ms 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/ https://*.prf.hn/ *.paypal.com *.paypalobjects.com *.pinimg.com *.pinterest.com api.radar.io *.creativecdn.com *.sentry.io *.sitevibes.com https://cdn.plyr.io https://tcapi.io https://notifier-configs.airbrake.io *.tiktok.com *.tiktokw.us *.upsellit.com *.wisepops.com https://wisepops.net *.adroll.com *.zmags.com;media-src *.amplience.net *.cdn.content.amplience.net *.staging.bigcontent.io cdn.sitevibes.com;frame-ancestors *.amplience.net 'self' https://runtime.commercecloud.com *.commercecloud.salesforce.com *.dx.commercecloud.salesforce.com *.api.commercecloud.salesforce.com *.shoecarnival.com *.shoestation.com *.demandware.net *.my.site.com *.googleapis.com *.google.com *.youtube.com;form-action 'self' https://www.facebook.com/tr/ *.paypal.com *.pinterest.com;img-src * data: blob: 'self';font-src * data:;script-src-attr 'unsafe-inline';worker-src blob: 'self' *.mobify-storefront.com *.shoecarnival.com;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;object-src 'none';style-src 'self' https: 'unsafe-inline' 2
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: https://calendario-ministro.tst.jus.br https://tst.jus.br https://www.tst.jus.br https://csjt.jus.br https://www.csjt.jus.br https://portalextranet.tst.jus.br https://cdnjs.cloudflare.com https://translate.googleapis.com https://use.fontawesome.com https://vlibras.gov.br https://www.google-analytics.com https://www.gstatic.com https://www.vlibras.gov.br https://enamat.jus.br https://www.enamat.jus.br wss://ws.hotjar.com; img-src 'self' data: https: https://tst.jus.br https://www.tst.jus.br https://csjt.jus.br https://www.csjt.jus.br https://portalextranet.tst.jus.br https://cdnjs.cloudflare.com https://translate.googleapis.com https://use.fontawesome.com https://vlibras.gov.br https://www.google-analytics.com https://www.gstatic.com https://www.vlibras.gov.br https://enamat.jus.br https://www.enamat.jus.br; 2
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net *.epichosted.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.jsdelivr.net yoast.com maps.googleapis.com *.formsite.com formsite.com *.callrail.com *.epichosted.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: www.albanymed.org maps.googleapis.com maps.gstatic.com i.ytimg.com i.vimeocdn.com secure.gravatar.com ps.w.org yoa.st yoast.com; connect-src 'self' *.algolia.net *.algolia.io *.algolianet.com analytics.google.com *.doubleclick.net my.yoast.com maps.googleapis.com *.callrail.com *.epichosted.com cdn.jsdelivr.net; frame-src 'self' *.doubleclick.net www.youtube.com player.vimeo.com *.formsite.com formsite.com; 2
upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'none';default-src 'self';child-src 'self';frame-src https://www.google.com  https://*.linkedin.com *.hotjar.com;script-src *.smartology.net *.hotjar.com https://www.gstatic.com https://*.google-analytics.com https://www.google.com https://*.googletagmanager.com https://kit.fontawesome.com https://*.sharethis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://connect.facebook.net https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com https://*.linkedin.com https://unpkg.com https://code.jquery.com/ 'self' 'unsafe-inline' 'unsafe-eval';img-src http://www.w3.org https://www.smartology.net https://*.google-analytics.com https://secure.gravatar.com https://*.googletagmanager.com https://*.sharethis.com 'self' data:;style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://buttons-config.sharethis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com 'self' data:;connect-src *.hotjar.com *.hotjar.io https://stats.g.doubleclick.net https://website-api.smartology.co https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.fontawesome.com https://l.sharethis.com https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com https://lottie.host 'self' ws:;object-src 'self' 2
frame-ancestors 'self' https://backoffice.shoppster.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com cognitoforms.com *.cognitoforms.com typekit.net *.typekit.net static.srcspot.com; frame-ancestors 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; frame-src 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; img-src * data: blob: 'unsafe-inline'; report-uri /nelmio/csp/report 2
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.myatproperties.com/ https://*.myansleyatlanta.com https://*.mychristiesre.com/; 2
frame-src *; frame-ancestors *; child-src 'self' 'unsafe-inline' blob:; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.vwo.com *.visualwebsiteoptimizer.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hsadspixel.net *.hs-analytics.net *.hscta.net *.hubspot.com *.hsappstatic.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.fontawesome.com *.hsforms.com *.hs-scripts.com *.hubapi.com *.descartes.com *.clickdimensions.com *.google.com  *.google.bg *.gstatic.com js.hs-banner.com *.clickcease.com *.licdn.com *.linkedin.com *.google-analytics.com *.bing.com *.quantserve.com *.quantcount.com *.clarity.ms *.youtube.com *.youtu.be *.youtube.com *.googlesyndication.com *.wp.com *.stripe.com *.plausible.io *.gtm.js *.quantcast.com js.hscollectedforms.net plausible.io *.doubleclick.net developers.google.com *.osano.com *.facebook.com *.facebook.net; worker-src blob:; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://sgtm.actian.com https://scripts.clarity.ms https://s.company-target.com https://snap.licdn.com https://www.google.com.mx https://www.google.co https://www.google.it https://www.google.pl https://www.google.fi https://www.google.de https://www.google.fr https://www.google.ie https://www.google.se https://www.google.es https://www.google.be https://www.google.no https://www.google.at https://www.google.nl https://www.google.hr https://analytics.google.com https://www.tiktok.com https://www.facebook.com https://clarity.ms https://heyzine.com https://*.heyzine.com https://*.doubleclick.net https://176-hnm-524.mktoutil.com https://actian.com https://api.neverbounce.com https://capture.navattic.com https://cdn.cookielaw.org https://cdn.intellimize.co/snippet/117629792.js https://cdn.neverbounce.com https://cdn.weglot.com https://challenges.cloudflare.com/turnstile/v0/api.js https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js https://connect.facebook.net https://connect.facebook.net/en_us/fbevents.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://f.vimeocdn.com/p/4.40.32/js/player.module.js https://f.vimeocdn.com/p/4.40.32/js/vendor.module.js https://go.actian.com https://googlesyndication.com https://happy.teddybearmetal.com/i/d15a6c558f1e96ed3cc638309390ba9e.js https://joy.teddybearmetal.com https://js.adsrvr.org/universal_pixel.1.1.0.js https://js.adsrvr.org/up_loader.1.1.0.js https://js.navattic.com/sdk.js https://js.zi-scripts.com https://munchkin.marketo.net/164/munchkin.js https://munchkin.marketo.net/munchkin.js https://player.vimeo.com https://scout-cdn.salesloft.com/sl.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://stage.actian.com/wp-content/uploads/2020/10/bcreate_insert_read_sample2.js https://static.cloud.coveo.com https://static.doubleclick.net/instream/ad_status.js https://tag.demandbase.com/53b235a8849bddd7.min.js https://ws-assets.zoominfo.com/formcomplete.js https://ws.zoominfo.com https://www.actian.com https://www.clarity.ms https://www.clarity.ms/s/0.8.1/clarity.js https://www.google-analytics.com https://google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.youtube.com https://www.youtube.com/s/player/8a8ac953/player_ias.vflset/en_us/base.js https://www.youtube.com/s/player/8a8ac953/player_ias.vflset/en_us/embed.js https://www.youtube.com/s/player/8a8ac953/player_ias.vflset/en_us/remote.js https://www.youtube.com/s/player/8a8ac953/www-embed-player.vflset/www-embed-player.js https://www.youtube.com/s/player/8a8ac953/www-widgetapi.vflset/www-widgetapi.js https://yoast.com https://schema-cf.bc0a.com http://actian.lookbookhq.com https://actian.lookbookhq.com http://cdn.pathfactory.com http://*.pathfactory.com https://cdn.pathfactory.com https://*.pathfactory.com http://actian.pathfactory.com https://actian.pathfactory.com https://cdn-app.pathfactory.com http://resources.actian.com https://resources.actian.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://heyzine.com https://*.heyzine.com https://actian.com https://capture.navattic.com https://cdn.cookielaw.org https://f.vimeocdn.com/p/4.40.32/css/player.css https://go.actian.com https://static.cloud.coveo.com https://www.actian.com https://www.googletagmanager.com https://www.youtube.com/s/player/8a8ac953/www-player.css http://actian.lookbookhq.com https://actian.lookbookhq.com http://cdn.pathfactory.com http://*.pathfactory.com https://cdn.pathfactory.com https://*.pathfactory.com http://actian.pathfactory.com https://actian.pathfactory.com http://resources.actian.com https://resources.actian.com; img-src 'self' data: https://px4.ads.linkedin.com https://analytics.google.com https://ade.googlesyndication.com https://*.facebook.com https://px.ads.linkedin.com https://clarity.ms https://bing.com https://www.google.com.mx https://www.google.it https://www.google.pl https://www.google.fi https://www.google.de https://www.google.fr https://www.google.ie https://www.google.se https://www.google.es https://www.google.be https://www.google.no https://www.google.at https://www.google.nl https://www.google.hr https://www.googletagmanager.com https://www.google-analytics.com https://adservice.google.com https://s3.amazonaws.com https://player.vimeo.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://maps.googleapis.com https://heyzine.com https://*.heyzine.com https://*.clarity.ms https://*.doubleclick.net https://actian.com https://c.bing.com https://cdn-images-1.medium.com/max/2600/1*ebxc9ej1yrfltkni_djaaw.png https://cdn.cookielaw.org https://cdn.neverbounce.com https://cdn.weglot.com https://d.adroll.com https://go.actian.com https://googlesyndication.com https://i.vimeocdn.com https://i.ytimg.com/vi_webp/65ybu597sv0/default.webp https://i.ytimg.com/vi_webp/vdd7hrxzknk/default.webp https://id.rlcdn.com/1000.gif https://id.rlcdn.com/464526.gif https://joy.teddybearmetal.com https://scout.us2.salesloft.com https://segments.company-target.com https://uploads-ssl.webflow.com/62163f5cc8a142313ee5a151/656a6573c1fc838c31e1c93b_popuppattern.jpeg https://www.actian.com https://www.facebook.com https://www.google.co https://www.google.co.jp https://www.google.co.nz https://www.google.co.uk https://www.google.com https://www.google.com.au https://www.google.com.np https://www.google.ru https://www.googleadservices.com https://www.linkedin.com http://actian.lookbookhq.com https://actian.lookbookhq.com http://cdn.pathfactory.com http://*.pathfactory.com https://cdn.pathfactory.com https://*.pathfactory.com http://actian.pathfactory.com https://actian.pathfactory.com http://resources.actian.com https://resources.actian.com; font-src 'self' data: https://heyzine.com https://*.heyzine.com https://actian.com https://capture.navattic.com https://cdn.neverbounce.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.gstatic.com/s/roboto/v18/kfolcnqeu92fr1mmeu9fbbc4.woff2 https://fonts.gstatic.com/s/roboto/v18/kfomcnqeu92fr1mu4mxk.woff2 https://www.actian.com http://actian.lookbookhq.com https://actian.lookbookhq.com http://actian.pathfactory.com https://actian.pathfactory.com http://resources.actian.com https://resources.actian.com http://cdn.pathfactory.com http://*.pathfactory.com https://cdn.pathfactory.com https://*.pathfactory.com; connect-src 'self' https://*.pathfactory.com https://api.pathfactory.com https://sgtm.actian.com https://schema-cf.bc0a.com https://schema-cdn.bc0a.com https://facebook.com https://px.ads.linkedin.com https://tiktok.com https://www.googlesyndication.com https://maps.googleapis.com https://www.gstatic.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com/ccm/collect https://heyzine.com https://*.heyzine.com https://*.analytics.google.com https://*.clarity.ms https://*.doubleclick.net https://*.zoominfo.com https://117629792.intellimizeio.com https://176-hnm-524.mktoresp.com https://176-hnm-524.mktoutil.com https://actianynmehrnx.analytics.org.coveo.com https://actianynmehrnx.org.coveo.com https://adservice.google.com https://analytics.google.com https://api.company-target.com https://api.intellimize.co https://api.weglot.com https://app.navattic.com https://c.bing.com https://capture.navattic.com https://cdn.cookielaw.org https://cdn.neverbounce.com https://cdn.weglot.com https://geolocation.onetrust.com https://go.actian.com https://googlesyndication.com https://insight.adsrvr.org https://joy.teddybearmetal.com https://js.zi-scripts.com https://log.intellimize.co https://match.adsrvr.org https://player.vimeo.com https://px.ads.linkedin.com https://s.company-target.com https://scout.salesloft.com https://segments.company-target.com https://static.cloud.coveo.com https://tag-logger.demandbase.com https://vimeo.com https://vod-adaptive-ak.vimeocdn.com https://www.facebook.com https://www.google-analytics.com https://www.google.at https://www.google.ba https://www.google.be https://www.google.by https://www.google.ca https://www.google.co https://www.google.co.in https://www.google.co.kr https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.eg https://www.google.com.hk https://www.google.com.mt https://www.google.com.my https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.tr https://www.google.de https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com; frame-src 'self' https://sgtm.actian.com https://www.googletagmanager.com https://td.doubleclick.net https://*.facebook.com https://www.google.com https://heyzine.com https://*.heyzine.com https://*.doubleclick.net https://117629792.intellimizeio.com https://capture.navattic.com https://go.actian.com https://insight.adsrvr.org https://match.adsrvr.org https://player.vimeo.com https://s.company-target.com https://www.googletagmanager.com https://www.youtube.com; media-src 'self' https://heyzine.com https://*.heyzine.com https://vod-adaptive-ak.vimeocdn.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors https://*.actian.com https://www.actian.com; worker-src 'self' blob:; report-uri https://csp-report-collector-4zpraffy4q-ew.a.run.app/?token=9b79e3e01bf47438b209a1ee1a06b011; 2
connect-src 'self' *.tuerchen.com tuerchen.app *.tuerchen.app *.etracker.de *.etracker.com *.usercentrics.eu *.cmp.usercentrics.eu *.novomind.com *.ekomiapps.de *.google.de *.googleadservices.com *.google.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.bing.net *.bing.com *.trbo.com *.quantserve.com *.hansemerkur-vertriebsportal.de *.hansemerkur.de *.fitrockr.com *.heyflow.com *.loyjoy.com *.moin.ai wss://bot.moin.ai *.qualtrics.com; default-src 'self'; font-src 'self' data:  *.novomind.com font.gstatic.com *.tuerchen.app core.tuerchen.com *.loyjoy.com *.heyflow.cloud *.moin.ai; frame-ancestors 'self' *.hanse-merkur.de newapp.etracker.com app.etracker.com localhost *.hokify.de www.dwin1.com; frame-src 'self' blob: hansemerkur.happymo.re *.usercentrics.eu *.cmp.usercentrics.eu youtube.com *.youtube.com *.youtube-nocookie.com *.novomind.com *.kasko.io *.kaskocloud.com *.google.com *.trbo.com *.facebook.com *.pantumdetect.com *.awin1.com *.hansemerkur.de *.hansemerkur-video.de *.hanse-merkur.de *.ad-srv.net *.mein-hmrv.de *.criteo.com www.public-hansemerkur.de outlook.office365.com calendly.com *.qualtrics.com *.doubleclick.net *.googletagmanager.com; img-src 'self' data: *.tuerchen.app core.tuerchen.com *.hmrv.de *.hansemerkur.de tile.geofabrik.de *.etracker.de *.etracker.com *.gstatic.com *.google-analytics.com *.novomind.com *.bing.net *.bing.com *.doubleclick.net *.usercentrics.eu *.cmp.usercentrics.eu *.google.com *.google.de *.trbo.com ekomi-ui.s3.amazonaws.com www.facebook.com *.quantcount.com *.quantserve.com lantern.roeye.com *.hansemerkur-vertriebsportal.de *.hansemerkur.de *.tradedoubler.com *.googletagmanager.com *.loyjoy.com *.heyflow.com *.moin.ai *.qualtrics.com *.public-hansemerkur.de; media-src 'self' *.hansemerkur-video.de *.youtube.com *.moin.ai; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tuerchen.app tuerchen.app www.happymo.re *.etracker.de *.etracker.com *.googletagmanager.com www.dwin1.com *.usercentrics.eu *.cmp.usercentrics.eu *.novomind.com *.bing.com *.google.com *.google-analytics.com *.kasko.io *.kaskojs.com *.ekomiapps.de *.doubleclick.net *.googleadservices.com *.trbo.com connect.facebook.net *.hanse-merkur.de *.quantserve.com *.quantcount.com lantern.roeyecdn.com *.signalize.com *.tradedoubler.com *.criteo.com *.fitrockr.com *.heyflow.com *.calendly.com *.loyjoy.com widget.moin.ai *.qualtrics.com; style-src 'self'  'unsafe-inline' *.tuerchen.app tuerchen.app www.etracker.de fonts.googleapis.com tagmanager.google.com *.googletagmanager.com *.novomind.com *.ekomiapps.de *.heyflow.com *.heyflow.cloud *.loyjoy.com *.moin.ai 2
frame-ancestors 'self' *.kassel.de *.stadtreiniger.de *.stadt-kassel.de *.kasselkultur2022.de www-kassel-de.translate.goog 2
frame-ancestors 'self' https://teams.microsoft.com ; 2
default-src 'self'; img-src 'self' data: www.google.com *.cloudfront.net *.doubleclick.net https://*.onetrust.com https://cdn.cookielaw.org https://ht.blackhawknetwork.com https://dd.blackhawknetwork.com https://*.trustarc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com maps.googleapis.com www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.split.io w.usabilla.com *.cloudfront.net cdn.segment.com cdn.mxpnl.com https://static.ada.support https://tangocard.ada.support https://previews.ada.support https://ws-mt1.pusher.com https://cdn.cookielaw.org https://ht.blackhawknetwork.com https://cdnjs.cloudflare.com/ajax/libs/pako/ https://dd.blackhawknetwork.com/js/ https://dd.blackhawknetwork.com/tags.js https://www.rewardlink.io js.datadome.co ct.captcha-delivery.com https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://*.onetrust.com *.ada.support https://*.trustarc.com; style-src 'self' 'unsafe-inline' *.split.io *.cloudfront.net fonts.googleapis.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com https://*.trustarc.com; object-src 'self'; connect-src 'self' api.segment.io *.split.io *.mixpanel.com *.doubleclick.net *.rewardlink.io rewardlink-fe.public.prod.tangocard.com https://*.ada.support https://sentry.io https://cdn.cookielaw.org https://*.onetrust.io https://*.onetrust.com https://cdn.segment.com https://ingress.us2.rum-ingress-coralogix.com https://dd.blackhawknetwork.com/js/ https://dd.blackhawknetwork.com/tags.js https://static.ada.support https://tangocard.ada.support https://previews.ada.support https://ws-mt1.pusher.com https://rollout.ada.support/tangocard/client.json https://cookies-data.onetrust.io https://www.google.com https://*.trustarc.com; frame-src https://www.google.com https://www.google.com/recaptcha/ www.google.com https://tangocard.ada.support https://tangocard-gr.ada.support https://*.rewardlink.io https://*.rewardlink.com geo.captcha-delivery.com https://*.tangocard.com d6tizftlrpuof.cloudfront.net https://*.trustarc.com; worker-src 'self' blob:; 2
frame-ancestors *.austinisd.org 2
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 2
default-src * data:; script-src https: http://suzukicycles.local http://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src https: http://suzukicycles.local 'unsafe-inline' 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://static.hotjar.com https://maps.googleapis.com https://www.googletagmanager.com https://connect.facebook.net https://www.clarity.ms https://analytics.tiktok.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://td.doubleclick.net https://stats.g.doubleclick.net https://www.surveygizmo.com https://www.gstatic.com https://go.botmaker.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://zn9gkcxz5j9zpe4fu-swissbrand.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar https://script.hotjar.com https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms;connect-src 'self' https://metrics.hotjar.io https://maps.googleapis.com https://www.google.com https://analytics.google.com https://analytics.tiktok.com https://googleads.g.doubleclick.net https://mobileqa.swissmedical.com.ar https://mobilepre.swissmedical.com.ar https://mobile.swissmedical.com.ar https://stats.g.doubleclick.net https://api.whatsapp.com https://go.botmaker.com https://sgi.swissmedical.com.ar https://smed.beygoo.me https://swissbrand.qualtrics.com https://swissmedical.jobs2web.com https://swissmedicalgroup.sharepoint.com https://pagead2.googlesyndication.com https://siteintercept.qualtrics.com wss://ws.botmaker.com https://storage.googleapis.com https://m-infra.appspot.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms;img-src 'self' data: https://smed.beygoo.me https://www.facebook.com https://www.google.com.ar https://www.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://imagenes.swissmedical.com.ar https://analytics.google.com https://www.clarity.ms https://c.clarity.ms https://maps.gstatic.com https://maps.googleapis.com https://storage.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar https://connect.facebook.net;media-src 'self' https://www.youtube.com https://player.vimeo.com https://cdnjs.cloudflare.com https://storage.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;frame-src 'self' https://www.google.com https://www.googletagmanager.com https://td.doubleclick.net/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.swissmedical.com.ar https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://forms.office.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;worker-src 'self' blob: https://www.clubswiss.com.ar https://www.swissmedical.com.ar;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://storage.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: data: *; 2
upgrade-insecure-requests; frame-ancestors 'self' https://chatbotsence.policomp.com; 2
frame-ancestors 'self' https://app.coast.io https://thunes.coastdemo.com 2
frame-ancestors 'self' https://crmua.coraltravel.com https://ruscrm.com https://crm.coraltravel.com 2
frame-ancestors www.telekom.de digitizer.app geschaeftskunden.telekom.de bsp.geschaeftskunden.telekom.de cloud.telekom.de public.telekom.de 2
frame-ancestors 'self' https://*.mailersend.com; 2
frame-ancestors 'self' versapay.com staging.versapay.com; 2
default-src 'self';  connect-src 'self' https://*.doubleclick.net/ https://*.googlesyndication.com/ https://analytics.google.com/ https://www.google-analytics.com/ https://api.hubapi.com/ https://csi.gstatic.com/ https://www.google.com/ccm/collect https://*.adtrafficquality.google/ https://www.google.com/recaptcha/;  frame-src 'self' data: https://www.googleadservices.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.google.com/ https://www.youtube.com/ https://www.googletagmanager.com/ https://*.adtrafficquality.google/ https://www.instagram.com/ https://www.linkedin.com/;  fenced-frame-src 'self' data:;  media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://www.youtube.com/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.googletagservices.com/ https://diffuser-cdn.app-us1.com/ https://prism.app-us1.com/ https://trackcmp.net/ https://*.adtrafficquality.google/ https://www.instagram.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;  style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://fonts.googleapis.com/;  img-src 'self' blob: data: https://api.eremedia.com/ https://googleads.g.doubleclick.net/ https://*.googlesyndication.com/ http://www.google.com/ https://i.ytimg.com/ https://www.googletagmanager.com/ https://fonts.gstatic.com/ https://*.adtrafficquality.google/;  font-src 'self' https://fonts.gstatic.com/;  object-src 'none';  base-uri 'self';  form-action 'self';  frame-ancestors 'none'; 2
frame-ancestors 'self' https://www.p3tips.com/ https://www.p3campus.com/ https://tips.sandyhookpromise.org/; 2
default-src * 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' nic.bradesco imprensa.bradesco vivaprime.bradesco assets.bradesco *.prebanco.com.br *.adobedtm.com *.bing.com *.google.com *.google.com.br *.facebook.com *.facebook.net *.youtube.com *.youtube.com.br *.tiktok.com *.googleapis.com https://fonts.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://canalconsorciado.bradesco.com.br *.googleoptimize.com static.ads-twitter.com *.doubleclick.net *.rybena.com.br *.navdmp.com t.co https://banco.bradesco *.bradesco.com.br *.banco.bradesco *.interneth.bradesco.com.br *.bradescopessoajuridica.com.br *.bradescocelular.com.br *.omny.fm *.ggpht.com *.ytimg.com https://turn2c-sandbox.com https://wa.onelink.me https://apps.sae1.pure.cloud *.virtualearth.net https://bancobradesco.tt.omtrdc.net https://dpm.demdex.net https://www.unibrad.com.br; img-src * 'self' data: https:; font-src * 'self' data:; frame-ancestors 'self'; 2
default-src 'self';    img-src 'self' data: www.uniarts.fi https://imgsct.cookiebot.com customer.cludo.com opiskelija.uniarts.fi www.facebook.com *.gravatar.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com googleads.g.doubleclick.net *.google.com *.google.fi *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com secure.adnxs.com *.usercentrics.eu dev.visualwebsiteoptimizer.com *.global.siteimproveanalytics.io *.ytimg.com s.w.org;    font-src 'self' data: cdn.askem.com fonts.gstatic.com *.sharepointonline.com;    script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' consentcdn.cookiebot.com consent.cookiebot.com customer.cludo.com connect.facebook.net cdn.askem.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com tagmanager.google.com *.google-analytics.com ssl.google-analytics.com *.googleapis.com www.googleadservices.com googleads.g.doubleclick.net www.google.com app.usercentrics.eu dev.visualwebsiteoptimizer.com siteimproveanalytics.com www.youtube.com;    style-src 'self' 'unsafe-inline' customer.cludo.com cdn.askem.com googletagmanager.com tagmanager.google.com fonts.googleapis.com *.googleapis.com;    frame-src 'self' consentcdn.cookiebot.com consent.cookiebot.com *.google.com www.recaptcha.google.com/recaptcha/ *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net app.usercentrics.eu www.youtube.com youtu.be;    object-src 'none';    media-src 'self' www.youtube.com youtu.be blob:;    connect-src 'self' consentcdn.cookiebot.com api.cludo.com www.facebook.com feedback.askem.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.googleapis.com *.googlesyndication.com *.g.doubleclick.net www.googleadservices.com www.google.fi *.usercentrics.eu; 2
frame-ancestors 'self' https://app.kameleoon.com https://app.contentful.com; 2
frame-ancestors https://app.pendo.io https://consentcdn.cookiebot.com https://consent.cookiebot.com; default-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.google-analytics.com; font-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io https://*.cookiebot.com https://consentcdn.cookiebot.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com https://*.cookiebot.com https://*.auth0.com https://*.copayassist-auth.com blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imgsct.cookiebot.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; frame-src 'self' https://app.pendo.io https://www.google.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.auth0.com https://*.copayassist-auth.com https://td.doubleclick.net https://www.googletagmanager.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; worker-src 'self' blob: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com connect.facebook.net *.spotifycdn.com; style-src 'self' 'unsafe-inline' *.spotifycdn.com; font-src 'self' *.scdn.co; img-src 'self' data: *.spotifycdn.com *.google.com *.google.cl *.googletagmanager.com *.gruposura.com *.doubleclick.net *.facebook.com; connect-src 'self' analytics.google.com *.google-analytics.com *.google.com *.spotify.com *.facebook.com; frame-src 'self' *.google.com *.googletagmanager.com *.spotify.com *.facebook.com; frame-ancestors 'self'; media-src 'self' *.spotify.com *.scdn.co; object-src 'none'; base-uri 'self'; 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline' 'unsafe-hashes'; font-src * data: blob: 'unsafe-inline'; worker-src * 'self' blob: 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; font-src * data: 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:;  style-src 'self' 'unsafe-inline' blob: data: https:;  default-src 'self' https:;  img-src https: blob: data: android-webview-video-poster:;  frame-src blob: data: https:;  worker-src blob: data: https:;  child-src blob: data: https:;  object-src 'self';  font-src 'self' https: blob: data: safari-extension://*;  media-src 'self' blob: data: https:;  connect-src wss: blob: data: https:; 2
default-src 'self'  https://*.learningcaregroup.com https://*.lapetite.com *.agkn.com *.datasteam.io *.dca0.com dca0.com https://*.addevent.com https://*.adroll.com https://*.bing.com https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.com https://*.foresee.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.hotjar.io https://*.hubspot.com https://*.jquery.com https://*.learningcaregroup.com https://*.mpeasylink.com https://*.youtube.com https://www.google-analytics.com wss://*.hotjar.com https://api.segment.io https://*.demdex.net https://*.clarity.ms https://pixel.sitescout.com https://cdn.linkedin.oribi.io https://www.googletagmanager.com resonate.com https://ds.reson8.com/v1/p https://ds.reson8.com/v1/i https://ds.reson8.com/v1/t https://cdn.segment.com/analytics.js/v1/ https://cdn.resonate.com https://tags.srv.stackadapt.com/events.js https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/ https://*.googleadservices.com https://*px.ads.linkedin.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.learningcaregroup.com https://media.winnie.com https://cdn.segment.com/ *.dca0.com dca0.com https://*.adroll.com https://*.agkn.com https://*.bing.com https://*.cloudfront.net https://*.cluep.com https://*.convertlanguage.com https://*.datasteam.io https://*.dialogtech.com https://*.everestjs.net https://*.facebook.net https://*.foresee.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.mpeasylink.com https://*.simpli.fi https://*.youtube.com https://addevent.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-scripts.com https://s.ytimg.com https://www.googletagmanager.com https://api.segment.io https://*.clarity.ms https://*.invocacdn.com https://*.invoca.net https://*.zoominfo.com https://*.licdn.com https://*.resonate.com https://ds.reson8.com/v1/p https://tags.srv.stackadapt.com/events.js ;style-src 'self' 'unsafe-inline' https://*.learningcaregroup.com https://*.foresee.com https://*.googleapis.com https://*.jquery.com https://*.mpeasylink.com ;img-src 'self'  http://* https://* data: ; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https:; object-src 'none';frame-ancestors 'self';form-action 'self' https://www.paypal.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com app.ecwid.com translate.google.com *.cloudfront.net https://builder.lift.acquia.com ecomm.events translate.googleapis.com https://www.discoverhealth.org https://translate-pa.googleapis.com js.adsrvr.org connect.facebook.net https://discoverhealth.org bam.nr-data.net maps.googleapis.com www.google.com www.gstatic.com www.youtube.com *.epichosted.com *.cloudflare.com *.cloudflareinsights.com *.jsdelivr.net bam.nr-data.net *.fontawesome.com solutions.invocacdn.com script-app.mercuryhealthcare.com https://srhs-cp.srhs.com https://app.truelook.cloud *.loyalhealth.com *.calendly.com *.azure.com https://calendly.com *.monsido.com *.piwik.pro *.cloudpano.com app.cloudpano.com https://cdn.jsdelivr.net https://static.cloudflareinsights.com https://mychart.spartanburgregional.com https://brandedweb.mindbodyonline.com/* https://brandedweb.mindbodyonline.com/embed/widget.js https://brandedweb-assets.mindbodyonline.com *.mindbodyonline.com *.healcode.com https://cdn.mxpnl.com https://www.discoverhealth.org/ https://youtu.be/* *.googleapis.com *.cloudfront.net *.sitewit.com *.ecwid.dev *.ecwid.com/ https://challenges.cloudflare.com/; frame-src 'self' adfs.srhs.com  www.youtube.com youtube.com *.adsrvr.org www.google.com *.webdamdb.com *.acquiadam.com *.flipsnack.com *.epichosted.com https://www.hapyak.com https://embed.mindstamp.io  srhs-cp.srhs.com *.facebook.com https://app.truelook.cloud https://www.mealpro.net mealpro.net *.calendly.com *.azure.com https://calendly.com https://srhs.piwik.pro *.cloudpano.com app.cloudpano.com https://mychart.spartanburgregional.com https://brandedweb-assets.mindbodyonline.com https://brandedweb-next.mindbodyonline.com https://widgets.mindbodyonline.com https://www.discoverhealth.org/ https://youtu.be/* *.googleapis.com *.ecwid.com/ https://spartanburgregional.widen.net/ https://www.youtube-nocookie.com/ https://srhsonline-my.sharepoint.com/ https://wellnesswithinwidget.netlify.app/ *.sharepoint.com/ https://challenges.cloudflare.com/; child-src 'self' adfs.srhs.com www.youtube.com youtube.com *.adsrvr.org www.google.com *.webdamdb.com *.acquiadam.com *.flipsnack.com *.epichosted.com https://www.hapyak.com https://embed.mindstamp.io https://app.truelook.cloud *.calendly.com *.azure.com https://calendly.com *.piwik.pro https://srhs.piwik.pro/ https://mychart.spartanburgregional.com https://brandedweb.mindbodyonline.com/embed/widget.js https://www.discoverhealth.org https://youtu.be/* *.googleapis.com *.ecwid.com/; connect-src 'self' https://www.discoverhealth.org https://sessions.bugsnag.com *.lift.acquia.com  app.ecwid.com/ ecomm.events bam.nr-data.net stats.g.doubleclick.net maps.googleapis.com api.clockwisemd.com www.facebook.com *.webdamdb.com translate.googleapis.com *.fontawesome.com adfs.srhs.com https://widgets.mindbodyonline.com/  https://srhs-cp.srhs.com  https://us.perz-api.cloudservices.acquia.io *.truelook.cloud ws: *.loyalhealth.com *.calendly.com *.azure.com https://calendly.com *.monsido.com *.piwik.pro www.youtube.com *.cloudpano.com https://app.cloudpano.com https://mychart.spartanburgregional.com/ https://brandedweb.mindbodyonline.com/embed/widget.js https://brandedweb-assets.mindbodyonline.com https://widgets.mindbodyonline.com https://www.discoverhealth.org/ https://youtu.be/* *.googleapis.com *.cloudfront.net *.sitewit.com *.ecwid.dev https://us-vir5-storefront-api.ecwid.com/* *.ecwid.com/ https://storefront.ecwid.dev https://challenges.cloudflare.com/ https://storefront.ecwid.dev:* 2
frame-ancestors 2domains.ru *.yandex.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com reseller-admin.int.reg.ru; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: data: blob: 2
upgrade-insecure-requests; frame-ancestors 'self' https://app.storyblok.com 2
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'none'; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com https://cobertura.cwpanama.com https://cwpanama.speedtestcustom.com https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://prodgis.lla.com https://api.retargetly.com https://cookieless-campaign.prd-00.retargetly.com https://analytics.libertycr.com https://www.googletagmanager.com; form-action *; worker-src * blob:; 2
default-src 'self' *.kyriba.com *.platformsh.site *.rainfocus.com *.treasury-factory.com *.kyriba.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kyriba.com blob: *.mountain.com *.drda.io *.company-target.com *.googletagmanager.com *.iubenda.com *.terminusplatform.com *.bing.com *.licdn.com *.ads-twitter.com *.demandbase.com *.facebook.net *.googleadservices.com https://googleads.g.doubleclick.net *.pardot.com *.storylane.io *.typeform.com *.calconic.com *.rainfocus.com *.kyribalive.com *.gstatic.com *.ckeditor.com *.visualwebsiteoptimizer.com app.vwo.com *.qualified.com *.zi-scripts.com *.zoominfo.com *.treasury-factory.com *.kyriba.io https://app.qualified.com *.6sc.co *.redditstatic.com *.dreamdata.cloud; connect-src 'self' *.kyriba.com *.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.googlesyndication.com *.facebook.com *.6sc.co *.platformsh.site *.google-analytics.com *.doubleclick.net *.iubenda.com *.terminus.services https://gtm-t6gnrfj-njq1m.uc.r.appspot.com *.google.com wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://api.company-target.com *.demandbase.com *.storylane.io https://segments.company-target.com *.typeform.com *.calconic.com *.visualwebsiteoptimizer.com *.vwo.com *.kyribalive.com *.rainfocus.com https://bat.bing.com *.zi-scripts.com *.zoominfo.com *.treasury-factory.com *.kyriba.io https://*.qualified.com wss://*.qualified.com *.redditstatic.com *.dreamdata.cloud *.reddit.com; style-src 'self' 'unsafe-inline' *.kyriba.com https://fonts.googleapis.com *.googletagmanager.com *.typeform.com *.calconic.com *.rainfocus.com *.kyribalive.com *.treasury-factory.com *.kyriba.io https://*.qualified.com; img-src 'self' *.kyriba.com *.platformsh.site *.googletagmanager.com blob: data: *.google-analytics.com *.linkedin.com *.facebook.com *.doubleclick.net *.google.by *.googleusercontent.com *.google.com *.google.es *.google.it *.googleadservices.com *.iubenda.com *.cloudfront.net *.rlcdn.com *.bing.com *.co *.twitter.com *.storylane.io *.mountain.com *.google.no *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.rainfocus.com *.kyribalive.com *.gstatic.com *.ckeditor.com *.company-target.com *.zi-scripts.com *.zoominfo.com *.qualified.com *.treasury-factory.com *.kyriba.io *.reddit.com; frame-src 'self' *.kyriba.com https://youtu.be https://kyriba-prod.highspot.com *.appspot.com *.platformsh.site *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.iubenda.com *.doubleclick.net *.company-target.com *.storylane.io *.typeform.com *.calconic.com *.visualwebsiteoptimizer.com app.vwo.com *.treasury-factory.com *.kyriba.io https://*.qualified.com; font-src 'self' *.kyriba.com data: https://fonts.gstatic.com *.gstatic.co; object-src 'none'; base-uri 'self' *.kyriba.com *.rainfocus.com *.kyribalive.com *.treasury-factory.com *.kyriba.io; media-src 'self' *.kyriba.com https://*.qualified.com; form-action 'self' *.kyriba.com; frame-ancestors 'self' *.kyriba.com *.platformsh.site https://kyriba-prod.highspot.com https://afpinteractive.splashthat.com/ *.typeform.com *.calconic.com *.treasury-factory.com *.kyriba.io; worker-src 'self' *.kyriba.com blob:; upgrade-insecure-requests; 2
script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; base-uri 'none'; form-action *;media-src *; default-src 'self' www.optimizecdn.com; img-src * data: blob:; font-src * data:; style-src * 'unsafe-inline'; frame-src *; connect-src *;frame-ancestors *; 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.dtvp.de *.cookiebot.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.xing-share.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.linkedin.com *.podigee.com *.podigee-cdn.net *.podlove.org *.cleverpush.com *.outbrain.com *.flockler.com *.seobility.net maps.google.com track.ewe.de chat.ato.botario.com chat.ewe.botario.com *.consentmanager.net *.doubleclick.net *.ewe.com; media-src 'self' blob: data:; base-uri 'self' track.ewe.de; object-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' track.ewe.de *.consentmanager.net *.ewe.com fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com plugins.flockler.com www.youtube-nocookie.com www.facebook.com b2b.ewe.de *.consentmanager.net *.doubleclick.net *.googletagmanager.com 2
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' https: blob: 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' data: blob: https: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; font-src 'self' data: https:; connect-src 'self' https: *.visualwebsiteoptimizer.com app.vwo.com; object-src 'none'; frame-src 'self' https: *.visualwebsiteoptimizer.com app.vwo.com; 2
img-src * data:; frame-ancestors 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.pay1.de api.deepl.com api-free.deepl.com https://*.googleapis.com https://*.google.com https://*.gstatic.com t.adcell.com containertags.belboon.de containertags.belboon.com https://*.r.akipam.com https://*.r.jakuli.com https://*.r.lafamo.com https://*.r.niwepa.com https://*.r.powuta.com https://cdn.logico3c.com https://pix.hyj.mobi https://s.retargeted.co https://maytrics.marvellousmachine.net tr.fatmedia.io as.ad4m.at ad4m.at https://*.adform.net bsmartdata.com fatmedia.io ad.ad-srv.net lekkerads.nl marvellousmachine.net https://*.gsitrix.com mediards.com https://*.mediards.com pikkasrv.com ad.ad-srv.net https://*.redintelligence.net https://*.adform.net https://*.redintelligence.net https://*.gsitrix.com https://*.adc-srv.net https://*.ad-srv.net https://*.mediards.com a.twiago.com ad.doubleclick.net ad.yieldlab.net ad13.adfarm1.adition.com ad4m.at adscale.de apptracker.stream bsmartdata.com dsum-sec.casalemedia.com https://*.fatmedia.io lekkerads.nl marvellousmachine.net pikkasrv.com r.adserver01.de r.adserver01.de r.df-srv.de rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com trc.taboola.com tr.mediards.de https://s.marvellousmachine.net https://trk.cytelligence.io/ https://sdk-set1.com/ bat.bing.com sync.targeting.unrulymedia.com sync.1rx.io static.criteo.net sslwidget.criteo.com dynamic.criteo.com connect.facebook.net www.facebook.com cm.g.doubleclick.net adservice.google.com googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com https://*.google-analytics.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js s.pinimg.com ct.pinterest.com api.sovendus.com *.adsrvr.org widgets.trustedshops.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' https://youtube.com https://www.youtube.com https://applepay.cdn-apple.com; connect-src 'self' https://eu1-search.doofinder.com api.deepl.com api-free.deepl.com pro.ip-api.com 'self' data: blob: https://*.googleapis.com https://*.google.com https://*.gstatic.com t.adcell.com https://tr.fatmedia.io https://api.retargeted.co https://as.ad4m.at bat.bing.com measurement-api.criteo.com www.econda-monitor.de www.facebook.com stats.g.doubleclick.net https://www.google.de/ads/ https://*.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com/ ct.pinterest.com https://www.pinterest.com https://*.sovendus.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com api.trustedshops.com logging.trustbadge.com https://shops-si.trustedshops.com https://guarantee-log.trustedshops.com/v2/trustcard https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; img-src 'self' data: i.ytimg.com data: https://*.googleapis.com https://*.google.com https://*.gstatic.com kraeuterhaus-nocookie.de www.kraeuterhaus-nocookie.de https://t.adcell.com https://janus.r.jakuli.com/ https://img.youtube.com https://ads.yieldmo.com https://sync.1rx.io https://as.ad4m.at https://ih.adscale.de https://dsum-sec.casalemedia.com https://a.twiago.com https://sync.targeting.unrulymedia.com bat.bing.com gum.criteo.com x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com c1.adform.net dpm.demdex.net dis.criteo.com www.facebook.com https://connect.facebook.net www.google.com www.google.de https://*.g.doubleclick.net adservice.google.com cm.g.doubleclick.net https://server.seadform.net www.googletagmanager.com https://public-prod-dspcookiematching.dmxleo.com ct.pinterest.com widgets.trustedshops.com https://static.hotjar.com https://script.hotjar.com i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' mailto: secure.pay1.de www.youtube-nocookie.com https://*.google.com https://t.adcell.com hal9000.redintelligence.net pixel.bsmartdata.com ads.lekkerads.nl ad.ad-srv.net s.marvellousmachine.net https://containertags.belboon.com https://analytics.bestofluck.io https://roxxtraxx.de https://ad4m.at https://c1.adform.net https://*.ad-srv.net/ https://cm.g.doubleclick.net https://ban.tangooserver.com *.mediards.com gum.criteo.com fledge.eu.criteo.com static.criteo.net connect.facebook.net www.facebook.com https://*.fls.doubleclick.net https://td.doubleclick.net/ ct.pinterest.com https://*.sovendus.com https://www.sovendus-connect.com https://vars.hotjar.com https://youtube.com https://www.youtube.com; media-src 'self'; base-uri 'self'; form-action 'self' login.microsoftonline.com www.facebook.com; upgrade-insecure-requests; 2
default-src * 2
connect-src *.doubleclick.net *.linkedin.com *.google.com *.motork.io *.getwarmly.com *.iubenda.com *.google-analytics.com; default-src 'self'; font-src 'self' *.typekit.net; frame-src *.youtube.com *.google.com *.motork.io *.facebook.com; img-src 'self' *.drata.com *.lfeeder.com *.linkedin.com t.co *.twitter.com *.google.com *.google.it *.facebook.com *.googletagmanager.com; script-src 'unsafe-inline' 'self'; script-src-elem 'unsafe-inline' 'self' *.typekit.net *.iubenda.com *.motork.io *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.hotjar.com *.licdn.com *.ads-twitter.com *.facebook.net *.lfeeder.com *.head3high.com *.getwarmly.com *.doubleclick.net; style-src 'unsafe-inline' 'self'; style-src-elem 'unsafe-inline' 'self' *.typekit.net *.motork.io; worker-src 'self' blob:; 2
script-src https://cdnjs.cloudflare.com https://cdn.botframework.com https://code.jquery.com https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 2
object-src data:; base-uri 'self' studio.plasmic.app analytics.plasmic.app; frame-ancestors 'self' studio.plasmic.app analytics.plasmic.app partners.abnormalsecurity.com partners.abnormal.ai cms.abnormalsecurity.com cms.abnormal.ai staging-cms.abnormalmarketing.dev getpeel.ai 2
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ *.bing.com *.clarity.ms 'sha256-OV+W5aN+wXLQMwrLt6Me/DVM/QLZyWr6AqI2ONGntw8='; connect-src 'self' google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com *.bing.com *.clarity.ms; script-src-elem 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ *.bing.com *.clarity.ms 'sha256-OV+W5aN+wXLQMwrLt6Me/DVM/QLZyWr6AqI2ONGntw8='; img-src 'self' google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com *.bing.com *.clarity.ms; style-src 'self' 'unsafe-hashes' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc='; frame-ancestors 'self'; form-action 'self'; manifest-src 'self'; font-src 'self'; frame-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ 2
frame-ancestors 'self' https://app.gather.town; 2
block-all-mixed-content; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; default-src 'none'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; font-src 'self' data:; media-src data: about:; frame-src 'self' about: https:; object-src 'self' about: 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromeos_google 2
default-src 'self' https:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'report-sample' 'self' 'unsafe-inline' https:; object-src 'none'; base-uri 'self'; connect-src 'self' https:; font-src 'self' data: https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https:; manifest-src 'self'; media-src 'self' https:; form-action 'self'; report-uri https://6939c52d6175915612df5ef6.endpoint.csper.io?builder=true&v=2; worker-src 'self' blob:; 2
frame-ancestors 'self' https://411.windcreekcasinodev.com https://411.windcreekcasino.com https://411.windcreekcasinostage.com; 2
frame-ancestors 'self' https://app.optimizely.com; 2
frame-ancestors http://wolfteam.softnyx.com 2
default-src 'self' https://yastatic.net; connect-src 'self' https://*.auvix.ru https://yandex.ru https://*.yandex.com https://*.yandex.ru https://*.yandex.net wss://mc.yandex.ru https://bitrix.info/bx_stat; font-src 'self' data: https://*.auvix.ru https://fonts.bitrix24.ru; frame-ancestors 'self' https://metrika.yandex.ru https://www.lumien.ru https://www.arturia.com.ru https://www.axelvox.ru; frame-src 'self' blob: https://*.auvix.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://cp.unisender.com https://vk.com https://rutube.ru https://*.dev.auvix.ru; media-src 'self'; img-src 'self' blob: data: https://*.auvix.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://*.1c-bitrix.ru https://cdn.bitrix24.site; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.auvix.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://yastatic.net https://*.1c-bitrix.ru https://cdn.bitrix24.ru https://cdn-ru.bitrix24.ru https://bitrix.info/ba.js https://cp.unisender.com https://top-fwz1.mail.ru/js/code.js https://code.jquery.com/ui/1.12.0/jquery-ui.js; style-src 'self' 'unsafe-inline' https://*.auvix.ru https://fonts.bitrix24.ru https://*.1c-bitrix.ru https://code.jquery.com/ui/1.12.0/themes/smoothness/jquery-ui.css; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; 2
default-src 'self' packages.umbraco.org our.umbraco.org;script-src 'self' http://*.redditstatic.com https://c.amazon-adsystem.com https://snap.licdn.com https://connect.facebook.net https://analytics.tiktok.com https://munchkin.marketo.net https://code.jquery.com https://*.googletagmanager.com https://maps.googleapis.com https://www.gstatic.com https://*.google.com ajax.googleapis.com unpkg.com ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net use.typekit.net https://*.bing.com https://www.bing.com https://*.virtualearth.net https://info.servus.ca https://connectfirstcu.tfaforms.net https://www.youtube.com 'unsafe-eval' 'unsafe-inline';style-src 'self' https://*.googletagmanager.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.linearicons.com use.typekit.net p.typekit.net https://*.bing.com https://info.servus.ca 'unsafe-inline';connect-src 'self' https://*.doubleclick.net https://*.google.ca https://*.google-analytics.com https://*.googletagmanager.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.google.com https://*.virtualearth.net https://www.bing.com https://maps.googleapis.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://px.ads.linkedin.com https://www.redditstatic.com https://047-pbv-647.mktoresp.com https://342-bkg-026.mktoresp.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com;font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com cdn.linearicons.com fonts.googleapis.com use.typekit.net;img-src 'self' data: via.placeholder.com https://px.ads.linkedin.com https://*.google.ca https://*.doubleclick.net https://fonts.gstatic.com/s/i/googlematerialicons https://*.googletagmanager.com https://*.virtualearth.net https://*.bing.com https://maps.gstatic.com https://maps.googleapis.com https://alb.reddit.com https://www.facebook.com https://www.gstatic.com https://www.linkedin.com;frame-ancestors 'self' https://info.servus.ca/;frame-src 'self' https://*.doubleclick.net https://*.googletagmanager.com https://*.google.com https://www.youtube.com https://info.servus.ca https://connectfirstcu.tfaforms.net https://s.amazon-adsystem.com https://www.facebook.com https://www.gstatic.com https://www.linkedin.com 2
default-src 'self' https://*.google-analytics.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.google-analytics.com/ https://tagmanager.google.com/ https://*.googletagmanager.com/ https://www.google.com https://www.gstatic.com/ ; style-src 'unsafe-inline' 'self' https://pro.fontawesome.com/ https://*.google-analytics.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://fonts.googleapis.com/ https://www.google.com https://www.gstatic.com; img-src 'unsafe-inline' 'self' https://*.google-analytics.com https://ssl.gstatic.com/ https://*.googletagmanager.com/ data:; font-src 'self' 'unsafe-inline' https://pro.fontawesome.com/ https://fonts.gstatic.com/ data:; connect-src 'self' https://*.google-analytics.com https://ssl.gstatic.com/ https://*.google.com data:;frame-ancestors self http://tohyve.iventic.com ; frame-src 'self' https://www.google.com/ https://*.googletagmanager.com/; 2
frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/ 2
default-src 'self' 'unsafe-inline'; connect-src *; frame-src *; img-src *; media-src *; object-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; 2
frame-ancestors https://*.letsdoeit.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ga.dorcel.com contentnotif.dorcel.com www.dorcelclub.com www.account-dorcel.com cdnjs.cloudflare.com track.dorcelcash.com www.googletagmanager.com www.google-analytics.com *.dugwood.com bat.bing.com *.clarity.ms *.streaming.in2ip.nl; style-src 'self' 'unsafe-inline' ga.dorcel.com *.streaming.in2ip.nl; img-src 'self' data: https: blob:; media-src 'self' data: *.streaming.in2ip.nl blob:; font-src 'self' data: ga.dorcel.com *.streaming.in2ip.nl; frame-src 'self' contentnotif.dorcel.com *.netverify.com www.dorcelclub.com msurvey.orange.com as.sexad.net www.account-dorcel.com; connect-src 'self' region1.google-analytics.com region1.analytics.google.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net *.dugwood.com bat.bing.com bat.bing.net *.clarity.ms *.streaming.in2ip.nl; form-action 'self' https: http://*.streaming.in2ip.nl; worker-src blob:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv https://tags.bkrtx.com https://stags.bluekai.com https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://*.google-analytics.com https://programarcita.claro.com.sv/ https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://youtu.be https://*.facebook.com https://*.facebook.net https://*.kampyle.com https://*.medallia.com https://*.ads-twitter.com https://run.app https://*.twitter.com https://digitasgt.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.acuityplatform.com https://*.clarovideo.net https://*.claromusica.com https://i.ytimg.com https://*.seadform.net https://players.brightcove.net https://e.issuu.com https://*.claro.com.sv https://www.googleoptimize.com https://*.google.com https://cdn.agentbot.net https://*.amazonaws.com https://*.aivo.co https://cdn.jsdelivr.net https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://sv.mipagoclaro.com https://paquetes.miclaro.com.sv https://s.gravatar.com https://*.google.com.mx https://*.bing.com https://paquetes1.miclaro.com.sv https://*.prod.clarodigital.net https://*.run.app https://*.google.com.gt https://*.claro.com.gt https://static.ads-twitter.com https://*.clarity.ms https://*.gstatic.com https://universalplus.com https://*.teads.tv https://*.tiktok.com https://*.googleadservices.com https://connect.facebook.net; media-src mediastream: https://*.amazonaws.com; 2
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.vimeo.com *.cloudflareinsights.com vercel.live *.vercel-scripts.com *.googletagmanager.com googletagmanager.com *.googleadservices.com *.google-analytics.com www.google-analytics.com google-analytics.com stats.g.doubleclick.net google.com *.googleapis.com *.youtube.com bugherd.com *.bugherd.com *.cookielaw.org *.clarity.ms *.adobedtm.com *.force.com *.salesforce-sites.com; font-src 'self' data: *.gstatic.com *.typekit.net *.googletagmanager.com googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net *.bugherd.com vercel.live *.salesforce-sites.com; img-src 'self' data: *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com bugherd-attachments.s3.amazonaws.com *.bugherd.com ads-twitter.com ads-api-twitter.com analytics.twitter.com www.googletagmanager.com *.sanity.io *.cookielaw.org *.bing.com *.clarity.ms *.everesttech.net *.demdex.net; frame-ancestors undefined 'self'; frame-src 'self' *.ginkgo.bio vercel.live *.vercel-scripts.com *.bugherd.com *.googletagmanager.com googletagmanager.com *.youtube.com *.vimeo.com *.vercel.app *.demdex.net *.doubleclick.net *.salesforce-sites.com; connect-src 'self' *.s3.amazonaws.com www.google-analytics.com *.googletagmanager.com googletagmanager.com *.vimeo.com vimeo.com *.licdn.com *.linkedin.com *.adsymptotic.com *.linkedin.oribi.io data: *.cookielaw.org *.nsvcs.net *.onetrust.com *.clarity.ms *.demdex.net *.adobedc.net *.google.com *.doubleclick.net *.google.com *.salesforce-sites.com; child-src 'self' *.hsforms.com; 2
default-src https: 'unsafe-inline' 'unsafe-eval' ; 2
base-uri 'self'; default-src *; style-src 'unsafe-inline' *; script-src 'unsafe-eval' 'unsafe-inline' *; img-src *; media-src *; font-src *; connect-src *; worker-src *; frame-src *; form-action *; 2
child-src 'self' https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com https://apps.rokt.com https://sgtm.glossybox.co.uk https://*.ringcentral.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com blob: https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://api.stripe.com https://api-dev.pogodonate.com https://api.pogodonate.com https://app-dev.pogodonate.com https://app.pogodonate.com  https://www.googleadservices.com https://pagead2.googlesyndication.com https://obseu.seroundprince.com https://analytics.tiktok.com https://*.ringcentral.com wss://*.ringcentral.com https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://ct.pinterest.com https://sgtm.glossybox.co.uk; default-src 'none'; font-src 'self' https://app-dev.pogodonate.com https://app.pogodonate.com data: https://*.ringcentral.com https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.glossybox.co.uk https://checkout.glossybox.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' https://pogodonate.s3.eu-west-2.amazonaws.com https://app-dev.pogodonate.com https://app.pogodonate.com  data: https://*.ringcentral.com https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' https://*.js.stripe.com https://js.stripe.com blob: https://app-dev.pogodonate.com https://app.pogodonate.com  'unsafe-eval' 'unsafe-inline' data: https://apps.rokt.com https://euob.seroundprince.com https://obseu.seroundprince.com https://analytics.tiktok.com https://static.ads-twitter.com https://*.ringcentral.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://ln-rules.rewardstyle.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://s.pinimg.com https://sgtm.glossybox.co.uk; style-src 'self' https://*.js.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com  'unsafe-inline' https://*.ringcentral.com https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to csp-endpoint 2
frame-ancestors 'self' https://*.foodinfluencersunited.nl https://*.foodinfluencersunited.com 2
default-src 'self' *.ist.ac.at *.ista.ac.at *.google-analytics.com *.azureedge.net *.dynamics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ist.ac.at *.ista.ac.at https://www.google-analytics.com https://www.googletagmanager.com *.azureedge.net *.dynamics.com; style-src 'self' *.googleapis.com *.ist.ac.at *.ista.ac.at *.azureedge.net *.dynamics.com 'unsafe-inline'; img-src 'self' data: *.ist.ac.at *.ista.ac.at *.googletagmanager.com https://secure.gravatar.com *.azureedge.net *.dynamics.com; font-src 'self' fonts.gstatic.com *.ist.ac.at *.ista.ac.at data:; connect-src 'self' *.ist.ac.at *.ista.ac.at *.google-analytics.com *.azureedge.net *.dynamics.com; media-src 'self' *.ist.ac.at *.ista.ac.at; object-src 'none'; base-uri 'self'; frame-ancestors 'self' *.ist.ac.at *.ista.ac.at; 2
img-src 'self' 'unsafe-inline'  https://*.cmhc-schl.gc.ca/ https://*.azureedge.net/ https://www.google.com https://*.linkedin.com https://*.facebook.com https://*.youtube.com https://*.reddit.com https://*.twitter.com https://*.google-analytics.com https://www.google.ca https://*.blob.core.windows.net/ https://cdn.cookielaw.org https://*.onetrust.com https://*.siteimproveanalytics.io https://www.googletagmanager.com https://t.co https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.google.co.in https://*.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.googleadservices.com https://*.cmhc-schl.gc.ca/ https://*.facebook.net https://*.msecnd.net https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.azureedge.net/ https://*.cloud.coveo.com/ https://siteimproveanalytics.com/ https://*.redditstatic.com https://*.ads-twitter.com https://*.licdn.com https://*.hotjar.com/ https://*.googleapis.com https://*.cloudflare.com https://cdn.jsdelivr.net https://*.b2clogin.com https://www.googletagmanager.com/ https://*.linkedin.com/ https://*.twitter.com/ https://www.google.com https://ajax.googleapis.com/ https://www.gstatic.com https://cdn.cookielaw.org https://*.onetrust.com https://analytics-ca.clickdimensions.com https://*.cloudfront.net https://pixel.byspotify.com https://*.curator.io; style-src 'self' 'unsafe-inline' https://*.youtube.com https://*.cmhc-schl.gc.ca/ https://*.azureedge.net/ https://*.typekit.net https://*.cloud.coveo.com/ https://*.googleapis.com https://*.jquery.com https://use.typekit.net https://*.blob.core.windows.net/ https://cdn.cookielaw.org https://*.onetrust.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.youtube.com https://*.cmhc-schl.gc.ca/ https://*.typekit.net https://*.azureedge.net/ https://*.cloud.coveo.com/ https://*.blob.core.windows.net/ https://cdn.cookielaw.org https://*.onetrust.com https://*.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; object-src 'none'; 2
default-src http: data: 'unsafe-inline' 'unsafe-eval' wss://ws.hotjar.com 2
default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://upload.tawk.to wss://*.tawk.to; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com https://embed.tawk.to; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; upgrade-insecure-requests; block-all-mixed-content; 2
reflected-xssblock 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.srv.stackadapt.com/ https://script.hotjar.com https://*.simpli.fi/ https://*.bttrack.com/ https://bttrack.com/ https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://googleads.g.doubleclick.net/ https://stats.wp.com/ https://stats.wp.com/ https://static.hotjar.com/ https://sase.merck.com/ https://www.youtube.com/ https://cdnjs.cloudflare.com/ https://player.quadia.net/quadia.player.min.js https://s0.wp.com https://*.contentsquare.com https://*.usabilla.com https://*.contentsquare.net/ https://pym.nprapps.org https://*.wotnot.io https://www.googletagmanager.com https://www.google-analytics.com/ https://players.brightcove.net https://cdn.cookielaw.org https://js-agent.newrelic.com/ https://*.pricespider.com https://api.tiles.mapbox.com https://vjs.zencdn.net https://bat.bing.com https://js.adsrvr.org https://connect.facebook.net https://bam.nr-data.net blob:; object-src 'none'; base-uri https://d6tizftlrpuof.cloudfront.net/; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net/ https://www.google.com.my/pagead/ https://sase.merck.com/ https://4918300.fls.doubleclick.net/ https://widgets.wp.com/ https://*.contentsquare.com https://*.contentsquare.net https://*.exacttarget.com https://*.facebook.com https://*.exct.net/ https://www.youtube-nocookie.com https://player.quadia.net https://players.brightcove.net https://pages.emailca.merck-animal-health-usa.com https://cloud.emailca.merck-animal-health-usa.com https://*.akamaihd.net https://insight.adsrvr.org https://match.adsrvr.org; frame-ancestors 'self'; img-src 'self' https://*.tile.openstreetmap.org https://policy.privacyandcookies.eu https://assets.merck-animal-health.com https://*.googleapis.com/ https://*.gstatic.com/ https://*.googleusercontent.com/ https://tags.srv.stackadapt.com/ https://*.simpli.fi/ https://bttrack.com/ https://www.google.com.my/pagead/ https://connect.facebook.net/ https://www.google.com.my/ads/ga-audiences https://www.google.co.za https://px.ads.linkedin.com/ https://www.google.de https://mid.rkdms.com/ https://match.sharethrough.com/ https://x.bidswitch.net/ https://match.adsrvr.org/ https://tags.bluekai.com/ https://pixel.rubiconproject.com/ https://cm.g.doubleclick.net/ https://dpm.demdex.net/ https://insight.adsrvr.org/ https://*.wp.com https://*.wotnot.io https://wotnot-chat-widget-icon.storage.googleapis.com https://*.contentsquare.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net/ https://*.contentsquare.net/ https://assets.msd-animal-health.com https://wotnot-bot-title-logo.storage.googleapis.com https://wotnot-avatar.storage.googleapis.com https://*.merck-animal-health.com https://unpkg.com https://cdn.jsdelivr.net https://secure.adnxs.com/ https://px.adentifi.com/ https://pubads.g.doubleclick.net https://cf-images.us-east-1.prod.boltdns.net https://www.msd-animal-health.com https://cdn.cookielaw.org https://secure.gravatar.com https://www.google-analytics.com/ https://*.deepintent.com/ https://*.brightcove.com https://brightcove.hs.llnwd.net https://*.brightcove.hs https://manifest.prod.boltdns.net data: https://www.google.com/ https://*.bing.com/ https://*.facebook.com/ https://*.pricespider.com/ https://*.turn.com https://*.googletagmanager.com/ https://www.google.pl/; media-src 'self' blob: https://*.wotnot.io https://*.brightcove.com https://manifest.prod.boltdns.net https://*.akamaihd.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://s0.wp.com https://d6tizftlrpuof.cloudfront.net/ https://*.mapbox.com/ https://*.pricespider.com/ https://tags.srv.stackadapt.com/; upgrade-insecure-requests; default-src blob: https: data: webpack: 'self' wss://*.wotnot.io wss://ws.hotjar.com; trusted-types 'allow-duplicates' google-maps-api#html google#safe google-analytics goog#html connect.facebook.net/fbevents facebook.com/signals/iwl youtube-widget-api default; 2
frame-ancestors https://app.kontent.ai; 2
default-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://code.jquery.com/;img-src 'self' data: https://code.jquery.com/;script-src-attr 'self' 'unsafe-inline';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com unpkg.com *.newrelic.com *.nr-data.net nr-data.net js.stripe.com pay.google.com outrightinternational.bamboohr.com/js/embed.js https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js outrightinternational.us5.list-manage.com *.stripe.com m.stripe.network *.plaid.com *.src.mastercard.com *.checkout.visa.com pay.google.com *.paypal.com *.google.com *.analytics.google.com *.paypalobjects.com *.licdn.com *.thegivingblock.com *.jsdelivr.net cdn-cookieyes.com cdnjs.cloudflare.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.hubspot.com *.clarity.ms static.cloudflareinsights.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com doublethedonation.com *.doublethedonation.com *.mailchimp.com *.jsdelivr.net cdnjs.cloudflare.com unpkg.com; img-src 'self' data: *.facebook.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com ucarecdn.com www.gstatic.com resources.bamboohr.com www.google-analytics.com/* pay.google.com *.google.com *.paypal.com *.google-analytics.com *.paypalobjects.com *.linkedin.com cdn-cookieyes.com googletagmanager.com *.hsforms.com *.hubspot.com; media-src 'self'; frame-src 'self' *.youtube.com *.youtu.be *.youtube-nocookie.com *.googlevideo.com *.googleapis.com *.ytimg.com *.youtubeeducation.com tgbwidget.com *.tgbwidget.com *.fundraiseup.com *.stripe.com *.plaid.com *.paypal.com pay.google.com *; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com *.stripe.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net www.google.com www.facebook.com *.fundraiseup.com fndrsp.net *.fndrsp.net doublethedonation.com *.doublethedonation.com nr-data.net fndrsp-checkout.net outrightinternational.bamboohr.com bam.nr-data.net *.fundraiseup.com *.stripe.com *.paypal.com *.plaid.com *.mastercard.com *.checkout.visa.com api.addressy.com *.google.com *.analytics.google.com google.com/pay *.linkedin.com *.cookieyes.com cdn-cookieyes.com *.hscollectedforms.net *.hubspot.com *.clarity.ms 2
frame-ancestors 'self' https://www.netlifeplus.ec https://www.ventasnetlife.ec https://ventasnetlife.ec https://internetnetlife.ec https://analytics.tiktok.com https://internetnetlife.ec https://netlifehogar
 
.com https://netlifeinternet.ec https://netlifeinternet.com.ec https://netlifeinternet.net.ec https://globalcomecuador.com https://denuncias.netlife.net.ec https://netlife.fluyapp.com https
 
://www.youtube-nocookie.com https://*.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://i.clarity.ms https://*.clarity.ms https://clarity.microsoft.com https:
 
//www.youtube-nocookie.com https://*.youtube-nocookie.com https://netlife.hiringroom.com/jobs https://px.ads.linkedin.com https://netlife.ec https://*.netlife.ec https://*.opentv.com https:
 
//*.otv-staging.com https://netlifeaccess.netlife.net.ec https://*.netlife.net.ec https://netlifeinternetec.com 2
base-uri 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.eex-group.com https://smc-lp.s4hana.ondemand.com/ https://www.youtube.com https://www.youtube-nocookie.com https://eds.eex-group.com https://www.marketview.com https://webservice-eex.gvsi.com https://eex-group.com/ https://ecc.de/ https://www.eex.com https://queryeex.gvsi.com https://www.etracker.de https://etracker.com https://*.etracker.com data:; font-src 'self' data: https://eds.eex-group.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net https://*.kampyle.com https://*.medallia.com http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv http://claro.clientcampaigns.live https://*.google.com.mx https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://tags.bkrtx.com https://stags.bluekai.com https://programarcita.claro.com.hn https://*.google-analytics.com https://*.acuityplatform.com https://*.google.com https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.facebook.com https://*.facebook.net https://digitasgt.com https://*.ads-twitter.com https://*.cloudflare.com https://*.twitter.com https://t.co https://*.gstatic.com https://*.jquery.com https://*.conversionsapigateway.com https://*.doubleclick.net https://clarity.ms https://*.bing.com https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.claro.com.sv https://*.clarodigital.net https://*.ytimg.com https://stackpath.bootstrapcdn.com https://*.claro.com.hn https://*.clarity.ms https://cdn.agentbot.net https://*.amazonaws.com https://*.aivo.co https://cdn.jsdelivr.net https://ajax.aspnetcdn.com https://universalplus.com https://*.googleadservices.com https://*.google.com.gt https://hn.mipagoclaro.com https://paquetes.miclaro.com.hn https://paquetes1.miclaro.com.hn https://*.teads.tv https://*.tiktok.com https://claro.clientcampaigns.live https://*.dearflip.com https://*.zencdn.net; media-src mediastream: https://*.amazonaws.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: https://*.claro.com.hn https://*.dearflip.com; 2
form-action *; frame-src *; frame-ancestors *; 2
frame-ancestors 'self' cmwlab.com metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr *.webvisor.com; 2
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.sporcle.com https://servedby.adfyre.co https://platform.twitter.com https://c.bannerflow.net https://static.ads-twitter.com https://bat.bing.com https://connect.facebook.net https://*.clarity.ms https://app.link https://ajax.googleapis.com https://desk.zoho.eu;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;    img-src 'self' blob: data: https://cdn.checkd.media https://cdn.checkd-dev.com https://servedby.adfyre.co https://c.bannerflow.net https://www.googletagmanager.com https://t.co https://analytics.twitter.com https://bat.bing.net https://www.facebook.com https://cdn.fantasyiteam.com https://*.clarity.ms https://www.google.co.uk https://cdn.branch.io;    frame-src 'self' https://www.sporcle.com https://www.youtube.com https://platform.twitter.com/ https://platform.x.com/ https://www.googletagmanager.com https://smartacca.dev.checkd-dev.com https://smartacca.test.checkd-dev.com https://smartacca.checkd-dev.com https://smartpicks.dev.checkd-dev.com https://smartpicks.test.checkd-dev.com https://smartpicks.checkd-dev.com https://api-bettinghub.checkd-dev.com https://gateway-members.bet365.com https://identitysso.paddypower.com https://identitysso.betfair.com https://desk.zoho.eu;    font-src 'self' https://fonts.gstatic.com https://c.bannerflow.net;    connect-src 'self' https://*.google-analytics.com https://servedby.adfyre.co https://*.ingest.us.sentry.io https://*.ingest.sentry.io https://c.bannerflow.net https://www.google.com https://bat.bing.net https://*.clarity.ms https://api2.branch.io https://www.facebook.com https://*.analytics.google.com https://*.doubleclick.net https://sites-api-v3.prod.checkd-media.com/prod/ https://odds-api.checkd-dev.com/prod/ https://identitysso.paddypower.com https://identitysso.betfair.com;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    upgrade-insecure-requests; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' *.youtube.com youtube.com *.vimeo.com vimeo.com; img-src * data:; font-src * data:; style-src 'unsafe-inline' *; 2
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.quantserve.com/ https://www.instagram.com/ https://app.termly.io/ https://www.google.com/ https://www.gstatic.com/ http://rules.quantcount.com/ http://cdn.scarabresearch.com/ https://assets.juicer.io/ https://www.googletagmanager.com/ http://cdn.scarabresearch.com/ https://cdn.levelaccess.net/ https://www.google-analytics.com/ https://www.googleadservices.com/ http://pixel.quantserve.com/ http://connect.facebook.net/ https://secure-ds.serving-sys.com/ https://s.pinimg.com/ http://xfqprspx.micpn.com/ https://static.bytedance.com/ http://www.lightboxcdn.com/ http://api.lightboxcdn.com/ https://bs.serving-sys.com/ http://www.juicer.io/ https://js.adsrvr.org/; object-src 'none' 2
frame-ancestors 'self' https://app.storyblok.com/ 2
script-src 'nonce-zXnxZ3imBGncSjBA1F+FNA==' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' http: https:; base-uri none; frame-ancestors https://app.contentful.com; require-trusted-types-for 'script' 2
frame-ancestors *.uniphore.com 2
upgrade-insecure-requests; frame-ancestors 'self' https://*.etracker.com 2
default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://api-maps.yandex.ru https://suggest-maps.yandex.ru http://*.maps.yandex.net https://yandex.ru https://yastatic.net https://enterprise.api-maps.yandex.ru https://api-cis.exponea.com https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org *.metrika.yandex.ru *.yandex.tld *.yandex.net https://vk.com https://top-fwz1.mail.ru https://smartcaptcha.yandexcloud.net; style-src https: blob: 'self' 'unsafe-inline'; style-src-elem blob: https: 'self' 'unsafe-inline'; img-src blob: data: https: 'self' 'unsafe-inline' https://*.maps.yandex.net https://enterprise.api-maps.yandex.ru https://api-maps.yandex.ru https://yandex.ru https://mc.yandex.ru; connect-src wss://*.blanc.ru wss://*.vestabankdev.ru wss://mc.yandex.ru https: 'self' 'unsafe-inline' *.sentry.io *.ingest.sentry.io https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://*.taxi.yandex.net https://api-cis.exponea.com https://stats.g.doubleclick.net https://mc.yandex.ru; font-src data: https: 'self' 'unsafe-inline'; object-src 'self'; media-src 'self'; child-src https: 'self' https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://mc.yandex.ru; frame-src blob: 'self' https://*.facct.ru https://*.facct.ru https://wcm-ru.frontend.weborama.fr https://content.adriver.ru https://www.facebook.com http://*.fls.doubleclick.net http://*.doubleclick.net https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://*.mkb.ru:* https://*.mirconnect.ru:* https://*.vestabankdev.ru https://*.blanc.ru https://mc.yandex.ru https://mc.yandex.com https://ad.new-programmatic.com https://px.adhigh.net/ https://smartcaptcha.yandexcloud.net https://smartcaptcha.cloud.yandex.ru; form-action https: 'self' 'unsafe-inline'; worker-src https: 'self' blob:; manifest-src https: 'self'; frame-ancestors 'self' https://*.blanc.ru https://avito.ru https://www.avito.ru https://*.avito.ru *.yandex.ru *.yandex.by *.yandex.com *.yandex.com.tr webvisor.com; block-all-mixed-content; report-uri https://o547163.ingest.sentry.io/api/5669457/security/?sentry_key=1f47343ab8d64a3bb44fa53d85499fff; 2
frame-ancestors 'self' https://georgestore.erstebank.hu https://georgestorefat.erstebank.hu https://georgestoreperf.erstebank.hu https://georgestoreperf3.erstebank.hu https://store.erstebank.hu https://store.erste.hu https://storelt1.erste.hu https://storelt1.erstebank.hu https://storeint.erste.hu https://george.ersteinvestment.hu/ https://georgeinteg.ersteinvestment.hu/ https://georgetest.ersteinvestment.hu/ https://tablet-sales-tool.apps.prd.openshift.erste.hu/ https://tablet-sales-tool.d6.dev.openshift.erste.hu/ https://tablet-sales-tool.d10.dev.openshift.erste.hu/ https://tablet-sales-tool.ffx.tst.openshift.erste.hu/ https://tablet-sales-tool.int.tst.openshift.erste.hu/ https://tablet-sales-tool.lt1.tst.openshift.erste.hu/ https://tablet-sales-tool.t10.tst.openshift.erste.hu/ https://ltp.erstebank.hu/ https://login.erstebank.hu https://loginperf.erstebank.hu https://loginperf3.erstebank.hu https://loginfat2.erstebank.hu https://georgeadmin.erste.hu https://georgeadminfat.erste.hu https://georgeadminperf.erste.hu https://georgeadminperf3.erste.hu https://george.erstebank.hu https://georgefat2.erstebank.hu https://georgeperf.erstebank.hu https://georgeperf3.erstebank.hu https://api.erstebank.hu https://apifat2.erstebank.hu https://apiperf.erstebank.hu https://apiperf3.erstebank.hu https://tablet-sales-tool-mikro.d6.dev.openshift.erste.hu https://tablet-sales-tool-mikro.d10.dev.openshift.erste.hu/ https://tablet-sales-tool-mikro.ffx.tst.openshift.erste.hu/ https://tablet-sales-tool-mikro.lt1.tst.openshift.erste.hu/ https://tablet-sales-tool-mikro.int.tst.openshift.erste.hu/ https://tablet-sales-tool-mikro.apps.prd.openshift.erste.hu/ https://remote-advisory.dev.aks.azu.erste.hu https://design-euw.ci360.sas.com; 2
frame-ancestors 'self' https://*.storyblok.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readwhere.app *.readwhere.com *.cloudflare.com  *.bootstrapcdn.com  *.googletagmanager.com *.gstatic.com *.facebook.net *.twitter.com googleads.g.doubleclick.net *.doubleclick.net *.rwadx.com *.google.com *.google.co.in *.facebook.com *.epapr.in static.xx.fbcdn.net scontent.fdel72-1.fna.fbcdn.net *.google-analytics.com use.fontawesome.com *.pinterest.com *.jquery.com *.cloudfront.net *.googleapis.com data: sb.scorecardresearch.com *.googlesyndication.com 2
frame-ancestors https://*.dsw.nl https://*.dsw.lan 2
default-src 'self' widget.presupuestos.saltala.com *.youtube.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com was2-chile.crossnet.la client.crisp.chat chat.sendinblue.com sibautomation.com https://cdnjs.cloudflare.com marketingautomation.services *.marketingautomation.services app-3QNONFGGJG.marketingautomation.services d328k6xhl3lmif.cloudfront.net widget.presupuestos.saltala.com pixel-geo.prfct.co tag.perfectaudience.com koi-3qnonfggjg.marketingautomation.services cdn.us-east-1.pipedriveassets.com *.pipedrive.com *.landbot.io *.hotjar.com *.hotjar.io https://optimize.google.com https://www.google-analytics.com *.googletagmanager.com *.jsdelivr.net *.youtube.com *.google.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com api.instagram.com cdn.lightwidget.com www.googleoptimize.com www.clarity.ms *.kit.fontawesome.com:* *.cloudfront.net:* kit.fontawesome.com:* https://googleads.g.doubleclick.net/ https://chatrsuc.cgs-aplicaciones2.cgsinc.cl/ https://www.googletagmanager.com/ https://cdn.insight.sitefinity.com/ https://cdnjs.cloudflare.com/ unpkg.com https://ucchristus-web-pub.s3.us-east-1.amazonaws.com https://*.ucchristus.cl/ https://sibautomation.com/ https://scripts.clarity.ms/ https://cdn.jsdelivr.net/ https://static.hotjar.com/ https://analytics.tiktok.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com Blob: * https://www.ucchristus.cl *.ucchristus.cl https://optimize.google.com https://fonts.googleapis.com *.youtube.com https://dec.azureedge.net https://tagmanager.google.com/debug/css.css *.google.com 'self' https://cdn.insight.sitefinity.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: was2-chile.crossnet.la apigw.ucchristus.cl us-u.openx.net ups.analytics.yahoo.com pixel-geo.prfct.co secure.adnxs.com *.pipedrive.com static.landbot.io *.google.cl *.google.com stats.g.doubleclick.net *.procloudhub.com https://optimize.google.com *.googletagmanager.com *.youtube.com *.cloudfront.net *.s3.amazonaws.com https://dec.azureedge.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com c.clarity.ms:* c.bing.com:* *.ucchristus.cl unpkg.com cartodb-basemaps-c.global.ssl.fastly.net cartodb-basemaps-b.global.ssl.fastly.net cartodb-basemaps-a.global.ssl.fastly.net https://d328k6xhl3lmif.cloudfront.net/ https://backend.chatbase.co/ https://analytics.twitter.com/ https://analytics.twitter.com https://connect.facebook.net/ https://www.google.co.ve/ https://www.google.com.ar/ 'self' https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: cdn.jsdelivr.net cdnjs.cloudflare.com https://leadbooster-chat.pipedrive.com https://fonts.gstatic.com *.youtube.com *.fontawesome.com:*; frame-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com lfiagencia.marketingautomation.services *.twitter.com platform.twitter.com *.lightwidget.com *.meteored.cl *.google.com *.youtube.com *.lfi.cl https://optimize.google.com https://www.googletagmanager.com https://cmpsantan.ucchristus.cl/ https://d1yk7wa4748t99.cloudfront.net/ https://chatrsuc.cgs-aplicaciones2.cgsinc.cl/ 'self'; connect-src accounts.google.com *.google-analytics.com https://*.googleapis.com/ * *.hotjar.io *.hotjar.com *.youtube.com https://*.dec.sitefinity.com *.mktoresp.com *.google.com/ https://www.google.com/ 'self' https://*.insight.sitefinity.com; media-src 'self' data: blob: was2-chile.crossnet.la *.cloudfront.net; child-src https://www.google.com/ cdn.lightwidget.com 'self' 2
frame-ancestors https://*.salesframe.com https://salesfra.me 2
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://app.usercentrics.eu https://connect.facebook.net https://dmp.theadex.com https://maps.google.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://console.googletagservices.com https://*.adtrafficquality.google https://*.google.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com; frame-src 'self' https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.safeframe.googlesyndication.com https://api.theadex.com https://app.usercentrics.eu https://tpc.googlesyndication.com https://pagead2.googlesyndication.com *.googletagservices.com https://*.googletagmanager.com https://*.adtrafficquality.google; frame-ancestors 'self'; form-action 'self'; default-src 'self'; worker-src 'self'; object-src 'none'; img-src * 'self' data:; manifest-src 'self'; connect-src 'self' https://*.analytics.google.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.google.at https://*.google.de https://*.googleapis.com https://*.marktguru.at https://*.marktguru.de https://*.usercentrics.eu https://csi.gstatic.com https://mppx.marktguru.at https://mppx.marktguru.de https://pagead2.googlesyndication.com https://*.adtrafficquality.google https://dmp.theadex.com https://*.googleadservices.com https://*.googletagservices.com https://www.facebook.com; font-src 'self' https://fonts.gstatic.com; 2
default-src 'self'; frame-src https://youtube.com https://www.youtube.com https://player.vimeo.com; script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' blob: https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src * blob: data:; connect-src * 2
default-src 'self' ;script-src 'self' 'unsafe-inline' data: *.googleapis.com *.twitter.com *.facebook.net www.googleadservices.com www.gstatic.com www.google.com google.com google.co.uk http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io use.fontawesome.com storage.bannernow.com c.bannerflow.net https://boost.box;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com tagmanager.google.com maxcdn.bootstrapcdn.com cdn-images.mailchimp.com use.fontawesome.com fonts.bunny.net;img-src 'self' * data:;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.bunny.net use.fontawesome.com;connect-src 'self' fonts.googleapis.com insights.hotjar.com wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;frame-src 'self' www.google.com vars.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io storage.bannernow.com c.bannerflow.net https://app.boost.box/;worker-src 'self' self blob: 'unsafe-inline'; 2
default-src 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com ounass-evt.rmp-api.moloco.com *.ounass-evt.rmp-api.moloco.com cloudflarestream.com *.cloudflarestream.com cdn.jsdelivr.net *.cdn.jsdelivr.net statsigapi.net *.statsigapi.net featureassets.org *.featureassets.org prodregistryv2.org *.prodregistryv2.org cloudflare-dns.com *.cloudflare-dns.com challenges.cloudflare.com *.challenges.cloudflare.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071 www.ounass.ae ar.ounass.ae en-saudi.ounass.com saudi.ounass.com oman.ounass.com ar-oman.ounass.com kuwait.ounass.com ar-kuwait.ounass.com bahrain.ounass.com ar-bahrain.ounass.com www.ounass.qa ar.ounass.qa;frame-src 'self' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com ounass-evt.rmp-api.moloco.com *.ounass-evt.rmp-api.moloco.com cloudflarestream.com *.cloudflarestream.com cdn.jsdelivr.net *.cdn.jsdelivr.net statsigapi.net *.statsigapi.net featureassets.org *.featureassets.org prodregistryv2.org *.prodregistryv2.org cloudflare-dns.com *.cloudflare-dns.com challenges.cloudflare.com *.challenges.cloudflare.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071;font-src 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com ounass-evt.rmp-api.moloco.com *.ounass-evt.rmp-api.moloco.com cloudflarestream.com *.cloudflarestream.com cdn.jsdelivr.net *.cdn.jsdelivr.net statsigapi.net *.statsigapi.net featureassets.org *.featureassets.org prodregistryv2.org *.prodregistryv2.org cloudflare-dns.com *.cloudflare-dns.com challenges.cloudflare.com *.challenges.cloudflare.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071;img-src * 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com ounass-evt.rmp-api.moloco.com *.ounass-evt.rmp-api.moloco.com cloudflarestream.com *.cloudflarestream.com cdn.jsdelivr.net *.cdn.jsdelivr.net statsigapi.net *.statsigapi.net featureassets.org *.featureassets.org prodregistryv2.org *.prodregistryv2.org cloudflare-dns.com *.cloudflare-dns.com challenges.cloudflare.com *.challenges.cloudflare.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071;script-src 'self' 'unsafe-inline' 'unsafe-eval' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com ounass-evt.rmp-api.moloco.com *.ounass-evt.rmp-api.moloco.com cloudflarestream.com *.cloudflarestream.com cdn.jsdelivr.net *.cdn.jsdelivr.net statsigapi.net *.statsigapi.net featureassets.org *.featureassets.org prodregistryv2.org *.prodregistryv2.org cloudflare-dns.com *.cloudflare-dns.com challenges.cloudflare.com *.challenges.cloudflare.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071;style-src 'self' 'unsafe-inline' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com ounass-evt.rmp-api.moloco.com *.ounass-evt.rmp-api.moloco.com cloudflarestream.com *.cloudflarestream.com cdn.jsdelivr.net *.cdn.jsdelivr.net statsigapi.net *.statsigapi.net featureassets.org *.featureassets.org prodregistryv2.org *.prodregistryv2.org cloudflare-dns.com *.cloudflare-dns.com challenges.cloudflare.com *.challenges.cloudflare.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071 2
default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.boxnow.gr *.boxnow.cy https://fonts.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net data: *.userway.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.alphaecommerce.gr *.cardlink.gr *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.youtube.com *.youtube-nocookie.com *.google.com *.google.gr *.doubleclick.net *.facebook.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.boxnow.gr *.boxnow.cy *.klarna.com js.mollie.com *.weltpixel.com *.cookiebot.com *.googletagmanager.com *.doubleclick.net *.typeform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.boxnow.gr *.boxnow.cy *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com https://www.mollie.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com blob: *.attrattivo.test *.attrattivo.gr.test *.attrattivo.com *.alethenonusualcasual.com *.ale.cy *.attrattivo.cy *.analytics.google.com *.google.gr *.facebook.net *.adman.gr trustmark.gr *.criteo.com *.userway.org *.klarnaservices.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.gstatic.com *.boxnow.gr *.boxnow.cy *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io *.shopify.com js.mollie.com *.alphaecommerce.gr *.cardlink.gr *.cookiebot.com cdn.simpler.so sdk.local.simpler.so *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.linkwi.se *.onecode.gr blob: *.google.gr *.cloudflareinsights.com *.adman.gr trustmark.gr *.userway.org *.criteo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.klaviyo.com assets.braintreegateway.com *.userway.org *.adman.gr *.trustmark.gr 'self' 'unsafe-inline'; object-src *.youtube.com *.youtube-nocookie.com *.google.com *.google.gr *.doubleclick.net *.facebook.net 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.boxnow.gr *.boxnow.cy *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io *.cookiebot.com checkout.simpler.so button.simpler.so analytics.simpler.so button.local.simpler.so *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.youtube.com *.google.gr *.youtube-nocookie.com *.googletagmanager.com *.googlesyndication.com *.adman.gr *.grxchange.gr *.userway.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.facebook.net connect.facebook.net *.licdn.com snap.licdn.com *.ads-twitter.com static.ads-twitter.com *.quora.com a.quora.com *.taboola.com cdn.taboola.com *.cookielaw.org cdn.cookielaw.org *.pinimg.com s.pinimg.com *.pinterest.com ct.pinterest.com *.bing.com bat.bing.com *.amazon-adsystem.com c.amazon-adsystem.com *.redditstatic.com www.redditstatic.com *.abrankings.com cdn.abrankings.com *.yimg.com s.yimg.com *.ensighten.com nexus.ensighten.com *.byspotify.com pixel.byspotify.com *.tiktok.com analytics.tiktok.com *.tiktokw.us analytics-ipv6.tiktokw.us *.fullstory.com edge.fullstory.com *.adsrvr.org js.adsrvr.org *.sentry-cdn.com *.sentry.io *.posthog.com *.i.posthog.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com *.wistia.com *.wistia.net fast.wistia.com *.typeform.com embed.typeform.com *.zdassets.com *.zendesk.com static.zdassets.com *.ahrefs.com analytics.ahrefs.com *.marker.io edge.marker.io *.instagram.com *.logrocket.io *.lr-ingest.io *.logrocket.com unpkg.com *.cloudflare.com cdnjs.cloudflare.com *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsforms.com *.hscollectedforms.net *.usemessages.com; style-src 'self' 'unsafe-inline' *.typeform.com *.googleapis.com fonts.googleapis.com *.hubspot.com; img-src 'self' data: blob: *.google.com *.google.com.mx *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.google.co.uk *.google.ca *.google.com.au *.google.de *.google.fr *.google.es *.google.it *.google.nl *.google.co.in *.google.com.br *.google.co.jp *.facebook.com *.facebook.net *.licdn.com px.ads.linkedin.com px4.ads.linkedin.com *.ads-twitter.com *.twitter.com t.co analytics.twitter.com *.quora.com *.taboola.com *.bing.com *.pinimg.com *.pinterest.com ct.pinterest.com *.redditstatic.com *.reddit.com *.yimg.com s.yimg.com *.yahoo.com sp.analytics.yahoo.com *.tiktok.com *.tiktokw.us analytics-ipv6.tiktokw.us *.fullstory.com *.adsrvr.org *.spotify.com *.amazon *.wistia.com *.wistia.net *.typeform.com *.zendesk.com *.zdassets.com *.posthog.com *.instagram.com *.cdninstagram.com *.bizee.com *.incfile.com *.amazonaws.com s3.amazonaws.com *.laravel.cloud *.hubspot.com *.hsforms.com *.visualwebsiteoptimizer.com *.buzzsprout.com; font-src 'self' data: *.googleapis.com *.gstatic.com fonts.gstatic.com fonts.googleapis.com *.wistia.com fast.wistia.com; connect-src 'self' *.google.com *.google.com.mx *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.co.uk *.google.ca *.google.com.au *.facebook.com *.facebook.net *.licdn.com px.ads.linkedin.com px4.ads.linkedin.com *.ads-twitter.com *.twitter.com t.co analytics.twitter.com *.quora.com *.taboola.com *.cookielaw.org *.onetrust.com geolocation.onetrust.com *.bing.com *.amazon-adsystem.com *.amazon ara.paa-reporting-advertising.amazon *.pinterest.com ct.pinterest.com *.tiktok.com *.tiktokw.us analytics-ipv6.tiktokw.us *.fullstory.com *.adsrvr.org *.byspotify.com *.spotify.com pixels.spotify.com *.reddit.com *.redditstatic.com pixel-config.reddit.com *.yimg.com s.yimg.com *.yahoo.com sp.analytics.yahoo.com *.sentry.io *.sentry-cdn.com browser.sentry-cdn.com *.posthog.com *.i.posthog.com *.visualwebsiteoptimizer.com *.wistia.com *.wistia.net fast.wistia.net *.typeform.com *.zendesk.com *.zdassets.com *.ahrefs.com *.marker.io *.logrocket.io *.lr-ingest.io *.logrocket.com *.bizee.com *.incfile.com *.hubspot.com *.hsforms.com *.hubapi.com *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.usemessages.com; frame-src 'self' *.google.com *.googletagmanager.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.wistia.com *.wistia.net *.typeform.com *.zendesk.com *.instagram.com *.visualwebsiteoptimizer.com *.hubspot.com *.hsforms.com *.adsrvr.org insight.adsrvr.org *.pinterest.com ct.pinterest.com; media-src 'self' blob: *.wistia.com *.wistia.net *.laravel.cloud; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' *.hubspot.com *.hsforms.com *.typeform.com; frame-ancestors 'self' 2
frame-ancestors 'self' https://univentionsummit2026.venueless.events 2
frame-ancestors 'self' https://portal.fibe.in/ https://webapp.fibe.in/ https://portal-v3.fibe.in/ https://webapp-uat.fibe.in/ https://portal-test.fibe.in/ https://webportal.fibe.in/ https://webapp-v2.fibe.in/ https://webportal-v2.fibe.in/ https://lamf.fibe.in/ https://portal-qa.fibe.in/ 2
frame-ancestors 'self' pagecloud.com www.pagecloud.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.3lift.com *.acuityplatform.com *.adadvisor.net *.adform.net *.adgrx.com *.admission.net *.admixer.net *.adnxs.com *.adotmob.com *.adsrvr.org *.adsymptotic.com *.advertising.com *.agkn.com *.alcmpn.com *.amazon-adsystem.com *.amazonaws.com *.apxlv.com *.arcgis.com *.betweendigital.com *.bfmio.com *.bidr.io *.bidswitch.net *.bluekai.com *.bootstrapcdn.com *.brandcdn.com *.cdc.gov *.choozle.com *.cloudflare.com *.cloudfront.net *.cogocast.net *.company-target.com *.contextweb.com *.crazyegg.com *.crwdcntrl.net *.demdex.net *.docscores.com *.domdex.com *.dotomi.com *.doubleclick.net *.eloqua.com *.emailsrvr.com *.en25.com *.ensighten.com *.entitytag.co.uk *.epichosted.com *.everesttech.net *.exelator.com *.facebook.com *.facebook.net *.fg8dgt.com *.force.com *.fwmrm.net *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.healthgrades.com *.mercuryhealthcare.com *.imrworldwide.com *.insightexpressai.com *.intentiq.com *.ipredictive.com *.jumptap.com *.krxd.com *.krxd.net *.liadm.com *.libsyn.com *.licdn.com *.lijit.com *.linkedin.com *.linksynergy.com *.mathtag.com *.mdhv.io *.medtouch.com *.ml314.com *.ml314.com *.moatads.com *.mookie1.com *.ngrok.io *.nrchealth.com *.openx.net *.placelocal.com *.prfct.com *.pro-market.net *.pubmatic.com *.quantserve.com *.reson8.com *.rfihub.com *.rkdms.com *.rlcdn.com *.rubiconproject.com *.rundsp.com *.salesforce.com *.scorecardresearch.com *.semasio.net *.sharethis.com *.simpli.fi *.siteimproveanalytics.com *.siteimproveanalytics.io *.sitescout.com *.spotify.com *.spotxchange.com *.stickyadstv.com *.sundaysky.com *.survata.com *.swarminteractive.com *.tapad.com *.thrtle.com *.tidaltv.com *.tinypic.com *.tremorhub.com *.tribalfusion.com *.trueleadid.com *.truoptik.com *.turn.com *.twitter.com *.twimg.com *.undertone.com *.universityhealthsystem.com *.universityhealth.com *.universityhealthsystemsc.dev.local *.viewmedica.com *.vindicosuite.com *.w55c.net *.walmart.com *.web-2-tel.com *.xspadvertising.com *.yahoo.com *.youtube.com *.vimeo.com *.vimeocdn.com *.yextpages.net *.perfalytics.com https://freshpaint-cdn.com https://perfalytics.com https://addevent.com http://siteimproveanalytics.com https://oxblue.com https://pippio.com https://siteimproveanalytics.com https://thrtle.com https://uhs-portal.com https://universityhealthsystemsc.dev.local https://viewmedica.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://rg-uh-corpcomm-sitecore-pr-288890-cd.azurewebsites.net/ https://rg-uh-corpcomm-sitecore-pr-288890-cm.azurewebsites.net/ https://searchcloud-2-us-east-1.searchstax.com/ https://static.searchstax.com https://analytics-us.searchstax.com; 2
img-src 'self' data: https: ; object-src 'none'; 2
frame-ancestors 'self' https://*.lightcast.io https://*.datocms.com 2
base-uri 'self'; default-src 'self'; connect-src 'self' https://*.ads.linkedin.com https://aplo-evnt.com https://*.clarity.ms https://*.leadinfo.net https://*.leadinfo.com https://*.dyflexis.com https://google.com https://*.google.com https://bat.bing.com https://bat.bing.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://vod-adaptive-ak.vimeocdn.com https://www.facebook.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://*.trustpilot.com https://www.googleadservices.com; font-src 'self' https://*.wp.com https://fonts.bunny.net https://fonts.gstatic.com data:; frame-ancestors 'self' https://*.dyflexis.com; frame-src 'self' https://*.dyflexis.com https://*.fls.doubleclick.net https://10996528.fls.doubleclick.net https://*.google.com https://*.trustpilot.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://player.vimeo.com https://anchor.fm https://td.doubleclick.net https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.youtube.com; img-src 'self' https://*.ads.linkedin.com https://*.analytics.google.com https://*.leadinfo.net https://*.dyflexis.com https://*.googleadservices.com  https://google.com https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vu https://*.google.ws https://*.googleusercontent.com https://*.clarity.ms https://api.taggrs.io https://*.w.org https://appwiki.nl https://bat.bing.com https://bat.bing.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://img.sct.eu1.usercentrics.eu https://secure.gravatar.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.facebook.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com data:; media-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.activehosted.com https://*.adform.net https://*.apollo.io https://*.leadinfo.net https://*.clarity.ms https://*.google.com https://*.trustpilot.com https://bat.bing.com https://bat.bing.net https://cdnjs.cloudflare.com https://connect.facebook.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://diffuser-cdn.app-us1.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://player.vimeo.com https://prism.app-us1.com https://snap.licdn.com https://trackcmp.net https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com data:; script-src-elem 'self' 'unsafe-inline' https://*.activehosted.com https://*.adform.net https://*.apollo.io https://*.leadinfo.net https://*.clarity.ms https://*.cloudflare.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://connect.facebook.net https://*.trustpilot.com https://*.trustpilot.com https://bat.bing.com https://bat.bing.net https://connect.facebook.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://diffuser-cdn.app-us1.com https://fonts.bunny.net https://googleads.g.doubleclick.net https://player.vimeo.com https://prism.app-us1.com https://snap.licdn.com https://trackcmp.net https://unpkg.com https://www.googleadservices.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.trustpilot.com https://fonts.bunny.net https://*.dyflexis.com https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.trustpilot.com https://fonts.bunny.net https://*.dyflexis.com; worker-src 'self' blob:; report-uri https://webwhales.nl?gdsih-csp-report; report-to csp-endpoint 2
default-src 'self'; style-src * 'unsafe-inline'; img-src * 'self' data:; media-src * 'self'; font-src * 'self' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'self'; frame-src * 'self'; frame-ancestors * 'self'; worker-src * 'self' blob: 2
default-src 'self' *.ccm19.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ccm19.de *.googletagmanager.com *.facebook.net *.tiktok.com *.youtube.com *.vimeo.com vercel.live charts3.equitystory.com *.pinimg.com *.pinterest.com ir-api.eqs.com https://googleads.g.doubleclick.net https://platform.contentfry.com/sdk/embed.js; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.ccm19.de *.googletagmanager.com *.facebook.net *.tiktok.com *.youtube.com *.vimeo.com vercel.live *.bic-media.com charts3.equitystory.com *.pinterest.com *.doubleclick.net ir-api.eqs.com https://www.facebook.com https://tracking.bastei-luebbe.de https://gtm-747961606695.europe-west3.run.app https://display.contentfry.com/; style-src 'self' 'unsafe-inline' *.ccm19.de ir-api.eqs.com https://fonts.googleapis.com; img-src 'self' blob: data: https:; font-src 'self' https:; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' *.contentful.com https://app.contentful.com; connect-src 'self' https: wss: localhost; media-src 'self' https: *.ctfassets.net; worker-src 'self' blob:; manifest-src 'self' 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://tags.tiqcdn.com https://www.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://*.cloudfront.net https://app.usercentrics.eu https://static.hotjar.com https://connect.facebook.net https://track.adform.net https://snap.licdn.com https://analytics.tiktok.com https://www.clarity.ms https://difc.my.salesforce.com https://scripts.clarity.ms https://*.salesforceliveagent.com https://difc--uatdifc.sandbox.my.salesforce.com https://portal.difc.ae https://script.hotjar.com https://code.jquery.com https://www.gstatic.com https://s2.adform.net https://www.juicer.io https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://assets.juicer.io https://www.google-analytics.com;style-src 'self' https://difc--uatdifc.sandbox.my.salesforce.com https://www.gstatic.com https://difc.my.salesforce.com https://fonts.googleapis.com https://maps.gstatic.com https://portal.difc.ae 'unsafe-inline'; font-src 'self' https://www.difc.com https://www.juicer.io https://static.juicer.io https://fonts.gstatic.com data:;img-src 'self' https://www.google-analytics.com https://*.google.ae https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://www.juicer.io https://static.juicer.io https://assets.difc.com https://www.facebook.com https://px.ads.linkedin.com https://c.clarity.ms https://c.bing.com https://i.ibb.co https://edge.sitecorecloud.io data: https://app.usercentrics.eu;media-src 'self' https://edge.sitecorecloud.io https://assets.difc.com;frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.youtube-nocookie.com https://portaldifc.secure.force.com https://difc.my.salesforce-sites.com https://www.googletagmanager.com https://difc--uatdifc.sandbox.my.salesforce.com https://difc.my.salesforce.com https://www.google.com https://open.spotify.com https://td.doubleclick.net/ https://www.facebook.com https://edge.sitecorecloud.io;connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://api-engage-eu.sitecorecloud.io https://*.salesforce.com https://*.hotjar.com https://*.clarity.ms https://*.tiktok.com https://*.google-analytics.com https://*.facebook.net https:; object-src 'none'; base-uri 'self'; form-action 'self' https://sbcheckout.payfort.com https://checkout.payfort.com https://www.facebook.com ; frame-ancestors 'self'; upgrade-insecure-requests; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: data: ms-word: ms-powerpoint: ms-excel: ms-visio: ms-access: ms-project: ms-publisher: ms-infopath: vnd.libreoffice.command: 2
frame-src https://tag.trovo-tag.com https://www.googletagmanager.com https://8eac-103-170-54-70.ngrok-free.app https://20331188.hs-sites.com https://shopify.dev.kubric.io https://mm.beta.kubric.io https://app.getmodemagic.com https://getmodemagic.com https://www.youtube.com https://*.typeform.com/ https://calendly.com/ https://*.arcade.software/ https://*.storylane.io https://*.hsforms.com/ https://open.spotify.com/ https://giphy.com/ https://media.kubric.io/ https://redditstatic.com/ https://events.reddit.com/; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: blob:; font-src 'self' data: https:; connect-src * 'unsafe-inline' https:; default-src *; img-src * data: 'unsafe-inline'; 2
base-uri 'self'; frame-ancestors 'none'; object-src 'none'; worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.lndo.site *.suno.com.br *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.onesignal.com https://onesignal.com *.facebook.net *.google-analytics.com  *.googlesyndication.com *.hotjar.com *.getblue.io *.g.doubleclick.net ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.hs-scripts.com *.licdn.com *.facebook.com *.hs-banner.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hubapi.com *.hubspot.com *.twitter.com *.twimg.com *.hsforms.net https://unpkg.com *.googleapis.com *.hsforms.com *.amazonaws.com *.validity.com *.youtube.com *.newrelic.com *.nr-data.net *.ampproject.org https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js http://localhost:3000 *.getwisp.co *.cloudfront.net https://js.hubspotfeedback.com/feedbackweb-new.js *.analytics.tiktok.com https://www.googleoptimize.com/optimize.js https://td.doubleclick.net https://npmcdn.com/flatpickr/dist/l10n/pt.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js https://cdn.jsdelivr.net/npm/swiper@6.3.3/swiper-bundle.min.js https://app.powerbi.com/ *.funnelytics.io cdn.wisepops.com loader.wisepops.com app.getwisp.co activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net notifications.wisepops.com *.wisepops.com *.wisepops.net *.clarity.ms https://tag.goadopt.io/injector.js https://disclaimer-api.goadopt.io/api/tag/get-consent https://membros-api-gateway.suno.com.br/api/v1/events/register-data https://static.ads-twitter.com/uwt.js https://www.google.com.br/ads/ga-audiences *.goadopt.io https://forms.hubspot.com https://tag.curiosidadesdigitais.com/suno_suno.9999.js *.stape.io https://sunoresearch-com-br-7171354.hs-sites.com/ *.cloudflareaccess.com https://cdn.jsdelivr.net/npm/echarts@5.4.1/dist/echarts.min.js https://suno-marketdata-api.suno.com.br/ https://staging-marketdata-api-blfrlxkj30sx2blh.suno.com.br/ *.bat.bing.com https://px.ads.linkedin.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com https://onesignal.com *.ampproject.org http://localhost:3000/styles/frontend.css *.code.jquery.com http://localhost:3000/styles/admin.css http://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css; img-src * data: cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net; font-src * data:; connect-src 'self' https://suno-noticias-staging.suno-noticias.svc.cluster.local http://suno-noticias.lndo.site *.suno.com.br *.google.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net *.wisepops.com *.clarity.ms https://forms.hubspot.com https://api.hubspot.com/ https://js.hs-banner.com/ https://cta-service-cms2.hubspot.com/ https://googleads.g.doubleclick.net/ https://cdn.ampproject.org *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com  *.googlesyndication.com *.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.facebook.com *.twitter.com *.twimg.com *.googleapis.com *.amazonaws.com *.youtube.com *.newrelic.com *.cloudfront.net https://disclaimer-api.goadopt.io *.stape.io *.hubapi.com https://sunoresearch-com-br-7171354.hs-sites.com/ *.cloudflareaccess.com *.hs-scripts.com *.bat.bing.com *.analytics.tiktok.com https://px.ads.linkedin.com/; object-src 'none'; base-uri 'self' 2
connect-src   maps.nextbike.net *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/ wtb.maptiles.arcgis.com *.arcgisonline.com *.arcgis.com chatbot.wlb.at onlim-chatbot-production.s3.amazonaws.com *.onlim.com wss://cs.onlim.com wss://app.onlim.com/ wss://api.onlim.com/ *.vimeo.com vimeo.com *.addthis.com www.google-analytics.com routenplaner.verkehrsauskunft.at *.wienit.at *.api.wienenergie.at api.wienenergie.at service.wienerstadtwerke.at *.service.wienernetze.at service.wienernetze.at api.wstw.at int-api.wstw.at test-api.wstw.at styles.wienerstadtwerke.at 'self' immoh.containers.piwik.pro immoh.piwik.pro https://info.wienerlinien.at/api/form/v1/8896c.21k0oa6/null https://www.facebook.com/tr/ *.googleapis.com servicetreff.piwik.pro servicetreff.containers.piwik.pro wienit.containers.piwik.pro wienit.piwik.pro wipark.containers.piwik.pro wipark.piwik.pro https://px.ads.linkedin.com/ wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.containers.piwik.pro wienerlinien.piwik.pro https://eu-api.friendlycaptcha.eu bestattungwien.piwik.pro jobs.wienerstadtwerke.at www.google.com wienerstadtwerke.piwik.pro wienerstadtwerke.containers.piwik.pro digitalesgrab.friedhoefewien.at rns.matelso.de *.wienmobil.at bestattungwien.containers.piwik.pro log.wien; style-src   https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-feedbacklet-d69f3b461dc32d40f77b744a4b3eb522.css *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.onlim.com fonts.googleapis.com 'unsafe-inline' styles.wienerstadtwerke.at 'self' servicetreff.piwik.pro servicetreff.containers.piwik.pro immoh.containers.piwik.pro immoh.piwik.pro wienit.containers.piwik.pro wienit.piwik.pro wipark.containers.piwik.pro wipark.piwik.pro wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.containers.piwik.pro wienerlinien.piwik.pro bestattungwien.containers.piwik.pro wienerstadtwerke.piwik.pro bestattungwien.piwik.pro wienerstadtwerke.containers.piwik.pro newsletter.wienit.at static.dvinci-easy.com; base-uri   'self' *.onlim.com; script-src   https://googleads.g.doubleclick.net/ *.usabilla.com/ *.onlim.com *.onlim.com/ *.googletagmanager.com/ connect.facebook.net/ *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net walls.io *.virtualq.io polyfill.io openstreetmap.org *.openstreetmap.org chatbot.wlb.at app.onlim.com/ *.vimeocdn.com ajax.googleapis.com maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com assets.adobedtm.com *.ytimg.com *.youtube.com styles.wienerstadtwerke.at 'unsafe-inline' 'unsafe-eval' 'self' servicetreff.piwik.pro servicetreff.containers.piwik.pro wienernetze.piwik.pro wienerlinien.containers.piwik.pro https://www.googletagmanager.com/ *.adform.net immoh.containers.piwik.pro immoh.piwik.pro wienit.containers.piwik.pro wienit.piwik.pro wipark.containers.piwik.pro wipark.piwik.pro https://snap.licdn.com/ wienernetze.containers.piwik.pro wienerlinien.piwik.pro wienerstadtwerke.piwik.pro https://siteimproveanalytics.com static.dvinci-easy.com https://jobs.wienerstadtwerke.at wienerstadtwerke.containers.piwik.pro newsletter.wienit.at rns.matelso.de bestattungwien.containers.piwik.pro bestattungwien.piwik.pro https://app.onlim.com/chat-app/js/host.js *.googleadservices.com; worker-src   blob: https://www.wienernetze.at https://www.wienerlinien.at/ https://www.wipark.at/ https://www.friedhoefewien.at/ https://www.immoh.at/ https://digitalesgrab.friedhoefewien.at/ https://www.wstw-immo.at/ https://www.eposa.at/ https://www.wlb.at/ https://partner.wienernetze.at/ https://www.gwsg.at/ https://www.bestattungwien.at/; frame-src   https://langenacht.orf.at *.wienernetze.at/ lehrlingstest-wienerstadtwerke.azurewebsites.net video.eko.com ubscal.seeyou.at *.issuu.com issuu.com *.walls.io walls.io *.virtualq.io app.onlim.com www.whatchado.com *.vimeo.com vimeo.com *.youtube.com www.google.com www.bestattungwien.at *.friedhoefewien.at mailto: service.wienerstadtwerke.at 'self' terminreservierung.bestattungwien.at *.facebook.com youtu.be https://terminreservierung.staging.reinisch.tech/ *.youtu.be *.wienit.at/ https://einreichportal.waca.at https://www.servicetreff.at/reservierungstool-app/#/termindaten https://www.googletagmanager.com/ *.riddle.com www.riddle.com https://sketchfab.com/ td.doubleclick.net embeds.whatchado.com https://terminreservierung.reinisch.tech/; media-src   'self' data: *.onlim.com; img-src   wienitedv.d3.sc.omtrdc.net *.wienernetze.at/ facebook.com/tr/ rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.wien.gv.at *.fluidtime.com *.arcgisonline.com onlim-chatbot-production.s3.eu-central-1.amazonaws.com onlim-base.s3.eu-central-1.amazonaws.com dacodi-production.s3.amazonaws.com *.onlim.com *.openstreetmap.org *.vimeocdn.com *.omtrdc.net *.2o7.net maps.googleapis.com maps.gstatic.com *.ytimg.com csi.gstatic.com chatbot.wlb.at *.wienit.at *.upstream-mobility.at blob: data: styles.wienerstadtwerke.at 'self' servicetreff.piwik.pro servicetreff.containers.piwik.pro immoh.containers.piwik.pro immoh.piwik.pro wienerlinien.containers.piwik.pro wienerstadtwerke.containers.piwik.pro wienerstadtwerke.piwik.pro bestattungwien.containers.piwik.pro https://googleads.g.doubleclick.net *.facebook.com wienit.containers.piwik.pro wienit.piwik.pro wipark.containers.piwik.pro wipark.piwik.pro https://px.ads.linkedin.com/ wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.piwik.pro *.siteimproveanalytics.io https://siteimproveanalytics.com https://stwlciptstruct828prod.blob.core.windows.net/ bestattungwien.piwik.pro https://www.google.at/pagead/ https://www.google.com/pagead/; default-src   'self'; font-src   bestattungwien.containers.piwik.pro *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net data: styles.wienerstadtwerke.at chatbot.wlb.at *.onlim.com fonts.gstatic.com 'self' servicetreff.piwik.pro servicetreff.containers.piwik.pro wipark.containers.piwik.pro wipark.piwik.pro wienerlinien.piwik.pro immoh.containers.piwik.pro immoh.piwik.pro wienit.containers.piwik.pro wienit.piwik.pro wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.containers.piwik.pro https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-font-file-url-de462eaa4f394073e3723d639af661c0.woff wienerstadtwerke.piwik.pro bestattungwien.piwik.pro wienerstadtwerke.containers.piwik.pro; 2
default-src 'none'; script-src 'self' 'sha256-m7Sc32V4VtwcCJmXRju0QGxnkd9Rb+yXPtPycoExsSI='; style-src 'self' data: 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; media-src 'self' data: blob:; object-src 'self'; child-src 'none'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self' https://docs.immerda.ch/de/search; base-uri 'self'; manifest-src 'none'; report-uri https://csp-report.immerda.ch/report.php; upgrade-insecure-requests; block-all-mixed-content 2
frame-ancestors 'self' https://*.saleshood.com; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; connect-src https: wss:; report-uri https://csp.withgoogle.com/csp/report-to 2
frame-ancestors 'self' http://*.di.dk; 2
default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' connect.facebook.net ws.zoominfo.com www.google.com/recaptcha/enterprise.js js.hs-banner.com forms.hsforms.com js-na1.hs-scripts.com js.hsforms.net www.googletagmanager.com www.google-analytics.com *.ecrs.com ecrs.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net *.googleadservices.com *.amazonaws.com googleads.g.doubleclick.net www.google.com/recaptcha/api.js www.gstatic.com; object-src 'none'; style-src 'self' data: 'unsafe-inline' *.ecrs.com ecrs.com *.googleapis.com; img-src 'self' data: *.hsforms.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.ecrs.com ecrs.com s3.amazonaws.com 2.gravatar.com secure.gravatar.com px.ads.linkedin.com 10.93.3.139 track.hubspot.com www.google.com p.adsymptotic.com *.amazonaws.com; media-src 'self' *.ecrs.com ecrs.com; frame-src 'unsafe-eval' 'self' clarity.microsoft.com static.hsappstatic.net app.hubspot.com forms.hsforms.com www.google.com player.vimeo.com www.youtube.com bid.g.doubleclick.net; font-src 'self' data: *.ecrs.com ecrs.com *.googleapis.com *.gstatic.com *.amazonaws.com; connect-src 'unsafe-eval' 'self' www.google-analytics.com forms.hsforms.com *.amazonaws.com builder.ecrs.com; 2
frame-ancestors 'self' https://hotelnetsolutions.de 2
frame-ancestors 'self' https://*.facebook.com 2
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; 2
default-src 'self' *.hidoctor.com.br hidoctor.com.br *.centralx.com.br *.cxpass.net *.news.med.br news.med.br *.abc.med.br abc.med.br *.bulas.med.br bulas.med.br *.lib.med.br *.catalogo.med.br catalogo.med.br medbook.com.br *.atlasdocorpohumano.com *.hidoctorclinic.com.br *.hiclinic.com.br *.forms.med.br *.calc.med.br *.site.med.br *.guiareunimedicos.med.br guiareunimedicos.med.br www.googletagmanager.com player.vimeo.com *.twitter.com *.facebook.com *.youtube.com *.google.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hidoctor.com.br *.centralx.com.br *.cxpass.net *.news.med.br news.med.br *.abc.med.br abc.med.br *.bulas.med.br bulas.med.br *.lib.med.br *.catalogo.med.br medbook.com.br *.hidoctorclinic.com.br *.hiclinic.com.br *.forms.med.br *.calc.med.br *.site.med.br *.guiareunimedicos.med.br guiareunimedicos.med.br *.hotjar.com www.googletagmanager.com googleads.g.doubleclick.net *.facebook.net static.cloudflareinsights.com apis.google.com *.atlasdocorpohumano.com ssl.google-analytics.com maps.googleapis.com *.google-analytics.com cdn.conversejs.org unpkg.com; style-src 'self' 'unsafe-inline' *.hidoctor.com.br hidoctor.com.br *.centralx.com.br centralx.com.br *.cxpass.net fonts.googleapis.com *.news.med.br news.med.br *.abc.med.br abc.med.br *.bulas.med.br bulas.med.br *.lib.med.br *.catalogo.med.br medbook.com.br *.atlasdocorpohumano.com *.hidoctorclinic.com.br *.hiclinic.com.br *.forms.med.br *.calc.med.br *.site.med.br *.guiareunimedicos.med.br guiareunimedicos.med.br; img-src 'self' data: blob: *.hidoctor.com.br hidoctor.com.br *.centralx.com.br centralx.com.br *.cxpass.net *.news.med.br news.med.br *.abc.med.br abc.med.br *.bulas.med.br bulas.med.br *.lib.med.br *.atlasdocorpohumano.com *.catalogo.med.br catalogo.med.br *.hidoctorclinic.com.br *.hiclinic.com.br *.forms.med.br *.calc.med.br *.site.med.br *.guiareunimedicos.med.br guiareunimedicos.med.br www.google.com www.google.com.br docs.cx medbook.com.br maps.googleapis.com maps.gstatic.com *.googlesyndication.com www.googletagmanager.com *.ytimg.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' blob: *.hidoctor.com.br hidoctor.com.br *.centralx.com.br *.cxpass.net *.catalogo.med.br medbook.com.br *.google.com *.atlasdocorpohumano.com *.hidoctorclinic.com.br *.hiclinic.com.br *.forms.med.br *.calc.med.br *.site.med.br *.guiareunimedicos.med.br guiareunimedicos.med.br *.google.com.br www.googleadservices.com www.google-analytics.com *.hotjar.io wss://ws.hotjar.com stats.g.doubleclick.net maps.googleapis.com pagead2.googlesyndication.com *.facebook.com *.googleapis.com; frame-ancestors 'self' *.hidoctor.com.br hidoctor.com.br *.centralx.com.br *.cxpass.net *.catalogo.med.br catalogo.med.br medbook.com.br *.atlasdocorpohumano.com *.hidoctorclinic.com.br *.hiclinic.com.br *.forms.med.br *.calc.med.br *.site.med.br *.guiareunimedicos.med.br guiareunimedicos.med.br *.google.com; base-uri 'self'; form-action 'self' nfse.pjf.mg.gov.br; 2
frame-ancestors 'self' *.ariba.com *.theinstitutes.org https://www.suppliersolutions.com 2
frame-ancestors 'self' https://gather.town https://virtual.adesso.de https://app.neyroo-hub.de 2
https: data: https://*.valantic.com  wss://*.valantic.com https://*.hotjar.com https://*.hubspot.com https://*.hotjar.io wss://*.hotjar.com wss://*.cognigy.ai 'unsafe-eval' 2
default-src 'self';                                  script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 img-src data: 'self' blob: data:  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 style-src 'self' 'unsafe-inline'  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 font-src 'self'  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 frame-src  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d                                 frame-ancestors  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com ;                                 object-src 'none' 2
base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 2
script-src-elem *.soicos.com *.tiktok.com *.yandex.com *.onesignal.com onesignal.com *.verificado.ai https://cdn-mz-gj-vai.verificado.ai/widget/main.js *.google.com *.gstatic.com https://www.google.com/recaptcha/ *.googleadservices.com *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.lightwidget.com *.clarity.ms *.bing.com unpkg.com *.greencolumnart.com *.hotjar.com *.cloudfront.net *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.googletagmanager.com *.newrelic.com *.cloudflare.com *.facebook.net googleads.g.doubleclick.net *.crazyegg.com *.victoriassecret.cl *.fitit.ai *.varify.dev 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.soicos.com *.verificado.ai *.cloudflare.com *.typekit.net https://www.google.com/recaptcha/ *.googletagmanager.com *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.crazyegg.com *.clarity.ms *.bing.com *.cdnfonts.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev www.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com webpay3g.transbank.cl webpay3gint.transbank.cl *.facebook.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.payulatam.com *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.soicos.com *.crazyegg.com *.verificado.ai https://komax-tracking.oms.linets.cl/ *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com mercadopago.cl/ *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev www.paypalobjects.com *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.gap.com.pe *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.oraclecloud.com *.guess.cl *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev *.analytics.google.com *.pinterest.com *.pinimg.com *.google.com.co *.google.com.cl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.soicos.com *.verificado.ai *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.ads-twitter.com *.klaviyo.com *.cloudflare.com *.braintreegateway.com *.victoriassecret.cl *.fitit.ai *.varify.dev https://rum.hlx.page sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev *.typeform.com 'self' 'unsafe-inline'; object-src *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev 'self' 'unsafe-inline'; media-src *.adobe.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.youtube.com youtube.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev 'self' 'unsafe-inline'; manifest-src *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.braintree-api.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.soicos.com *.yandex.com *.verificado.ai *.amazonaws.com https://www.google.com/recaptcha/ *.mercadopago.cl  wss://*.zendesk.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.twitter.com *.ads-twitter.com *.bing.net *.klaviyo.com *.cloudflare.com *.crazyegg.com *.braintreegateway.com *.victoriassecret.cl *.facebook.com *.fitit.ai *.varify.dev *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.typeform.com 'self' 'unsafe-inline'; child-src *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev http: https: blob: 'self' 'unsafe-inline'; default-src *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl *.fitit.ai *.varify.dev 'self' 'unsafe-inline'; 2
... 2
frame-ancestors 'self' https://jobsearch.createyourowncareer.com  https://www.benet.bertelsmann.com https://www.benet.bertelsmann.de; 2
default-src 'self' mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';  script-src 'self' blob: 'unsafe-eval';  script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  media-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2
default-src 'self' *.onetrust.com/ *.trustpilot.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.com/ *.google.co.uk/ *.matomo.cloud/ *.google-analytics.com/ *.clarity.ms/ *.doubleclick.net/ *.hotjar.io/ *.hotjar.com/ wss://ws.hotjar.com/ cdn.linkedin.oribi.io/ *.googlesyndication.com/ *.pardot.com/ *.optimizely.com/ *.facebook.com/ *.facebook.net/ cloud8-cc-geo.8x8.com/ *.jsdelivr.net/ https://featureassets.org/ https://prodregistryv2.org/ https://statsigapi.net/ https://cloudflare-dns.com/ *.visualwebsiteoptimizer.com/ *.vwo.com/; frame-src calendly.com/ *.8x8.com/ *.speedtestcustom.com/ gigaclearltd.statuspage.io *.doubleclick.net/ *.cdn.optimizely.com/ *.pardot.com/ *.youtube.com/ *.gigaclear.com/ *.visualwebsiteoptimizer.com/ *.vwo.com/ *.statsigapi.net/ featureassets.org/ *.featureassets.org/ prodregistryv2.org/ *.prodregistryv2.org/ *.jsdelivr.net/ *.statsigapi.net/; style-src 'unsafe-inline' 'self' *.typekit.net/ *.visualwebsiteoptimizer.com/ *.vwo.com/; font-src 'self' data: *.typekit.net/; img-src 'self' data: *.amazonaws.com/ *.8x8.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.co.uk *.google.com/ *.onetrust.com/ *.linkedin.com/ analytics.twitter.com/ bat.bing.com/ t.co/ *.facebook.com/ *.facebook.net/ *.nextdoor.com/ *.doubleclick.net/ *.clarity.ms/ *.bing.com/ *.google.pl/ *.visualwebsiteoptimizer.com/ *.vwo.com/ useruploads.vwo.io/; media-src 'self' *.amazonaws.com/; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.gigaclear.net/ *.gigaclear.com/ *.googletagmanager.com/ *.doubleclick.net/ *.pagesense.io/ *.visualwebsiteoptimizer.com/ *.vwo.com/ *.statsigapi.net/ featureassets.org/ *.featureassets.org/ prodregistryv2.org/ *.prodregistryv2.org/ *.jsdelivr.net/ *.statsigapi.net/; child-src 'self' blob: static.zohocdn.com/; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' *.gigaclear.net/ *.gigaclear.com/ *.onetrust.com/ *.trustpilot.com/ *.8x8.com/ *.googletagmanager.com/ bat.bing.com/ static.ads-twitter.com/ snap.licdn.com/ *.facebook.net/ *.facebook.com/ *.dwin1.com/ *.google-analytics.com/ *.nextdoor.com/ *.hotjar.com/ *.matomo.cloud/ *.clarity.ms/ *.doubleclick.net/ smct.co/ *.optimizely.com/ *.pardot.com/ *.pagesense.io/ *.flowxo.com/ *.youtube.com/ *.googleoptimize.com/ *.visualwebsiteoptimizer.com/ *.vwo.com/ *.statsigapi.net/ featureassets.org/ prodregistryv2.org/ *.prodregistryv2.org/ *.jsdelivr.net/ *.statsigapi.net/; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: connect-src: wss://chat.sbservers.cz wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io img-src: https://chat.supportbox.cz script-src: 'unsafe-inline' https://chat.supportbox.cz style-src: https://chat.supportbox.cz blob: 2
default-src 'self'; script-src 'self' 'unsafe-inline' blob: cdn-cookieyes.com *.bugherd.com *.pusher.com https://*.googletagmanager.com https://*.google-analytics.com https://*.youtube.com https://*.pardot.com https://code.jquery.com https://cdn.jsdelivr.net https://cdn.plyr.io https://stackpath.bootstrapcdn.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://*.clearbitscripts.com https://snap.licdn.com https://go.specterops.io https://googleads.g.doubleclick.net https://unpkg.com https://sessionize.com https://js.zi-scripts.com https://stats.wp.com https://cdn.parsely.com https://trk.techtarget.com/tracking.js https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js https://cdnjs.cloudflare.com/ajax/libs/jspdf/2.5.1/jspdf.umd.min.js https://munchkin.marketo.net https://tags.clickagy.com https://js.adsrvr.org/up_loader.1.1.0.js *.contentsquare.net app.contentsquare.com https://gist.github.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://sessionize.com https://sessionize.blob.core.windows.net https://github.githubassets.com; img-src 'self' cdn-cookieyes.com data: blob: https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://*.pardot.com https://*.google.com https://*.google.ca https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://www.linkedin.com https://*.ads.linkedin.com https://cdn-images-1.medium.com https://medium.com https://secure.gravatar.com https://i.ytimg.com *.bugherd.com d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.com https://pixel.wp.com https://lh7-rt.googleusercontent.com https://learn.microsoft.com https://www.microsoft.com https://media3.giphy.com https://miro.medium.com https://specterops.husldigital.com https://p1.parsely.com https://aorta.clickagy.com https://sessionize.com https://cache.sessionize.com *.contentsquare.net; font-src 'self' https://fonts.gstatic.com https://s0.wp.com https://s1.wp.com https://s2.wp.com data:; connect-src 'self' *.cookieyes.com cdn-cookieyes.com *.pusher.com sessions.bugsnag.com *.bugherd.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://*.google.ca https://*.ads.linkedin.com https://stackpath.bootstrapcdn.com https://cdn.plyr.io https://cdn.jsdelivr.net https://sessions.bugsnag.com https://js.zi-scripts.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://*.pardot.com https://noembed.com https://lottie.host https://unpkg.com https://sessionize.com https://pagead2.googlesyndication.com https://ws.zoominfo.com https://p1.parsely.com https://ibc-flow.techtarget.com https://api.parsely.com https://cdnjs.cloudflare.com/ajax/libs/jspdf/2.5.1/jspdf.umd.min.js.map https://aorta.clickagy.com/data https://insight.adsrvr.org/track/realtimeconversion https://hemsync.clickagy.com https://205-xll-990.mktoresp.com *.contentsquare.net *.contentsquare.com; frame-src 'self' *.bugherd.com https://widgets.wp.com https://www.googletagmanager.com https://wordpress.com https://www.youtube.com https://www.loom.com https://demo.arcade.software https://open.spotify.com https://player.vimeo.com https://*.pardot.com https://cdn.embedly.com https://insight.adsrvr.org https://match.adsrvr.org; object-src 'none'; manifest-src 'self'; media-src 'self'; child-src blob:; worker-src blob:; base-uri 'self'; 2
frame-ancestors 'self' https://social.zalopay.vn https://socialstg.zalopay.vn https://socialdev.zalopay.vn https://h5.zdn.vn 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://cdn.trkkn.com https://*.p7s1.io https://*.usercentrics.eu https://walls.io https://*.walls.io;style-src 'self' 'unsafe-inline';img-src 'self' https://*.p7s1.io https://*.usercentrics.eu https://*.googletagmanager.com blob: data:;font-src 'self' blob: data:;object-src 'none';frame-src 'self' https://*.online-report.eu https://*.google.com https://*.eurolandir.com https://walls.io https://*.walls.io https://*.promeas.com https://player.live.p7s1video.net;base-uri 'self';form-action 'self';frame-ancestors 'none';upgrade-insecure-requests;connect-src 'self' https://*.p7s1.io https://*.usercentrics.eu https://*.google-analytics.com 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.criteo.com *.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com test1.maksuturva.fi payments.maksuturva.fi www.maksuturva.fi *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com amc.demdex.net js.playground.klarna.com js.klarna.com e.issuu.com *.facebook.com *.hotjar.com *.hotjar.io *.criteo.com *.googlesyndication.com *.userneeds.com *.doubleclick.net *.googletagmanager.com *.google.analytics.com *.google-analytics.com *.googleusercontent.com *.googleapis.com *.googleadservices.com *.gstatic.com plugins.flockler.com checkoutapistage.svea.com/ batterylookupfi.yuasa.co.uk *.giosg.com *.giosgusercontent.com map.karttapalvelut.fi *.maplet.com *.captcha-delivery.com td.doubleclick.net *.euu.stape.net *.ikh.fi *.ikh.se *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://firebasestorage.googleapis.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ * *.giosg.com *.giosgusercontent.com *.cookiefirst.com *.google-analytics.com *.googletagmanager.com ad.doubleclick.net ade.googlesyndication.com adservice.google.com *.googleadservices.com *.google.com google.com *.ikh.fi *.ikh.se *.maksuturva.fi http://host.docker.internal:7001 *.facebook.com *.reddit.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com ajax.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.shopify.com https://api.unifaun.com data: www.google.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com js-agent.newrelic.com bam.nr-data.net js.playground.klarna.com js.klarna.com api.custobar.com connect.facebook.net *.criteo.net *.criteo.com payments.maksuturva.fi *.googlesyndication.com *.hotjar.com *.hotjar.io gstatic.com *.confirmit.com *.doubleclick.net plugins.flockler.com *.cdn.flockler.com checkoutapistage.svea.com/ cdn.cookielaw.org *.giosg.com *.giosgusercontent.com magento-recs-sdk.adobe.net *.clarity.ms *.cookiefirst.com js.datadome.co ct.captcha-delivery.com *.licdn.com *.ikh.fi *.ikh.se *.maksuturva.fi http://host.docker.internal:7001 *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net tagmanager.google.com *.cdn.flockler.com/ *.giosg.com *.giosgusercontent.com consent.cookiefirst.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://get.geojs.io *.avada.io env-6410208.paas.datacenter.fi bam.nr-data.net eu.klarnaevt.com eu.playground.klarnaevt.com *.g.doubleclick.net api.custobar.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io payments.maksuturva.fi *.criteo.com *.confirmit.com *.userneeds.com *.doubleclick.net *.googletagmanager.com plugins.flockler.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com maps.googleapis.com/ *.giosg.com *.giosgusercontent.com *.clarity.ms www.maksuturva.fi//GetPaymentMethods.pmt *.cookiefirst.com api-js.datadome.co *.analytics.google.com pagead2.googlesyndication.com *.googleadservices.com ad.doubleclick.net *.facebook.com *.linkedin.com *.euu.stape.net *.ikh.fi *.ikh.se *.maksuturva.fi http://host.docker.internal:7001 *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.giosg.com *.giosgusercontent.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.gstatic.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://image.providesupport.com https://vm.providesupport.com https://cdnjs.cloudflare.com/ https://cdnjs.com/ https://unpkg.com/ https://connect.facebook.net/ https://*.smartlook.com https://*.smartlook.cloud;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com;img-src 'self' https://*.google.com https://www.gstatic.com https://translate.googleapis.com http://translate.google.com https://*.google-analytics.com data: https://image.providesupport.com https://fonts.gstatic.com https://www.facebook.com/ https://www.googletagmanager.com/ https://www.google.cz/;frame-src 'self' https://www.google.com https://www.youtube.com https://vm.providesupport.com http://vm.providesupport.com https://servis.webhouse.cz/ https://docs.google.com/ https://getwaitlist.com/ https://youtube.com/ https://www.book4u.cz https://accounts.google.com/;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://translate.googleapis.com https://translate-pa.googleapis.com https://*.google-analytics.com https://chatapi.providesupport.com https://image.providesupport.com https://www.facebook.com/ https://reporter.seznam.cz/ https://region1.analytics.google.com/ https://manager.eu.smartlook.cloud/ https://*.smartlook.com https://*.smartlook.cloud;form-action 'self';frame-ancestors 'self';block-all-mixed-content 2
frame-ancestors 'self' https://*.zoominfo.com 2
font-src 'self'; object-src 'none'; base-uri 'self'; 2
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jquery.com *.twitter.com cdn.syndication.twimg.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.jsdelivr.net *.cqg.com *.amazonaws.com *.zdassets.com *.zopim.com *.ckeditor.com *.wistia.com api.smooch.io *.googletagmanager.com *.recaptcha.net wasm-eval js.sentry-cdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.jsdelivr.net *.mailchimp.com *.twimg.com *.googleapis.com *.ckeditor.com *.gstatic.com *.zendesk.com *.googletagmanager.com *.recaptcha.net; img-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.twimg.com data: *.zopim.io *.gstatic.com *.googleapis.com *.ckeditor.com *.wistia.com embedwistia-a.akamaihd.net api.smooch.io *.zendesk.com; media-src 'self' *.zdassets.com blob: data; frame-src 'self' *.twitter.com *.youtube.com *.google.com *.cqg.com *.recaptcha.net *.googletagmanager.com *.doubleclick.net webfacet.cqg.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' embedwistia-a.akamaihd.net *.github.com *.gstatic.com data:; connect-src wss: 'self' www.google.co.in region1.analytics.google.com *.google.com *.google-analytics.com stats.g.doubleclick.net *.cqg.com *.zdassets.com *.zendesk.com widget-mediator.zopim.com  *.wistia.com *.litix.io embedwistia-a.akamaihd.net api.smooch.io *.googlesyndication.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors ptisp.pt my.ptisp.pt oppwa.com; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vizzit.se *.readspeaker.com *.episerver.net *.kiprotect.com *.lakemedelsverket.open-analytics.se *.azure.com *.vo.msecnd.net *.gstatic.com *.google.com *.cloudflare.com *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.aptrinsic.com *.hcaptcha.com *.aslint.org;style-src 'self' 'unsafe-inline' *.readspeaker.com *.bootstrapcdn.com *.episerver.net *.vizzit.se *.googleapis.com *.jsdelivr.net *.aptrinsic.com *.gstatic.com;font-src 'self' data: *.gstatic.com *.cloudfront.net *.episerver.net;img-src 'self' data: *.gstatic.com *.google.com *.lakemedelsverket.open-analytics.se *.episerver.net *.vizzit.se;frame-src 'self' *.screen9.com qcnl.tv *.google.com link.webropolsurveys.com *.hcaptcha.com *.google.com;frame-ancestors 'self';connect-src 'self' *.vizzit.se *.lakemedelsverket.open-analytics.se *.services.visualstudio.com *.aptrinsic.com *.hcaptcha.com *.google.com *.applicationinsights.azure.com *.monitor.azure.com;report-uri /api/csp/report; 2
frame-ancestors 'self'; object-src 'none'; frame-src 'self' youtube.com www.youtube.com google.com www.google.com secure.livechatinc.com www.paypal.com paypal.com ct.pinterest.com accounts.google.com www.googletagmanager.com data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://localhost:58456 *.ads.linkedin.com *.bazaarvoice.com *.datev.com *.datev.de *.grafana.net *.scene7.com *.onetrust.com adobedc.demdex.net api.ipify.org apps.bazaarvoice.com assets.adobedtm.com connect.facebook.net dtveg.sc.omtrdc.net edge.adobedc.net eu-api.friendlycaptcha.eu faro-collector-prod-eu-west-2.grafana.net googleads.g.doubleclick.net px.ads.linkedin.com salesviewer.org snap.licdn.com www.datev-magazin.de www.facebook.com www.google.com www.google.de www.googletagmanager.com www.salesviewer.org ; media-src 'self' blob: *.scene7.com ; base-uri 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 2
frame-ancestors *.mcdonalds2.sk *.mcdonalds2.cz *.mcdonalds.cz *.mcdonalds.sk *.mcdonalds360.cz *.mcdonalds360.sk; form-action *.mcdonalds2.sk *.mcdonalds2.cz *.mcdonalds.sk *.mcdonalds.cz tr.snapchat.com *.localhost.cz; object-src 'none'; 2
frame-ancestors 'self' https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev https://portal.decibel.com 2
frame-ancestors https://modelcentro.com/ 2
default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://js.hsforms.net https://player.vimeo.com https://static.hotjar.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hubspot.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js-na1.hs-scripts.com https://snap.licdn.com; connect-src 'self' 'unsafe-inline' https://vimeo.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://js.hs-banner.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net; img-src 'self' 'unsafe-inline' https://res.cloudinary.com https://teamtailor-production.s3.eu-west-1.amazonaws.com https://critizr-test.ams3.cdn.digitaloceanspaces.com https://assets.critizr.staging.verveagency.com https://assets.goodays.prod.verveagency.com https://images.teamtailor-cdn.com https://www.google.com https://www.google.nl https://track.hubspot.com https://perf-na1.hsforms.co https://forms.hsforms.com https://perf-na1.hsforms.com https://px.ads.linkedin.com; child-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' https://admin.goodays.co/ https://www.youtube.com https://player.vimeo.com https://td.doubleclick.net; 2
connect-src 'self' *.squarecloud.app *.squarecloud.dev *.github.com *.crisp.chat wss://*.crisp.chat *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com *.cloudflare.com discord.com 2
script-src  'self'  'report-sample' https://js.hsforms.net  http://js.hsforms.net  https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hscollectedforms.net https://forms.hsforms.com   https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://cdn.usefathom.com https://www.clarity.ms https://scripts.clarity.ms https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-banner.com https://cdn.jsdelivr.net 'sha256-M28mypAFwwpIwIF9e1/A6867PQiwVvOrdqFSTFSa8/U='  'sha256-Ed6Lei7deBSXT1iYYw0V36YZXaA4v7OsRknNjmNl/9c=' 'sha256-uDN+KkW4ljf+D4DbsWP5KpxyfG/7h+LNmZxMzbz/+1E=' 'sha256-9seBUu3uBabJT/26wJPQEjpi+FB2ayw9N8BnQJlh/ls=' 'sha256-mqxawUgIH8vW3/GxWmOFDp5zt8IejNl5rNH2j9PXF88=' 'sha256-wkSWDFufZapa7t3NvV+JhSRXHb/4CI3ZnaqCvg7byns=' 'sha256-Tq4uREmlYInMCBRtudvmIOCc+VdyPNg3t18I9xtvdgs='  'sha256-/mLWo7as1uoH7YxKP28RczpTaAJYtZFOdU0Okz4RWRo='  'sha256-vHWNkFcRXsOiOWmmubySLtLeZ3xAubNJpC7UdmQgSQU='  'sha256-FHfozmosNdt5yUG9l8OmVM1S/oTxw2TNWHPejSjEr58=' 'sha256-2VNfiq6Um2ua9MLfzend4JESqZeD1VSgkWvUrPvrlZE=' 'sha256-6Z9XwT1XsndpCDjoLgO3W3g2Dptc9WedO+nSCr9k3no=' 'sha256-+Ozb/ItuZAdaQgJd2RebN2rKWj1XkBuXVaV6/lT4Juo=' 'sha256-9qgU5FDrauEgF+e1iJWvsh46OwsIkNOLjkXggr/02jk='; object-src 'none';  base-uri 'self';  connect-src  'self' https://webhook.frontapp.com https://j.clarity.ms https://api.github.com https://api.rebilly.com https://forms.hsforms.com https://forms.hscollectedforms.net https://*.google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://v.clarity.ms/collect https://cdn.jsdelivr.net; form-action  'self'  https://forms.hsforms.com https://webhook.frontapp.com  https:;  style-src  'self'  'unsafe-inline'  https://cdn.jsdelivr.net;  worker-src  'self'  blob:;  frame-src 'self' https://www.google.com https://www.youtube.com https://demo.arcade.software; child-src  'self'  blob:;  img-src 'self' data: https: blob:; 2
default-src 'self' * 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com www.google.com www.youtube.com cdn.cookielaw.org www.youtube-nocookie.com snap.licdn.com connect.facebook.net apps.mypurecloud.de b2b.intrum.com b2b.intrum.fi b2b.intrum.dk track.adform.net googleads.g.doubleclick.net pi.pardot.com www.gstatic.com *.intrum.com *.hotjar.com *.inzynk.io *.lfeeder.com *.leadfeeder.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; object-src 'none'; img-src * 'self' data:; worker-src 'self' data: blob:; frame-ancestors 'self'; 2
default-src * data: 'unsafe-eval' 'unsafe-inline' worker-src 'self' blob:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;media-src *;style-src 'unsafe-inline' 'unsafe-eval' *;img-src 'unsafe-inline' data: *;font-src data: *;connect-src *;frame-src * blob: 2
frame-ancestors 'self' pmt.honeywell.com ppe.sps.honeywell.com automation.honeywell.com process.honeywell.com; 2
default-src https:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src https: data:; form-action https:; connect-src https: wss:; object-src 'none'; worker-src https: wss: blob:; upgrade-insecure-requests 2
default-src *;  object-src 'none';  base-uri 'none';  script-src * 'unsafe-eval' 'unsafe-inline';  style-src * 'unsafe-inline';  img-src * blob: data:;  font-src * data:;  frame-ancestors 'self' *.nyla.app *.nyla.vercel.app; 2
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;  style-src 'self' 'unsafe-inline';  connect-src 'self' https: wss:;  img-src 'self' data: https:;  frame-src 'self' https:;  font-src 'self' data: https:;  worker-src 'self' blob:; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' mt.tag.vc *.frcapi.com frcapi.com *.jsspmedia.com jsspmedia.com *.aprtn.com aprtn.com tags.srv.stackadapt.com *.stalkoda.com stalkoda.com stapecdn.com *.sentry-cdn.com *.hotjar.com *.cloudflare.com *.cloudfront.net indexfunction.com opnlink.com hitchbacks.com *.hitchbacks.com *.clarity.ms swrap.tradedoubler.com rtg.wewomedia.com *.facebook.net *.facebook.com *.bing.net *.bing.com *.doubleclick.net google.com *.googlesyndication.com *.gstatic.com *.google.com *.google.ru *.google.pl *.google.bg *.google.com.ua *.google.tn *.google.ch *.google.sk *.google.si *.google.ir *.google.cz *.google.co.uk *.google.lt *.google.de *.google.lv *.google.fr *.google.hu *.google.ee *.google.co.in *.google.nl *.google.pt *.google.by *.google.dz *.google.it mstat.acestream.net stackpath.bootstrapcdn.com *.googleapis.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.redditstatic.com *.reddit.com px.ads.linkedin.com snap.licdn.com *.youtube.com code.jquery.com *.wallester.com wallester.com *.wallester.biz wallester.biz *.wallester.eu *.g2crowd.com *.g2.com yoast.com *.hotjar.io *.trackier.com smct.co *.smct.co *.smct.io ordozen.com *.ordozen.com *.amazonaws.com webtrafficsource.com s.logstracker.com 478.theodyo.com ads-twitter.com *.ads-twitter.com *.twitter.com wss://*.hotjar.com; img-src * data:; font-src * data:; media-src 'self' blob: data:; worker-src 'self' blob:; frame-src 'self' blob: *.frcapi.com frcapi.com *.wallester.com *.wallester.biz www.googletagmanager.com www.google.com www.youtube.com *.doubleclick.net *.cloudflare.com *.gotrackier.com *.opnlink.com *.hitchbacks.com *.smct.io *.cloudfront.net webtrafficsource.com; frame-ancestors 'self'; 2
frame-ancestors 'self' *.storyblok.com 2
default-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: *; script-src-elem * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; frame-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: *; img-src * data: * blob: *; report-uri /local/ajax/CSP.php 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io	 https://solve-widget.forethought.ai https://decagon.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://ucv.bynder.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://app.cal.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://cdn.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://wcs.naver.com https://wcs.naver.net https://cdn01.boxcdn.net https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://cdn.sprig.com https://assets.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://maps.googleapis.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4 https://unpkg.com/d3@7.9.0/dist/d3.min.js https://unpkg.com/three@0.150.0/build/three.min.js https://dev-custom-views-modules-usw2.s3.us-west-2.amazonaws.com/components.js https://*.jam.dev;connect-src 'self' data: blob: https://img.notionusercontent.com https://notion.so/eap https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com	 https://makenotion.zendesk.com	 https://api.smooch.io	 wss://api.smooch.io	 https://api.forethought.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://library.notion.com https://d8ejoa1fys2rk.cloudfront.net https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://api.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://hcaptcha.com https://*.hcaptcha.com https://tiles.versatiles.org https://maps.googleapis.com https://places.googleapis.com https://api.ipify.org wss://msgstore.www.notion.so wss://msgstore-001.www.notion.so wss://msgstore-002.www.notion.so https://msgstore.www.notion.so https://msgstore-001.www.notion.so https://msgstore-002.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://prod-files-secure-euc1.s3.eu-central-1.amazonaws.com https://prod-notion-temporary-files-euc1.s3.eu-central-1.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://local-workers-code-bundles.s3.us-west-2.amazonaws.com https://dev-space-euc1-0001-workers-code-bundles.s3.eu-central-1.amazonaws.com https://dev-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://dev-space-usw2-0002-workers-code-bundles.s3.us-west-2.amazonaws.com https://stg-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-euc1-0001-workers-code-bundles.s3.eu-central-1.amazonaws.com https://prod-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0002-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0003-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0004-workers-code-bundles.s3.us-west-2.amazonaws.com https://file.notion.so notion://file.notion.so https://www.notion.com https://app.notion.com https://calendar.notion.so;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://d8ejoa1fys2rk.cloudfront.net https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://img.notionusercontent.com https://mail-resource-proxy.mail.notion.so https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io https://file.notion.so notion://file.notion.so;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://github.githubassets.com https://d8ejoa1fys2rk.cloudfront.net https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build https://hcaptcha.com https://*.hcaptcha.com;frame-src 'self' https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://identity.notion.so https://*.jam.dev;frame-ancestors 'self' https://mail.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com https://file.notion.so notion://file.notion.so 2
frame-src 'self' https://meitav.co.il https://meitav.insait.io https://meitav.insait-np.net https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://td.doubleclick.net https://*.fls.doubleclick.net https://mrkmd.meitav.co.il https://mrktmd.meitav.co.il https://mdmediadev.blob.core.windows.net https://apps.commbox.io; frame-ancestors 'self' 2
base-uri 'self'; connect-src 'self' data: https: static.billets.ca *.billets.ca *.tickets.ca *.cookieyes.com cdn-cookieyes.com connect.facebook.net www.facebook.com *.google-analytics.com *.google.com *.googletagmanager.com *.g.doubleclick.net *.google.ca *.google.fr *.google.com.mx *.google.co.uk pagead2.googlesyndication.com *.googleadservices.com *.googleapis.com *.gstatic.com www.linkedin.com snap.licdn.com *.ads.linkedin.com p.adsymptotic.com *.linkedin.oribi.io sjs.bizographics.com bat.bing.com; default-src 'self' data:; font-src 'self' data: https: static.billets.ca *.billets.ca *.tickets.ca fonts.gstatic.com; form-action 'self' https: www.facebook.com; frame-ancestors 'none'; frame-src 'self' https: www.facebook.com td.doubleclick.net *.googletagmanager.com *.google.com; img-src 'self' data: blob: https: static.billets.ca *.billets.ca *.tickets.ca cdn-cookieyes.com www.facebook.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca *.google.fr *.google.com.mx *.google.co.uk googleads.g.doubleclick.net pagead2.googlesyndication.com *.googleadservices.com *.googleapis.com *.gstatic.com *.googleusercontent.com ssl.gstatic.com www.gstatic.com www.linkedin.com *.ads.linkedin.com bat.bing.com; manifest-src 'self' https: static.billets.ca *.billets.ca *.tickets.ca; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: static.billets.ca *.billets.ca *.tickets.ca cdn-cookieyes.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com snap.licdn.com bat.bing.com; style-src 'self' 'unsafe-inline' https: static.billets.ca *.billets.ca *.tickets.ca fonts.googleapis.com googletagmanager.com tagmanager.google.com www.gstatic.com; worker-src 'self' blob: data:; report-uri https://o1428952.ingest.us.sentry.io/api/6779447/security/?sentry_key=8b5fda394a3642e9a3bf42710a029851&environment=production&release=21688333780 2
frame-ancestors 'self' *.studis-online.de *.bafoeg-rechner.de *.netzseiten.de; 2
default-src 'none';font-src 'self';img-src 'self';script-src 'sha256-81WxZh6Jlqr32U+Mgym0ZWs7QkLHGQ7CBoaQQGRUeTo=';style-src 'unsafe-inline'; 2
script-src 'nonce-yeqoqxbE/kH8M/TMSFabqw==' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' http: https:; base-uri none; frame-ancestors https://app.contentful.com; require-trusted-types-for 'script' 2
default-src 'self' https://standardbankgroupltd.my.site.com  *.my.salesforce-scrt.com https://digitalbanking.standardbank.co.za:8083 atm-branch-locator.component.ts:422  locator.component.ts:668   https://digitalbanking.standardbank.co.za:8083/  https://i.ibb.co/vzWwY6n/header-logo-mini.png  https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com *.api.useinsider.com *.useinsider.com  standardbankna.api.useinsider.com  syndication.twitter.com  web.facebook.com platform.twitter.com  www.facebook.com https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com https://www.google.com   https://stream.tribeca.vidavee.com https://stbg.stanbic.co.ug https://stbg.stanbicbank.co.bw https://stbg.stanbicbank.com.gh https://stbg.stanbicbank.co.zm https://stbg.standardbank.co.sz https://stbg.standardbank.co.mw https://stbg.standardbank.mu https://stbg.standardbank.com.na  https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd   *.tt.omtrdc.net  https://www.google.com  https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com stbg.standardbank.co.za stbg.standardbank.com  https://tribeca.vidavee.com https://img.youtube.com http://business.twitter.com https://analytics.twitter.com http://ad.doubleclick.net cdn.cookielaw.org *.onetrust.com http://*.fls.doubleclick.net https://googleads.g.doubleclick.net http://pixel.facebook.com https://www.facebook.com/tr/ http://dc.ads.linkedin.com https://px.ads.linkedin.com https://client.demdex.net https://dpm.demdex.net/ https://cdn.krxd.net/ https://beacon.krxd.net http://bs.serving-sys.com https://googleads.g.doubleclick.net https://assets.adobedtm.com https://cdnjs.cloudflare.com https://maps.lightstoneproperty.co.za http://maps.lightstoneproperty.co.za http://*.tt.omtrdc.net http://dpm.demdex.net https://maps.googleapis.com https://www.gstatic.com https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self' data:  https://standardbank.germany-2.evergage.com  https://fonts.gstatic.com data: https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://stream.tribeca.vidavee.com https://stbg.standardbank.mu  https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd  https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' https://stbg.stanbicbank.co.tz  data: https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com https://stbg.stanbic.co.ug https://stream.tribeca.vidavee.com  https://stbg.stanbicbank.co.bw  https://stbg.stanbicbank.com.gh  https://stbg.stanbicbank.co.zm https://stbg.standardbank.co.sz  https://stbg.standardbank.co.mw https://stbg.standardbank.com.na https://stbg.standardbank.mu https://stbg.sbgsecurities.co.ke  https://stbg.standardbank.cd  stbg.standardbank.co.za stbg.standardbank.com https://blitsproduction.blob.core.windows.net https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com stbg.standardbank.co.za stbg.standardbank.com https://tribeca.vidavee.com https://img.youtube.com cdn.cookielaw.org https://www.homeloans1.standardbank.co.za https://googleads.g.doubleclick.net https://www.homeloans1.standardbank.co.za https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://khms1.googleapis.com https://khms0.googleapis.com https://geo0.ggpht.com https://cbks0.googleapis.com https://maps.googleapis.com https://maps.gstatic.com http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:  https://snap.licdn.com  https://service.force.com https://standardbankgroupltd.my.site.com https://static.ads-twitter.com/uwt.js *.my.salesforce.com  *.my.site.com  https://static.ads-twitter.com https://unpkg.com  standardbankna.api.useinsider.com  platform.twitter.com https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://www.google.com  https://stream.tribeca.vidavee.com https://stbg.standardbank.mu  https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd  https://www.google.com   https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com https://tribeca.vidavee.com https://img.youtube.com cdn.cookielaw.org *.onetrust.com https://connect.facebook.net locator.component.ts:668 https://digitalbanking.standardbank.co.za:8083  https://code.jquery.com https://assets.adobedtm.com https://googleads.g.doubleclick.net https://www.gstatic.com https://maps.googleapis.com http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com http://*.tt.omtrdc.net  https://geo0.ggpht.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' https://standardbankgroupltd.my.site.com *.useinsider.com *.api.useinsider.com https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com   stbg.standardbank.co.za stbg.standardbank.com https://tribeca.vidavee.com https://img.youtube.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://*.map2.ssl.hwcdn.net; connect-src 'self' https://standardbank.germany-2.evergage.com  https://stbg.stanbicbank.com.gh  https://privacyportal-de.onetrust.com https://dpm.demdex.net https://stbg.stanbicbank.co.tz https://digitalbanking.standardbank.co.za:8083 https://standardbankgroupltd.my.salesforce-scrt.com https://cdn.cookielaw.org https://accstandardbank.tt.omtrdc.net https://geolocation.onetrust.com https://maps.googleapis.com; 2
default-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.usercentrics.eu *.cloudfront.net https://messenger.dixa.io https://js-agent.newrelic.com https://widget.reviews.io https://tagalys-assets.s3.ap-southeast-1.amazonaws.com https://www.google.com https://www.paypal.com https://pay.google.com https://cert.tryggehandel.net https://maps.googleapis.com https://cdnjs.cloudflare.com https://static.klaviyo.com https://widget.thuiswinkel.org https://static-tracking.klaviyo.com https://cdn.parcellab.com https://www.youtube.com *.parcellab.com *.tagalys.com *.criteo.com *.criteo.net https://api.braintreegateway.com https://sandbox.braintreegateway.com https://api.sandbox.braintreegateway.com https://braintreegateway.com https://payments.braintree-api.com https://sandbox.braintree-api.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://js.braintreegateway.com https://x.klarnacdn.net https://static-eu.payments-amazon.com https://js.klarna.com https://cdn.tink.de https://cdn.tink.at https://cdn-vattenfall.tink.de https://cdn-deutsche-giganetz.tink.de https://cdn-kpn.tink.nl https://cdn.tink.nl https://cdn.tink.net https://cdn.tink.be https://cdn-plus.tink.de https://d2810q2tlzpt0m.cloudfront.net cdn.builder.io https://widget.thuiswinkel-cdn.org https://*.heyflow.com https://*.heyflow.cloud https://www.googletagmanager.com https://ww1.tink.de https://ww1.tink.at https://ww1.tink.nl https://ww1.tink.be https://vf1.tink.de https://js.appboycdn.com https://s.ytimg.com https://content.zeotap.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.gstatic.com https://connect.facebook.net https://*.getsitecontrol.com https://www.dwin1.com https://d.impactradius-event.com https://cdn.taboola.com https://lantern.roeyecdn.com https://code.jquery.com https://s.pinimg.com https://tr.fatmedia.io https://trc.taboola.com https://analytics.tiktok.com https://www.shopperapproved.com https://analytics.fatmedia.io https://www.awin1.com https://static.hotjar.com https://script.hotjar.com https://*.ad-srv.net https://*.adsrvr.org https://*.doubleclick.net https://*.adform.net https://*.adition.com https://*.adfarm.com https://app.varify.io https://origin.acuityplatform.com https://cdn.pdst.fm https://ct.pinterest.com https://redditstatic.com https://www.redditstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://widget.thuiswinkel.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://messenger.dixa.io https://assets.reviews.io https://static.klaviyo.com https://*.getsitecontrol.com https://cdn.parcellab.com https://static-tracking.klaviyo.com https://api.braintreegateway.com https://sandbox.braintreegateway.com https://api.sandbox.braintreegateway.com https://braintreegateway.com https://payments.braintree-api.com https://sandbox.braintree-api.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://js.braintreegateway.com https://x.klarnacdn.net https://static-eu.payments-amazon.com https://js.klarna.com https://cdn.tink.de https://cdn.tink.at https://cdn-vattenfall.tink.de https://cdn-deutsche-giganetz.tink.de https://cdn-kpn.tink.nl https://cdn.tink.nl https://cdn.tink.net https://cdn.tink.be https://cdn-plus.tink.de https://d2810q2tlzpt0m.cloudfront.net cdn.builder.io https://widget.thuiswinkel-cdn.org https://*.heyflow.com https://*.heyflow.cloud; connect-src *; frame-ancestors 'self' https://builder.io https://*.builder.io 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'   https://svanalytics.containers.piwik.pro/2479d5f4-1a62-42bf-91c4-e6075dc3f52b.js   https://svanalytics.containers.piwik.pro/ppms.js   https://*.rekai.se   https://*.readspeaker.com   https://maps.googleapis.com   https://micc.gotland.se   https://map-embed.naturkartan.se   https://player.vimeo.com   https://mfstatic.com   https://www.youtube.com   https://s.ytimg.com   https://static.ws.apsis.one   https://code.highcharts.com/highcharts.js   https://reseplanerare.resrobot.se; frame-src 'self'   https://*.vimeo.com   https://*.youtube.com   https://youtube.com   https://*.spotify.com   https://*.podbean.com   https://*.screen9.com   https://*.gotland.se   https://*.inviewer.se   https://*.svt.se   https://*.naturkartan.se   https://play.google.com   https://datawrapper.dwcdn.net   https://svanalytics.piwik.pro   https://app-eu.readspeaker.com   https://menu.matildaplatform.com/   https://code.highcharts.com/   https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline'   https://*.readspeaker.com   https://micc.gotland.se   https://mfstatic.com; connect-src 'self'   https://*.googleapis.com   https://alme.inadra.se/login   https://vimeo.com/api/   https://rekai.se   https://*.rekai.se   https://svanalytics.containers.piwik.pro   https://svanalytics.piwik.pro   https://*.readspeaker.com   https://*.youtube.com   https://youtube.com   https://play.screen9.com   https://mule03.gotland.se   https://play.google.com   https://mfstatic.com   https://*.mediaflow.com   https://micc.gotland.se   https://api.kolada.se   https://reseplanerare.resrobot.se; style-src-elem 'self' 'unsafe-inline'   https://*.readspeaker.com   https://micc.gotland.se   https://svanalytics.containers.piwik.pro   https://mfstatic.com   https://reseplanerare.resrobot.se; font-src 'self' data:   https://micc.gotland.se   https://mfstatic.com   https://reseplanerare.resrobot.se; media-src 'self' blob:   https://play.boxcast.com   https://mfstatic.com   https://*.inviewer.se   https://m.mediaflow.com   https://*.googlevideo.com; img-src 'self' data:   https://maps.googleapis.com   https://maps.gstatic.com   https://i.ytimg.com   https://cdn-eu.readspeaker.com   https://i.vimeocdn.com   https://www.w3.org   https://gotland.se   https://reseplanerare.resrobot.se   https://www.svtstatic.se   https://mfstatic.com   https://*.inviewer.se   https://assets.mediaflowpro.com; 2
default-src 'self' front.mb-smart.net 'unsafe-inline' static.cloudlfareinsights.com; 2
default-src 'self' data: https:;   font-src 'self' data: https:;   script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;   img-src 'self' data: https:;   connect-src 'self' https:;   style-src 'self' 'unsafe-inline' data: https:;   frame-src 'self' https:;   frame-ancestors 'self';   object-src 'self';   upgrade-insecure-requests;  2
frame-ancestors 'self' https://portal.ukbonn.de https://portal-test.ukbonn.de; 2
frame-ancestors 'self' travel-dealz.de travel-dealz.com forum.travel-dealz.de kreuzfahrten.travel-dealz.de cruises.travel-dealz.com; 2
img-src * *.commercecloud.salesforce.com *.thewatchbox.com *.govbergwatches.com *.the1916company.com *.imgix.net *.amazonaws.com *.placeholder.com *.cookielaw.org *.adyen.com 'self' data:;script-src 'self' 'unsafe-inline' * api.cquotient.com storage.googleapis.com *.cookielaw.org *.criteo.com *.audioeye.com *.google-analytics.com *.googletagmanager.com *.reviews.io unsafe-inline *.bosslogics.com micro.dy.cloud.bosslogics.com *.adyen.com *.adyenpayments.com *.mobify-storefront.com 'unsafe-eval' https://runtime.commercecloud.com *.site.com;script-src-attr 'self' * api.cquotient.com storage.googleapis.com *.cookielaw.org *.criteo.com *.audioeye.com *.google-analytics.com *.googletagmanager.com *.reviews.io *.bosslogics.com micro.dy.cloud.bosslogics.com *.adyen.com *.adyenpayments.com *.mobify-storefront.com data:;connect-src 'self' 'unsafe-inline' * api.cquotient.com storage.googleapis.com *.cookielaw.org *.criteo.com *.audioeye.com *.google-analytics.com *.googletagmanager.com *.reviews.io unsafe-inline *.bosslogics.com micro.dy.cloud.bosslogics.com *.adyen.com *.adyenpayments.com *.mobify-storefront.com https://runtime.commercecloud.com *.salesforce-scrt.com;default-src 'self';style-src 'self' * 'unsafe-inline' data:;style-src-elem 'self' 'unsafe-inline' * api.cquotient.com storage.googleapis.com *.cookielaw.org *.criteo.com *.audioeye.com *.google-analytics.com *.googletagmanager.com *.reviews.io unsafe-inline *.bosslogics.com micro.dy.cloud.bosslogics.com *.adyen.com *.adyenpayments.com *.mobify-storefront.com data:;frame-src 'self' * data: blob: *.site.com;media-src 'self' *;object-src 'none';font-src 'self' * data:;worker-src 'self' *.appboycdn.com *.google.com *.googletagmanager.com;frame-ancestors 'self' https://www.the1916company.com https://runtime.commercecloud.com;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests 2
default-src 'self' data: * blob: *; img-src 'self' data: * https://devusscksastrapifa.blob.core.windows.net; media-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.google-analytics.com data: *; frame-src 'self' blob: * data: * 2
default-src https: http: blob: 'unsafe-inline' 'unsafe-eval' data:; 2
default-src 'self' http: https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'  https://*.mailercloud.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fast.fonts.net; font-src 'self' https://*.mailercloud.com https://fonts.gstatic.com; img-src 'self' https: http: data: blob:; frame-ancestors 'self'; media-src https:; 2
frame-ancestors 'self' https://app.makeswift.com 2
default-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dewebmakers.nl *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.cloudflare.com cdn.leadinfo.net *.seranking.com https://monitor.fraudblocker.com https://cdn-cookieyes.com https://asset-tidycal.b-cdn.net https://googleads.g.doubleclick.net https://*.google.com https://*.gstatic.com https://*.clickrank.ai;         object-src *;         style-src 'self' 'unsafe-inline' *.dewebmakers.nl cdn.leadinfo.net fonts.googleapis.com https://www.googletagmanager.com;         img-src * data:;         media-src *;         frame-src *;         font-src *;         connect-src *; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:; 2
default-src 'self'; connect-src 'self' *.siteimprove.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://stats.g.doubleclick.net https://transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/ https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://pagead2.googlesyndication.com/ https://www.google-analytics.com https://www.googletagmanager.com https://search.service.eu-live.vportal.ee/v1/search/transpordiamet https://search.service.eu-live.vportal.ee/v1/globalsearch/total https://form.service.eu-live.vportal.ee/v1/ https://search.service.eu-live.vportal.ee/v1/events/transpordiamet https://inaadress.maaamet.ee https://search.service.eu-live.vportal.ee/v1/sanctions/transpordiamet; font-src 'self' data: https://fonts.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://www.transpordiamet.ee/ www.transpordiamet.ee https://digiajakiri.transpordiamet.ee/ www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://transpordiamet.ee https://v.postimees.ee/ https://public.tableau.com/app/profile/transpordiamet/viz/Ktused/Ktusekulukoond https://public.tableau.com/ https://gis.transpordiamet.ee/ https://droonid.transpordiamet.ee/ https://turvavoo.transpordiamet.ee/ https://kaalautos.transpordiamet.ee/ https://www.googletagmanager.com/ https://public.tableau.com/views/Ktused/Ktusekulukoond https://public.tableau.com/app/profile/transpordiamet/viz/Sadamateklastus/Vikelaevadegasaabunudinimesed https://public.tableau.com/app/profile/transpordiamet/viz/Sadamateklastus/Vikelaevadeklastusandmed https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com www.fbcdn.net www.cdninstagram.com www.facebook.com https://pixabay.com/ https://www.pexels.com/ http://www.w3.org/ http://www.bohemiancoding.com/sketch/* www.transpordiamet.ee https://stats.g.doubleclick.net/* https://www.transpordiamet.ee/ https://search.google.com/search-console https://www.facebook.com/ https://connect.facebook.net https://transpordiamet.ee https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org www.facebook.com https://search.google.com/search-console https://www.facebook.com/ https://connect.facebook.net https://transpordiamet.ee/ www.transpordiamet.ee https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org www.facebook.com https://search.google.com/search-console https://transpordiamet.ee www.transpordiamet.ee https://www.facebook.com https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/ https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://connect.facebook.net/ https://connect.facebook.net/en_US/fbevents.js https://public.tableau.com/ cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://static.addtoany.com/menu/svg/icons.30.svg.css https://www.transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://transpordiamet.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://static.addtoany.com/menu/svg/icons.30.svg.css https://www.transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://transpordiamet.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self' https://public.tableau.com/ 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://www.clarity.ms https://tracking.g2crowd.com https://cdn.getkoala.com https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai static.cdn.prismic.io prismic.io js.qualified.com https://js.zoominfo.com https://ws.zoominfo.com; style-src * 'unsafe-inline'; img-src * data: blob: https://www.clarity.ms https://api.getkoala.com images.unsplash.com images.prismic.io responsiveio.cdn.prismic.io https://ws.zoominfo.com; font-src * data:; connect-src * https://www.clarity.ms https://tracking.g2crowd.com https://api.getkoala.com https://olivia.paradox.ai js.qualified.com app.qualified.com wss://ws.qualified.com https://ws.zoominfo.com; frame-src * responsiveio.prismic.io responsiveio-staging.prismic.io; object-src 'none'; form-action *; base-uri 'self'; frame-ancestors 'self' https://slice-simulator.prismic.io https://responsiveio.prismic.io https://responsiveio-staging.prismic.io https://app.rfpio.com; upgrade-insecure-requests ; media-src cdn.plyr.io responsiveio.cdn.prismic.io app.qualified.com 2
block-all-mixed-content; frame-ancestors 'self' *.maxima.lt *.maxima.ee *.suvekeskus.ee; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.cookiebot.com *.issuu.com *.google.com *.adform.net *.doubleclick.net maxima.teamdash.com indd.adobe.com *.flipsnack.com view.publitas.com www.googletagmanager.com embed.figma.com www.figma.com viewer.ipaper.io; report-uri /csp/report 2
frame-ancestors 'self' t.co twitter.com;   block-all-mixed-content;   worker-src 'self';   object-src 'none';  font-src 'self'  https://fonts.gstatic.com  https://use.fontawesome.com  https://static.isu.pub  https://content.powerapps.com  https://cloud.taggbox.com  https://player.captivate.fm  https://d1ixzvs6g7du49.cloudfront.net  https://public.flourish.studio  https://static.dwcdn.net;    child-src 'self'     https://platform.twitter.com     https://*.svc.dynamics.com     https://flo.uri.sh     https://public.flourish.studio     https://play.libsyn.com     https://s7.addthis.com     https://www.googletagmanager.com     https://www.youtube.com     https://*.gettyimages.com     https://gdpr-api.sharethis.com     https://e.issuu.com     https://sidebar.bugherd.com     https://*.dynamics.com;    frame-src 'self'     https://public.tableau.com     https://*.youtube.com     https://flo.uri.sh     https://play.libsyn.com     https://*.svc.dynamics.com     https://*.azureedge.net     https://embed.gettyimages.com     https://my.visme.co     https://static-bundles.visme.co     https://sidebar.bugherd.com     https://whova.com     https://player.captivate.fm     https://www.google.com     https://td.doubleclick.net     https://*.taggbox.com     https://*.tagbox.com     https://*.issuu.com     https://app.powerbi.com     https://e.issuu.com     https://datawrapper.dwcdn.net;    style-src-attr 'unsafe-inline';    style-src-elem 'self'     'unsafe-inline'     https://*.fontawesome.com     https://ajax.googleapis.com     https://fonts.googleapis.com     https://platform.twitter.com     https://tagmanager.google.com     https://ton.twimg.com     https://www.googletagmanager.com     https://*.taggbox.com     https://*.tagbox.com     https://e.issuu.com     https://static-bundles.visme.co     https://flo.uri.sh;    style-src 'self'     'report-sample'     'unsafe-inline'     'unsafe-hashes'     https://*.fontawesome.com     https://ajax.googleapis.com     https://fonts.googleapis.com     https://platform.twitter.com     https://tagmanager.google.com     https://ton.twimg.com     https://www.googletagmanager.com     https://*.taggbox.com     https://*.tagbox.com     https://e.issuu.com     https://static-bundles.visme.co     https://flo.uri.sh 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-/68szNaQXdlDug09n2c6rD/J5VWzEfkXCRsVxk+Bc7s=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-0hhQYS93rOVIOWChauWQAJ1vFibrzq2CwjZKyk8eodA=' 'sha256-1q/Ppre6xcn1lBnz3WX3IUgP6WjPjOiNg58u9Xiau68=' 'sha256-32t0bJPIyxns/QqsW8RE3JGUERKnHL5RygHBgJvEanc=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-6e2FDCGxoaA+O08u+XDDFptIyIAzmuO40vf4VPUH8rY=' 'sha256-8R/rOq3xT1JhMe+jOdKen3+bCga1k1Ft3lzzeDpJY/w=' 'sha256-9vYcmcUuMrZLwSVJEx9fK8O4RYR+aTmnc9h7ZaNpoIM=' 'sha256-BSTKIYoPCaklkJ9YS/ZVYuKW8e+DG8jZJCXznBzHjgg=' 'sha256-GsQC5AaXpdCaKTyWbxBzn7nitfp0Otwn7I/zu0rUKOs=' 'sha256-H5YkhV2M9ArclcmfehdKG0Xm1EbrNGbJmPKOz1bi8C4=' 'sha256-K6oIKC/Qzx66jEKCvmCiv8HeGggPPzMEFwaSPvaKXp4=' 'sha256-MOxdOzgktt+RI0LidmS0PaFA+TUZHh46ToXckCCCYr8=' 'sha256-N/UuEcX/huGDKayYYXVGai2sxUdymsIbGHJj/xVEyxE=' 'sha256-NOh3RfSv0cft+HFPtwwv+1s/c5EtBFe78voI0zKo/J8=' 'sha256-PvhAdcRPA6zt2+Ivc19qCkHiffQ2pEP7jnhN/JbsISk=' 'sha256-Qv05/NsT/MWFR5NB3hDHRW9iI424uc8WpuRssGdOAsU=' 'sha256-RaaIDFRO6mxGtO1rCMbc/KVKIvJhmDj/btQ4PIMSWCc=' 'sha256-RdgsnUm8PNuYWnXDqXWP0d6EzaL2CAHMGAlmvvMkDWM=' 'sha256-TkDzJosgWxzShtx4z4i7NJGuiHWix7EYmmS8fcuqQhs=' 'sha256-Wi3+8jbn12vus9Oq4FOqEUCOpuRG3clBaVvLZZ2b9Fs=' 'sha256-YFOIjkCvZnAH6R5z1ZjUI/Zgf7uslK5vN80+lsdvYss=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-dJwsHs1PvXJL2O5JtQQcZZX1J2/iNO+Kd47T4ioiUQw=' 'sha256-fRYnRzgaT09imrPtXG4RZt0XMikSauOu4IqJdVM3MBc=' 'sha256-h1midm0VXTjpd/vVOSgqoP+I/UT23hZZ1XOzvRapPHc=' 'sha256-h71pjtCjUVQUMtovKDtTB/0h+HRrpsJ533zpNmlaJIM=' 'sha256-iYwYhiMcsGmXCUzLEpEzZNz5dINrlkqf1sLbLhEcqGM=' 'sha256-ipigs7lFahouMlehHTq2a6aHP6q4FJ2TeYlVXur0FRY=' 'sha256-j/vANq3N9dEgGnrV62AWh6M6jDZNoQTbwviOXkcwubE=' 'sha256-j7Zyxlwzxt/Bs6kS597JYahQOdXc+KuDq1bWUNmCxLE=' 'sha256-jZPNBBuL4NCzCt6u8DKBoCER4v8pde2GllNsZ3gPZx0=' 'sha256-nMxdDMoXPOy7O4WsGNJWQYRN07/viK96dt92bnw4r2E=' 'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo=' 'sha256-qnVkQSG7pWu17hBhIw0kCpfEB3XGvt0mNRa6+uM6OUU=' 'sha256-uVLH6UP+uyXQGdOtKBkwON89GlTuUE5TEmOSGMgmkN8=' 'sha256-w7cVsajXdkfwCrZhzJpcS2eWSNips5vdx0Jz6Lg0Neo=' 'sha256-wLyLtHYrq/iEFw3AUFe5u/gVEBvyS4ryw54q/syXi6w=' 'sha256-GOTW0J/cXWRvIhpxpjTnjZMLxUlWl016NKJ2sE1mhCo=';     script-src 'self'     'report-sample'     'unsafe-inline'     'unsafe-eval'     https://mktdplp102cdn.azureedge.net     https://*.ep-mimecast.ads-twitter.com     https://*.moatads.com     https://ajax.googleapis.com     https://analytics.twitter.com     https://browser-update.org     https://cdn.syndication.twimg.com     https://en.twitter.com     https://google-analytics.com     https://googletagmanager.com     https://kit.fontawesome.com     https://m.addthis.com     https://m.youtube.com     https://platform.twitter.com     https://s7.addthis.com     https://static.ads-twitter.com     https://ssl.google-analytics.com     https://tagmanager.google.com     https://t.co     https://use.fontawesome.com     https://v1.addthisedge.com     https://www.clarity.ms     https://www.google-analytics.com     https://www.googletagmanager.com     https://api-public.addthis.com     https://*.azureedge.net     https://public.flourish.studio     https://play.libsyn.com     https://www.bugherd.com     https://flo.uri.sh     https://*.svc.dynamics.com     https://nefeorg.bamboohr.com     https://www.youtube.com     https://embed-cdn.gettyimages.com     https://platform-api.sharethis.com     https://buttons-config.sharethis.com     https://gdpr-api.sharethis.com     https://public.tableau.com     https://my.visme.co     https://static-bundles.visme.co     https://sidebar.bugherd.com     https://whova.com     https://d1keuthy5s86c8.cloudfront.net     https://www.google.com     https://www.gstatic.com     https://*.taggbox.com     https://*.tagbox.com     https://*.clarity.ms     https://e.issuu.com     https://content.powerapps.com     https://app.powerbi.com     https://static.doubleclick.net     https://player.captivate.fm     https://d1ixzvs6g7du49.cloudfront.net     'sha256-8aUfZ6OfkbCvDlwL3X6v8O9A1hr/8YqzQCWm+QOkViQ='     'sha256-FZnoKeHcfXkrkiuKx3GZh0WU3kO/th0WOkS7pr0ItWU='     'sha256-LCTxXkd3guWgmVlqVe2udJCJ+Rym798wMUvLlv6365Q='     'sha256-h9drxXDJnKxzozUKKGq2WFRPSK3Tsxgj7pCkKr0diRE='     'sha256-vPUfbaHq9rZbd/RaSkAV1CXDxte8tJqZMhEcbyaeZKk='     'sha256-wOoB7PackRG1ZntccQg3MFGznphhf4p4QCrF+jZVjGo='     'sha256-d/d3L2uVri+tpvEWC1iR9dH/WT1Ec2yIwbIhpocYxxo='     'sha256-WLg7p6AInstQdLsXMhbpWmn6B0j3OnLaNEc3s9sZk7w='     'sha256-2wH0B0yJ4ArnRr/aWfcn2UuA7ACS1qCMp8txWrGljsw='     'sha256-vI/vbRhxmjoU0jkdu63unk/rGDDg0oPeI5fm3YtsENs='     'sha256-wLyLtHYrq/iEFw3AUFe5u/gVEBvyS4ryw54q/syXi6w='     'sha256-yei5Fza+Eyx4G0smvN0xBqEesIKumz6RSyGsU3FJowI='     'sha256-ry8MrJyuS9Y/jOJZMETcbufsiY/iVeCuA1T5FCrTPQk=';    base-uri 'self' https://*.moatads.com;   form-action 'self' https://*.twitter.com; 2
default-src 'self'; connect-src 'self' *.readspeaker.com https://www.piwik.bayern.de/ wss://*.assistent.bayern.de/chat/widget/ https://eu-api.friendlycaptcha.eu/api/v1/puzzle; manifest-src 'self'; img-src 'self' data: https://*.assistent.bayern.de/bot-media/ https://*.assistent.bayern.de/static/ https://i.ytimg.com/; font-src 'self' data: https://*.assistent.bayern.de/static/; frame-src *.readspeaker.com *.bayern.de https://www.youtube-nocookie.com/ https://www.youtube.com/; media-src 'self' *.readspeaker.com; prefetch-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'wasm-unsafe-eval' 'self' https://www.piwik.bayern.de/piwik/piwik.js *.bayern.de https://*.assistent.bayern.de/static/; worker-src blob:; child-src blob: 2
default-src 'self' play.vidyard.com *.forsta.com *.rioseo.com *.g2crowd.com t.co js.zi-scripts.com/zi-tag.js fast.wistia.net; script-src 'self' go.forsta.com ws-assets.zoominfo.com cdn.bizible.com cdn.linkedin.oribi.io cdn.b0e8.com google-analytics.com googleads.g.doubleclick.net play.vidyard.com assets.vidyard.com unpkg.com js-agent.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com forsta.bamboohr.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co cdn.cookielaw.org bam.nr-data.net geolocation.onetrust.com www.google.com www.google-analytics.com www.googletagmanager.com tpc.googlesyndication.com maps.googleapis.com digitalfeedback.us.confirmit.com www.gstatic.com *.smartrecruiters.com *.bc0a.com g10102301085.co *.castos.com optimize.google.com jobpal-sm.s3.amazonaws.com api.smooch.io forsta1--forstaful.sandbox.my.salesforce-sites.com *.forsta.com *.rioseo.com *.g2crowd.com t.co js.zi-scripts.com ws.zoominfo.com tags.clickagy.com js.zi-scripts.com/zi-tag.js fast.wistia.com cdn-app.pathfactory.com blob: translate.googleapis.com www.clarity.ms scripts.clarity.ms cdn.dreamdata.cloud fast.wistia.net fast.wistia.com browser.sentry-cdn.com  'unsafe-inline' 'unsafe-eval'; style-src 'self' www.googletagmanager.com go.forsta.com 972-oec-621.mktoweb.com fonts.googleapis.com legal.forsta.com static.smartrecruiters.com *.bc0a.com optimize.google.com jobpal-sm.s3.amazonaws.com *.forsta.com pagead2.googlesyndication.com *.rioseo.com t.co js.zi-scripts.com/zi-tag.js cdn-app.pathfactory.com www.gstatic.com fast.wistia.net 'unsafe-inline'; frame-ancestors 'self' http://library.forsta.com https://library.forsta.com https://resources.rioseo.com http://resources.rioseo.com https://www.rioseo.com http://www.rioseo.com js.zi-scripts.com/zi-tag.js www.googletagmanager.com ; frame-src www.googletagmanager.com go.forsta.com play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com www.google.com survey.us.confirmit.com subscriptions.smartrecruiters.com *.bc0a.com 6352b8cc15f5f7-88529694.castos.com optimize.google.com *.forsta.com *.rioseo.com t.co td.doubleclick.net hemsync.clickagy.com js.zi-scripts.com/zi-tag.js fast.wistia.com pressganey.wd1.myworkdayjobs.com fast.wistia.net; object-src 'none'; base-uri 'self'; form-action 'self' www.googletagmanager.com webto.salesforce.com *.forsta.com *.rioseo.com js.zi-scripts.com/zi-tag.js ; connect-src 'self' jobpal-sm.s3.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com go.forsta.com play.vidyard.com google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com forsta.bamboohr.com *.6sense.com *.google.com google.com adservice.google.com maps.googleapis.com translate.googleapis.com www.googleapis.com googleapis.com maps.googleapis.com *.analytics.google.com *.google-analytics.com analytics.google.com www.google-analytics.com www.googletagmanager.com *.g.doubleclick.net pagead2.googlesyndication.com *.6sc.co digitalfeedback.us.confirmit.com *.hotjar.io *.hotjar.com wss://*.hotjar.com ws.zoominfo.com *.bc0a.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io api.smooch.io wss://api.smooch.io *.pathfactory.com *.forsta.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn ww.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.g2crowd.com t.co js.zi-scripts.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com/zi-tag.js pipedream.wistia.com www.googleadservices.com tracking-api.production.g2.com tracking-api.g2.com *.clarity.ms https://unpkg.com/@lottiefiles/lottie-player@1.5.4/dist/lottie-player.js.map cdn.dreamdata.cloud fast.wistia.net fast.wistia.com distillery.wistia.com embed-cloudfront.wistia.com https://browser.sentry-cdn.com/9.6.1/bundle.min.js.map; font-src 'self' data: fonts.gstatic.com www.googletagmanager.com legal.forsta.com jobpal-sm.s3.amazonaws.com *.forsta.com *.rioseo.com t.co js.zi-scripts.com/zi-tag.js *.pathfactory.com fast.wistia.net/assets/external/E-v1.js; media-src *.bc0a.com *.forsta.com *.rioseo.com *.castos.com *.b0e8.com t.co jobpal-sm.s3.amazonaws.com js.zi-scripts.com/zi-tag.js www.googletagmanager.com blob: fast.wistia.net/assets/external/E-v1.js *.wistia.com; img-src https: data:; report-uri https://forsta.report-uri.com/r/t/csp/enforce 2
connect-src 'self' *.gstatic.com dispatcherapi-rso-311201207381.europe-west1.run.app *.googlesyndication.com *.adtrafficquality.google *.doubleclick.net widget.lex4web.app consentcdn.cookiebot.com  analytics.pangle-ads.com www.google.com pagead2.googlesyndication.com analytics.tiktok.com https://euc-widget.freshworks.com https://realsociedad.freshdesk.com  https://firebaseinstallations.googleapis.com *.doubleclick.net    https://www.google-analytics.com       https://open.http.mp.streamamg.com    *.matterport.com  *.schema.org   *.streamamg.com  https://cf.vod.mp.streamamg.com   *.matterport.com     http://www.aragontelevision.es       *.twitch.tv    *.cloudfront.net       *.yourcommunify.com       yourcommunify.com        *.google-analytics.com   *.analytics.google.com  *.realsociedad.eus   https://firebase.googleapis.com    https://www.googleapis.com    cloudflareinsights.com;           default-src   www.google.com *.doubleclick.net  *.realsociedad.com       *.realsociedad.eus       blob:       'self';              style-src 'self' widget.lex4web.app  https://euc-widget.freshworks.com 'unsafe-inline'  *.doubleclick.net  *.realsociedad.eus  *.schema.org *.streamamg.com  *.cloudfront.net       *.googleapis.com;              img-src 'self' storage.googleapis.com *.googlesyndication.com  *.adtrafficquality.google  imgsct.cookiebot.com   *.lex4web.app  pagead2.googlesyndication.com https://euc-widget.freshworks.com    *.schema.org    *.realsociedad.eus    *.streamamg.com     http://placehold.it        https://twitter.github.io        https://stats.g.doubleclick.net        https://www.google.com        https://www.facebook.com/        https://www.google.es   https://www.googletagmanager.com     http://realsociedadcdnpre.barrabes.biz                       https://cdn.realsociedad.eus        https://cdntienda.realsociedad.eus                       https://cdntienda.realsociedad.com                        http://twemoji.maxcdn.com                        https://pbs.twimg.com                        *.cdninstagram.com                        *.fbcdn.net                        www.google-analytics.com        *.cloudfront.net         *.vimeo.com              https://img.youtube.com    *.genial.ly    *.azureedge.net        *.google-analytics.com        https://cdn.realsociedad.com   https://firebaseinstallations.googleapis.com     data:  *.doubleclick.net  *.schema.org *.streamamg.com    https://maps.googleapis.com        https://open.http.mp.streamamg.com        https://cdn.bleacherreport.net/        *.w55c.net         *.gstatic.com;              media-src 'self'               *.schema.org *.streamamg.com         https://cdn.realsociedad.eus          https://tag.realsociedad.eus              https://cdntienda.realsociedad.com        https://cdntienda.realsociedad.eus                              http://twemoji.maxcdn.com                        https://pbs.twimg.com                        *.cdninstagram.com                        *.fbcdn.net                        www.google-analytics.com         *.vimeo.com     *.genial.ly         https://img.youtube.com    *.matterport.com    http://www.aragontelevision.es        *.twimg.com;              font-src 'self'   *.doubleclick.net  *.schema.org *.streamamg.com   https://open.http.mp.streamamg.com       *.gstatic.com;               script-src 'self' storage.googleapis.com *.doubleclick.net   *.adtrafficquality.google  widget.lex4web.app  consent.cookiebot.com  consentcdn.cookiebot.com  analytics.tiktok.com pagead2.googlesyndication.com partner.googleadservices.com tpc.googlesyndication.com www.googletagservices.com https://www.google.com https://euc-widget.freshworks.com               https://entradium.com/      *.googlesyndication.com     'unsafe-inline'   https://*.vimeocdn.com/      https://stats.mp.streamamg.com       http://open.http.mp.streamamg.com                         https://www.realsociedad.com       https://www.realsociedad.eus          https://mkt.realsociedad.eus               https://www.googletagmanager.com                          http://www.google-analytics.com       https://ssl.google-analytics.com       'unsafe-eval'  *.vimeo.com   *.genial.ly  https://www.youtube.com     *.twitch.tv     https://connect.facebook.net       *.ytimg.com       *.cloudfront.net       *.w55c.net        *.hspvst.com       *.yourcommunify.com       yourcommunify.com       https://maps.googleapis.com    https://www.gstatic.com    https://apis.google.com     ajax.cloudflare.com     static.cloudflareinsights.com;    object-src https://www.realsociedad.eus                          https://fundazioa.realsociedad.eus;    frame-src *.doubleclick.net  *.googlesyndication.com  *.adtrafficquality.google  consentcdn.cookiebot.com  https://www.googletagmanager.com   tpc.googlesyndication.com securepubads.g.doubleclick.net *.realsociedad.com https://www.google.com      *.realsociedad.eus     https://entradium.com/   https://kuula.co/   *.cloudfront.net   outlook.office365.com     *.yourcommunify.com       yourcommunify.com   *.vimeo.com  *.genial.ly   http://www.youtube.com       https://www.youtube.com   https://youtu.be    https://connect.facebook.net       https://www.facebook.com       https://open.http.mp.streamamg.com/       https://www.eitb.eus   *.matterport.com    https://www.aragontelevision.es       http://www.aragontelevision.es      *.twitch.tv    *.powerbi.com *.flipsnack.com   https://realzale-pro.firebaseapp.com   https://firebaseinstallations.googleapis.com  https://gameside.playeron.es     https://mycrocast-webplayer.s3.eu-central-1.amazonaws.com  https://forms.office.com https://view.genially.com; 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * data:; frame-ancestors 'self' https://a.cms.omniupdate.com https://sjcdedu.sharepoint.com 2
connect-src 'self' https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://*.hsforms.com https://*.hsforms.net https://*.hs-scripts.com https://*.onetrust.com/ https://*.podigee-cdn.net https://cdn.cookielaw.org https://cdn.plyr.io https://consentcdn.cookiebot.com https://f.vimeocdn.com https://geolocation.onetrust.com https://noembed.com https://player.vimeo.com https://px.ads.linkedin.com https://region1.google-analytics.com https://vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleadservices.com https://google.com https://*.google.com https://*.google.com.co https://stats.g.doubleclick.net https://*.clarity.ms https://c.bing.com https://bat.bing.com; default-src 'self' 'unsafe-inline' http://www.w3.org https://cdn.plyr.io/3.5.10/plyr.svg https://consentcdn.cookiebot.com https://imgsct.cookiebot.com https://noembed.com https://px.ads.linkedin.com https://region1.google-analytics.com https://vimeo.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hsforms.com https://*.hsforms.net https://*.hs-scripts.com https://*.onetrust.com https://*.podigee-cdn.net https://cdn.cookielaw.org https://consent.cookiebot.com https://consentcdn.cookiebot.com https://f.vimeocdn.com https://googleads.g.doubleclick.net https://player.vimeo.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://va.vercel-scripts.com https://www.google-analytics.com/analytics.js https://www.google.com https://google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://bat.bing.com https://*.clarity.ms https://c.bing.com https://static.hsappstatic.net https://*.hubspotusercontent-eu1.net; style-src 'self' 'unsafe-inline' https://*.podigee-cdn.net https://cdn.jsdelivr.net https://fast.fonts.net https://fonts.googleapis.com https://www.googletagmanager.com; font-src 'self' https://fast.fonts.net https://*.podigee-cdn.net https://fonts.gstatic.com; frame-src 'self' https://*.hsforms.com https://*.hsforms.net https://consentcdn.cookiebot.com https://player.podigee-cdn.net https://*.plvideo.cn https://*.podigee.io https://player.vimeo.com https://td.doubleclick.net/ https://www.google.com https://google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://www.w3.org https://*.hsforms.com https://*.hsforms.net https://*.hs-scripts.com https://*.onetrust.com/ https://cdn.cookielaw.org https://i.vimeocdn.com https://i.ytimg.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://bat.bing.com https://*.google.com https://*.google.com.co https://stats.g.doubleclick.net https://*.clarity.ms https://c.bing.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://service.koerber-pharma.com; object-src 'self'; frame-ancestors https://app.kontent.ai https://google.com/ 2
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; connect-src 'self' https:; frame-ancestors 'self'; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com/ https://*.twitter.com/ http://*.twitter.com/ https://maps.googleapis.com http://*.google-analytics.com https://*.google-analytics.com https://sadmin.brightcove.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.twimg.com https://www.googletagmanager.com https://cdn.privacy-mgmt.com https://tag.aticdn.net;object-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com http://brightcove.vo.llnwd.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com/css https://fonts.googleapis.com/css https://*.twitter.com/ http://*.twitter.com/ https://*.twimg.com;img-src 'self' https://*.twitter.com/ https://*.twimg.com http://*.twitter.com/ http://*.google-analytics.com data: https://maps.googleapis.com https://*.gstatic.com/ http://*.gravatar.com/ http://umbraco.tv/media https://www.google.com https://www.google.co.uk;media-src 'none';frame-src 'self' http://players.brightcove.net https://secure.brightcove.com https://www.youtube.com/embed/ http://www.youtube.com/embed/ https://syndication.twitter.com https://platform.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.privacy-mgmt.com;font-src 'self' fonts.gstatic.com/s/;connect-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com https://our.umbraco.com https://our.umbraco.org https://www.google-analytics.com https://stats.g.doubleclick.net https://log.xiti.com https://cdn.privacy-mgmt.com https://*.analytics.google.com/ https://*.google-analytics.com/ https://a1.api.bbc.com;report-uri /WebResource.axd?cspReport=true 2
default-src 'none'; child-src 'self' *.rekai.se https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; connect-src 'self' data: *.rekai.se http://ad.doubleclick.net https://*.cognitoforms.com https://*.googletagmanager.com https://*.onetrust.com https://*.tiktok.com https://adservice.google.com https://analytics.google.com https://analytics.tiktok.com https://assets-tracking.crazyegg.com https://cdn.cookielaw.org https://dc.services.visualstudio.com https://esp-eu.aptrinsic.com https://googleads.g.doubleclick.net https://molnlycke2gir36prod.dxcloud.episerver.net https://pagead2.googlesyndication.com https://pagestates-tracking.crazyegg.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.crazyegg.com https://server-side-tagging-tagkg43egq-uc.a.run.app https://stats.g.doubleclick.net https://tracking.crazyegg.com https://westeurope-4.in.applicationinsights.azure.com//v2/track https://www.facebook.com https://www.google-analytics.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.ma https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.eg https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ro https://www.google.se https://www.googleadservices.com https://www.molnlycke.com/localization-admin-ui/*; font-src 'self' data: *.rekai.se http://themes.googleusercontent.com https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://fonts.gstatic.com https://login.microsoftonline.com https://sc-static.net https://script.crazyegg.com https://svcs.tql.com https://www.molnlycke.com/localization-admin-ui/*; form-action 'self' *.rekai.se https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; frame-src 'self' blob: *.rekai.se http://*.opendns.com https://*.crazyegg.com https://*.opendns.com https://api.screen9.com https://dashboard.find.episerver.net https://script.crazyegg.com https://server-side-tagging-tagkg43egq-uc.a.run.app/ https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.molnlycke.com/localization-admin-ui/* https://www.youtube.com; img-src 'self' data: *.rekai.se https://cdn.cookielaw.org https://connect.facebook.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://img.youtube.com https://login.microsoftonline.com https://minervablob.blob.core.windows.net https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://script.crazyegg.com https://storage.googleapis.com https://translate.google.com https://www.facebook.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.ec https://www.google.com.eg https://www.google.com.gh https://www.google.com.hk https://www.google.com.lb https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.it https://www.google.lv https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.se https://www.google.si https://www.googletagmanager.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; media-src 'self' *.rekai.se https://minervablob.blob.core.windows.net https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; script-src-elem 'self' 'unsafe-inline' *.rekai.se https://*.cognitoforms.com https://*.crazyegg.com https://*.googletagmanager.com https://*.youtube.com https://analytics.tiktok.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://gc.kis.v2.scr.kaspersky-labs.com https://googleads.g.doubleclick.net https://js.monitor.azure.com https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js https://maxcdn.bootstrapcdn.com https://pagead2.googlesyndication.com https://sc-static.net https://script.crazyegg.com https://snap.licdn.com https://static.rekai.se https://unpkg.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://web-sdk-eu.aptrinsic.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.molnlycke.com/localization-admin-ui/* https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.rekai.se https://*.cognitoforms.com https://cdn.cookielaw.org https://connect.facebook.net https://googleads.g.doubleclick.net https://js.monitor.azure.com https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js https://script.crazyegg.com https://unpkg.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.molnlycke.com/localization-admin-ui/* https://www.youtube.com; style-src-elem 'self' 'unsafe-inline' *.rekai.se https://cdn.jsdelivr.net https://fonts.googleapis.com https://login.microsoftonline.com https://maxcdn.bootstrapcdn.com https://script.crazyegg.com https://web-sdk-eu.aptrinsic.com https://www.gstatic.com https://www.molnlycke.com/localization-admin-ui/*; style-src 'self' 'unsafe-inline' *.rekai.se https://login.microsoftonline.com https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; style-src-attr 'unsafe-inline' *.rekai.se https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; manifest-src *.rekai.se https://molnlycke2gir36prod.dxcloud.episerver.net https://script.crazyegg.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; frame-ancestors *.rekai.se https://script.crazyegg.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; base-uri *.rekai.se https://script.crazyegg.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; worker-src blob: *.rekai.se https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; script-src-attr *.rekai.se https://script.crazyegg.com https://www.google.com https://www.molnlycke.com/localization-admin-ui/*; object-src *.rekai.se https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; navigate-to *.rekai.se https://www.molnlycke.com/localization-admin-ui/*; prefetch-src *.rekai.se https://www.molnlycke.com/localization-admin-ui/*; report-to stott-security-endpoint;report-uri https://www.molnlycke.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 2
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.ouhealth.com 2
frame-ancestors 'self' https://*.minervaproject.com https://*.kgi.edu https://dev.harald.schil.ly https://*.doulos.com https://*.codesignal.com https://roamresearch.com; 2
script-src 'self' http://app.storyblok.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://snap.licdn.com/ http://www.youtube.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' https://res.cloudinary.com https://www.google.com https://www.google.de https://www.google.lt https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://pubads.g.doubleclick.net data:;media-src https://res.cloudinary.com;font-src 'self' https://fonts.gstatic.com data:;worker-src blob: 2
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' https://*.moodyscre.com/ https://*.moodysanalytics.com  https://*.maregdev.com/; 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data:; frame-src 'self' https://www.youtube.com/embed/qYp89jjpv4M; style-src 'self' 'unsafe-inline' data:; img-src 'self' data: https://*.usom.gov.tr;script-src 'self' 'unsafe-inline' 'unsafe-eval';media-src 'self' https://*.usom.gov.tr https://*.siberyildiz.com 2
frame-ancestors 'self' https://teams.microsoft.com 2
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'self'; 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 2
frame-ancestors http://*.donstroy.moscow https://*.donstroy.moscow http://donstroy.moscow https://donstroy.moscow http://webvisor.com http://webvisor.ru http://webvisor.by http://webvisor.com.tr https://webvisor.com https://webvisor.ru https://webvisor.by https://webvisor.com.tr https://metrika.yandex.com https://metrika.yandex.com.tr https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://metrica.yandex.ru https://metrica.yandex.by https://awards.ratingruneta.ru https://sales.donstroy.moscow http://sales.donstroy.moscow https://pmp-a.dev.blue-ant.ru http://pmp-a.dev.blue-ant.ru 2
default-src 'self' *.sitevision-cloud.se *.sitevision.se data:; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readspeaker.com svanalytics.piwik.pro svanalytics.containers.piwik.pro *.youtube.com *.sitevision-cloud.se *.sitevision.se *.tt.se *.mynewsdesk.com *.rekai.se *.twitter.com *.jsdelivr.net blob:; style-src 'self' *.bootstrapcdn.com *.readspeaker.com *.sitevision-cloud.se *.sitevision.se 'unsafe-inline'; font-src 'self' *.bootstrapcdn.com data: *.sitevision-cloud.se *.sitevision.se; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *.readspeaker.com svanalytics.piwik.pro svanalytics.containers.piwik.pro *.rekai.se *.youtube.com *.vimeo.com *.bootstrapcdn.com *.sitevision.se *.sitevision-cloud.se *.jsdelivr.net blob:; 2
default-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; frame-ancestors 'self' *.svc.wolf.eu; child-src 'self' *.svc.wolf.eu; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src 'self' blob: *; style-src * 'unsafe-inline'; 2
frame-ancestors 'self' https://*.hhsva.ca https://*.teamhhsva.ca https://*.hhsvaagm.ca https://*.preferredcatering.ca ; script-src https://code.jquery.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.google.com https://*.connect.facebook.net https://*.youtube.com https://*.google-analytics.com https://*.hotjar.com https://*.googletagmanager.com https://*.facebook.net https://*.twitter.com 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com ; style-src https://use.fontawesome.com https://cdn.jsdelivr.net https://*.googleapis.com https://unpkg.com https://www.gstatic.com 'self' 'unsafe-inline'; 2
default-src 'self' *.berger-levrault.com; img-src 'self' sdk.privacy-center.org data: *.berger-levrault.com *.analytics.google.com *.google.es *.wistia.com  wp-rocket.me *.google-analytics.com *.gravatar.com https://s.w.org https://gravityforms.s3.amazonaws.com https://gravityforms.s3.amazonaus.com *.gstatic.com *.googleapis.com; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; script-src 'self' sdk.privacy-center.org *.google.ca google.ca *.google.com google.com *.en25.com *.licdn.com *.facebook.net *.google.es *.googleadservices.com googleadservices.com *.helpscout.net *.wistia.com *.hcaptcha.com *.matomo.cloud *.mxpnl.com https://hcaptcha.com *.cloudflare.com *.googleapis.com *.googletagmanager.com https://www.googletagmanager.com *.google-analytics.com *.jsdelivr.net *.berger-levrault.com *.youtube.com *.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.gstatic.com; connect-src 'self' api.redirect.li *.googlesyndication.com *.facebook.com *.linkedin.com *.doubleclick.net api.privacy-center.org *.google.com *.analytics.google.com *.helpscout.net *.wistia.com *.litix.io *.cloudfront.net *.matomo.cloud *.hcaptcha.com *.gstatic.com *.googleapis.com *.google-analytics.com *.yoast.com yoast.com *.berger-levrault.com; frame-src 'self' mailto: tel: *.googletagmanager.com *.facebook.net recrute.berger-levrault.com *.berger-levrault.com *.hcaptcha.com *.youtube.com *.youtube-nocookie.com wp-rocket.me; media-src 'self' blob: *.berger-levrault.com *.wistia.net 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: blob: data: fonts.gstatic.com fonts.googleapis.com *.googlesyndication.com www.googleadservices.com googleads.g.doubleclick.net td.doubleclick.net www.google-analytics.com *.google-analytics.com www.googletagmanager.com *.analytics.google.com googletagmanager.com region1.google-analytics.com translate.google.com analytics.google.com translate.googleapis.com ajax.googleapis.com *.force.com g.alicdn.com *.leadboxer.com *.cookielaw.org *.onetrust.com *.ads.linkedin.com px.ads.linkedin.com privacyportal-de.onetrust.com stats.g.doubleclick.net www.linkedin.com *.linkedin.com www.youtube-nocookie.com cdn-images.mailchimp.com www.google.be www.google.bg www.google.fi www.google.fr www.google.se www.google.ae www.google.dk www.google.ca www.google.ch www.google.com.br www.google.com.bd www.google.com.bo www.google.gr www.google.lt www.google.tn www.google.com.sa www.google.com.sg www.google.com.my www.google.com.mx www.google.com.tr www.google.com.tw www.google.com.au www.google.com.eg www.google.co.jp www.google.co.nz www.google.co.uk www.google.co.ma www.google.co.za www.google.co.in www.google.co.il www.google.co.id www.google.co.th www.google.co.tz www.google.com www.google.cl www.google.nl www.google.at www.google.ro www.google.ru www.google.rs www.google.rw www.google.de www.google.es www.google.pt www.google.pl www.google.ie www.google.it www.google.hr www.google.hu *.adsymptotic.com *.livechatinc.com script.hotjar.com vc.hotjar.io content.hotjar.io metrics.hotjar.io *.hotjar.com static.hotjar.com wss://ws.hotjar.com img.youtube.com *.pardot.com ortec.my.salesforce-sites.com ortec.us12.list-manage.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com cca-platform.s3.eu-west-3.amazonaws.com *.userlike.com go.ortec.com cdn.linkedin.oribi.io ws.zoominfo.com images.prismic.io *.prismic.io prismic.io prismic-io.s3.amazonaws.com s3.amazonaws.com js.zi-scripts.com i.ytimg.com yastatic.net analytics.ahrefs.com static.hsappstatic.net saml.saasprotection.com cdn.scite.ai infragrid.v.network www.google.ad www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.az www.google.ba www.google.bf www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.cd www.google.cf www.google.cg www.google.ci www.google.co.ck www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.dj www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.et www.google.com.fj www.google.fm www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.com.gt www.google.gy   www.google.com.hk www.google.hn www.google.ht www.google.im www.google.iq www.google.is www.google.je www.google.com.jm www.google.jo www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lu www.google.lv www.google.com.ly www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.no www.google.com.np www.google.nr www.google.nu www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph google.com.ph www.google.com.pk www.google.pn www.google.com.pr www.google.ps www.google.com.py www.google.com.qa www.google.com.sb www.google.sc www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.com.tj www.google.tl www.google.tm www.google.to www.google.tt www.google.com.ua www.google.co.ug www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.co.zm www.google.co.zw www.google.cat google.com snap.licdn.com o4508414977966080.ingest.de.sentry.io use.typekit.net gateway.zscloud.net images.unsplash.com cdn.faceworks.nl plugin.sopro.io cdn-cookieyes.com *.cookieyes.com; report-uri /api/csp-violation-report 2
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 2
default-src 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com;             connect-src 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com blob: https://*.rz.bankenit.de https://*.meine-bankid.de             https://*.google-analytics.com https://bat.bing.com             https://*.azureedge.net https://*.doubleclick.net https://*.mkt.dynamics.com             https://api.ipify.org wss://*.niceincontact.com https://www.facebook.com             https://surfly-us.com https://impleco.nc.econ-application.de https://*.usercentrics.eu             https://static.dvinci-easy.com https://*.googlesyndication.com https://api.openweathermap.org             https://schwaebisch-hall.dvinci-hr.com https://www.google.com https://google.com https://adservice.google.com             https://rns.matelso.de https://*.qualtrics.com https://solr.wohnglueck.de             https://mobile.events.data.microsoft.com https://*.contentsquare.net https://*.contentsquare.com             https://sentry.io https://www.googleadservices.com;             img-src 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com data: https://*.google-analytics.com             https://bat.bing.com https://content.psplugin.com https://www.google.com             https://impleco.nc.econ-application.de https://www.google.de https://*.analytics.google.com             https://*.doubleclick.net https://www.facebook.com https://app.usercentrics.eu https://public.impleco.de             https://i.ytimg.com https://wohnglueck.de https://images.podigee-cdn.net https://fonts.gstatic.com             https://af-de-platform-avatars.s3.eu-central-1.amazonaws.com https://unpkg.com https://*.adition.com             https://public.flourish.studio https://*.contentsquare.net https://www.googleadservices.com             https://analytics.google.com https://ad.doubleclick.net;             font-src 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com data: https://impleco.nc.econ-application.de https://cdnjs.cloudflare.com             https://player.podigee-cdn.net https://fonts.gstatic.com https://script.hj.contentsquare.net;             frame-src 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com https://*.svc.dynamics.com https://surfly-us.com             https://*.doubleclick.net https://app.usercentrics.eu https://dash.pricehubble.com https://datawrapper.dwcdn.net             https://www.youtube-nocookie.com https://view.genial.ly https://view.genially.com https://player.podigee-cdn.net             https://media.jobware.net https://flo.uri.sh https://www.youtube.com https://youtu.be;             media-src 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com data:;             child-src 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com blob:;             worker-src 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com blob:;             script-src 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com 'unsafe-inline' 'unsafe-eval' blob: https://*.azureedge.net https://bat.bing.com             https://cdnjs.cloudflare.com https://*.google-analytics.com https://unpkg.com https://www.youtube.com             https://*.contentsquare.net https://app.contentsquare.com https://ad1.adfarm1.adition.com https://googleads.g.doubleclick.net;             script-src-elem 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com 'unsafe-inline' 'unsafe-eval' blob: https://*.azureedge.net https://bat.bing.com             https://cdnjs.cloudflare.com https://*.google-analytics.com https://unpkg.com https://www.youtube.com             https://*.contentsquare.net https://app.contentsquare.com https://ad1.adfarm1.adition.com https://googleads.g.doubleclick.net https://*.surfly-us.com https://surfly-us.com             https://impleco.nc.econ-application.de https://app.usercentrics.eu https://connect.facebook.net https://static.dvinci-easy.com             https://rns.matelso.de https://widget.immobilien.wohnglueck.de https://*.qualtrics.com https://maps.googleapis.com             https://player.podigee-cdn.net https://impleco.nc.econ-application.de https://schwaebisch-hall.dvinci-hr.com             https://*.adition.com https://public.flourish.studio https://*.blob.core.windows.net https://www.google.com https://cdn.telebalance.tv;             style-src 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com 'unsafe-inline' https://impleco.nc.econ-application.de;             style-src-elem 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com 'unsafe-inline' https://impleco.nc.econ-application.de https://fonts.googleapis.com https://*.adition.com             https://cdnjs.cloudflare.com https://static.dvinci-easy.com https://player.podigee-cdn.net https://www.google.com;             frame-ancestors 'self' https://*.sha.vrkw.de https://*.schwaebisch-hall.de https://www.googletagmanager.com             https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev             https://*.niceincontact.com https://*.psplugin.com https://*.vergic.com;             upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.unanet.com https://*.cosential.com https://*.unanetuniversity.com https://unanet.pathfactory.com https://*.pathfactory.com https://unanet.partnerpage.io https://*.partnerpage.io https://*.championsconference.com; upgrade-insecure-requests 2
default-src 'self' https://experience.instilled.com https://www.facebook.com https://w.soundcloud.com http://www.ltgplc.com https://go.ltgplc.com https://go.openlms.net https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://go.pardot.com https://js.driftt.com https://cdn4.mxpnl.com https://*.chilipiper.com https://*.cookie-script.com https://www.googletagmanager.com https://*.googletagmanager.com https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://w.soundcloud.com https://go.openlms.net https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://player.vimeo.com https://js.driftt.com https://snap.licdn.com https://cdn4.mxpnl.com https://lltrck.com https://www.clarity.ms https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://zippyfrog.co https://*.cheekybranding.com https://ob.esnbranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://go.openlms.net https://go.ltgplc.com https://player.vimeo.com https://js.driftt.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cheekybranding.com https://ob.esnbranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com https://*.storylane.io https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;font-src 'self' data: https://fonts.gstatic.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.cookie-script.com https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;img-src 'self' data: https://www.googletagmanager.com https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://lltrck.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://c.clarity.ms *.google-analytics.com *.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.cheekybranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://app.vwo.com https://*.storylane.io https://td.doubleclick.net https://bat.bing.net https://googleads.g.doubleclick.net https://ct.capterra.com https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io https://js.driftt.com https://*.chilipiper.com https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;connect-src 'self' https://nosafynr.api.sanity.io https://s.ytimg.com https://www.googleadservices.com https://sjs.bizographics.com https://static.ads-twitter.com https://go.openlms.net https://use.typekit.net/ https://www.google-analytics.com https://stats.g.doubleclick.net https://hn.inspectlet.com https://cdn.sanity.io https://vimeo.com https://js.driftt.com http://*.mixpanel.com http://cdn.mixpanel.com https://*.mixpanel.com https://cdn.mixpanel.com https://api-js.mixpanel.com https://in.hotjar.com wss://ws18.hotjar.com https://ws18.hotjar.com www.googleapis.com https://*.algolianet.com https://*.algolia.net https://ws25.hotjar.com/ https://cdn.segment.com wss://ws11.hotjar.com https://ws11.hotjar.com https://e.clarity.ms wss://ws41.hotjar.com https://ws41.hotjar.com https://region1.google-analytics.com *.google-analytics.com *.analytics.google.com  https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://monitor.clickcease.com https://www.clickcease.com https://*.google.com https://analytics.google.com https://cdn.linkedin.oribi.io https://*.cheekybranding.com https://px.ads.linkedin.com https://ob.esnbranding.com https://obs.esnbranding.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com https://*.storylane.io https://www.google.co.uk https://*.google.co.uk https://td.doubleclick.net https://googleads.g.doubleclick.net https://bat.bing.net https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;prefetch-src 'self' https://go.openlms.net https://www.googletagmanager.com https://www.google-analytics.com https://*.chilipiper.com;frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://js.driftt.com https://go.ltgplc.com  https://go.openlms.net https://weareclasstech.wistia.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com https://*.storylane.io https://googleads.g.doubleclick.net https://td.doubleclick.net https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com 2
frame-ancestors 'self' https://*.newamericanfunding.com https://*.nafcash.com https://*.nafhomes.com https://*.nafpromise.org https://*.optimizely.com https://*.nafconcierge.com/ 2
default-src *; font-src *;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' https://api.ipify.org https://www.google-analytics.com https://stats.g.doubleclick.net *; style-src 'unsafe-inline' *; 2
report-uri https://www.veritext.com/wp-json/csp/v1/r; default-src 'self' *.veritext.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.googleapis.com https://www.google.com https://www.gstatic.com *.veritext.com cdn-cookieyes.com https://browser.sentry-cdn.com https://*.hotjar.com https://www.googletagmanager.com https://*.wistia.com https://js.sentry-cdn.com https://code.jquery.com https://widget.surveymonkey.com; style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.veritext.com https://code.jquery.com *.googleapis.com https://script.hotjar.com; img-src 'self' cdn-cookieyes.com data: https://*.gstatic.com https://*.googleapis.com *.veritext.com *.googletagmanager.com https://*.wistia.com https://www.google.com https://www.google.com.co https://www.google.ca https://www.google.co.ke https://www.google.com.au https://www.google.com.br https://www.google.com.ph https://s.w.org https://prod.smassets.net https://veritext.com; connect-src 'self' *.cookieyes.com cdn-cookieyes.com wss: https://*.hotjar.io https://fg8vvsvnieiv3ej16jby.litix.io https://browser.sentry-cdn.com https://*.googleapis.com *.google.com https://*.wistia.com https://*.wistia.net https://stats.g.doubleclick.net https://www.googletagmanager.com; font-src 'self' data: https://*.wistia.com *.gstatic.com; media-src 'self' blob: https://*.wistia.com https://veritext.com; frame-src 'self' https://airtable.com *.veritext.com https://td.doubleclick.net https://www.google.com https://www.surveymonkey.com https://scribehow.com 2
default-src 'self' *.wirth-horn.de *.payengine.de *.jobs.personio.de *.etrusted.com *.trustbadge.com *.trustedshops.com www.youtube-nocookie.com *.matomo.cloud; img-src data: 'self' res.cloudinary.com *.amazonaws.com www.youtube-nocookie.com *.wirth-horn.de *.matomo.cloud; media-src data: 'self' res.cloudinary.com www.youtube-nocookie.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.wirth-horn.de *.payengine.de *.jobs.personio.de *.etrusted.com *.trustbadge.com *.trustedshops.com www.youtube-nocookie.com *.matomo.cloud; style-src 'self' data: 'unsafe-inline' *.wirth-horn.de *.matomo.cloud; font-src data: 'self' *.matomo.cloud; 2
default-src 'self' 'unsafe-inline' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.wesalute.com https://*.wesaluteapis.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://performance.radar.cloudflare.com https://challenges.cloudflare.com https://cdn.kustomerapp.com https://browser.sentry-cdn.com https://connect.facebook.net https://cdn.segment.com https://cdn.amplitude.com https://edge.fullstory.com https://rs.fullstory.com https://transcend-cdn.com https://www.google.com https://www.gstatic.com https://apis.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://snap.licdn.com https://www.redditstatic.com https://js.stripe.com https://cdn.sprig.com https://cdn.userleap.com https://embed.bookingvault.com https://secure.rezserver.com https://js-agent.newrelic.com https://*.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://assets.calendly.com; connect-src 'self' https://*.wesalute.com https://*.wesaluteapis.com https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://cloudflareinsights.com https://adservice.google.com https://www.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://www.google.com https://bat.bing.com https://bat.bing.net https://*.kustomerapp.com https://*.pndsn.com https://s3.amazonaws.com/kustomer-prod1-attachments https://cdn.jsdelivr.net https://sentry.io https://o287038.ingest.sentry.io https://api.segment.io https://cdn.segment.com https://*.amplitude.com https://edge.fullstory.com https://rs.fullstory.com https://transcend-cdn.com https://telemetry.us.transcend.io https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://apis.google.com https://*.googleapis.com https://us-central1-veterans-advantage-arsenal.cloudfunctions.net https://www.facebook.com/ https://api.sprig.com https://api.bookingvault.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.reddit.com https://www.redditstatic.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' https://*.wesalute.com https://fonts.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://embed.bookingvault.com https://transcend-cdn.com https://cdnjs.cloudflare.com https://assets.calendly.com; font-src 'self' data: https://*.wesalute.com https://cdn.honey.io https://cdn.ivaws.com https://cdn.kustomerapp.com https://fonts.gstatic.com https://themes.googleusercontent.com https://embed.bookingvault.com; img-src blob: data: https:; media-src blob: data: https:; object-src 'none'; frame-src 'self' https://*.wesalute.com https://*.wesaluteapis.com https://challenges.cloudflare.com https://*.kustomer.help https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.c-span.org/video/standalone/ https://www.googletagmanager.com https://www.google.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://td.doubleclick.net https://10165061.fls.doubleclick.net https://www.facebook.com https://js.stripe.com https://transcend-cdn.com https://calendly.com https://veterans-advantage-arsenal.firebaseapp.com; frame-ancestors 'self' https://*.wesalute.com; report-uri https://o287038.ingest.sentry.io/api/1865718/security/?sentry_key=33c7a6dee3b040bc9bc48cd898e2dd9b&sentry_environment=prod 2
frame-ancestors 'self' https://*.elsevier.es/ 2
object-src 'none'; frame-src *; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2
child-src 'self'; connect-src 'self' https://*.googlesyndication.com https://*.hsforms.com https://*.hubspot.com https://api.hubspot.com https://api.leadinfo.com https://api.ldnfrpl.com https://cdn.linkedin.oribi.io https://collector.leadinfo.net https://consentcdn.cookiebot.com https://content.hotjar.io https://forms.hubspot.com https://google.com https://www.google.com https://googleads.g.doubleclick.net https://in.hotjar.com https://li-replay.s3-accelerate.amazonaws.com https://metrics.hotjar.io https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://vc.hotjar.io https://vimeo.com https://x.clarity.ms wss://ws.hotjar.com; default-src 'self'; font-src 'self' data:; frame-src 'self' https://backend.anewspring.prod.verveagency.com https://*.hs-sites.com https://app.hubspot.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://forms.hsforms.com https://player.vimeo.com https://td.doubleclick.net https://tpc.googlesyndication.com https://www.googletagmanager.com/ https://s.pointerpro.com; img-src 'self' data: https://*.ads.linkedin.com https://*.hsforms.com https://*.hubspot.com https://facebook.com https://www.facebook.com https://google.com https://google.nl https://googleads.g.doubleclick.net https://googletagmanager.com https://i.vimeocdn.com https://i.ytimg.com https://imgsct.cookiebot.com https://static.hsappstatic.net/ https://track.hubspot.com https://www.google.com https://www.google.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' http://*.googlesyndication.com http://js.hs-scripts.com https://cdn.leadinfo.net https://cdn.ldnfrpl.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://google.com https://google.nl https://googleads.g.doubleclick.net https://i.vimeocdn.com https://i.ytimg.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsforms.net https://js.hsleadflows.net https://js.hubspot.com/web-interactives-embed.js https://js.usemessages.com https://player.vimeo.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://www.clarity.ms https://www.facebook.com https://www.google.com https://www.google.nl https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline'; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: 'self' blob:; 2
script-src 'unsafe-inline' 'unsafe-eval' js-cdn.dynatrace.com cdn.omniconvert.com  js.adsrvr.org apps.bazaarvoice.com acsbapp.com js.monitor.azure.com wchat.freshchat.com www.gstatic.com ftlaunchpad.ai www.redditstatic.com code.jquery.com solutions.invocacdn.com build.1pdata.app *.hotjar.com qvdt3feo.com loader.nutshell.com maps.googleapis.com pnapi.invoca.net *.webfxcapi.com *.facebook.net *.marketingcloudfx.com *.stackadapt.com *.clopaydoor.com *.doubleclick.net s.pinimg.com bat.bing.com acdn.adnxs.com ct.pinterest.com *.google.com *.googletagmanager.com www.googleadservices.com pagead2.googlesyndication.com *.ipredictive.com *.google.ca *.google.co.za js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net https://cdn.insight.sitefinity.com https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self'; connect-src insight.adsrvr.org *.dynatrace.com app.omniconvert.com www.redditstatic.com *.reddit.com *.marketingcloudfx.com app.nutshell.com www.facebook.com maps.googleapis.com pnapi.invoca.net *.bazaarvoice.com *.run.app *.webfxcapi.com *.azure.com *.conversionsapigateway.com *.clopaydoor.com *.facebook.com *.sentry.io *.stackadapt.com ct.pinterest.com *.adnxs.com *.acsbapp.com wss://ws.hotjar.com *.hotjar.io *.doubleclick.net acsbapp.com clopaycorporationproductselector.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com pagead2.googlesyndication.com *.google.com www.googleadservices.com google.com *.hscollectedforms.net *.hubapi.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self'; style-src 'unsafe-inline' fonts.googleapis.com wchat.freshchat.com *.clopaydoor.com *.stackadapt.com googletagmanager.com *.google.com *.googletagmanager.com https://cdn.insight.sitefinity.com 'self'; font-src 'self' data: fonts.gstatic.com; img-src data: alb.reddit.com hits3.livemarketshoppers.com maps.googleapis.com *.facebook.net *.bazaarvoice.com *.facebook.com bat.bing.com *.adnxs.com *.adsrvr.org *.vimeocdn.com i.ytimg.com pixel.rubiconproject.com *.doubleclick.net *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google.com www.googleadservices.com google.com *.googlesyndication.com *.hsforms.com *.hubspot.com https://cdn.insight.sitefinity.com 'self'; frame-src www.googletagmanager.com wchat.freshchat.com www.google.com player.vimeo.com www.youtube.com clopay.cornellcookson.com *.clopaydoor.com *.doubleclick.net ct.pinterest.com *.adsrvr.org *.ipredictive.com clopaycorporationproductselector.com *.cornelliron.com; worker-src blob:; media-src player.vimeo.com *.vimeocdn.com 'self'; default-src  'self' 2
default-src 'none';child-src 'self' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://youtube.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com wss://*.salesforce-sites.com data: blob:;connect-src 'self' https://*.adsymptotic.com https://*.andameds.com https://*.andameds.com:8443 https://*.andanet.com https://*.andanet.com:8443 https://*.bing.com https://*.clarity.ms https://*.cookielaw.org https://*.contextweb.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.force.com https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.jwpcdn.com https://*.jwpsrv.com https://*.kore.ai https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.vimeo.com https://*.vimeocdn.com https://cdn.appdynamics.com https://cdnjs.cloudflare.com https://pdx-col.eum-appdynamics.com https://content.jwplatform.com https://google.com https://jwpsrv-vh.akamaihd.net https://stats.g.doubleclick.net https://vc.hotjar.io wss://*.hotjar.com wss://*.hotjar.io wss://*.kore.ai wss://*.salesforce-sites.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adsymptotic.com https://*.andameds.com https://*.andameds.com:8443 https://*.andanet.com https://*.andanet.com:8443 https://*.bing.com https://*.clarity.ms https://*.cookielaw.org https://*.contextweb.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.force.com https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.jwpcdn.com https://*.jwpsrv.com https://*.kore.ai https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.mailchimp.com https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.vimeo.com https://*.vimeocdn.com https://cdn.appdynamics.com https://chimpstatic.com https://cdnjs.cloudflare.com https://code.jquery.com https://pdx-col.eum-appdynamics.com https://content.jwplatform.com https://jwpltx.com https://maxcdn.bootstrapcdn.com wss://*.kore.ai;img-src 'self' data: https://*.andanet.com https://*.adsymptotic.com https://*.adnxs.com https://*.andameds.com https://*.andameds.com:8443 https://*.andanet.com https://*.andanet.com:8443 https://*.bing.com https://*.clarity.ms https://*.cookielaw.org https://*.contextweb.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.force.com https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.jwpcdn.com https://*.jwpsrv.com https://*.kore.ai https://*.linkedin.com https://*.linkedin.oribi.io https://*.mailchimp.com https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.vimeo.com https://*.vimeocdn.com https://pdx-col.eum-appdynamics.com https://content.jwplatform.com https://google.com https://jwpltx.com https://openbadges.blob.core.windows.net https://placehold.co;media-src 'self' blob: data:;style-src 'self' 'unsafe-inline' https://*.andameds.com https://*.andameds.com:8443 https://*.andanet.com https://*.andanet.com:8443 https://*.force.com https://*.formstack.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.kore.ai https://*.mailchimp.com https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://maxcdn.bootstrapcdn.com;font-src 'self' data: https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.mailchimp.com;frame-src 'self' https://*.andameds.com https://*.andameds.com:8443 https://*.andanet.com https://*.andanet.com:8443 https://*.clarity.ms https://*.cybersource.com https://*.doubleclick.net https://*.force.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.jwpcdn.com https://*.jwpsrv.com https://*.kore.ai https://*.mailchimp.com https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.vimeo.com https://*.vimeocdn.com https://anda.formstack.com https://pdx-col.eum-appdynamics.com https://content.jwplatform.com wss://*.kore.ai 2
default-src 'self' data: ew-messaging-attachments.s3.amazonaws.com ct.pinterest.com www.googletagmanager.com webcommon.easyweddings.com.au player.vimeo.com td.doubleclick.net js.stripe.com www.google.com player-widget.mixcloud.com w.soundcloud.com my.matterport.com fonts.gstatic.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com bid.g.doubleclick.net *.facebook.com www.youtube.com youtu.be *.vimeo.com wistia.com *.wistia.net fonts.gstatic.com static.helloumi.com *.firebaseio.com webcommon.easyweddings.com.au;connect-src 'self' ct.pinterest.com *.userflux.co webcommon.easyweddings.com.au v6-cdn.easyweddings.com cta-service-cms2.hubspot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com google.com analytics.google.com *.facebook.net *.googletagmanager.com https://*.sendbird.com wss://*.sendbird.com *.cookiefirst.com pagead2.googlesyndication.com stripe.com bam.nr-data.net api.hubapi.com www.google.com forms.hscollectedforms.net graph.facebook.com n2.mouseflow.com api.easyweddings.com.au webapi.easyweddings.com.au maps.googleapis.com *.facebook.com stats.g.doubleclick.net www.google-analytics.com api.hubspot.com forms.hubspot.com bid.g.doubleclick.net *.firebaseio.com wss://*.firebaseio.com *.googleapis.com; style-src 'self' 'unsafe-inline' blob: dev-ew-wedding-websites-test.s3.ap-southeast-2.amazonaws.com prod-ew-wedding-websites.s3.ap-southeast-2.amazonaws.com webcommon.easyweddings.com.au code.jquery.com pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com fonts.googleapis.com *.cookiefirst.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: dev-ew-wedding-websites-test.s3.ap-southeast-2.amazonaws.com prod-ew-wedding-websites.s3.ap-southeast-2.amazonaws.com bat.bing.com s.pinimg.com ct.pinterest.com cdn.skypack.dev prod-ew-wedding-websites.s3.ap-southeast-2.amazonaws.com js.hubspot.com script.hotjar.com static.hotjar.com consent.cookiefirst.com bam.nr-data.net js-agent.newrelic.com js.hsadspixel.net js.stripe.com servedbyadbutler.com www.gstatic.com cdn.mouseflow.com ajax.googleapis.com cdnjs.cloudflare.com maps.googleapis.com connect.facebook.net v5-cdn.easyweddings.com v6-cdn.easyweddings.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.usemessages.com www.google-analytics.com www.googletagmanager.com *.firebaseio.com www.google.com;img-src 'self' data: blob: https: prod-ew-wedding-websites.s3.ap-southeast-2.amazonaws.com perf-na1.hsforms.com https://*.amazonaws.com https://*.sendbird.com hotelmedia.s3.amazonaws.com assets-destwed.easyweddings.com contentdw.easyweddings.com *.cookiefirst.com i.vimeocdn.com supplier-images.s3.amazonaws.com www.googletagmanager.com forms.hscollectedforms.net servedbyadbutler.com assets.easyweddings.com.au v4-cdn-consolidation.easyweddings.com.au prod-ew-image-global-v2.s3.amazonaws.com maps.gstatic.com easyweddings-framework-v4.s3.amazonaws.com googleads.g.doubleclick.net maps.googleapis.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com images-cdn.easyweddings.com.au ew-image-global.s3.amazonaws.com images.easyweddings.com.au easyweddings-framework.s3.amazonaws.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com forms.hsforms.com www.google-analytics.com www.google.com www.google.com.au track.hubspot.com storage.googleapis.com wedding-website-images.s3.amazonaws.com assets.easyweddings.com *.facebook.com cdn.hotelplanner.com; 2
frame-ancestors https://*.builder.io https://builder.io http://localhost:1234 2
style-src 'unsafe-inline' 'self' https://*.typekit.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.hospitalitysem.com https://*.sorryapp.com https://*.fontawesome.com https://*.googleapis.com https://*.vizergy.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.demdex.net https://*.everesttech.net https://*.vizergy.com https://*.hospitalitysem.com https://*.googletagmanager.com https://*.doubleclick.net https://*.twitter.com https://*.pinterest.com https://*.sorryapp.com https://*.googleapis.com https://*.clarity.ms; default-src 'self' https://*.typekit.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.demdex.net https://*.everesttech.net https://*.vizergy.com https://*.hospitalitysem.com https://player.vimeo.com  https://*.googletagmanager.com https://*.doubleclick.net https://*.twitter.com https://*.pinterest.com https://*.sorryapp.com https://*.fontawesome.com https://*.googleapis.com https://*.fbcdn.net https://*.cdninstagram.com https://*.googleusercontent.com https://www.youtube.com https://*.clarity.ms https://assets.hotelwebsitedesign.com data: 2
default-src 'self';         connect-src 'self' www.google-analytics.com www.google.com/recaptcha/ cdn.cookielaw.org cdn-ukwest.onetrust.com cwtsato--tst1.custhelp.com cwtsato--tst1.widget.cx.usg.oraclecloud.com cwtsato.widget.cx.usg.oraclecloud.com cwtsato.widget.custhelp.com cwtravel--tst1.chat.cx.usg.oraclecloud.com bcvipag02.cx.usg.oraclecloud.com cwtravel.chat.cx.usg.oraclecloud.com;           style-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.googleapis.com cwtsato.widget.custhelp.com cwtsato--tst1.custhelp.com cdnjs.cloudflare.com cwtsato--tst1.widget.cx.usg.oraclecloud.com cwtsato.widget.cx.usg.oraclecloud.com cwtsato.widget.custhelp.com;             img-src 'self' data: *.cwtsatotravel.com  www.google-analytics.com ssl-i.cdn.openx.com *.openx.net code.jquery.com *.googleapis.com staticcontent.mycwt.com youtube.com www.youtube.com cdn.cookielaw.org www.googletagmanager.com www.rnengage.com content.mycwt.com content.mycwt.com files.mycwt.com qatest.files.mycwt.com cdn-icons-png.flaticon.com static.mycwt.com cwtsato--tst1.widget.cx.usg.oraclecloud.com cwtsato.widget.cx.usg.oraclecloud.com cwtsato.widget.custhelp.com cdn-ukwest.onetrust.com;            font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com cwtsato--tst1.widget.cx.usg.oraclecloud.com cwtsato.widget.cx.usg.oraclecloud.com cwtsato.widget.custhelp.com;          script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com/recaptcha/ www.google.com/recaptcha/ www.google-analytics.com www.googletagmanager.com *.googleapis.com code.jquery.com cdn.cookielaw.org content.mycwt.com content.mycwt.com www.youtube.com cwtsato.widget.custhelp.com cwtsato.custhelp.com cwtsato--tst1.custhelp.com www.rnengage.com sdk.joinsherpa.io cdnjs.cloudflare.com cwtsato--tst1.widget.cx.usg.oraclecloud.com cwtsato.widget.cx.usg.oraclecloud.com cwtsato.widget.custhelp.com cdn-ukwest.onetrust.com;           media-src 'self' data: cwtsato--tst1.widget.cx.usg.oraclecloud.com cwtsato.widget.cx.usg.oraclecloud.com cwtsato.widget.custhelp.com;           frame-src 'self' www.google.com/recaptcha/ www.googletagmanager.com apps.joinsherpa.io/ content.mycwt.com content.mycwt.com;     frame-ancestors 'self' 2
worker-src 'self' blob: *.mczbf.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://geowidget.easypack24.net https://fonts.bunny.net/ *.thulium.com/ script.hotjar.com/ *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com *.cj.com https://static.payu.com surveys-static-prd.survicate-cdn.com/* *.survicate-cdn.com *.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.fls.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://geowidget-app.inpost.pl/ secure.payu.com merch-prod.snd.payu.com *.gr-cdn.com/ *.getresponse.com/ *.diablochairs.com/ *.thulium.com/ *.hotjar.com/ *.hotjar.io/ *.payu.com/ *.youtube.com/ *.go2cloud.org/ *.clarity.ms *.consentmanager.net https://c.seznam.cz/ https://app.cux.io https://pudofinder.dpd.com.pl *.klarna.com *.awin1.com *.zenaps.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.payu.com *.gr-cdn.com/ *.getresponse.com/ *.diablochairs.com/ *.google.pl *.google.de *.paynow.pl https://jannowak.com/ https://diablochairs.com/ https://sofandi.store/ https://domator24.com/ *.trackjs.com *.bing.com *.clarity.ms *.thulium.com/ https://integrations.etrusted.com/ *.consentmanager.net https://c.seznam.cz/ https://www.zbozi.cz https://zbozi.cz *.diablochairs.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.awin1.com *.zenaps.com *.wepowerconnections.com *.disqus.com https://firebasestorage.googleapis.com https://redchamps.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://*.emjcd.com *.mczbf.com *.dotomi.com https://*.ceneo.pl static.zdassets.com accounts.zendesk.com *.zendesk.com *.zdusercontent.com blob: server-side-tagging-dxnhuzx4la-uc.a.run.app server-side-tagging-vfykuuawna-uc.a.run.app server-side-tagging-3il2egx56a-uc.a.run.app files.webankieta.pl *.pinterest.com https://www.googletagmanager.com www.awin1.com https://www.emjcd.com c77.jannowak.com https://www.googleadservices.com https://*.zenaps.com https://pixel.wp.pl *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org secure.payu.com secure.snd.payu.com *.gr-cdn.com/ *.getresponse.com/ *.diablochairs.com/ *.hotjar.com/ *.hotjar.io/ *.thulium.com/ https://orbitvu.co/ *.orbitvu.co/ *.gopay.com/ *.payu.com/ https://geowidget.easypack24.net/ https://jannowak.com https://jannowak.pre.aur.ac https://diablochairs.com https://diablo.pre.aur.ac https://domator24.com https://domator-com.pre.aur.ac https://sofandi.store https://sofandi.pre.aur.ac https://pixel.biano.hu/ https://hu.bianopixel.com/ https://analytics.tiktok.com/ https://cdn.trackjs.com/ *.go2cloud.org/ *.trackjs.com https://bat.bing.com/ *.clarity.ms *.consentmanager.net https://c.seznam.cz/ https://dc.cux.io https://my.diablochairs.com https://an.gr-wcon.com/ https://www.zbozi.cz https://zbozi.cz https://m.gr-cdn-e.eu/ https://www.mczbf.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://browser.sentry-cdn.com polyfill-fastly.io *.klarnaservices.com *.disqus.com *.avada.io *.shopify.com https://cdnjs.cloudflare.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://*.webetech.pl *.cj.com https://*.webep1.com *.us-wbe.gr-cdn.com https://webetech.pl https://webep1.com *.seznam.cz https://h.seznam.cz/udid *.biano.cz *.biano.sk *.ceneo.pl *.pinimg.com *.pinterest.com partner-events.favicdn.net https://*.onet.pl events.ocdn.eu *.ocdn.eu https://*.zdassets.com https://*.zendesk.com static.zdassets.com domator24com.zendesk.com static.zdassets.com/web_widget/messenger/latest/web-widget-main-c6569be.js https://*.startquestion.com c77.domator24.com c77.diablochairs.com c77.jannowak.com *.wewomedia.com ct.pinterest.com s.pinimg.com surveys-static-prd.survicate-cdn.com/widget_core-28.1.3.js survey.survicate.com/workspaces/5c986984cadef15a294cb73c8ed9e25a/web_surveys.js https://*.googletagmanager.com https://lantern.roeyecdn.com https://*.paypal.com https://*.paypalobjects.com https://*.awin1.com 'self' blob: the.sciencebehindecommerce.com https://www.googletagmanager.com/debug/bootstrap https://www.googletagmanager.com https://*.roeyecdn.com https://*.googleapis.com https://www.zenaps.com https://*.biano.com https://pixel.wp.pl *.biano.it *.biano.ro js.sentry-cdn.com *.visualwebsiteoptimizer.com app.vwo.com *.segmentify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://fonts.bunny.net/ https://integrations.etrusted.com/ *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.cj.com https://*.webep1.com https://cdn.consentmanager.net/delivery/css/cmp.min.css *.zendesk.com *.zdassets.com delivery.consentmanager.net/delivery/css/console.min.css surveys-static-prd.survicate-cdn.com/fonts/fonts.css *.visualwebsiteoptimizer.com app.vwo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.thulium.com/ static.zdassets.com media.smooch.io diablochairs.com https://diablochairs.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.easypack24.net *.inpost.pl *.openstreetmap.org secure.payu.com merch-prod.snd.payu.com *.gr-cdn.com/ https://ts.getresponse.pl/ https://ga2.getresponse.com/ https://popups1-show.getresponse.com/ https://popups1-s.getresponse.com/ *.diablochairs.com/ wss://*.thulium.com/ *.thulium.com/ *.hotjar.com/ *.hotjar.io/ *.doubleclick.net/ *.orbitvu.cloud/ *.gopay.com/ wss://*.hotjar.com/ *.payu.com/ *.googlesyndication.com/ https://p.biano.hu/ https://hu.bianopixel.com/ https://analytics.tiktok.com/ https://cdn.trackjs.com/ *.go2cloud.org/ https://www.googletagmanager.com/ *.google.com/ https://google.com/ccm/ https://google.com/pagead/ *.google.pl *.google.de *.trackjs.com *.clarity.ms https://bat.bing.com/ https://integrations.etrusted.com/ *.consentmanager.net https://c.seznam.cz/ wss://n-40918785-0-40392500-1708081317-65cf40a5629dd.track.cux.io wss://o-40918785-0-40392500-1708081317-65cf40a5629dd.track.cux.io *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.wepowerconnections.com https://the.sciencebehindecommerce.com https://*.ingest.sentry.io *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://*.mczbf.com *.sjwoe.com *.us-wbe.gr-cdn.com *.seznam.cz https://h.seznam.cz/udid *.biano.cz *.biano.sk *.pinterest.com partner-events.favi.sk partner-events.favi.cz partner-events.favi.hu partner-events.favi.ro partner-events.favi.it partner-events.favi.pl *.tiktokw.us https://*.onet.pl events.ocdn.eu *.ocdn.eu https://*.zdassets.com https://*.zendesk.com static.zdassets.com wss://pod-28-sunco-ws.zendesk.com/sc/faye https://widgets.trustedshops.com c.ba.contentsquare.net/ping *.gr-wcon360.pl server-side-tagging-dxnhuzx4la-uc.a.run.app server-side-tagging-vfykuuawna-uc.a.run.app server-side-tagging-3il2egx56a-uc.a.run.app https://*.startquestion.com c77.domator24.com c77.diablochairs.com c77.jannowak.com *.wewomedia.com demo-1.conversionsapigateway.com/events https://*.us-central1.run.app ct.pinterest.com respondent.survicate.com/workspaces/5c986984cadef15a294cb73c8ed9e25a/logs.json respondent.survicate.com/workspaces/5c986984cadef15a294cb73c8ed9e25a/installed.json https://*.biano.com https://*.a.run.app *.biano.it *.biano.ro https://pixel.wp.pl browser.sentry-cdn.com *.visualwebsiteoptimizer.com app.vwo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.awin1.com *.zenaps.com *.cj.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.seznam.cz https://h.seznam.cz/udid *.biano.cz *.biano.sk https://*.ceneo.pl https://*.onet.pl *.ocdn.eu static.zdassets.com ekr.zdassets.com ekr.zendesk.com *.zendesk.com api.smooch.io media.smooch.io zendesk-eu.my.sentry.io wss://*.zendesk.com wss://api.smooch.io *.twilio.com wss://voice-js.roaming.twilio.com https://*.zdassets.com domator24com.zendesk.com wss://pod-28-sunco-ws.zendesk.com/sc/faye us-wbe.gr-cdn.com us-an.gr-cdn.com an.gr-wcon.com/script www.dwin1.com widgets.trustedshops.com www.mczbf.com integrations.etrusted.com *.gstatic.com *.google.com https://files.startquestion.com https://connect.facebook.net https://c77.diablochairs.com https://an.gr-wcon.com https://www.facebook.com https://cdn.consentmanager.net https://*.gr-cdn-e.eu https://delivery.consentmanager.net https://fonts.bunny.net https://bat.bing.com https://*.wewomedia.com https://www.googletagmanager.com/gtag https://d.delivery.consentmanager.net https://*.clarity.ms https://googleads.g.doubleclick.net https://www.google.pl https://c77.domator24.com https://c77.jannowak.com https://s.pinimg.com https://partner-events.favicdn.net https://c.delivery.consentmanager.net https://c.bing.com https://ct.pinterest.com data: c77.domator24.com c77.jannowak.com c77.diablochairs.com https://static-app.connect.trustedshops.com https://maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://app.webankieta.pl https://diablochairs.com https://www.googletagmanager.com https://jannowak.com https://domator24.com https://*.awin1.com https://*.roeyecdn.com https://www.zenaps.com https://*.webetech.pl www.googleadservices.com www.google-analytics.com https://*.emjcd.com https://*.webep1.com https://*.dotomi.com https://*.webankieta.pl https://*.startquestion.com https://*.sciencebehindecommerce.com https://*.diablochairs.com https://*.paypalobjects.com https://*.biano.com https://*.paypal.com https://*.roeye.com https://geowidget.inpost.pl https://static.payu.com *.biano.it *.biano.hu *.biano.ro https://pixel.wp.pl https://webetech.pl https://webep1.com https://pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.googletagmanager.com https://ajax.googleapis.com https://*.griddynamics.net https://*.griddynamics.com https://player.vimeo.com https://apis.google.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://pi.pardot.com https://*.onetrust.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://*.griddynamics.net https://*.griddynamics.com https://*.onetrust.com; img-src 'self' data: https://cdn.jsdelivr.net https://riovizual.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://*.griddynamics.net https://*.griddynamics.com https://player.vimeo.com https://i.vimeocdn.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://v.fastcdn.co https://cdn.buttercms.com https://cdn.filestackcontent.com https://img.youtube.com https://i.ytimg.com https://*.googletagmanager.com https://storage.pardot.com https://grid-dynamics-blog.ghost.io https://secure.gravatar.com https://id.rlcdn.com https://*.company-target.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://use.fontawesome.com https://*.griddynamics.net https://*.griddynamics.com https://cdnjs.cloudflare.com https://*.onetrust.com; connect-src 'self' https://yoast.com https://*.griddynamics.net https://*.griddynamics.com https://player.vimeo.com https://vimeo.com https://apis.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://maps.googleapis.com https://ipapi.co https://analytics.google.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.io wss://ws.hotjar.com https://cdn.buttercms.com https://cdnjs.cloudflare.com https://*.onetrust.com https://*.googletagmanager.com https://*.google.com; media-src 'self' https://*.griddynamics.net https://cdn.buttercms.com https://*.griddynamics.com; object-src 'none'; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.gstatic.com https://www.google.com https://player.vimeo.com https://www.googletagmanager.com https://*.griddynamics.net https://*.griddynamics.com https://*.company-target.com https://td.doubleclick.net; frame-ancestors 'self' https://*.griddynamics.net https://*.griddynamics.com; base-uri 'self'; upgrade-insecure-requests 2
default-src 'self' *.synthetix.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.clarity.ms *.licdn.com *.52enterprisingdetails.com https://platform.twitter.com *.synthetix.com *.synthetix.com *.googletagmanager.com *.googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net *.youtube.com *.google.com *.bc0a.com;style-src 'self' *.googleapis.com *.synthetix.com *.cloudfront.net *.googletagmanager.com 'unsafe-inline';connect-src 'self' *.facebook.com *.bing.com *.getaddress.io *.doubleclick.net *.linkedin.com *.clarity.ms *.google.com *.hotjar.io *.hotjar.com *.google-analytics.com *.synthetix.com *.fullstory.com *.amazonaws.com wss://ws.hotjar.com/api/v2/client/ws *.googletagmanager.com *.google.co.uk *.bc0a.com;font-src 'self' *.gstatic.com *.hotjar.io *.hotjar.com;img-src 'self' data: https: syn-document-manager.s3.amazonaws.com *.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io;object-src 'none';frame-ancestors 'self' self;frame-src 'self' *.sfmc-content.com *.googletagmanager.com *.office.com *.youtube.com *.google.com *.twitter.com *.facebook.com *.doubleclick.net *.hotjar.com *.hotjar.io https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk https://wjec-cbac.leadfamly.com *.issuu.com;base-uri 'self' 2
default-src 'self' https://*.allkeyshop.com https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://www.google.com https://www.google.fr https://*.gstatic.com https://www.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://www.recaptcha.net https://*.googleusercontent.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google-analytics.com https://www.google.com/s2/ https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://v2assets.zopim.io https://steamcdn-a.akamaihd.net https://avatars.steamstatic.com https://*.twitch.tv https://static-cdn.jtvnw.net https://static-cdn.jtvnw.net/ https://discord.com https://cdn.discordapp.com/avatars/ https://www.youtube.com https://s.ytimg.com https://i.ytimg.com/ https://*.gravatar.com https://www.tiktok.com/ https://*.ttwstatic.com/ https://i0.wp.com/www.allkeyshop.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://*.fbcdn.net/ https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://platform.twitter.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs http://cdn.sendpulse.com https://cdn.sendpulse.com https://widget.gleamjs.io https://gleam.io https://js.gleam.io https://ad.doubleclick.net https://do6911745127z.cloudfront.net/scripts/master/goclecd.js https://system.warlegend.net 'unsafe-inline' data:; style-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://*.ttwstatic.com/ https://cdn.jsdelivr.net https://cdn.sendpulse.com https://www.google.com/recaptcha 'unsafe-inline'; img-src 'self' https://*.allkeyshop.com https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://www.google.com https://www.google.fr https://*.gstatic.com https://www.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://www.recaptcha.net https://*.googleusercontent.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google-analytics.com https://www.google.com/s2/ https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://v2assets.zopim.io https://steamcdn-a.akamaihd.net https://avatars.steamstatic.com https://*.twitch.tv https://static-cdn.jtvnw.net https://static-cdn.jtvnw.net/ https://discord.com https://cdn.discordapp.com/avatars/ https://www.youtube.com https://s.ytimg.com https://i.ytimg.com/ https://*.gravatar.com https://www.tiktok.com/ https://*.ttwstatic.com/ https://i0.wp.com/www.allkeyshop.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://*.fbcdn.net/ https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://platform.twitter.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs http://cdn.sendpulse.com https://cdn.sendpulse.com https://widget.gleamjs.io https://gleam.io https://js.gleam.io https://ad.doubleclick.net https://do6911745127z.cloudfront.net/scripts/master/goclecd.js https://system.warlegend.net data: https://www.googletagmanager.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://cdnjs.cloudflare.com *.facebook.net *.twitter.com *.twimg.com https://cdn.chatbot.com https://content.govdelivery.com/ https://cdn.livechatinc.com/ https://api.livechatinc.com/ https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twimg.com cdnjs.cloudflare.com https://content.govdelivery.com/; connect-src 'self' https://maps.googleapis.com https://kdorapi.kdor.org https://cdn.chatbot.com/widget/5c7029abb3a91872edc36639/settings.json https://api.livechatinc.com; font-src 'self' https://fonts.gstatic.com https://cdn.livechatinc.com data:; img-src 'self' www.google-analytics.com maps.google.com *.twimg.com *.twitter.com https://cdn.livechat-files.com data: https://content.govdelivery.com/; frame-src 'self' *.youtube.com *.facebook.com *.twitter.com https://cdn.chatbot.com https://secure.livechatinc.com/ https://challenges.cloudflare.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://deliver.kontent.ai https://assets-eu-01.kc-usercontent.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://*.googleapis.com https://*.google.com https://*.vimeo.com https://*.facebook.net https://*.siteimprove.com https://*.siteimprove.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://siag.form.cloud https://fonts.gstatic.com  https://cdn.knightlab.com https://siagsap4pab.prod.apimanagement.eu20.hana.ondemand.com https://api.demo-integrations.services.siag.it https://api-integrations.services.siag.it https://api.integrations.services.siag.it https://sis.prod.apimanagement.eu20.hana.ondemand.com https://redas.services.siag.it https://civis.bz.it https://static.provinz.bz.it https://www.openstreetmap.org https://*.iubenda.com; base-uri 'self'; frame-ancestors 'self' https://*.kontent.ai/; 2
default-src https://disqus.com https://*.disquscdn.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://c.disquscdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://*.disquscdn.com https://*.disqus.com https://gapl.hit.gemius.pl https://ssl.google-analytics.com https://cdnjs.cloudflare.com; img-src 'self' data: https://ssl.google-analytics.com https://cdn.viglink.com https://*.disqus.com https://juicebox.net https://stats.g.doubleclick.net; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; frame-src 'self' https://www.gstatic.com https://www.google.com https://ls.hit.gemius.pl https://disqus.com https://ljsp.lwcdn.com https://*.dcs.redcdn.pl https://www.facebook.com https://www.youtube.com; frame-ancestors 'self'; connect-src 'self' https://*.google-analytics.com https://*.disqus.com; base-uri 'self'; 2
frame-ancestors 'self' https://desa.cencopay.ar; 2
default-src 'self';     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.tutorialphp.net https://mc.yandex.ru https://yastatic.net https://cdn.yandex.net https://www.clarity.ms https://scripts.clarity.ms https://*.clarity.ms https://*.realsrv.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://*.googlesyndication.com https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://*.adtrafficquality.google;     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.tutorialphp.net https://ka-f.fontawesome.com;     img-src 'self' data: https: https://mc.yandex.ru https://*.tutorialphp.net https://*.clarity.ms https://c.bing.com https://*.realsrv.com https://*.googlesyndication.com https://*.google.com https://googleads.g.doubleclick.net https://*.adtrafficquality.google;     font-src 'self' data: https://fonts.gstatic.com https://*.tutorialphp.net https://ka-f.fontawesome.com;     connect-src 'self' https://www.google-analytics.com https://*.tutorialphp.net https://ka-f.fontawesome.com https://mc.yandex.ru wss://mc.yandex.ru https://yastatic.net https://*.clarity.ms https://c.bing.com https://*.realsrv.com https://fundingchoicesmessages.google.com https://*.googlesyndication.com https://*.google.com https://googleads.g.doubleclick.net https://*.adtrafficquality.google;     frame-src 'self' https://mc.yandex.ru https://cdn-fc.com https://*.realsrv.com https://*.tutorialphp.net https://*.googlesyndication.com https://googleads.g.doubleclick.net https://*.adtrafficquality.google https://www.google.com;     worker-src 'self' blob:;     object-src 'none';     base-uri 'self';     form-action 'self';     upgrade-insecure-requests; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://api.qooqie.com https://cdn.leadinfo.net https://infimv.com https://infirc.com https://sc.lfeeder.com https://static.cloudflareinsights.com https://snap.licdn.com https://s.ksrndkehqnwntyxlhgto.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' https://cdnjs.cloudflare.com https://tailwindcss.com https://tr.lfeeder.com https://tr-rc.lfeeder.com data: https://www.google.nl https://www.google.com https://px.ads.linkedin.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://region1.analytics.google.com https://collector.leadinfo.net https://api.leadinfo.com https://api.qooqie.com wss://api.qooqie.com https://https.overbridgenet.com https://sc.lfeeder.com https://overbridgenet.com https://region1.google-analytics.com https://www.googletagmanager.com https://region1.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://process.iconnode.com https://p.ksrndkehqnwntyxlhgto.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://www.recaptcha.net https://www.googletagmanager.com https://www.linkedin.com; object-src 'none'; 2
form-action 'self'; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 2
frame-src https://global.frcapi.com https://eu.frcapi.com https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.check-dein-spiel.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 2
default-src https: wss: ws: data: blob: 'self'; script-src https: 'self' https://cache.exmo.club 'unsafe-inline'; style-src https: 'self' https://cache.exmo.club 'unsafe-inline'; frame-src 'self' blob: https:; object-src 'self' blob:; 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com *.licdn.com *.evgnet.com *.zoominfo.com *.eum-appdynamics.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.marketo.com cdn.appdynamics.com www.googletagmanager.com code.jquery.com https://snap.licdn.com/li.lms-analytics/insight.min.js *.crazyegg.com *.adsymptotic.com www.youtube.com *.hotjar.com https://tagmanager.google.com https://www.googletagmanager.com tools.cdc.gov/TemplatePackage/contrib/libs/jquery/1.12.4/jquery.js tools.cdc.gov/TemplatePackage/contrib/widgets/tp-widget-external-loader.js https://data.processwebsitedata.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://cdn.cookielaw.org *.vimeo.com js.zi-scripts.com blob: 'self' googleads.g.doubleclick.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://dec.azureedge.net app-sjo.marketo.com code.jquery.com *.marketo.com https://tagmanager.google.com 'self' 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: forms.hsforms.com *.google.com *.linkedin.com *.google-analytics.com https://dec.azureedge.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://aedevstoragecdn.azureedge.net https://aeprdcmsstoragecdn.azureedge.net https://aeprdusstoragecdn.azureedge.net code.jquery.com *.googletagmanager.com *.adsymptotic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://cdn.cookielaw.org/ *.cookielaw.org *.sirva.com 'self'; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.googleapis.com; frame-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.vimeo.com td.doubleclick.net *.marketo.com *.googletagmanager.com 'self'; connect-src 'self' accounts.google.com *.google-analytics.com https://*.googleapis.com/ api.hubapi.com forms.hubspot.com *.doubleclick.net *.evergage.com *.crazyegg.com *.marketo.com *.eum-appdynamics.com https://*.dec.sitefinity.com *.mktoresp.com *.zoominfo.com https://js.hs-banner.com https://cdn.cookielaw.org https://*.onetrust.com analytics.google.com px.ads.linkedin.com js.zi-scripts.com *.facebook.com www.google.com; media-src 'self' data: blob:; child-src app-sjo.marketo.com *.sirva.com.au www.cdc.gov/ https://player.youku.com https://valc.atm.youku.com 'self' 2
frame-ancestors 'self' *.punchlist.com 2
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src *; frame-src *; worker-src blob:; form-action 'self'; frame-ancestors 'self' https://a.cms.omniupdate.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https:; frame-ancestors 'self' 2
default-src 'self' 'unsafe-inline' https://app.storylane.io https://player.vimeo.com/ https://play.hubspotvideo.com *.hs-sites.com https://platform.twitter.com https://player.vimeo.com https://web.cvent.com https://83340.fs1.hubspotusercontent-na1.net https://ncontracts.applytojob.com https://fonts.googleapis.com  https://www.facebook.com https://forms.hsforms.com https://view.ceros.com https://app.qualified.com https://cdnjs.cloudflare.com https://www.youtube.com/ *.hubspot.com *.hs-banner.com *.hsleadflows.net *.hs-analytics.net *.hsforms.net *.hsadspixel.net https://tracking.g2crowd.com *.cloudfront.net https://kit.fontawesome.com https://js.hs-scripts.com https://static.hsappstatic.net https://js.qualified.com https://rum-static.pingdom.net https://static.oktopost.com https://assets.revsure.cloud https://okt.to https://www.googletagmanager.com https://td.doubleclick.net https://snap.licdn.com *.esnlocco.com https://connect.facebook.net https://j.6sc.co https://bat.bing.com https://www.clarity.ms https://js.usemessages.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.gstatic.com *.fontawesome.com; script-src 'self' 'unsafe-inline' https://ws.zoominfo.com https://js.storylane.io https://scripts.clarity.ms/ https://obs.buzzfufighter.com/ https://ob.buzzfufighter.com/ https://player.vimeo.com/api/player.js https://platform.twitter.com https://platform.linkedin.com https://static.hsappstatic.net/ https://web.cvent.com/ https://www.ncontracts.com https://view.ceros.com https://tracking.g2crowd.com https://rum-static.pingdom.net https://cdnjs.cloudflare.com *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.hsforms.net https://kit.fontawesome.com https://static.oktopost.com https://js.qualified.com https://assets.revsure.cloud https://okt.to *.hsleadflows.net *.hubspot.com *.hs-banner.com https://www.googletagmanager.com *.cloudfront.net https://www.google.com https://snap.licdn.com https://www.gstatic.com *.esnlocco.com https://connect.facebook.net https://j.6sc.co https://bat.bing.com https://www.clarity.ms https://googleads.g.doubleclick.net *.googleadservices.com https://googleads.g.doubleclick.net https://js.usemessages.com; img-src 'self' https://obs.buzzfufighter.com/ https://273774.fs1.hubspotusercontent-na1.net https://www.trupointpartners.com https://c.clarity.ms https://www.googletagmanager.com https://83340.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://px.ads.linkedin.com *.hsappstatic.net *.hs-embed-reporting.com https://b.6sc.co https://bat.bing.com *.esnlocco.com *.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://px4.ads.linkedin.com; connect-src 'self' https://assets.revsure.cloud https://ob.buzzfufighter.com https://static.hsappstatic.net https://api.storylane.io https://obs.buzzfufighter.com/ https://j.clarity.ms https://js.hsforms.net/ https://www.googleadservices.com https://vimeo.com https://www.google-analytics.com https://tracking-api.g2.com https://stats.g.doubleclick.net https://secure.adnxs.com https//c.6sc.co https://www.facebook.com *.clarity.ms *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.fontawesome.com https://settings.luckyorange.net https://app.qualified.com https://api.rudderstack.com wss://*.qualified.com https://analytics.revsure.cloud https://px.ads.linkedin.com *.google.com https://ipv6.6sc.co *.esnlocco.com https://e.clarity.ms https://epsilon.6sense.com https://rum-collector-2.pingdom.net https://google.com https://ws.zoominfo.com;; upgrade-insecure-requests 2
default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' blob: https://*.bertelsmann.de https://*.bertelsmann.com  https://*.createyourowncareer.com https://*.video-cdn.net https://*.privacy-mgmt.com  https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com https://*.cookiebot.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://tr.main.bid-prod.technical-service.net https://maps.google.com https://*.video-cdn.net https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' blob: https://videocdnvod1-vh.akamaihd.net https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://*.video-cdn.net https://fonts.gstatic.com data:; frame-src * data: blob: https://*.cookiebot.com ; frame-ancestors 'self' https://digitalportfolio.bertelsmann.com https://*.bertelsmann.de https://*.bertelsmann.com; connect-src 'self' wss://*.bertelsmann.de https://licensing.bitmovin.com https://cdn.plyr.io https://*.video-cdn.net https://videocdnvod1-vh.akamaihd.net https://stats.g.doubleclick.net https://*.bertelsmann.de https://*.bertelsmann.com https://*.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://*.cookiebot.com https://edgecdnhd2-vh.akamaihd.net 2
base-uri 'self'; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com cdn.commonspirit.org cdn.cookielaw.org cookie-cdn.cookiepro.com fonts.googleapis.com gateway.foresee.com geolocation.onetrust.com happy-hill-0c4c4691e.azurestaticapps.net p.typekit.net privacyportal.onetrust.com translate.googleapis.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dignityhealth.org *.evaliahealth.com *.everestjs.net *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.youtube-nocookie.com *.youtube.com adobedc.demdex.net ajax.googleapis.com ajax.microsoft.com assets.adobedtm.com assets.adobedtm.com bam.nr-data.net cdn.commonspirit.org cdn.cookielaw.org cdn1.commonspirit.org cdnjs.cloudflare.com code.jquery.com commonspirit.experiencecloud.adobe.com cookie-cdn.cookiepro.com experience.adobe.com gateway.foresee.com geolocation.onetrust.com googleads.g.doubleclick.net happy-hill-0c4c4691e.azurestaticapps.net js-agent.newrelic.com login.commonspirit.org maps.googleapis.com platform.twitter.com/js/ platform.twitter.com/widgets.js privacyportal.onetrust.com resources.unlockhealthnow.com/embed-script/embed.js services.cognitoforms.com static.cognitoforms.com tpc.googlesyndication.com/sodar/ twemoji.maxcdn.com unpkg.com use.typekit.net www.cognitoforms.com www.googletagmanager.com; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube-nocookie.com *.youtube.com commonspirit.demdex.net docasap.com www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.dignityhealth.org *.everesttech.net *.foresee.com *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleadservices.com/pagead/ *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.youtube.com api.clearsensecloud.com apps.vmfh.org assets.gyant.com bam.nr-data.net cdn.cookielaw.org cdn.jotfor.ms d1ffafozi03i4l.cloudfront.net data: developers.google.com dpm.demdex.net googleads.g.doubleclick.net happy-hill-0c4c4691e.azurestaticapps.net i.ytimg.com login.commonspirit.org rtd-tm.everesttech.net s3.amazonaws.com static.cognitoforms.com syndication.twitter.com twemoji.maxcdn.com use.typekit.net www.google.com www.googletagmanager.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.mktoresp.com *.mktoutil.com *.omtrdc.net adobedc.demdex.net ajax.microsoft.com analytics.foresee.com analytics.google.com api.ipify.org apiprod.commonspirit.org assets.adobedtm.com bam.nr-data.net brain.foresee.com cdn.commonspirit.org cdn.cookielaw.org commonspirit.sc.omtrdc.net commonspirit.tt.omtrdc.net dc.services.visualstudio.com dpm.demdex.net fid.agkn.com fonts.googleapis.com happy-hill-0c4c4691e.azurestaticapps.net identity-api.commonspirit.org identity-func.commonspirit.org lasteventf-tm.everesttech.net login.commonspirit.org maps.googleapis.com readaloud.googleapis.com rxnav.nlm.nih.gov survey.foreseeresults.com telemetry.commonspirit.org translate.googleapis.com www.cognitoforms.com www.googletagmanager.com; default-src 'self' *.dignityhealth.org account.commonspirit.org cdn1.commonspirit.org commonspirit.demdex.net commonspirit.tt.omtrdc.net dc.services.visualstudio.com happy-hill-0c4c4691e.azurestaticapps.net identity-func.commonspirit.org login.commonspirit.org; font-src 'self' *.dignityhealth.org *.gstatic.com cdn.jorfor.ms cdn1.commonspirit.org data: gateway.foresee.com s3.amazonaws.com/assets.gyant.com/ use.typekit.net www.commonspirit.org www.slant.co; 2
child-src js.stripe.com www.facebook.com; connect-src 'self' dz8rit8v72mig.cloudfront.net d3banl4fzuxsjl.cloudfront.net https://1.1.1.1 d94qwxh6czci4.cloudfront.net d1yz9u4jf6oqub.cloudfront.net wtp.siteperformancetest.net https://siteperformancetest.net d1rk8r7fwbocot.cloudfront.net d3k4bt74u9esq1.cloudfront.net d1ezzflfzltk6e.cloudfront.net d3nocrch4qti4v.cloudfront.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net pixel.pointmediatracker.com faro-collector-prod-us-east-2.grafana.net sdk.iad-01.braze.com wss://ws-mt1.pusher.com sockjs-mt1.pusher.com api.segment.io api2.branch.io cdn.segment.com firebaseinstallations.googleapis.com firebaseremoteconfig.googleapis.com firebaselogging-pa.googleapis.com maps.googleapis.com dataplane.rum.us-east-1.amazonaws.com cognito-identity.us-east-1.amazonaws.com sts.us-east-1.amazonaws.com *.launchdarkly.com https://*.forter.com d3in1te4fdays6.cloudfront.net d1wix2gc2cgqis.cloudfront.net d3lqotgbn3npr.cloudfront.net analytics.google.com google.com www.google.com translate.googleapis.com wss://cdn0.forter.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev *.pci.favor.dev *.favordelivery.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com privacyportal.onetrust.com geolocation.onetrust.com https://*.sendbird.com wss://*.sendbird.com cdn.cookielaw.org www.googleadservices.com ads.nextdoor.com https://*.amplitude.com www.googletagmanager.com; frame-src js.stripe.com bid.g.doubleclick.net www.facebook.com www.googletagmanager.com td.doubleclick.net www.google.com; img-src 'self' cdn.branch.io https://file-us-3.sendbird.com https://s3.us-east-1.amazonaws.com/sendbird-us-3 pixel.pointmediatracker.com flask.nextdoor.com cdn.blisspointmedia.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com graph.facebook.com cdn.cookielaw.org https://braze-images.com https://favor-iac-media-c09c.s3.amazonaws.com data: blob:; script-src-elem 'self' 'unsafe-inline' https://d2aibw1rdya05u.cloudfront.net cdn.segment.com ads.nextdoor.com https://client.rum.us-east-1.amazonaws.com *.pci.favor.dev *.favorengineering.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net wss://cdn0.forter.com *.prod.favor.dev *.pci-np.favor.dev www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com app.link cdn.branch.io cdn.cookielaw.org https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'report-sha256' https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://d2w2nqfk3z9hdt.cloudfront.net cdn.segment.com ads.nextdoor.com cdn.branch.io https://client.rum.us-east-1.amazonaws.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net *.favorengineering.com *.pci.favor.dev *.prod.favor.dev *.pci-np.favor.dev js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' web-assets.favordelivery.com www.gstatic.com 'self' fonts.googleapis.com *.pci.favor.dev *.pci-np.favor.dev; style-src 'unsafe-eval' 'unsafe-inline' 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.favordelivery.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com https://*.forter.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; media-src 'self' https://*.forter.com; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/reportOnly; worker-src *.favordelivery.com 'self' blob:; frame-ancestors 'self' https://heb.com https://*.heb.com; 2
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: https: blob:; report-uri /csp-violation-report/ 2
default-src 'self' www.livechat.com *.livechatinc.com data:; style-src 'self' 'unsafe-inline' cdn.livechat-static.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.io *.livechatinc.com; font-src 'self' data:; connect-src 'self' https://geoip.nekudo.com 2
default-src 'self' *.sentry.io *.zoominfo.com *.facebook.com *.ctfassets.net *.algolia.net *.contentful.com *.vercel-insights.com *.google.com *.google-analytics.com *.cookielaw.org *.intercom.io *.onetrust.io *.onetrust.com coalition.zendesk.com *.clickagy.com wss://nexus-websocket-a.intercom.io *.mktoresp.com cdn.linkedin.oribi.io *.linkedin.com qf23dtaqm7-2.algolianet.com qf23dtaqm7-3.algolianet.com qf23dtaqm7-1.algolianet.com ekr.zdassets.com coalition1659361680.zendesk.com wss://widget-mediator.zopim.com api.control.stg.binaryedge.io coalition.zendesk.com api.control.dev.binaryedge.io api.control.coalitioninc.com api.control.dev.binaryedge.io api.control.demo.binaryedge.io api.control.stg.binaryedge.io rum.browser-intake-datadoghq.com *.auryc.com *.chilipiper.com *.coalitioninc.com maps.googleapis.com *.my.salesforce.com *.my.site.com *.salesforce-scrt.com blob:; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.sentry.io fonts.googleapis.com use.fontawesome.com unpkg.com info.coalitioninc.com web.coalitioninc.com heapanalytics.com https://heapanalytics.com https://www.googletagmanager.com/debug/badge.css *.my.salesforce.com *.my.site.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com *.sentry.io *.googleoptimize.com *.heapanalytics.com heapanalytics.com https://cdn.us.heap-api.com https://heapanalytics.com t.contentsquare.net app.contentsquare.com *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.googleadservices.com *.facebook.net *.zoominfo.com *.ads-twitter.com *.licdn.com *.intercom.io *.clickagy.com *.intercomcdn.com *.doubleclick.net *.google.com *.gstatic.com prism.app-us1.com munchkin.marketo.net info.coalitioninc.com web.coalitioninc.com *.mktoresp.com static.zdassets.com widget-mediator.zopim.com *.chilipiper.com maps.googleapis.com *.auryc.com *.apollo.io aplo-evnt.com *.contentsquare.net https://cdn.jsdelivr.net/npm/statsig-sidecar/dist/index.min.js js.zi-scripts.com *.my.salesforce.com *.my.site.com *.salesforce-scrt.com; font-src 'self' *.sentry.io fonts.gstatic.com use.fontawesome.com data: *.intercomcdn.com heapanalytics.com https://heapanalytics.com *.auryc.com *.my.salesforce.com *.my.site.com; frame-src 'self' app.vwo.com www.googletagmanager.com *.chameleon.io fast.chameleon.io *.visualwebsiteoptimizer.com *.youtube.com *.clickagy.com *.doubleclick.net intercom-sheets.com *.google.com info.coalitioninc.com web.coalitioninc.com videos.ctfassets.net videos.contentful.com vimeo.com player.vimeo.com *.chilipiper.com boards.greenhouse.io *.greenhouse.io *.dropbox.com *.linkedin.com *.bolt.host coalitioninc.swoogo.com *.swoogo.com *.my.salesforce.com *.my.site.com ; connect-src 'self' https://www.google.com *.visualwebsiteoptimizer.com app.vwo.com *.auryc.com heapanalytics.com https://heapanalytics.com https://c.us.heap-api.com *.google-analytics.com *.vercel.app *.algolia.net qf23dtaqm7-2.algolianet.com qf23dtaqm7-3.algolianet.com qf23dtaqm7-1.algolianet.com *.cookielaw.org ekr.zdassets.com *.zoominfo.com cdn.linkedin.oribi.io *.linkedin.com *.mktoresp.com *.onetrust.io *.onetrust.com widget-mediator.zopim.com wss://widget-mediator.zopim.com api.control.coalitioninc.com api.control.dev.binaryedge.io api.control.demo.binaryedge.io api.control.stg.binaryedge.io *.chilipiper.com *.sentry.io maps.googleapis.com *.coalitioninc.com *.trayapp.io aplo-evnt.com cdn.rive.app */@rive-app/canvas@2.18.0/rive.wasm unpkg.com/@rive-app/canvas@2.18.0/rive.wasm boards-api.greenhouse.io *.greenhouse.io *.dropbox.com *.contentsquare.net *.posthog.com api.expertise.ai api.ipify.org *.clickagy.com js.zi-scripts.com *.my.salesforce.com *.my.site.com *.salesforce-scrt.com; img-src 'self' *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * data: blob: https://heapanalytics.com *.contentsquare.net; media-src * data:; object-src 'none'; worker-src 'self' blob:; frame-ancestors 'self' https://app.contentful.com 2
default-src * data:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 2
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'nonce-'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; frame-ancestors 'none' 2
default-src 'self'; connect-src 'self' matomo.sib.swiss noembed.com cdn.plyr.io sentry.sib.swiss www.vital-it.ch cdn.jsdelivr.net *.skynettechnologies.com *.skynettechnologies.us; font-src 'self' fonts.bunny.net cdn.jsdelivr.net *.skynettechnologies.com *.skynettechnologies.us fonts.gstatic.com cdnjs.cloudflare.com data: ; img-src 'self' www.sib.swiss matomo.sib.swiss data: i.ytimg.com *.twitter.com wayf.switch.ch infozentrum.ethz.ch https://raw.githubusercontent.com/sib-swiss/  ui-avatars.com https://www.gstatic.com *.skynettechnologies.com *.skynettechnologies.us blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.sib.swiss cdn.plyr.io www.youtube.com https://cdn.jsdelivr.net wayf.switch.ch cdnjs.cloudflare.com code.jquery.com static.filestackapi.com https://www.google.com https://www.gstatic.com https://www.recaptcha.net *.skynettechnologies.com *.skynettechnologies.us cdn.datatables.net ajax.googleapis.com player.vimeo.com; style-src 'self' 'unsafe-inline' cdn.plyr.io fonts.bunny.net wayf.switch.ch cdnjs.cloudflare.com cdn.jsdelivr.net *.skynettechnologies.com fonts.googleapis.com cdn.datatables.net; frame-src 'self' www.youtube-nocookie.com https://www.google.com https://www.recaptcha.net https://e.issuu.com player.vimeo.com; frame-ancestors 'self' https://sibcloud.sharepoint.com/ https://intranet.sib.swiss/; worker-src 'self' blob: ; media-src 'self' blob:;  2
default-src 'unsafe-inline' knapp.com *.knapp.com blob: *.doubleclick.net fonts.googleapis.com; connect-src knapp.com *.knapp.com data: *.googleapis.com static.hsappstatic.net *.hubapi.com www.gstatic.com sourcemap.devowl.io px.ads.linkedin.com yoast.com my.yoast.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.google.com *.google-analytics.com *.hubspot.com *.hsforms.net *.hsforms.com hubspot-forms-static-embed-eu1.s3.amazonaws.com forms-eu1.hscollectedforms.net cta-eu1.hubspot.com *.leadinfo.net *.leadinfo.com broadcast.knapp.com *.knapp.at knapp.piwik.pro px.ads.linkedin.com *.google.com *.doubleclick.net knapp.containers.piwik.pro web-tracking.cloud.knapp.com; font-src data: maxcdn.bootstrapcdn.com *.gstatic.com static.hsappstatic.net use.typekit.net knapp.com *.knapp.com; frame-src *.hubspot.com *.hsforms.net *.hsforms.com app.hubspot.com *.facebook.com www.googletagmanager.com www.google.com *.google-analytics.com www.youtube-nocookie.com www.youtube.com *.vimeo.com *.hs-sites-eu1.com *.doubleclick.net *.maxr.at knapp.com *.knapp.com; img-src * data: blob:; media-src data: *.gstatic.com cdn-public.borlabs.io knapp.com *.knapp.com; script-src 'unsafe-eval'; script-src-attr 'unsafe-inline'; script-src-elem blob: *.cloudfront.net *.facebook.com *.facebook.net *.fullstory.com www.googletagmanager.com *.googleadservices.com *.googleapis.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com js-eu1.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hsforms.net *.hubspot.com *.leadinfo.net connect.facebook.net googleads.g.doubleclick.net knapp.containers.piwik.pro knapp.piwik.pro snap.licdn.com web-tracking.cloud.knapp.com www.googletagmanager.com www.google.com *.google-analytics.com www.gstatic.com www.youtube.com yoast.com knapp.com *.knapp.com 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem maxcdn.bootstrapcdn.com fonts.googleapis.com www.gstatic.com *.gstatic.com web-tracking.cloud.knapp.com 'unsafe-inline' knapp.com *.knapp.com; worker-src blob: knapp.com *.knapp.com; frame-ancestors knapp.com *.knapp.com *.hubspot.com *.maxr.at; report-to csp-endpoint 2
default-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://*.sender.mobi  'unsafe-inline'; frame-src 'self' https://*.gravatar.com https://*.google.com https://*.sender.mobi; script-src 'self' https://*.sender.mobi https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.gravatar.com https://www.google.com https://www.google.com.ua https://*.sender.mobi https://www.google-analytics.com  https://*.gstatic.com data:; object-src 'self'; font-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com data:; style-src * blob: 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://*.sender.mobi https://fonts.gstatic.com https://fonts.googleapis.com 'unsafe-inline'; 2
default-src 'none'; style-src 'self'; img-src 'self' 2
default-src 'none'; script-src 'self' https://*.googletagmanager.com; font-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' data: https://maps.dnslytics.org https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self'; form-action https://search.dnslytics.com/; 2
default-src 'self' https://storage.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://unpkg.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://script.tapfiliate.com https://superal.github.io https://app.termly.io https://www.google.com https://cdn.plot.ly https://maps.googleapis.com https://storage.googleapis.com https://static.cloudflareinsights.com https://www.gstatic.com https://js.stripe.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://storage.googleapis.com https://cdn.jsdelivr.net;img-src 'self' data: blob: https://bitcoin.org https://i.ytimg.com https://storage.googleapis.com https://cdn.jsdelivr.net https://flagcdn.com;font-src 'self' data: https://storage.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;connect-src 'self' data: blob: https://www.google.com https://storage.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://*.bitcoinmagazinepro.com wss://*.bitcoinmagazinepro.com ws://*.bitcoinmagazinepro.com https://region1.google-analytics.com https://tapi.tapfiliate.com https://www.gstatic.com https://recaptcha.google.com https://flagcdn.com https://fonts.gstatic.com;frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://app.termly.io https://js.stripe.com;frame-ancestors 'self' https://*.bitcoinmagazinepro.com https://*.bitcoinmagazine.com https://bitcoinmagazine.com https://www.theblockchain-group.com https://bmpackagedev.wpengine.com/ https://*.upstream.so https://upstream.so http://stream.upstream.so/ https://stream.upstream.so/ http://bitcoin-for-corporations.webflow.io/ http://corporations.b.tc/ https://b.tc; 2
child-src blob:; default-src 'self' data: https://*.redsift.com https://red-sift.prismic.io/ https://*.internal.prismic.io/* https://hook.integromat.com/ https://sentry.io/ https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://*.wistia.com https://*.wistia.net; font-src 'self' https://*.redsift.com https://fonts.gstatic.com/ data: chrome-extension: moz-extension: safari-web-extension: https://*.hotjar.com https://*.wistia.com; img-src 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google.co.uk https://googleads.g.doubleclick.net https://googletagmanager.com https://www.google-analytics.com https://www.google.com https://google.com https://*.google.com https://*.hotjar.com https://images.prismic.io https://*.internal.prismic.io/* https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://red-sift.cdn.prismic.io https://images.prismic.io; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.redsift.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://static.cdn.prismic.io/ https://prismic.io https://*.internal.prismic.io/* https://consent.cookiebot.com https://consentcdn.cookiebot.com/ https://munchkin.marketo.net/ https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://tag.clearbitscripts.com/v1/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tags.js https://reveal.clearbit.com/v1/companies/reveal https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/destinations.min.js https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tracking.min.js https://secure.oita4bali.com/js/151998.js https://secure.oita4bali.com/Track/Capture.aspx https://*.hotjar.com https://static.hotjar.com/c/hotjar-3150796.js https://j.6sc.co/j/80f37845-a767-46c9-9ad5-abb58133cf39.js https://j.6sc.co/6si.min.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://js.driftt.com https://widget.drift.com https://js.sentry-cdn.com https://challenges.cloudflare.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://cdn.jsdelivr.com https://cdn.jsdelivr.net; style-src 'self' blob: 'unsafe-inline' https://*.redsift.com https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.hotjar.com https://fast.wistia.com; frame-src 'self' https://*.googlesyndication.com https://td.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://consentcdn.cookiebot.com https://red-sift.prismic.io/ https://*.internal.prismic.io/* https://www.youtube.com https://www.google.com https://*.hotjar.com https://fast.wistia.com https://fast.wistia.net https://js.driftt.com https://widget.drift.com https://challenges.cloudflare.com https://hemsync.clickagy.com; connect-src https://radar-lite.redsift.cloud https://radar-lite.redsift.io 'self' https://*.redsift.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google-analytics.com https://*.google.com https://*.google.de https://*.google.no https://*.google.ca https://*.google.ch https://*.google.es https://*.google.it https://*.google.co.uk https://*.google.co.nz https://*.google.co.au https://*.google.nl https://*.google.fr https://*.google.be https://*.google.se https://*.google.pt https://images.prismic.io https://red-sift.cdn.prismic.io https://red-sift.cdn.prismic.io/api/v2 https://red-sift.cdn.prismic.io/api/v2/documents/search https://*.internal.prismic.io/* https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com https://px.ads.linkedin.com/attribution_trigger https://hook.integromat.com/ https://api-eu.customer.io/v1/webhook/40a4a49d472519b0 https://webto.salesforce.com https://api.github.com/repos/redsift/red-sift-website/dispatches https://*.mktoresp.com https://*.mktoutil.com https://*.ondmarc.com https://ondmarc.com https://ipforensics-svc.redsift.io/graphql https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://app.clearbit.com/v1/p https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://secure.adnxs.com/getuidj https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.algolia.net https://api.ipify.org wss://presence.api.drift.com https://aorta.clickagy.com https://hemsync.clickagy.com https://js.zi-scripts.com https://ws.zoominfo.com https://data.hockeystack.com  https://cdn.jsdelivr.net https://challenges.cloudflare.com https://browser-intake-datadoghq.com; worker-src 'self' blob:; frame-ancestors 'self' https://redsift.com https://*.redsift.com https://app.drift.com; report-uri https://o177043.ingest.sentry.io/api/1306227/security/?sentry_key=860eaee6b9674db6ac8d51d87a14fd84 2
child-src 'self' ; connect-src 'self'  'unsafe-inline'  'unsafe-eval' www.googletagmanager.com www.google.com *.googleadservices.com googleadservices.com *.favi.cz *.favi.sk bat.bing.net *.seznam.cz bianopixel.com *.biano.sk *.bianopixel.com *.heureka.group *.zbozi.cz *.sjwoe.com *.cj.com *.consentmanager.net *.googlesyndication.com *.smartlook.cloud *.exponea.com *.creativecdn.com *.sentry.io *.lmc.cz *.ecomailapp.cz *.googleapis.com *.google-analytics.com *.google.com *.g.doubleclick.net *.google.cz *.google-analytics.com *.google.com *.g.doubleclick.net *.linkedin.oribi.io *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.smartlook.com *.bing.com *.biano.cz *.amazonaws.com *.pinterest.com *.clarity.ms *.mczbf.com *.facebook.com *.homecredit.cz *.jsdelivr.net *.packeta.com ws: ; default-src 'self' ; font-src 'self' *.zbozi.cz *.cj.com *.mapy.cz *.lmc.cz *.typekit.net *.gstatic.com *.mczbf.com *.clarity.ms data: ; form-action * 'unsafe-inline' ; frame-src 'self' *.gls-czech.cz *.google.com *.youtube.com *.youtube-nocookie.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.sproutvideo.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz *.facebook.com *.vub.sk *.zbozi.cz *.szn.cz *.packeta.com ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline'  'unsafe-eval' 'unsafe-hashes' bat.bing.net *.360yield.com *.openx.net *.smartadserver.com *.outbrain.com *.3lift.com *.adscale.de *.casalemedia.com *.taboola.com *.udmserve.net *.zbozi.cz *.teads.tv *.emjcd.com *.blob.core.windows.net *.orangeclickmedia.com *.sonobi.com *.rubiconproject.com *.seedtag.com *.adnxs.com *.mapy.cz *.typekit.net *.gstatic.com *.googleapis.com *.zasilkovna.cz *.zasielkovna.sk *.packeta.com *.packeta.sk *.google.cz *.google.com creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.mczbf.com *.pinterest.com *.consentmanager.net *.seznam.cz *.bing.com *.cloudfront.net *.google-analytics.com *.facebook.com *.clarity.ms *.rooom.com *.yahoo.com *.amazonaws.com *.consentmanager.net *.ecpaper.cz *.doubleclick.net *.homecredit.cz *.creativecdn.com *.payu.com *.googlesyndication.com *.smartsuppcdn.com *.kdukvh.com *.googletagmanager.com *.heureka.cz *.heureka.sk *.heureka.group *.dotomi.com data: ; manifest-src 'self' ; media-src 'self' *.smartsuppcdn.com ; object-src 'self' ; script-src 'self'  'unsafe-inline' 'unsafe-eval' *.favicdn.net bat.bing.net bianopixel.com *.biano.sk *.bianopixel.com *.heureka.cz *.heureka.sk *.heureka.group *.zbozi.cz *.cj.com *.exponea.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.favicdn.net bat.bing.net bianopixel.com *.bianopixel.com *.jsdelivr.net *.exponea.com *.mapy.cz *.lmc.cz *.twitter.com *.packeta.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz *.typekit.net *.etargetnet.com *.googlesyndication.com *.googleapis.com *.zbozi.cz *.heureka.cz *.heureka.sk *.heureka.group *.im9.cz im9.cz *.googleadservices.com googleadservices.com ; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' *.favicdn.net bat.bing.net *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src 'self'  'unsafe-inline'  'unsafe-eval' bat.bing.net *.zbozi.cz *.cj.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src-elem 'self'  'unsafe-inline'  'unsafe-eval' bat.bing.net *.mapy.cz *.lmc.cz *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src-attr 'self'  'unsafe-inline'  'unsafe-eval' bat.bing.net *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz; worker-src 'self' *.mczbf.com ; 2
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: data: 'unsafe-inline'; style-src-elem 'self' https: data: 'unsafe-inline';  img-src https: data:; font-src https:; media-src https:; frame-src https:; manifest-src 'self'; connect-src https: ws:; worker-src blob:; form-action 'self' https:; 2
default-src 'self'; script-src 'self' 'nonce-GCRgXRruYdvB9eCRCplWkA==' 'strict-dynamic' https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://challenges.cloudflare.com https://cookie-cdn.cookiepro.com https://cdn.cookielaw.org https://found.ee https://concordmusicgroup4thorg.my.site.com https://*.force.com https://*.salesforce.com https://widgetv3.bandsintown.com https://widgets.bandsintown.com https://widget.bandsintown.com https://cdn.jotfor.ms https://form.jotform.com https://www.jotform.com https://*.jotform.com https://*.jotfor.ms; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://challenges.cloudflare.com https://cookie-cdn.cookiepro.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://found.ee https://api.found.ee https://stats.g.doubleclick.net https://concordmusicgroup4thorg.my.site.com https://*.force.com https://*.salesforce.com https://rest.bandsintown.com https://api.bandsintown.com; img-src 'self' data: blob: https://www.google-analytics.com https://secure.gravatar.com https://gravatar.com https://cookie-cdn.cookiepro.com https://cdn.cookielaw.org https://www.google.com https://www.googleadservices.com https://t.co https://analytics.twitter.com https://found.ee https://api.found.ee https://stats.g.doubleclick.net https://*.bandsintown.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' https://www.googletagmanager.com https://challenges.cloudflare.com https://concordmusicgroup4thorg.my.site.com https://*.force.com https://*.salesforce.com https://*.forceusercontent.com https://open.spotify.com https://widgetv3.bandsintown.com https://widgets.bandsintown.com https://widget.bandsintown.com https://cookie-cdn.cookiepro.com https://cdn.cookielaw.org https://form.jotform.com https://www.jotform.com https://*.jotform.com https://*.jotfor.ms; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data:;  2
frame-ancestors mechannext.nl         mechanisatie.bmb-bruggeman.nl         groenoordbv.nl         www.tractors-and-machinery.com         lmbdewith.nl         csb-mechanisatie.nl         www.vidbag.nl         www.agrideals.nl         unicomoost.nl         favandervegt.nl         geert-jandekok.com         berhuynen.nl         www.lmbgeertsema.nl         www.kempmechanisatie.nl         www.uildriksmechanisatie.nl         www.farmstore.nl         abekservice.nl         vandeglindmechanisatie.nl         westerinklandbouwmachines.nl         www.peijnenburgmachines.nl         www.robertusmechanisatie.nl         lmbdebruin.nl         marijsse.eu         www.vandersluisbv.nl         lmbdebruijn.nl         www.roeleveld-mech.nl         hbeekhof.nl         pkriesels.nl         www.kooijkervandieren.nl         debruijn-zundert.nl         www.lmbvermeulen.nl         lmbvermeulen.nl         www.koolslmb.nl         www.lmbvandermeij.nl         vandalmc.nl         perdaems.com         vismechanisatie.nl         www.vismechanisatie.nl         meekes-groenlo.nl         dmservice.nl         www.vanderwerfbv.nl         www.hofstede-machinery.com         www.roeszevenaar.nl         dekruyf.nl         vandermaar.eu         www.boomsma-mechanisatie.nl         www.wijha.nl         frens.nl         www.demminkmechanisatie.nl         www.vantigchelt.be         www.lthnijmeijer.nl         www.dijkstramechanisatie.com         www.boma-lmb.nl         martienvisser.nl         www.bomech.nl         www.schoutenmechanisatie.nl         www.gebrheemskerk.nl         www.vosmechanisatie.nl         www.lmbstemerdink.nl         www.derooy-tractors.nl         verburgwaarder.nl         www.vanderweerdkampen.nl         www.heuvelmansbv.nl         www.markdebresser.nl         dekruyf.nl         sarinkelfrink.nl         www.lmbvdlaan.nl         hofmechanisatie.com         www.hoekengamechanisatie.nl         www.rutgersmechanisatie.nl         www.lmbvorden.nl         exalto-renswoude.nl         www.bijkernijeveen.nl         www.landbouwmechanisatiedenandel.nl         www.bolexlexmond.nl         mcv.nu         mc-p.nl         www.akkermanmechanisatie.nl         www.joldersma.com         veenstramechanisatie.nl         wagricom.com         lmbprins.nl         www.wopamechanisatie.nl         www.kortiermechanisatie.nl         ezendamborne.nl         www.evenhuis.nl         kuperus.frl         wasse.nl         smb-genderen.nl         agrotechniekoosterink.nl         www.bemumarknesse.nl         meerkerktraktoren.nl         www.lmbdenotter.nl         www.bmb-bruggeman.nl         www.lmbwielink.nl         www.rogo.nu         www.weeversbv.nl         www.groenewoud-tractoren.nl         www.mechatec.nl         www.weeversbv.nl         www.betuwemechanisatie.nl         suichies.nl         www.rovadi.nl         www.flierman-wilp.nl         vdiauctions.com         www.dijkstramechanisatie.nl         www.grsmachines.nl         www.mechanisatiehaarlemmermeer.nl         www.lmbguusgiesen.nl         www.hamoen-tractoren.nl         www.lmb-oosterhof.nl         vrielink-machinehandel.nl         lmbvanlochem.nl         blokmechanisatie.nl         vanrossenberg.com         lmb-deweertbakel.nl         www.denekkerenelzinga.nl         www.hofstede-machinery.com         www.vdbergmastenbroek.nl         www.lmbdenotter.nl         hanssenagro.nl         ebbersmechanisatie.nl         zeelandtrac.nl         veenma.nl         www.vofbouwmeester.nl         www.stolkmechanisatie.nl         brienen-mechanisatie.nl         www.peeters-vortum.nl         www.firmatenberge.nl         www.niensbv.nl         kamminga-haarlo.nl         www.lmbdoornbos.nl         www.dikkemamachines.nl         lmbdenengelsman.nl         dijk-ureterp.nl         schop-mechanisatie.nl         vandenbergmechanisatie.nl         rovem.com         tuijtelaars.nl         hollandsnoordkop.com         www.lmbverkuijlen.com         www.lmbschouten.nl         www.agriservicegerarddebruijn.nl         www.agroserviceoosterhof.nl         peetersgroup.com         vankalsbeek-gaast.nl         www.vankalsbeek-gaast.nl         peetersgroup.com         www.bezooijen-schreuders.nl         www.kleinnibbelink.nl         www.magielselmb.nl         toonsmink.nl         aldenzeelmb.nl         www.lmbhuurnink.nl         veenstramechanisatie.nl         berkerslandbouwmachines.nl         ko-bo.nl         oudealinktractoren.nl         www.msholdenburger.nl         www.seehoo.nl         vd-riet.nl         www.mhtractoren.nl         www.evenboer.nl         brakagro.nl         www.vandersluis.nl         www.bartagromechanisatie.nl         www.goversmechanisatie.nl         smederijhoekstra.nl         rosiergreidanus.nl         denboeragri.nl         www.schouten.ws         www.eissestechniek.nl         lugtenberg.nl         www.franspiek.nl         www.lmbmegens.nl         www.valkering-used-machines.com         www.lmbw.nl         smitenalles.nl         www.smitenalles.nl         www.agromachineryholland.com         www.vlaming-groep.nl         www.texelsunmechanisatie.nl         www.kubota-gelderland.nl         www.mechanisatiebedrijfhknoll.nl         m.hoekengamechanisatie.nl         everaardtechniek.nl         postel.nl         www.lesscher-lmb.nl         www.bertverhoef.nl         www.pater-deklomp.nl         heijmansagroservice.nl         www.vanderwerfbv.nl         combiwestmechanisatie.nl         www.holaras.com         www.markdebresser.nl         www.arjanvanlierop.nl         www.rademakermachines.nl         stefanruizmechanisatie.nl         www.next-machinery.com         multimachinery.nl         kraakman.com         basagriservice.eu         ho-agrab.nl         frakoolmb.nl         www.haank.nl         www.dehaaragri.nl         www.agrotechniekflevoland.nl         vanderveenlmb.frl         www.thijskwakkenbos.nl         www.hofstede-machinery.com         simulator.tractors-and-machinery.nl         www.henkslager.nl         henkslager.nl         damhuis-tractoren.nl         www.damhuis-tractoren.nl         lmbvandermeij.nl         www.lmbvandermeij.nl         giantknikladernoord.nl         www.giantknikladernoord.nl         www.abekservice.nl         abekservice.nl         www.schop-mechanisatie.nl         schop-mechanisatie.nl         agriservicebennovehof.nl         www.agriservicebennovehof.nl         grooten-euregiotrac.nl         www.grooten-euregiotrac.nl         kramerstart.nl         www.kramerstart.nl         versluismachinery.nl         www.versluismachinery.nl         langeslagtt.nl         www.langeslagtt.nl         nieuw.schop-mechanisatie.nl          langeslagttnl.wordpress.com         jagerlmb.nl         www.jagerlmb.nl 	heymsmechanisatie.nl 	www.heymsmechanisatie.nl         www.bandenservicereusel.nl; 2
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.npodoc.nl *.2doc.nl *.vprogids.nl *.brainwash.nl vpro.matomo.cloud omroephuman.matomo.cloud; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: blob:; img-src 'self' https: data:; frame-ancestors 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.gstatic.com; script-src-elem 'self' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://consent.cookiebot.com 'unsafe-inline'; connect-src 'self' https://rest.zse.hr https://*.google-analytics.com https://consentcdn.cookiebot.com; frame-src 'self' https://consentcdn.cookiebot.com https://youtube.com https://www.youtube.com https://www.google.com; img-src 'self' https://imgsct.cookiebot.com https://zse.hr data:; style-src 'self' 'unsafe-inline' 2
frame-ancestors 'self' https://admin.earlygame.com earlygame.com; 2
frame-ancestors 'self' builder.io code.gist.build 2
default-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com unpkg.com googletagmanager.com rum-static.pingdom.net www.google-analytics.com data: audio: kit.fontawesome.com ka-f.fontawesome.com fonts.gstatic.com rum-collector-2.pingdom.net connect.facebook.net www.facebook.com stats.g.doubleclick.net lifeblood.clevertar.app webau.blob.core.windows.net my-opa.donateblood.com.au www.youtube.com www.google.com oembed.libsyn.com fls.doubleclick.net dc.services.visualstudio.com js.clevertar.app https://bcvipsd20.rightnowtech.com/engagement/api/consumer/ https://my-opa.donateblood.com.au/web-determinations/redirectQuery aurcbloodservices.widget.custhelp.com region1.google-analytics.com region1.analytics.google.com https://aurcbloodservices.widget.custhelp.com https://characters.clevertar.app https://components.clevertar.app https://api.experianaperture.io/ snap.licdn.com ads.linkedin.com www.google.com.au/ads/ga-audiences cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads cdn.pdst.fm https://romeo.liveclicker.com https://previewpxy.liveclicker.com https://preview.analytics.lifeblood.com.au https://analytics.lifeblood.com.au/; connect-src 'self' intercept.inmoment.com.au csc.inmoment.com www.google-analytics.com rum-collector-2.pingdom.net maps.googleapis.com aurcbloodservices.widget.custhelp.com doubleclick.net https://components.clevertar.app https://qa-lifeblood.clevertar.app/ azure.com/ api.experianaperture.io my-opa.donateblood.com.au intercept-client.inmoment.com.au analytics.google.com analytics.tiktok.com ads.linkedin.com https://bcvipsd20.rightnowtech.com reddit.com https://preview.analytics.lifeblood.com.au https://analytics.lifeblood.com.au/ https://www.google.com/recaptcha/ www.googletagmanager.com/ https://pixel.byspotify.com https://pixel-config.reddit.com https://wa.onelink.me/v1/onelink; font-src 'self' kit.fontawesome.com cdnjs.cloudflare.com ka-f.fontawesome.com data: application: fonts.gstatic.com https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/staticresource/fonts/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteBloodQuiz/ https://my-opa.donateblood.com.au/euf/core/3.3/thirdParty/fonts/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteMilkQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteTravelQuiz/ my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads https://qa-lifeblood.clevertar.app/; frame-src 'self' www.youtube.com www.facebook.com oembed.libsyn.com www.google.com fls.doubleclick.net https://platform.twitter.com/ www.instagram.com www.linkedin.com https://api.experianaperture.io/ snap.licdn.com ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au feedback.inmoment.com.au preview.analytics.lifeblood.com.au; img-src 'self' www.w3.org/* data: https: http: image: blob: region1.google-analytics.com region1.analytics.google.com snap.licdn.com ads.linkedin.com cdn.linkedin.oribi.io gw.linkedin.oribi.io analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.facebook.com kit.fontawesome.com www.google-analytics.com ka-f.fontawesome.com googleads.g.doubleclick.net www.w3.org code.jquery.com www.youtube.com clevertar.azureedge.net www.googletagmanager.com rum-static.pingdom.net img.en25.com rum-collector-2.pingdom.net lifeblood.clevertar.app my-opa.donateblood.com.au https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ aurcbloodservices.widget.custhelp.com/ci/oit https://aurcbloodservices.widget.custhelp.com https://www.rnengage.com/api https://api.experianaperture.io/ https://aurcbloodservices.widget.custhelp.com/s/oit/latest/common/v0/libs/oit/ snap.licdn.com ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com cdn.pdst.fm https://romeo.liveclicker.com https://previewpxy.liveclicker.com https://preview.analytics.lifeblood.com.au https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' fonts.googleapis.com code.jquery.com img.en25.com my-opa.donateblood.com.au rum-static.pingdom.net www.googleadservices.com/ www.w3.org/* code.jquery.com/jquery-3.5.0.min.js kit.fontawesome.com www.youtube.com www.googletagmanager.com connect.facebook.net www.google-analytics.com clevertar.azureedge.net googleads.g.doubleclick.net www.gstatic.com/recaptcha/releases/ aurcbloodservices.widget.custhelp.com https://my-opa.donateblood.com.au/web-determinations/staticresource/ www.rnengage.com/api/ https://platform.twitter.com/ https://www.instagram.com/ https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com cdn.pdst.fm https://components.clevertar.app/ https://qa-lifeblood.clevertar.app/ https://r.turn.com https://preview.analytics.lifeblood.com.au/ https://websdk.appsflyer.com/ https://pixel.byspotify.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' ka-f.fontawesome.com/* https://fonts.googleapis.com/css https://clevertar.azureedge.net/UserInterface/evo/classic.css fonts.googleapis.com www.googletagmanager.com my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au https://components.clevertar.app https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' maps.googleapis.com/* unpkg.com fonts.googleapis.com kit.fontawesome.com www.googletagmanager.com clevertar.azureedge.net https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/staticresource/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteBloodQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteMilkQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteTravelQuiz/ my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au components.clevertar.app https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://www.lifeblood.com.au/report-uri/enforce; upgrade-insecure-requests 2
frame-ancestors 'self' https://metrika.yandex.ru https://metrica.yandex.com https://webvisor.com https://*.webvisor.com; 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2
frame-ancestors 'self' *.netopia-payments.com 2
frame-ancestors 'self' *.einnews.com *.einpresswire.com; 2
default-src 'none'; script-src 'nonce-0619123aa0' 'strict-dynamic';script-src-elem 'self' 'nonce-0619123aa0' *.hsforms.net *.hs-scripts.com *.googletagmanager.com *.google.com *.osano.com *.hubspot.com *.hsadspixel.net *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.facebook.net js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com schedule.zoominfo.com api.schedule.zoominfo.com  *.buzzsprout.com snap.licdn.com *.google-analytics.com *.hs-analytics.net *.usemessages.com googleads.g.doubleclick.net js-agent.newrelic.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.js https://gitjobs.dev https://*.gitjobs.dev *.platform.linuxfoundation.org lfx-segment.platform.linuxfoundation.org;style-src 'unsafe-inline' 'self' *.fontawesome.com fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.osano.com https://cdn.jsdelivr.net/jquery.slick/1.3.15/slick.css; object-src 'self' *.osano.com; base-uri 'self'; connect-src 'self' api-gw.platform.linuxfoundation.org js.zi-scripts.com *.hsforms.com *.hscollectedforms.net analytics.google.com *.google-analytics.com *.hubspot.com *.doubleclick.net *.hubapi.com *.linkedin.com *.osano.com aorta.clickagy.com  hemsync.clickagy.com ws.zoominfo.com api.schedule.zoominfo.com *.googleadservices.com www.googletagmanager.com *.google.com js-agent.newrelic.com *.platform.linuxfoundation.org lfx-segment.platform.linuxfoundation.org https://cdn.segment.com https://api.segment.io; font-src 'self' data: *.fontawesome.com fonts.gstatic.com; frame-src 'self' *.osano.com *.hsforms.com *.youtube.com *.google.com *.openssf.org *.landscape2.io *.buzzsprout.com aorta.clickagy.com hemsync.clickagy.com *.doubleclick.net zoom-lfx.platform.linuxfoundation.org https://gitjobs.dev https://*.gitjobs.dev; img-src 'self' data: *.buzzsprout.com *.hsforms.com *.hubspot.com *.hubspot.net *.linkedin.com *.ads.linkedin.com secure.gravatar.com *.w.org *.google.com *.google-analytics.com  *.facebook.com *.linuxfoundation.org https://googletagmanager.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com  *.amazonaws.com;manifest-src 'self'; media-src 'self'; worker-src blob: *.osano.com; frame-ancestors 'self'; form-action 'self' *.hsforms.com; 2
img-src 'self' data: blob: *;style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' blob:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.technipenergies.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googlesyndication.com https://d3js.org https://cdn.jsdelivr.net https://*.ten.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://www.gstatic.com https://d3js.org; img-src 'self' data: *; frame-src 'self' https://*.youtube.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com https://tools.eurolandir.com https://fr.zone-secure.net https://*.ten.com https://*.technipenergies.com https://sdk.companywebcast.com; frame-ancestors 'self' https://*.ten.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://bam.nr-data.net https://*.xiti.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://*.onetrust.com https://*.linkedin.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.google.com https://google.com https://www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src * https: ws: blob: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.smartsimple.biz https://www.google.com *.gstatic.com *.googleapis.com *.stripe.com *.paypal.com *.orcid.org https://orcid.org *.highcharts.com https://www.youtube.com *.walkme.com *.walkmeusercontent.com *.plaid.com;; frame-ancestors 'self'; object-src 'none' 2
frame-ancestors 'self' http://localhost:8080 https://api-internal-magnolia-author-dev.alpitour.it https://api-internal-magnolia-author-test.alpitour.it https://api-internal-magnolia-author-prod.alpitour.it 2
frame-ancestors 'self' *.e-spirit.hosting; base-uri 'self' 2
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com *.bootstrapcdn.com *.twitter.com nitropack.io *.nitrocdn.com maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com *.trustpilot.com *.twitter.com *.vimeo.com *.doubleclick.net nitropack.io chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://hdsunflower-hd1.ycb.me *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com *.trackedlink.net *.iubenda.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com https://firebasestorage.googleapis.com *.cloudflare.com *.google-analytics.com *.paypal.com *.twitter.com *.contentsquare.net nitropack.io *.nitrocdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.iubenda.com *.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io *.shopify.com *.addthis.com *.cloudflare.com *.fontawesome.com *.google-analytics.com googletagmanager.com graph.facebook.com *.moatads.com *.trustpilot.com widgets.pinterest.com *.contentsquare.com *.contentsquare.net cdn.tailwindcss.com cdn.jsdelivr.net chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com vimeo.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://embed.ycb.me https://acsbapp.com/apps/app/dist/js/app.js https://acsbapp.com/apps/app/dist/js/loader.js *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com https://www.pixiecommerce.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com *.googleapis.com *.gstatic.com *.twitter.com cdn.tailwindcss.com nitropack.io cdnjs.cloudflare.com *.nitrocdn.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://cdn.iubenda.com/iubenda_badge.css tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.iubenda.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.twitter.com *.contentsquare.net *.google-analytics.com *.nitrocdn.com nitropack.io chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com paypal.com *.vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://cdn.acsbapp.com/config/sunflower.dev.pixie.agency/config.json https://cdn.acsbapp.com/cache/app/wildcards.json https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://accesswidget-log-receiver.acsbapp.com https://cdn.acsbapp.com/config/hdsunflower.com/config.json *.addthis.com *.cardinalcommerce.com *.graph.instagram.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://cwc.kcenter.usu.com; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com  https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://www.googleanalytics.com https://openspeedtest.com https://www2.discoverflow.co https://www.discoverflow.co https://discoverflow.co https://analytics.discoverflow.co; form-action *; worker-src * blob:; 2
frame-ancestors 'self' https://*.bigbrotherawards.nl 2
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.com https://refinemirror.com https://*.affirm.com https://mirror.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self'  https://*.affirm.com https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.com https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none' 2
default-src 'self' https:; object-src 'none'; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.blackbaudhosting.com; frame-ancestors *.webnl.nl; font-src 'self' *.googleapis.com *.gstatic.com; frame-src https:; worker-src blob:; 2
frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; form-action 'self' https://hayward.com/customer/account/logout/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com   *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com www.paypal.com 'self' 'unsafe-inline'; style-src https://haywardpools.tfaforms.net/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css https://cdnjs.cloudflare.com *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com *.googleapis.com maxcdn.bootstrapcdn.com static.ecorebates.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; script-src https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-2.2.4.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js https://html5.dcatalog.com/dcviewer.js https://api.ipify.org/ https://unpkg.com/react@18/umd/react.production.min.js https://unpkg.com/react-dom@18/umd/react-dom.production.min.js https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://haywardpools.tfaforms.net/ https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://www.clarity.ms https://p.clarity.ms https://i.clarity.ms https://scripts.clarity.ms https://www.clarity.ms/ https://*.clarity.ms/ assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com   www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com *.paypal.com bam.nr-data.net js-agent.newrelic.com tfaforms.com adobedc.demdex.net https://www.clarity.ms/tag/g2gweglsfd https://cdn.bc0a.com/autopilot/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.yotpo.com *.disqus.com static.ecorebates.com hayward.ecorebates.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net www.paypal.com api.braintreegateway.com client-analytics.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://www.youtube.com 'self' *.adobe.com www.totallyhayward.com 'self' 'unsafe-inline'; img-src https://hayward-pool-assets.com https://haywardpools.tfaforms.net https://mavenoidfiles.com/ https://mavenoid.com/ https://www.facebook.com https://www.poolspaparts.net https://connect.facebook.net https://commerce.hayward-pool-assets.com/ https://*.clarity.ms/ data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com   www.paypalobjects.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.gstatic.com magefan.com cm.magefan.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.google.ca/ads/ga-audiences *.yotpo.com *.disqus.com https://img.youtube.com dhv2ziothpgrr.cloudfront.net www.paypal.com fpdbs.paypal.com *.hayward-pool-assets.com data: 'self' 'unsafe-inline'; frame-src http://www.haywardnet.com https://html5.dcatalog.com https://haywardpools.tfaforms.net https://maps.google.com/ blob: https://haywardpools.tfaforms.net/72 fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com   pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * haywardpools.tfaforms.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com www.paypal.com 'self' 'unsafe-inline'; font-src https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/ www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://app.mavenoid.com/fonts/ https://widget-hosts.mavenoid.com/fonts/hayward-fonts/ *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com maxcdn.bootstrapcdn.com static.ecorebates.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; connect-src https://www.haywardnet.com/inground/products/energysolutions/getEnergyCalculatorResults.cfm https://hayward.ecorebates.com/ https://hayward-test-jsons.s3.amazonaws.com/data/locationData.json https://hayward-test-jsons.s3.amazonaws.com/data/featuresData.json https://hayward-test-jsons.s3.amazonaws.com/data/materialData.json https://hayward-test-jsons.s3.amazonaws.com/data/propertyTypeData.json https://hayward-test-jsons.s3.amazonaws.com/data/shapeSizeData.json https://hayward-test-jsons.s3.amazonaws.com/data/galleryData.json https://www.youtube.com https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://us-east-1-otel.formassembly.com/v1/traces https://stats.g.doubleclick.net/g/collect https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ https://commerce.hayward-pool-assets.com/magento/ https://haywardpools.tfaforms.net/72 https://i.clarity.ms https://e.clarity.ms https://connect.facebook.net https://www.facebook.com https://*.clarity.ms/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com   www.paypalobjects.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com api.addressy.com *.cardinalcommerce.com bam.nr-data.net js-agent.newrelic.com https://ixfd2-api.bc0a.com https://cdn.bc0a.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com www.paypal.com api.braintreegateway.com client-analytics.braintreegateway.com 'self' 'unsafe-inline'; default-src  'self' 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors *.fraport.com *.fraport.de https://fraportag.sharepoint.com http://www.fra-spotterforum.de; 2
frame-ancestors 'self' trocadero.com cyberattic.com vervendi.com *.trocadero.com *.cyberattic.com *.vervendi.com authorize.net *.authorize.net; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.sharethis.com *.civiccomputing.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.facebook.net unpkg.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.recaptcha.net; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com unpkg.com; object-src 'none'; base-uri 'self'; connect-src 'self' unpkg.com *.facebook.com *.googleadservices.com *.google.co.uk *.google.com vimeo.com *.sharethis.com *.civiccomputing.com cdn.jsdelivr.net fonts.gstatic.com fonts.googleapis.com https://api.postcodes.io *.paypoint.com *.bugsnag.com *.google-analytics.com; font-src 'self' fonts.gstatic.com data:; frame-src 'self' open.spotify.com *.doubleclick.net *.googletagmanager.com heyzine.com *.youtube.com *.vimeo.com *.facebook.com *.google.com *.recaptcha.net; img-src 'self' data: *.sharethis.com *.vimeocdn.com *.umbraco.com *.openstreetmap.org *.doubleclick.net *.facebook.com *.google-analytics.com *.google.co.uk *.google.com *.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
default-src 'self' data: snippet.maze.co heapanalytics.com js.hs-analytics.net tag.demandbase.com prompts.maze.co/api/widgets js.hs-analytics.net secure.intelligent-business-7.com api.investisdigital.com;child-src blob:;style-src 'self' blob: 'unsafe-inline' *.googleapis.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com *.gbg.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud *.stackadapt.com ifaqs.flexanswer.com du89v9a480hlb.cloudfront.net *.jquery.com heapanalytics.com https://*.maze.co/ *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net webeo-web-content.s3-eu-west-1.amazonaws.com;img-src 'self' 'unsafe-inline' *.gravatar.com data: gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.gbg.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net analytics.twitter.com googleads.g.doubleclick.net *.stackadapt.com *.azr.footprintdns.com *.hsforms.com *.6sc.co *.6sense.com *.jquery.com heapanalytics.com https://*.maze.co/ js.hscta.net no-cache.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net webeo-web-content.s3-eu-west-1.amazonaws.com bat.bing.net;font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud heapanalytics.com https://*.maze.co/;media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com *.hs-banner.com *.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com *.gbgplc.com *.gbg.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net *.hs-analytics.net *.hsleadflows.net *.hsadspixel.net js.hscta.net *.hubspot.com static.hsappstatic.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hubspotfeedback.com feedback.hubapi.com sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com *.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com *.hsforms.net *.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com *.atmrum.net *.stackadapt.com www.googleoptimize.com resources.customersure.com du89v9a480hlb.cloudfront.net js.hubspot.com *.6sc.co *.6sense.com cdn.heapanalytics.com heapanalytics.com https://*.maze.co/ secure.intelligent-business-7.com www.clarity.ms webeo-web-content.s3-eu-west-1.amazonaws.com ldynamicspublicapi.leadforensics.com secure.leadforensics.com assets.calendly.com browser.sentry-cdn.com;connect-src 'self' *.google-analytics.com *.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.gbg.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net *.stackadapt.com maps.googleapis.com api.investisdigital.com hubspot-forms-static-embed.s3.amazonaws.com gbg.customersure.com *.6sc.co *.6sense.com uksouth-1.in.applicationinsights.azure.com cdn.linkedin.oribi.io heapanalytics.com https://*.maze.co/ js.hscta.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com client-api.auryc.com *.clarity.ms ldynamicspublicapi.leadforensics.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com px.ads.linkedin.com bat.bing.net;frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.net *.hsforms.com play.hubspotvideo.com *.hubspot.net *.hs-sites.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com codepen.io *.loqate.com *.buzzsprout.com www.edisoninvestmentresearch.com otp.tools.investis.com www.connectidfeed.com gbg.customersure.com *.6sc.co *.6sense.com *.hs-sites.com td.doubleclick.net calendly.com *.idology.com outlook.office365.com;frame-ancestors 'self' *.loqate.com gbgplc.interactgo.com;worker-src  blob:; 2
default-src 'self' *.amh.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amh.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.facebook.net *.launchdarkly.com *.stripe.com *.plaid.com *.levelaccess.net *.cdn.levelaccess.net *.crazyegg.com *.instagram.com *.skypack.dev *.meetelise.com *.blob.core.windows.net *.rezync.com *.privacymanager.io ; style-src 'self' 'unsafe-inline' *.amh.com *.googleapis.com *.typekit.net; img-src 'self' data: blob: *.amh.com *.umbraco.io *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.facebook.com *.instagram.com *.pinterest.com widgets.pinterest.com *.stripe.com *.plaid.com *.crazyegg.com *.box.com *.boxcloud.com *.youtube-nocookie.com *.insidemaps.com *.zillow.com *.rezync.com *.googletagmanager.com; font-src 'self' *.amh.com *.gstatic.com *.typekit.net; connect-src 'self' ws: *.amh.com *.signalr.net *.launchdarkly.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.applicationinsights.azure.com *.plaid.com *.levelaccess.net *.cdn.levelaccess.net *.umbraco.io *.meetelise.pubnubapi.com *.grafana.net *.box.com *.boxcloud.com *.windows.net *.microsoft.com *.crazyegg.com *.rezync.com *.sandbox.boompay.app *.boompay.app *.privacymanager.io *.rlcdn.com; media-src 'self' blob: *.amh.com *.vimeo.com *.vimeocdn.com *.youtube-nocookie.com *.boxcloud.com *.box.com; frame-src 'self' *.amh.com *.facebook.com *.youtube-nocookie.com *.vimeo.com *.box.com *.insidemaps.com *.stripe.com *.pinterest.com *.zillow.com *.plaid.com *.myworkdayjobs.com *.paymentus.io *.sandbox.boompay.app *.boompay.app *.powerbi.com *.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self' *.rcashqa.com; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.googleads.com *.googleadservices.com *.googletagservices.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.aspnetcdn.com *.vimeocdn.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://hcaptcha.com https://js.hcaptcha.com *.surveymonkey.com *.googleoptimize.com *.cookiebot.com *.vimeo.com *.facebook.net *.laborpublisher.de *.bing.com *.sonichealthcare.com *.onetrust.com *.laborpublisher.staging.lfda.de 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' *.googleapis.com *.sonichealthcare.com *.gstatic.com *.laborpublisher.de *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; connect-src data: 'self' *.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net *.google.com *.linkedin.com *.laborpublisher.de *.cookiebot.com *.onetrust.com *.laborpublisher.staging.lfda.de; font-src 'self' data: *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.o3n.io *.google.com *.googletagmanager.com *.bing.com *.facebook.com *.linkedin.com *.sonichealthcare.com *.sonichealthcare.co.uk *.laborpublisher.de https://www.teamviewer.com *.cookiebot.com *.onetrust.com *.laborpublisher.staging.lfda.de 'unsafe-inline'; frame-src 'self' https://forms.office.com *.google.com *.youtube.com https://www.zeemaps.com *.surveymonkey.com *.hcaptcha.com *.vimeo.com *.facebook.com https://www.youtube-nocookie.com https://scnem3.com *.softgarden.io *.cookiebot.com; object-src 'none'; 2
frame-ancestors 'self' https://speak.com https://usespeak.com https://*.speak.com https://*.usespeak.com 2
default-src megadepot.com www.google.com bid.g.doubleclick.net www.gstatic.com www.google-analytics.com ajax.googleapis.com             https://*.mylivechat.com https://c.bing.com;         script-src megadepot.com https://*.mylivechat.com connect.facebook.net s.pinimg.com ct.pinterest.com             https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://www.google.com             https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net             bat.bing.com www.paypal.com www.paypalobjects.com dashboard.stripe.com js.stripe.com polyfill.io             apis.google.com https://www.clarity.ms https://*.clarity.ms static-na.payments-amazon.com mylivechat.com             www.shopperapproved.com seal-boston.bbb.org www.dwin1.com www.paypal.com www.sandbox.paypal.com https://mylivechat.com             'unsafe-eval' www.gstatic.com www.google.com             https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:             'unsafe-inline' www.google-analytics.com *.yotpo.com             code.jquery.com maxcdn.bootstrapcdn.com https://m.stripe.network;         frame-src megadepot.com https://www.youtube.com www.facebook.com www.pinterest.com ct.pinterest.com js.stripe.com             payments.amazon.com static-na.payments-amazon.com apay-us.amazon.com www.paypal.com www.paypalobjects.com             https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://*.doubleclick.net             https://*.googletagmanager.com https://*.mylivechat.com www.sandbox.paypal.com *.google.com;         connect-src megadepot.com ct.pinterest.com https://*.clarity.ms             staticw2.yotpo.com bat.bing.com www.facebook.com payments-sandbox.amazon.com payments.amazon.com apay-us.amazon.com             www.paypal.com www.sandbox.paypal.com wss://*.mylivechat.com             https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com             https://google.com *.google.com https://*.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com data: blob:;         img-src megadepot.com megadepot.com bat.bing.com bing.com ct.pinterest.com p.yotpo.com https://*.paypal.com             yotpo-editor-production.s3.amazonaws.com www.paypal.com www.paypalobjects.com www.facebook.com https://*.clarity.ms             https://c.bing.com https://i.ytimg.com https://*.cloudfront.net seal-boston.bbb.org https://shareasale.com             https://*.mylivechat.com images-na.ssl-images-amazon.com             *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao             *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be             *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br             *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg             *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr             *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm             *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi             *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi             *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht             *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it             *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg             *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls             *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk             *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx             *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no             *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg             *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py             *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se             *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr             *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn             *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk             *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws             *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat             https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.gstatic.com             https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://*.g.doubleclick.net             https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:;         style-src megadepot.com https://tagmanager.google.com             'unsafe-inline' https://fonts.googleapis.com             'unsafe-eval' https://*.mylivechat.com fonts.googleapis.com staticw2.yotpo.com maxcdn.bootstrapcdn.com;         font-src megadepot.com https://fonts.gstatic.com data: maxcdn.bootstrapcdn.com staticw2.yotpo.com;         worker-src megadepot.com blob:; 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' liveperson.net https:; style-src 'unsafe-inline' liveperson.net https: 2
frame-ancestors https://sbgi.net; upgrade-insecure-requests 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.cloudfront.net *.iadvize.com *.twilio.com *.launchdarkly.com *.brandlock.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.meetanshi.com https://plumrocket.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.doubleclick.net www.googletagmanager.com *.webeyez.com tst.kaptcha.com diyrepairguide.softr.app *.iadvize.com *.twilio.com *.launchdarkly.com wss://*.twilio.com wss://*.iadvize.com *.brandlock.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com 'self' data: cdn.amplifi.pattern.com/ *.cloudfront.net meetanshi.com www.magecomp.com *.brandlock.io *.bing.com *.iadvize.com *.twilio.com *.launchdarkly.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.meetanshi.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net static.klaviyo.com *.webeyez.com *.bing.com *.cloudfront.net cdnjs.cloudflare.com *.noibu.com static-tracking.klaviyo.com *.brandlock.io *.iadvize.com *.twilio.com *.launchdarkly.com *.purechatcdn.com *.purechat.com https://app.purechat.com https://ssl.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.googleapis.com *.cloudfront.net *.klaviyo.com *.iadvize.com *.twilio.com *.launchdarkly.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com cdn.ampproject.org *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.meetanshi.com *.google-analytics.com https://www.google-analytics.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net cdn.amplifi.pattern.com fast.a.klaviyo.com static-forms.klaviyo.com *.cloudfront.net *.webeyez.com *.brandlock.io *.doubleclick.net *.iadvize.com *.twilio.com wss://*.twilio.com wss://*.iadvize.com *.launchdarkly.com *.purechat.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.iadvize.com *.brandlock.io https://ssl.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; font-src data: 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline'; img-src data: blob: 'self'; frame-ancestors 'self'; frame-src 'self' https:; script-src 'self' 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; connect-src 'self' https:; object-src 'none'; base-uri 'self'; 2
default-src 'self' *.informz.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ngpvan.com js.verygoodvault.com *.everyaction.com *.votervoice.net *.googletagmanager.com *.knowledgeowl.com *.wistia.com *.bugherd.com *.jquery.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.facebook.net *.youtube.com *.twitter.com *.marketo.net *.eloqua.com *.createaclickablemap.com *.dwcdn.net *.js.monitor.azure.com *.informz.net https://js.monitor.azure.com/scripts/b/ai.2.min.js *.vimeo.com *.youtube.com; style-src 'self' 'unsafe-inline' *.everyaction.com *.knowledgeowl.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.twimg.com *.typekit.net *.informz.net; font-src *; img-src * data:; media-src 'self' data: blob: *.wistia.com; form-action *.everyaction.com *.informz.net; frame-src *.createaclickablemap.com *.dwcdn.net https://www.google.com *.votervoice.net *.everyaction.com *.informz.net https://createaclickablemap.com/ https://js.verygoodvault.com/ *.vimeo.com *.youtube.com; child-src 'self' *.verygoodvault.com *.knowledgeowl.com *.twitter.com *.youtube.com *.vimeo.com *.soundcloud.com *.bugherd.com *.google.com *.wistia.com *.wistia.net *.facebook.com *.informz.net *.createaclickablemap.com *.dwcdn.net *.votervoice.net *.everyaction.com *.informz.net *.vimeo.com *.youtube.com; connect-src 'self' wss://*.pusher.com stats.g.doubleclick.net *.ngpvan.com *.apps.verygood.systems *.everyaction.com *.google.com *.google-analytics.com *.litix.io *.wistia.com *.bugsnag.com *.pusher.com *.bugherd.com *.createaclickablemap.com *.dwcdn.net eastus-8.in.applicationinsights.azure.com *.votervoice.net *.informz.net *.js.monitor.azure.com https://js.monitor.azure.com/scripts/b/ai.2.8.18.min.js.map *.vimeo.com *.youtube.com; 2
default-src 'self' https:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' 'unsafe-inline' http: https: data: blob:; connect-src 'self' https: blob:; worker-src 'self' https: blob: 2
default-src 'none';    style-src 'self' 'unsafe-inline' *;    script-src 'self' 'unsafe-eval' 'unsafe-inline' *;    img-src 'self' data: *;    media-src 'self';    object-src 'self';    font-src 'self' data: *;    frame-src 'self' *;    frame-ancestors 'none';    connect-src 'self' data: *;    worker-src 'self' blob: *; 2
frame-ancestors 'self' https://*.lexus.eu https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 2
"default-src 'self' *.gezondheid.be;" 2
frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 2
script-src 'self' https://www.google.com 2
default-src 'self'; connect-src 'self' *.hamburg.de *.contentflow.net www.etracker.de *.dataport.de sgx.geodatenzentrum.de sg.geodatenzentrum.de www.captcha.eu *.stage.bio hamburg.netzwerk-iq.de api.conword.io; script-src 'self' blob: *.stage.bio app.cituro.com www.youtube.com *.hamburg.de www.happymo.re hamburgde.happymo.re eyeable.hamburg.de www.eye-able-cdn.com code.etracker.com www.etracker.de *.contentflow.net iason.hamburg.de *.dataport.de www.captcha.eu hamburg.netzwerk-iq.de 'unsafe-inline'; style-src 'self' *.hamburg.de code.etracker.com www.etracker.de www.happymo.re hamburgde.happymo.re eyeable.hamburg.de www.eye-able-cdn.com *.contentflow.net iason.hamburg.de app.cituro.com hamburg.netzwerk-iq.de 'unsafe-inline'; img-src 'self' code.etracker.com www.etracker.de www.happymo.re hamburgde.happymo.re eyeable.hamburg.de static.hamburg.de www.eye-able-cdn.com *.contentflow.net iason.hamburg.de *.stage.bio hamburg.netzwerk-iq.de www.captcha.eu geodienste.hamburg.de data:; font-src 'self' code.etracker.com www.etracker.de eyeable.hamburg.de www.eye-able-cdn.com *.contentflow.net iason.hamburg.de cdn.cituro.com; frame-src *; frame-ancestors hamburg.de *.hamburg.de; media-src 'self' blob: contentflow: *.stage.bio 2
frame-ancestors 'self' https://duerrtablets.tema-hosting.de/ 2
default-src 'self';script-src 'self' https://unpkg.com https://33fc056e.cdn.archiebot.com 'unsafe-eval' 'unsafe-inline';style-src 'self' https://unpkg.com 'unsafe-inline';connect-src 'self' https://distributor.51degrees.com/ https://devicedatasubmissions.azurewebsites.net/api/Submit https://51degrees.tv/ch-test-api https://raw.githubusercontent.com/51Degrees/ https://raw.githubusercontent.com/actions/ https://cloud.51degrees.com/ https://33fc056e.cdn.archiebot.com/;font-src 'self';img-src 'self' data: http://images.51degrees.mobi https://images.51degrees.mobi https://51degrees.cachefly.net https://m.media-amazon.com https://raw.githubusercontent.com/51Degrees/ https://unpkg.com https://*.basemaps.cartocdn.com https://cdn.livewebinar.com;frame-src 'self' https://player.vimeo.com http://player.vimeo.com https://33fc056e.cdn.archiebot.com https://embed.archiebot.com/ 2
default-src 'self' https: data: blob; img-src 'self' https: data: blob; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data:; connect-src 'self' https: wss:; frame-ancestors 'self'; base-uri 'self'; object-src 'none'; upgrade-insecure-requests; trusted-types default 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://www.google.com https://www.gstatic.com https://beacon-v2.helpscout.net https://zencastr.com https://dev.visualwebsiteoptimizer.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-analytics.ne https://js.zi-scripts.com https://js.hs-analytics.net https://socialannexinc.widget.insent.ai https://googleads.g.doubleclick.net https://tags.clickagy.com https://static.hsappstatic.net https://www.annexcloud.com https://annexcloud.com data: https://unpkg.com https://js.hubspot.com https://j.6sc.co/6si.min.js https://j.6sc.co/ https://b.6sc.co https://*.clarity.ms https://annexcloud-9462504.hs-sites.com blob: https://js.adsrvr.org/ https://www.opinionstage.com/ https://cdn-app.pathfactory.com https://s.adroll.com https://cdn.optimizely.com https://cdn.annexcloud.com www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://www.annexcloud.com https://unpkg.com https://cdn-app.pathfactory.com https://cdn.optimizely.com https://cdn.annexcloud.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://forms.hsforms.com https://forms-na1.hsforms.com https://i.ytimg.com https://dev.visualwebsiteoptimizer.com https://track.hubspot.com https://r2.visualwebsiteoptimizer.com https://aorta.clickagy.com https://sync.crwdcntrl.net https://dpm.demdex.net https://pixel-sync.sitescout.com https://cm.g.doubleclick.net https://aa.agkn.com https://idsync.rlcdn.com https://d.agkn.com https://www.annexcloud.com https://r1.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://validator.swagger.io https://us-u.openx.net https://perf-na1.hsforms.com https://j.6sc.co/ https://b.6sc.co/ https://*.clarity.ms https://c.bing.com https://annexcloud-9462504.hs-sites.com https://opinionstage-res.cloudinary.com/ https://assets.opinionstage.com/ https://cdn.optimizely.com https://cdn.annexcloud.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com www.googletagmanager.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://dev.visualwebsiteoptimizer.com https://forms.hscollectedforms.net https://r2.visualwebsiteoptimizer.com https://js.hs-banner.com https://js.zi-scripts.com https://api.hubapi.com https://ws.zoominfo.com https://aorta.clickagy.com https://hemsync.clickagy.com https://socialannexinc.api https://pagead2.googlesyndication.com https://r1.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://cdn.annexcloud.com https://cta-service-cms2.hubspot.com https://ipv6.6sc.co/ https://c.6sc.co/ https://epsilon.6sense.com/ https://*.clarity.ms https://annexcloud-9462504.hs-sites.com https://forms-na1.hubspot.com/ https://eps.6sc.co/ https://v.eps.6sc.co/ https://www.opinionstage.com https://jukebox.pathfactory.com https://spcollector.pathfactory.com https://www.google.com/ccm/collect *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://s0.wp.com https://www.annexcloud.com https://cdn-app.pathfactory.com https://cdn.pathfactory.com https://cdn.optimizely.com https://cdn.annexcloud.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' https://cdn.optimizely.com https://cdn.annexcloud.com; frame-src 'self' https://www.google.com https://www.youtube.com https://zencastr.com data: blob: https://socialannexinc.widget.insent.ai https://meetings.hubspot.com https://forms.hsforms.com https://annexcloudplatform-us.site24x7signals.com https://annexcloudplatform-us.site24x7statusiq.com https://*.site24x7signals.com https://annexcloudplatform-apregion-1600872281861.site24x7statusiq.com https://annexcloudplatform-euregion-1600872281864.site24x7statusiq.com https://cdn.annexcloud.com https://td.doubleclick.net https://*.clarity.ms https://annexcloud-9462504.hs-sites.com https://app.hubspot.com https://insight.adsrvr.org https://match.adsrvr.org https://www.opinionstage.com https://annexcloud.pathfactory.com https://loyaltylounge.annexcloud.com https://player.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net www.googletagmanager.com; manifest-src 'self' https://www.annexcloud.com; child-src 'self' www.googletagmanager.com; worker-src 'self' blob:; frame-ancestors 'none' https://loyaltylounge.annexcloud.com https://annexcloud.pathfactory.com; upgrade-insecure-requests; block-all-mixed-content; 2
default-src * 'unsafe-inline' 'unsafe-eval';   script-src 'self' 'unsafe-inline' 'unsafe-eval' *.outbrain.com *.taboola.com connect.facebook.net www.googletagmanager.com s.go-mpulse.net snap.licdn.com px.ads.linkedin.com www.google-analytics.com www.facebook.com p.adsymptotic.com c.go-mpulse.net www.youtube.com amplify.outbrain.com s.ytimg.com cdnjs.cloudflare.com www.googleadservices.com maps.googleapis.com bringthemhomenow.net https://analytics.tiktok.com;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.outbrain.com *.taboola.com connect.facebook.net www.googletagmanager.com s.go-mpulse.net snap.licdn.com px.ads.linkedin.com www.google-analytics.com www.facebook.com p.adsymptotic.com c.go-mpulse.net www.youtube.com amplify.outbrain.com s.ytimg.com cdnjs.cloudflare.com www.googleadservices.com maps.googleapis.com googleads.g.doubleclick.net bringthemhomenow.net https://analytics.tiktok.com;   img-src 'self' data: maps.gstatic.com www.google-analytics.com maps.googleapis.com www.facebook.com *.outbrain.com *.taboola.com *.adnxs.com *.linkedin.com *.doubleclick.net; 2
default-src 'self'; style-src 'self'; script-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; 2
default-src 'self'; img-src * data:; media-src * blob:; font-src https: data:; style-src 'self' 'unsafe-inline'; frame-src *.google.com *.googlesyndication.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com *.vimeo.com *.doubleclick.net https://bandcamp.com; script-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.gstatic.com www.googletagmanager.com https://www.google-analytics.com *.googleapis.com *.googlesyndication.com *.google.com *.google.de *.googletagservices.com https://svcs.ebay.com https://cdn.ravenjs.com https://browser.sentry-cdn.com 'sha256-Us/oj4ftL5JKI9/5Nj0/Ccw+R4vMfgFLR5oEpbqJOiw='; connect-src 'self' *.modulargrid.net *.google-analytics.com https://www.googleapis.com *.googlesyndication.com https://sentry.io https://www.youtube.com https://www.youtube-nocookie.com https://*.googlevideo.com https://i.ytimg.com https://s.ytimg.com 2
default-src 'self' data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://*.etracker.com; frame-src 'self' https://open.spotify.com https://mafo1.myaudience.de/ https://www.youtube-nocookie.com/ https://www.giscloud.nrw.de/ https://www.googletagmanager.com https://td.doubleclick.net https://www.bankenumfrage.de/ https://*.fls.doubleclick.net/; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://static.hotjar.com https://script.hotjar.com https://static.newsletter2go.com https://mafo1.myaudience.de https://static.etracker.com https://code.etracker.com https://www.etracker.de https://www.evergabe.nrw.de https://connect.facebook.net https://snap.licdn.com https://www.googletagmanager.com https://*.doubleclick.net https://et.nrwbank.de http://et.nrwbank.de https://www.bankenumfrage.de/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/; style-src 'self' https://static.hotjar.com https://script.hotjar.com https://www.bankenumfrage.de/ 'unsafe-inline'; object-src 'none'; worker-src 'self' blob:; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.newsletter2go.com https://www.etracker.de https://api.friendlycaptcha.com https://eu-api.friendlycaptcha.eu wss://chat.nrwbank.de https://connect.facebook.net https://snap.licdn.com https://www.googletagmanager.com https://*.linkedin.com https://www.google.com https://www.facebook.com https://www.google.de https://www.googleadservices.com https://et.nrwbank.de http://et.nrwbank.de https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.google.com/ https://*.doubleclick.net/ ; img-src 'self' data: https://static.hotjar.com https://script.hotjar.com https://files.newsletter2go.com https://images.fdbserver.de https://api.fdbserver.de https://mafo1.myaudience.de https://api-prod.wolterskluwer.plusline.net/ https://api-staging.wolterskluwer.plusline.net/ https://www.facebook.com https://px.ads.linkedin.com https://www.google.com https://www.google.de https://*.doubleclick.net https://www.bankenumfrage.de/ https://www.googletagmanager.com/a https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/; font-src 'self' https://script.hotjar.com; upgrade-insecure-requests 2
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: https://cdnjs.cloudflare.com; connect-src *; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.cloudflare.com *.cookiepro.com *.addtoany.com unpkg.com *.licdn.com; img-src 'self' data: https: *.google-analytics.com *.googletagmanager.com https://px.ads.linkedin.com https://cookie-cdn.cookiepro.com; base-uri 'self'; frame-ancestors https://*.avoltaworld.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https: https://static.addtoany.com; 2
frame-ancestors *.willdan.com 2
default-src 'self' *.adobeaemcloud.com/ *.nutricia.nl/ https://dh-ui-eu.danone.com/ https://nutriciaprofessionals.cp.works/ https://shop.nutricia.be/ *.loprofin.de/ *.aptaclub.co.uk/ *.clarity.ms/ *.apta.com.hk/ *.crazyegg.com/ *.hotjar.com/ *.hotjar.io/ *.youtube.com/ https://app.chargebee.com/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ *.googlesyndication.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/  *.googleapis.com/ *.googletagmanager.com/ *.blueconic.net/ *.danone-dtc.net/ *.trustcommander.net/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ app.vwo.com/ *.visualwebsiteoptimizer.com/; style-src 'self' *.gigya.com/ *.tiktok.com *.typekit.net/ *.nutricia.nl/ *.apta.com.hk/ https://nutriciaprofessionals.cp.works/ https://shop.nutricia.be/ *.loprofin.de/ *.aptaclub.co.uk/ *.contactpigeon.com/ https://dh-playbook.danone.com/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ *.ggpht.com/ *.clarity.ms/ *.danone-dtc.net/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.digital4danone.com/ *.myfonts.net/ *.salesforce.com/ *.youtube.com youtube.com https://app.chargebee.com/  *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ https://www.google.nl/ *.docandu.com/ *.google.mk/ https://dh-ui-eu.danone.com/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.hotjar.com/ *.hotjar.io/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.pinimg.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.crazyegg.com/ *.amazon-adsystem.com/ *.channelsight.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.visualwebsiteoptimizer.com/ *.adimo.co/ app.vwo.com/ cdn.pushcrew.com/ 'unsafe-inline'; script-src 'self' *.clarity.ms/ *.gigya.com/ https://player.vimeo.com/ https://dh-ui-eu.danone.com/ https://nutriciaprofessionals.cp.works/ https://js-agent.newrelic.com/ https://shop.nutricia.be/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ https://dh-playbook.danone.com/ *.licdn.com *.usercentrics.eu *.ggpht.com/ *.tiktok.com *.monitor.azure.com/ https://s7g10.scene7.com/ *.teads.tv/ *.youtube.com/ *.channelsight.com/ *.typekit.net/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.salesforceliveagent.com/ *.force.com/ *.salesforce.com/ *.squarelovin.com/ https://squarelovin.com/ https://app.chargebee.com/ *.paypal.com/ *.nxtck.com/ *.googlesyndication.com/ *.adyen.com/ *.chargebee.com/ https://static.criteo.net/js/ld/ld.js *.criteo.com/ *.ytimg.com/ https://live2support.com/ *.mopinion.com/ *.docandu.com/ *.loprofin.de/ *.nutricia.nl/ *.apta.com.hk/ *.googletagmanager.com/ *.aptaclub.co.uk/ *.contactpigeon.com/ https://www.google.nl/ *.google.mk/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://s.pinimg.com/ *.tagcommander.com/ *.twitter.com/ *.pinterest.com/ *.instagram.com/ https://services.postcodeanywhere.co.uk/ *.commandersact.com/ *.facebook.net/ *.google.ie/ *.lpsnmedia.net/ *.pinimg.com/ *.danone-dtc.net/ *.visualwebsiteoptimizer.com/ *.channelsight.com/ *.adimo.co/ *.outbrain.com/ *.hotjar.com/ *.hotjar.io/ *.google.com/ *.google.com.ph/ *.google.co.in/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.aptaclub.de/ *.milupa.de/ *.gbqofs.com/ https://sgtm.nutricia.de/ *.crazyegg.com/ *.digital4danone.com/ *.aptaclub.at/ *.milupa.at/ *.aptaclub.ch/ *.milupa.ch/ *.aptaclub.com.vn/ *.addthisedge.com/ *.ads-twitter.com/ *.adnxs.com/ *.adventori.com/ https://adventori.com/ https://dsp.adfarm1.adition.com/ *.widgets.trustedshops.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.algolia.net/ *.facebook.net/ *.blueconic.net/ *.linkedin.oribi.io/ *.linkedin.com/ *.adnxs.com/ *.vivenio.de/ *.doubleclick.net/ *.amazon-adsystem.com/ *.google.ie/ *.google.co.in/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ app.vwo.com/ *.google.de/ cdn.pushcrew.com/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.gigya.com/ *.clarity.ms/ *.loprofin.de/ *.nutricia.nl/ *.apta.com.hk/ *.vimeocdn.com/ *.aptaclub.co.uk/ *.usercentrics.eu *.contactpigeon.com/ *.jquery.com/ https://dev.day.com/ https://dh-playbook.danone.com/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ https://www.aptaclub.de/ https://s7g10.scene7.com/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.force.com/ *.salesforce.com/ *.visualforce.com/ *.digital4danone.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.assetsadobe.com/ *.adyen.com/ *.ytimg.com/ *.live2support.com/ https://ca-live.adyen.com/ https://www.google.de/ https://www.google.nl/ https://www.cgbabyclub.co.uk/_jcr_content/_cq_featuredimage.coreimg.jpeg/1759485216081/ukcowandgatenewvirangeshot.jpeg https://dpm.demdex.net/ *.docandu.com/ *.visualwebsiteoptimizer.com/ *.channelsight.com/ *.adimo.co/ app.vwo.com/ useruploads.vwo.io/ https://dh-ui-eu.danone.com/ https://nutriciaprofessionals.cp.works/ https://shop.nutricia.be/ https://assets.adobedtm.com/ https://services.postcodeanywhere.co.uk/ http://danonegroup-stage.neolane.net/ https://ca-live.adyen.com/ *.cx.atdmt.com/ *.danone-dtc.net/ https://ct.pinterest.com/ *.outbrain.com/ *.danone.com/ *.atdmt.com/ *.pinterest.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.hotjar.com/ *.hotjar.io/ *.google.ie/ *.google.mk/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.pinimg.com/ *.pinterest.com/ *.facebook.com/ *.googletagmanager.com/ *.linkedin.com/ https://t.co/ *.adsrvr.org/ *.crm4d.com/ *.adotmob.com/ *.goldenbees.fr  *.taboola.com/ *.crazyegg.com/ *.mediavine.com/ *.ivitrack.com/ *.tremorhub.com/ *.spx.smartclip.com/ *.liadm.com/ *.smaato.net/ *.ads.yieldmo.com/ *.bing.com/ *.advertising.com/ *.criteo.com/ *.3lift.com/ *.smartadserver.com/ *.360yield.com/ *.pubmatic.com/ *.casalemedia.com/ *.yahoo.com/ *.teads.tv/ *.adform.net/ *.adscale.de/ *.media.net/ *.yieldlab.net/ *.bidswitch.net/ *.sharethrough.com/ *.twiago.com/ *.stickyadstv.com/ *.omnitagjs.com/ *.ad.smaato.net/ *.sxp.smartclip.net/ *.rubiconproject.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.ggpht.com/ *.google.gr/ *.blueconic.net/ https://sgtm.nutricia.de/ *.google.com/ *.amazon-adsystem.com/ *.google.fr/ *.google.es/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.id5-sync.com/ *.trustedshop.com/ *.google.de/; frame-src 'self' *.gigya.com/ *.clarity.ms/ *.loprofin.de/ *.nutricia.nl/ *.apta.com.hk/ *.akamaized.net https://dh-ui-eu.danone.com/ https://nutriciaprofessionals.cp.works/ https://shop.nutricia.be/ https://soundcloud.com/  https://dh-playbook.danone.com/ https://nutriciaprofessional.id/ https://staging.nutriciaprofessional.id/ https://staging-medtools.nutriciaprofessional.id/ https://medtools.nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ *.ggpht.com/ *.nutricia.de *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.paypal.com  *.adyen.com/ https://app.chargebee.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.tohklom.com/  *.tagcommander.com/ https://aax-eu.amazon-adsystem.com/ *.amazon-adsystem.com/ *.liveperson.net/ *.vimeo.com/ *.live2support.com/ *.docandu.com/ *.google.com/ *.aptaclub.co.uk/ *.google.mk/ *.lpsnmedia.net/ *.hotjar.io/ *.crazyegg.com/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.spotify.com/ *.cloudfront.net/ *.instagram.com/ *.soundcloud.com/ *.twitter.com/ *.pinterest.com/ *.trustcommander.net/ *.amazon-adsystem.com/ *.flockler.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.danone-dtc.net/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.algolia.net/ *.blueconic.net/ *.tagcommander.com/ *.google.de/ *.visualwebsiteoptimizer.com/ *.channelsight.com/ *.adimo.co/ useruploads.vwo.io/ app.vwo.com/; worker-src 'self' blob: ; connect-src 'self' *.adobe.io/ *.clarity.ms/ *.loprofin.de/ *.nutriciaprofessional.id/ *.nutricia.nl/ *.apta.com.hk/ https://dh-ui-eu.danone.com/ https://nutriciaprofessionals.cp.works/ https://shop.nutricia.be/ *.aptaclub.co.uk/ *.gigya.com/ *.algolianet.com/ *.contactpigeon.com/ *.algolia.io/ https://bam.eu01.nr-data.net/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ https://dh-playbook.danone.com/ *.usercentrics.eu *.teads.tv/ *.ggpht.com/ https://s7g10.scene7.com/ https://dc.services.visualstudio.com/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/  *.force.com/ *.salesforce.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.paypal.com *.sentry.io/ *.googlesyndication.com/ *.adyen.com/ *.live2support.com/ https://sentry.labdigital.nl *.addthis.com/ *.mopinion.com/ https://www.google.nl/ https://dpm.demdex.net/ *.visualwebsiteoptimizer.com/ *.channelsight.com/ *.adimo.co/ app.vwo.com/ *.docandu.com/ *.gbqofs.com/ *.gbqofs.io/ https://assets.adobedtm.com/ *.crazyegg.com/ *.danone-dtc.net/ *.ct.pinterest.com/ *.privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ *.commercetools.com/ *.google-analytics.com *.facebook.com/ *.tiktok.com/ *.facebook.net/ *.omtrdc.net/ *.hotjar.com/ *.pinterest.com/ *.trustcommander.net/ *.commander1.com/ *.sharethis.com/ *.doubleclick.net/ *.algolia.net/ *.facebook.net/ *.blueconic.net/ *.linkedin.oribi.io/ wss://*.hotjar.com/ *.hotjar.com/ *.hotjar.io/ *.linkedin.com/ *.google-analytics.com/ *.googleadservices.com/ *.amazon-adsystem.com/ https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.mk/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.google.gr/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ ; font-src 'self' *.gigya.com/ *.clarity.ms/ *.loprofin.de/ *.apta.com.hk/ *.channelsight.com/ *.nutricia.nl/ https://dh-ui-eu.danone.com/ https://nutriciaprofessionals.cp.works/ https://shop.nutricia.be/ *.aptaclub.co.uk/ *.danone-dtc.net *.typekit.net/ https://dh-playbook.danone.com/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.salesforce.com/ *.adyen.com/ *.squarelovin.com/ https://app.chargebee.com/  https://squarelovin.com/ *.googlesyndication.com/ *.gstatic.mopinion.com/ https://gstatic.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.danone-dtc.net/ *.google.mk/ https://vjs.zencdn.net/; media-src 'self' blob: *.lpsnmedia.net/ *.clarity.ms/ *.squarelovin.com/ *.channelsight.com/ *.digital4danone.com/ https://squarelovin.com/ *.blueconic.net/ https://app.chargebee.com/ *.adimo.co/ *.crazyegg.com/ *.hotjar.com/ *.hotjar.io/ *.amazon-adsystem.com/ *.googlesyndication.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.mk/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.digital4danone.com/ 2
object-src 'none'; default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; report-uri; worker-src 'self' blob: 2
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self' *.qbrick.com; media-src * blob:; worker-src * blob:; object-src 'self'; connect-src wss: https: 2
default-src https://cdn.qapitalapp.net 'self'; style-src https://cdn.qapitalapp.net 'self' 'unsafe-inline'; script-src https://cdn.qapitalapp.net https://*.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net 'self' 'unsafe-inline'; object-src 'none'; img-src https://*.google-analytics.com https://*.googletagmanager.com https://cdn.qapitalapp.net https://www.facebook.com 'self'; connect-src https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.qapitalapp.net https://stats.g.doubleclick.net https://analytics.tiktok.com 'self'; frame-ancestors 'none' 2
default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 2
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.userback.io *.readspeaker.com https://www.canto.com https://www.dacast.com https://cdn.jsdelivr.net https://maps.googleapis.com https://unpkg.com https://skaoint.matomo.cloud https://cdn.matomo.cloud/skaoint.matomo.cloud; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.userback.io *.readspeaker.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.canto.com https://www.dacast.com https://unpkg.com https://skaoint.matomo.cloud https://cdn.matomo.cloud/skaoint.matomo.cloud; img-src 'self' 'unsafe-inline' data: https://www.canto.com https://*.tile.openstreetmap.org https://cdn.jsdelivr.net https://*.google.com https://maps.gstatic.com https://api.mapbox.com; media-src 'self' *.canto.global *.cloudfront.net; frame-src 'self' *.youtube.com *.vimeo.com https://airtable.com *.canto.com *.canto.global; frame-ancestors *; child-src 'self' *.youtube.com *.vimeo.com https://airtable.com *.canto.com *.canto.global; font-src 'self' data: https://fonts.gstatic.com *.readspeaker.com https://cdn.jsdelivr.net https://fonts.googleapis.com; connect-src 'self' https://skaoint.matomo.cloud https://oauth.canto.global; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self'; img-src 'self' data: https://www.freeiconspng.com https://perf-na1.hsforms.com https://track.hubspot.com https://*.hsforms.com https://cdn2.hubspot.net https://i.vimeocdn.com https://f.vimeocdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://webcontent.whizeo.com https://*.ap-sandbox.com https://www.synergy-ins.com https://www.googletagmanager.com https://cdn-cookieyes.com https://gateway.zscalerthree.net https://www.linkedin.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://fonts.bunny.net https://forms.hsforms.com https://api.tiles.mapbox.com https://api.mapbox.com https://*.mapbox.com https://fonts.cdnfonts.com https://*.assuredpartners.com https://gateway.zscalerthree.net https://forms.logiforms.com; font-src 'self' https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net https://fonts.bunny.net https://cdn.jsdelivr.net https://fontsalex.b-cdn.net https://gateway.zscalerthree.net https://fonts.cdnfonts.com; frame-src 'self' https://forms.hsforms.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.net https://flimp.live https://share.hsforms.com https://*.icims.com https://www.google.com https://forms.logiforms.com https://*.vimeocdn.com https://rohrer564.sharefile.com https://www.googletagmanager.com https://gateway.zscalerthree.net https://forms.xilo.io https://*.ubembed.com https://*.pages.ubembed.com https://*.assuredpartners.com; frame-ancestors 'self' https://forms.hsforms.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.net https://flimp.live https://share.hsforms.com https://gateway.zscalerthree.net https://*.icims.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.js.ubembed.com https://*.ubembed.com https://*.activehosted.com https://www.googletagmanager.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hubspot.com https://js.hsforms.net https://ajax.googleapis.com https://forms.hsforms.com https://edge.fullstory.com https://munchkin.marketo.net https://player.vimeo.com https://api.tiles.mapbox.com https://snap.licdn.com https://extend.vimeocdn.com https://static.hotjar.com https://api.mapbox.com https://*.mapbox.com https://*.hotjar.com https://unpkg.com https://acsbapp.com https://*.whizeo.com https://*.acsbapp.com https://www.google.com https://www.gstatic.com https://prism.app-us1.com https://forms.logiforms.com https://*.amazonaws.com https://cdn-cookieyes.com https://*.assuredpartners.com https://www.google-analytics.com https://clienteducation.apadvisors.com https://api.xilo.io https://gateway.zscalerthree.net https://ws.zoominfo.com https://*.pardot.com https://*.termly.io https://*.leadsrx.com https://googleads.g.doubleclick.net https://*.cookiereports.com https://app.termly.io; script-src-attr 'unsafe-inline'; worker-src 'self' blob:; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://api.hsforms.com https://track.hubspot.com https://edge.fullstory.com https://rs.fullstory.com https://406-iyu-042.mktoresp.com https://*.mktoresp.com https://px.ads.linkedin.com https://*.hotjar.io https://*.hotjar.com https://*.mapbox.com https://*.whizeo.com https://*.acsbapp.com https://www.google.com https://*.ubembed.com https://analytics.google.com https://app.termly.io https://us.consent.api.termly.io https://*.termly.io https://gateway.zscalerthree.net wss://ws.hotjar.com https://ws.zoominfo.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.leadsrx.com https://*.cookiereports.com https://stats.g.doubleclick.net; media-src 'self' https://fast.wistia.net https://embedwistia-a.akamaihd.net https://*.wistia.com https://gateway.zscalerthree.net https://*.youtube.com; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com; frame-ancestors 'self' *.jobbern.ch; 2
default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; worker-src 'self' blob:; frame-src 'self' https:; media-src 'self' https: blob:; 2
default-src 'self' https: data: blob:; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: https://mc.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://yandex.ru https://*.maps.yandex.net https://cloud.roistat.com https://www.google.com https://apis.google.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.recaptcha.net https://maps.googleapis.com https://maps.gstatic.com https://www.youtube.com https://s.ytimg.com https://player.vimeo.com; style-src 'self' https: 'unsafe-inline' data: https://fonts.googleapis.com blob:; img-src 'self' https: data: blob: https://mc.yandex.ru https://*.maps.yandex.net https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://yandex.ru https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://i.ytimg.com https://i.vimeocdn.com https://f.vimeocdn.com; font-src 'self' https: data: https://fonts.gstatic.com; connect-src 'self' https: wss: https://mc.yandex.ru https://cloud.roistat.com https://cloud-reserved.roistat.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://*.taxi.yandex.net; frame-src 'self' blob: https://mc.yandex.ru https://player.vimeo.com https://vkvideo.ru https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://docs.google.com https://maps.google.com https://www.youtube.com https://www.youtube-nocookie.com https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://yandex.ru; child-src blob: https://mc.yandex.ru https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://maps.google.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://vkvideo.ru https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://yandex.ru; upgrade-insecure-requests 2
object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adoberesources.net *.ads.linkedin.com *.apolloplatform.com *.brightcove.com *.brightcove.net *.clarity.ms *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.fti-cloud.com *.ftsites.com *.googleads.g.doubleclick.net *.kampyle.com *.linkedin.com *.linkedin.oribi.io *.marketo.com *.marketo.net *.mktoutil.com *.mktoweb.com *.mountain.com *.qualtrics.com *.taboola.com *.twimg.com *.yimg.com ads-api.twitter.com ads-twitter.com amplify.outbrain.com analytics.twitter.com apps.mypurecloud.com assets.adoberesources.net bat.bing.com browser-update.org cdn.cookielaw.org cdn.decibelinsight.net classify.gofurther.com collector-52407.us.tvsquared.com connect.facebook.net documentcloud.adobe.com lonrtp1-cdn.marketo.com munchkin.marketo.net p.adsymptotic.com platform.twitter.com resources.digital-cloud-west.medallia.com schema.apolloplatform.com script.mfilterit.net siteimproveanalytics.com sjs.bizographics.com snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.cloudflareinsights.com tr.outbrain.com trc.taboola.com up.pixel.ad vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net www.clarity.ms www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com zn9nsigbnk054lp8n-frk.siteintercept.qualtrics.com ; connect-src 'self' *.adobe.io *.ads.linkedin.com *.akamaihd.net *.analytics.google.com *.apolloplatform.com *.boltdns.net *.brightcove.com *.brightcove.net *.brightcovecdn.com *.browser-intake-datadoghq.com *.clarity.ms *.cloudhub.io *.decibelinsight.com *.decibelinsight.net *.digital-cloud-west.medallia.com *.doubleclick.net *.franklintempleton.com *.frk.com *.fti-cloud.com *.ftsites.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleads.g.doubleclick.net *.googletagmanager.com *.kampyle.com *.launchdarkly.com *.linkedin.com *.linkedin.oribi.io *.marketo.com *.mktoresp.com *.mktoutil.com *.mountain.com *.onetrust.com *.onetrust.io *.qualtrics.com *.taboola.com *.widen.net *.widencdn.net *.yimg.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 848-iap-939.mktoresp.com ads-api.twitter.com ads-twitter.com adservice.google.com analytics-fe.digital-cloud-west.medallia.com analytics.twitter.com api.intentiq.com bat.bing.com bat.bing.net browser-intake-datadoghq.com cdn.cookielaw.org cdn.linkedin.oribi.io classify.gofurther.com collector-52407.us.tvsquared.com dc.services.visualstudio.com fti.wsodqa.com hummingbirdwebsocket-va7.cloud.adobe.io p.adsymptotic.com pdswebapi.fti-cloud.com px.ads.linkedin.com resources.digital-cloud-west.medallia.com s.yimg.com session-replay.browser-intake-datadoghq.com siteimproveanalytics.com sjs.bizographics.com snap.licdn.com wss://*.adobe.io wss://*.decibelinsight.com wss://*.decibelinsight.net www.facebook.com www.fti.wallst.com www.google.com www.google.co.uk www.googleadservices.com www.googletagmanager.com assets.adoberesources.net ; img-src 'self' *.adsymptotic.com *.akamaihd.net *.analytics.google.com *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.franklintempleton.com *.fti-cloud.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kampyle.com *.linkedin.com *.qualtrics.com *.siteimproveanalytics.io *.stocksnap.io *.tvsquared.com *.twimg.com *.widen.net *.widencdn.net ad.doubleclick.net analytics.twitter.com assets.adoberesources.net bat.bing.com bat.bing.net browser-update.org c.bing.com c.clarity.ms classify.gofurther.com collector-52407.us.tvsquared.com connect.facebook.net d21y75miwcfqoq.cloudfront.net data: di.rlcdn.com fa.aidemsrv.com fml-x.com franklintempletonprod.widen.net lh3.googleusercontent.com pixel.sitescout.com platform.twitter.com px.ads.linkedin.com r.turn.com resources.digital-cloud-west.medallia.com rtp-static.marketo.com sp.analytics.yahoo.com sync.intentiq.com syndication.twitter.com t.co tk-static.fml-x.com tr.outbrain.com www.dianomi.com www.facebook.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.bn www.google.com.br www.google.com.cy www.google.com.hk www.google.com.im www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.it www.google.jo www.google.li www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.si www.google.sk ; font-src 'self' *.franklintempleton.com *.franklintempleton.lu *.ftsites.com *.typekit.net data: fonts.googleapis.com fonts.gstatic.com templeton.com ; style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.kampyle.com *.marketo.com *.typekit.net blob: fonts.googleapis.com fonts.gstatic.com platform.twitter.com ; worker-src blob: *.decibel.net ; frame-ancestors 'none'; 2
frame-ancestors 'self' https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net http://webvisor.com https://metrika.yandex.ru; 2
frame-ancestors 'self' https://www.bmedonline.es 2
report-uri /tullettprebon/report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self' https://app.pia4you.com http://erika.hotainment.info 2
font-src https://api-sogecommerce.societegenerale.eu/static/ *.fontawesome.com *.societegenerale.eu *.gstatic.com *.booxi.eu *.facil-iti.app *.facil-iti.com *.oney.io 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.cardinalcommerce.com *.societegenerale.eu clicandpay.groupecdn.fr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com https://www.google.com/recaptcha/ www.googletagmanager.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.cardinalcommerce.com *.societegenerale.eu *.doubleclick.net *.google.com challenges.cloudflare.com *.googletagmanager.com api-clicandpay.groupecdn.fr *.goodays.co *.booxi.eu *.cookiebot.com *.criteo.com *.appspot.com *.facil-iti.app *.facil-iti.com *.creativecdn.com *.transitions.com *.clarity.ms *.adsrvr.org 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' blob: data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.swagger.io https://sogecommerce.societegenerale.eu/static/latest/images/type-carte/ https://api-sogecommerce.societegenerale.eu/static/ https://sogecommerce.societegenerale.eu/vads-payment/ data: *.openstreetmap.org https://maps.googleapis.com *.magentocommerce.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com *.googletagmanager.com *.societegenerale.eu maps.googleapis.com *.optic2000.com *.amazonaws.com api-clicandpay.groupecdn.fr *.gstatic.com *.googlesyndication.com *.google.fr *.invibes.com *.mapbox.com *.criteo.com beyable.twic.pics *.beyable.com *.facil-iti.app *.facil-iti.com *.facebook.com *.oney.io *.googleusercontent.com *.prismic.io *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.cardinalcommerce.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.com *.societegenerale.eu challenges.cloudflare.com *.oney.io api-clicandpay.groupecdn.fr *.critizr.com *.booxi.eu *.facil-iti.app *.facil-iti.com *.cookiebot.com *.mapbox.com *.affilae.com *.mouseflow.com *.hotjar.com *.facebook.net *.criteo.com *.beyable.com *.creativecdn.com *.tiktok.com *.taboola.com *.abtasty.com *.windows.net maps.googleapis.com *.clarity.ms *.adsrvr.org *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api-sogecommerce.societegenerale.eu/static/ *.fontawesome.com *.societegenerale.eu *.gstatic.com *.googleapis.com *.goodays.co api-clicandpay.groupecdn.fr *.booxi.eu *.beyable.com 'self' 'unsafe-inline'; object-src *.adobe.com 'self' 'unsafe-inline'; media-src *.adobe.com *.optic2000.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ *.openstreetmap.org https://maps.googleapis.com tryon.cosium.com *.cardinalcommerce.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.societegenerale.eu t.elasticsuite.io maps.googleapis.com *.googlesyndication.com *.vtlicensing.com *.google.com *.doubleclick.net *.cookiebot.com *.mapbox.com *.hotjar.com *.hotjar.io *.creativecdn.com *.criteo.com *.taboola.com *.tiktok.com *.abtasty.com *.appspot.com *.windows.net *.facil-iti.app *.facil-iti.com *.oney.io *.clarity.ms *.adsrvr.org *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.societegenerale.eu *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; script-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline' data: blob: mediastream:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * blob: data: 'unsafe-inline'; worker-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval' 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://c.clarity.ms https://c.bing.com http://www.w3.org/2000/svg https://track.hubspot.com https://www.google.com/pagead/1p-user-list/10975822924/ https://www.googletagmanager.com https://forms-na1.hsforms.com/embed/v3/counters.gif https://perf-na1.hsforms.com/embed/v3/counters.gif https://kasmweb.com/assets/images/arw.svg https://b.sf-syn.com/badge_img/3267958/light-default https://cms.kasm.com https://cms.kasm.com/api/media/file; frame-ancestors 'self' https://app.hubspot.com; frame-src blob: https://app.customgpt.ai https://www.youtube.com https://www.google.com https://recaptcha.google.com https://app.kasmweb.com https://challenges.cloudflare.com https://app.hubspot.com https://www.googletagmanager.com https://license.kasmweb.com https://app.termly.io https://kasmweb.com https://forms.hsforms.com https://td.doubleclick.net https://www.kasmweb.com https://app.kasm.com  https://kasm.com; 2
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval' translate.google.com www.nitrokey.com; object-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'unsafe-inline' 'self' safari-extension www.nitrokey.com embetty.nitrokey.com data:; media-src 'self'; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self'; font-src 'unsafe-inline' 'self' data:; connect-src 'self' https://api.github.com; report-uri /report-csp-violation 2
frame-ancestors self https://signup.buildbox.com http://login-redirect.buildbox.com https://www.surveymonkey.com/r/K3GMYZC https://www.surveymonkey.com/r/QRNB36V https://www.surveymonkey.com 2
frame-ancestors 'self' https://kiosk.bluegreenowner.com https://hgvkiosk.bluegreenowner.com 2
connect-src 'self' *.clarity.ms azfnc-ccr-sitecorp-prd.azurewebsites.net *.grupoccr.com.br cs-siteprd-001.search.windows.net app-site-prd-002.azurewebsites.net maps.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.handtalk.me stats.g.doubleclick.net *.analytics.google.com www.facebook.com; script-src 'self' 'unsafe-eval' *.clarity.ms connect.facebook.net www.google.com www.gstatic.com maps.googleapis.com 'unsafe-inline' *.googletagmanager.com tagmanager.google.com *.handtalk.me apis.google.com www.youtube.com; frame-src 'self' *.facebook.com *.youtube.com *.google.com *.handtalk.me; media-src 'self' *.grupoccr.com.br; default-src 'self'; base-uri 'self'; font-src 'self' data: fonts.gstatic.com; frame-ancestors 'self'; img-src 'self' data: blob: c.bing.com c.clarity.ms *.grupoccr.com.br img.youtube.com i.ytimg.com maps.googleapis.com *.google.com *.google.com.br *.gstatic.com www.facebook.com *.google-analytics.com *.googletagmanager.com *.handtalk.me; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; form-action 'self' *.grupoccr.com.br *.motiva.com.br app-site-prd-002.azurewebsites.net azfnc-ccr-sitecorp-prd.azurewebsites.net cs-siteprd-001.search.windows.net www.facebook.com; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com browser.events.data.microsoft.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com images.ctfassets.net/8aevphvgewt8/; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 2
default-src 'self' https: data: blob:; img-src 'self' https: data: blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data:; media-src 'self' https: blob:; frame-src 'self' https:; connect-src 'self' https:; 2
frame-ancestors https://dgbuilder2.io http://dgbuilder2.io 2
font-src fonts.gstatic.com use.typekit.net *.cdnfonts.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://media.flixcar.com https://media.flixfacts.com *.oppwa.com https://cdn.cs.1worldsync.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.twitter.com https://credomatic.compassmerchantsolutions.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://staging.ptranz.com/api/spi/Conductor https://gateway.ptranz.com/api/spi/Conductor https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.google.com/ https://www.youtube.com *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.v1.modern-life-interactive.com https://v1.modern-life-interactive.com hn.ficoposonline.com *.cloudfront.net https://notrack.indexado.pmbox.cloud media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://centinelapistag.cardinalcommerce.com/ https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://vpos.infonet.com.py/ https://vpos.infonet.com.py:8888/ https://centinelapi.cardinalcommerce.com https://centinelapi.cardinalcommerce.com/V1/Cruise/Collect 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://www.magezon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://lcoimgprod-grupounicomer.netdna-ssl.com https://cmsuat.lacuracaonline.com https://maps.gstatic.com https://maps.googleapis.com/ *.online-metrix.net https://radioshackla-uat-grupounicomer.netdna-ssl.com https://log.pinterest.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://img.youtube.com https://www.facebook.com https://unicomer--c.na100.visual.force.com https://unicomer--c.vf.force.com https://unicomer.lightning.force.com https://unicomer.my.salesforce.com https://unicomer--uat.sandbox.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec *.demoup.com https://media.flixcar.com https://rt.flix360.com https://event.syndigo.cloud https://event.webcollage.net https://fonts.gstatic.com https://www.googletagmanager.com https://d3np41mctoibfu.cloudfront.net https://media.flixfacts.com https://content.syndigo.com https://s3-sa-east-1.amazonaws.com *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.ggpht.com https://cdn.cs.1worldsync.com https://files.alquimio.cloud https://fichashppervasive.blob.core.windows.net *.cc.cnetcontent.com https://mycliplister.com/ *.igodigital.com/ https://grupounicomerhelp.zendesk.com https://static.zdassets.com *.zendesk.com/ media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ https://cdn.cookielaw.org/ https://vibra.work/  https://lavenderblush-shrew-391234.hostingersite.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com * www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com *.fontawesome.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cdnfonts.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://service.force.com https://integracion.alignetsac.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://gollo.force.com https://unicomer.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://unicomer--uat.sandbox.my.site.com https://media.flixcar.com https://www.googletagmanager.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.1worldsync.com media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ unsafe-inline assets.braintreegateway.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; object-src https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://image.unicomermktg.com 'self' blob: *.demoup.com *.oppwa.com https://static.zdassets.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net * www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com thm.visa.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://maps.googleapis.com https://service.force.com/ https://log.pinterest.com https://h.online-metrix.net https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx blob: media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self';connect-src 'self' data: medbook.com medbook.nl medbook.be *.medbook.com *.medbook.nl *.medbook.be;style-src 'self' fonts.imengine.be 'unsafe-inline' *.typekit.net medbook.com medbook.nl medbook.be *.medbook.com *.medbook.nl *.medbook.be;font-src fonts.imengine.be *.typekit.net;script-src 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.googletagmanager.com use.typekit.net medbook.com medbook.nl medbook.be *.medbook.com *.medbook.nl *.medbook.be;img-src 'self' data: blob: medbook.com medbook.nl medbook.be *.medbook.com *.medbook.nl *.medbook.be;frame-src 'self' www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ medbook.com medbook.nl medbook.be *.medbook.com *.medbook.nl *.medbook.be;frame-ancestors 'self' medbook.com medbook.nl medbook.be *.medbook.com *.medbook.nl *.medbook.be;object-src 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests 2
media-src * 2
frame-ancestors 'self' https://trustseal.enamad.ir/ 2
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.vimeocdn.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com *.fontawesome.com https://fonts.bunny.net *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.vimeocdn.com *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.vimeocdn.com *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.trackedlink.net magefan.com cm.magefan.com *.disqus.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk google.de google.se google.fr googleadservices.com doubleclick.net *.doubleclick.net *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com https://img.youtube.com https://firebasestorage.googleapis.com https://maps.gstatic.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.avln.me/t.js *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.disqus.com https://cdn.jsdelivr.net *.hub-box.com *.doubleclick.net *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com js.stripe.com *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com https://cdn.jsdelivr.net *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.vimeocdn.com *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src *.vimeo.com 'self' 'unsafe-inline'; media-src *.adobe.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.vimeocdn.com *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.doubleclick.net *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeocdn.com *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.noibu.com wss://input.noibu.com *.hub-box.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: 'self' data: blob:; script-src https: 'self' blob: 'unsafe-inline' 'unsafe-eval' https://googletagmanager.com/gtm.js https://www.googletagmanager.com/gtm.js https://pagead2.googlesyndication.com https://v.hvl.no; style-src https: 'self' data: 'unsafe-inline' https://v.hvl.no https://app.everviz.com https://fonts.googleapis.com; connect-src https: 'self' wss://hvl.boost.ai/api/chat/v2/ws wss://ws.hotjar.com/api/v2/client/ws https://stats.g.doubleclick.net/g/collect https://pagead2.googlesyndication.com; frame-ancestors 'self' https://hvl.instructure.com; 2
frame-ancestors 'self'; report-uri /__csp-report 2
frame-ancestors 'self' https://outlook.office.com https://outlook.office365.com; 2
default-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://plausible.io https://google.com https://www.google.com; object-src 'self'; script-src 'self' https://plausible.io https://owlcarousel2.github.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com; child-src 'self' https://www.google.com; style-src 'self' 'sha256-QIjW/+aUzfg58HcITJNHkkCTGmLovNUIQbL+Zq2TsIE=' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sitkainsights.com/ https://*.newrelic.com/ https://*.youtube.com/ https://*.google.com/ https://*.facebook.net/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://*.recyclecoach.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net/ https://*.google-analytics.com/ https://*.googleapis.com/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net; img-src 'self' https://*.youtube.com/ https://*.ytimg.com/ https://*.twimg.com/ https://*.xx.fbcdn.net/ https://*.cdninstagram.com/ https://*.ggpht.com/ https://*.recyclecoach.com/ https://*.tableau.com/ https://*.googletagmanager.com/ https://*.zscloud.net/ https://*.gstatic.com/ https://*.google.com/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net; object-src 'self' https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.google.com/ https://*.arcgis.com/ https://*.arcg.is/ https://arcg.is/ https://*.ytimg.com/ https://*.calconic.com/ https://tagro.com/ https://*.flipsnack.com/ https://*.my-waste.mobi/ https://*.granicus.com/ https://*.workflowcloud.com/ https://*.nintex.io/ https://*.vimeo.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net; frame-src 'self' https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.google.com/ https://*.arcgis.com/ https://*.arcg.is/ https://arcg.is/ https://*.ytimg.com/ https://*.calconic.com/ https://tagro.com/ https://*.flipsnack.com/ https://*.my-waste.mobi/ https://*.granicus.com/ https://*.workflowcloud.com/ https://*.nintex.io/ https://*.vimeo.com/ https://*.recaptcha.net/ https://*.tableau.com/ https://*.zscloud.net/ https://govme.org/ https://*.nintex.io/ https://static.doubleclick.net; 2
frame-ancestors 'self' https://*.sms-digital.cloud; 2
frame-ancestors *.dreampairs.com 2
default-src 'unsafe-inline' https:; img-src data: https: 2
frame-ancestors 'self' https://*.revenue.io https://*.ringdna.net https://*.force.com 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' kalibrr.com *.kalibrr.com kalibrr.id *.kalibrr.id kalibrr.ph *.kalibrr.ph kalibrr.vn *.kalibrr.vn *.blitzllama.com https://tally.so/ *.tally.so *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com appleid.cdn-apple.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net cdn.ckeditor.com https://optimize.google.com; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com https://optimize.google.com https://snap.licdn.com *.blitzllama.com https://tally.so/ *.tally.so; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com https://careers-uat.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph; 2
default-src 'self' data: blob:; script-src 'self' 'sha256-PDCh5VeDfe/iHIJExhXDgKYK4CPkmuHfMskeNGTun5U=' 'sha256-tGCAy79zMW94DgRaBsZosm/7cizDEgOkLjOwt18lCGk=' 'sha256-Moqg3U+rgUW0c5F6kpcB8jsAlUY7xQEgDa74XSOmLj4=' 'nonce-onetrust-style' 'nonce-rAnd0m' https: data: blob: *.baml.com *.ml.com *.merrilledge.com *.bankofamerica.com *.bofa.com www.merrill.com vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com bcbolt446c5271-a.akamaihd.net hlsak-a.akamaihd.net  bankofamerica.tt.omtrdc.net testdata.coremetrics.com analytics.twitter.com twitter.com www.facebook.com www.linkedin.com dc.ads.linkedin.com maps.googleapis.com fonts.googleapis.com 1359940.fls.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net adservice.google.com www.youtube.com www.google-analytics.com c.betrad.com www.googletagmanager.com api.company-target.com insight.adsrvr.org test.salesforce.com login.salesforce.com d.agkn.com  znczuxiczndmh7vpb-bankofamerica.siteintercept.qualtrics.com zn78njubwkodhg8ht-bankofamerica.siteintercept.qualtrics.com cdn.cookielaw.org geolocation.onetrust.com www.knotch-cdn.com units.knotch.it aq-sp-api.knotch.it; font-src 'self' https: *.bankofamerica.com *.bofa.com *.bac-assets.com *.ml.com vjs.zencdn.net *.ml.com fonts.gstatic.com fonts.googleapis.com data:; style-src 'self' 'sha256-z3bpeRnijmdUWtkq+L2MmU0dKSQsB3GBSKmF6wcEKP0=' 'sha256-rOh4425QGt1UOiKgpZdfaA+GP2RJqCXbTGNSHxJm/9A=' 'sha256-dSeQSWgZMMDRfY61XZlx1uOLGa5SswN5jLMXRmcy4hI=' 'sha256-KxdIAY0X65VjqzYMz0Mb2p3/HcFIDzTvzevwJXBxoFU=' 'nonce-rAnd0m' 'nonce-onetrust-style' *.bankofamerica.com *.bofa.com *.bac-assets.com *.ml.com tags.tiqcdn.com cdn.cookielaw.org cdnapisec.kaltura.com analytics.kaltura.com cfvod.kaltura.com fonts.googleapis.com; frame-src 'self' *.bankofamerica.com *.bofa.com *.bac-assets.com *.ml.com td.doubleclick.net www.googletagmanager.com 1359940.fls.doubleclick.net insight.adsrvr.org ct.pinterest.com match.adsrvr.org tr.snapchat.com www.knotch-cdn.com units.knotch.it aq-sp-api.knotch.it; connect-src 'self' *.bankofamerica.com *.bofa.com *.bac-assets.com *.ml.com cdn.cookielaw.org www.googleadservices.com www.google.com www.googletagmanager.com geolocation.onetrust.com privacyportal-bofa.my.onetrust.com www.google-analytics.com cdnapisec.kaltura.com analytics.kaltura.com cfvod.kaltura.com maps.googleapis.com bat.bing.com insight.adsrvr.org ct.pinterest.com znczuxiczndmh7vpb-bankofamerica.siteintercept.qualtrics.com zn78njubwkodhg8ht-bankofamerica.siteintercept.qualtrics.com adobedc.demdex.net www.knotch-cdn.com units.knotch.it aq-sp-api.knotch.it pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com tr.snapchat.com api.company-target.com; worker-src 'self' blob:; media-src 'self' blob: *.baml.com *.ml.com *.merrilledge.com *.bac-assets.com *.bankofamerica.com *.bofa.com cdnapisec.kaltura.com analytics.kaltura.com cfvod.kaltura.com data:; img-src 'self' *.baml.com *.ml.com *.merrilledge.com *.bac-assets.com *.bankofamerica.com *.bofa.com data: bat.bing.com googleads.g.doubleclick.net www.google.com cdn.cookielaw.org ad.doubleclick.net www.googletagmanager.com cdnapisec.kaltura.com analytics.kaltura.com cfvod.kaltura.com cdnsecakmi.kaltura.com alb.reddit.com maps.gstatic.com maps.googleapis.com; 2
default-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data:; style-src * 'unsafe-inline'; img-src * data: 'unsafe-eval'; media-src * data: 'unsafe-eval'; font-src * data: 'unsafe-eval'; frame-src * blob:; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; form-action 'self'; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pinterest.com/ https://*.pinim.com https://*.pinimg.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.nl https://ajax.googleapis.com https://tagmanager.google.com https://tagmanager.google.com/debug/css.css https://www.googletagmanager.com https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.googleadservices.com https://googleads.g.doubleclick.net *.cookiebot.com *.youtube.com https://s.ytimg.com https://connect.facebook.net https://content.jwplatform.com https://ssl.p.jwpcdn.com *.hotjar.com *.hotjar.io https://stats.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/ https://sc-static.net/scevent.min.js https://tr.snapchat.com https://www.youtube.com/iframe_api https://cdnjs.cloudflare.com *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl blob: https://js.stripe.com https://b.stripecdn.com https://api.brightedge.com https://*.bc0a.com https://cdn.b0e8.com 38.108.179.5 https://*.raffle.ai/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://ajax.googleapis.com https://cdnjs.cloudflare.com *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com;img-src 'self' data: https://www.toegankelijkheidsverklaring.nl https://*.pinterest.com https://www.google.com https://www.google.nl *.google-analytics.com *.analytics.google.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.facebook.com https://storage.googleapis.com/storyteq/ https://jwpltx.com https://prd.jwpltx.com *.hotjar.com *.hotjar.io *.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://tr.snapchat.com https://i.ytimg.com https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de https://assets.citynavigator.nl *.cookiebot.com https://assets.plaece.nl *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com;media-src 'self' https://storage.googleapis.com/storyteq/;frame-src 'self' https://*.pinterest.com https://consentcdn.cookiebot.com https://www.google.com https://www.googletagmanager.com https://*.doubleclick.net https://estate.zeeland.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com *.cookiebot.com https://staticxx.facebook.com https://www.facebook.com https://g.jwpsrv.com https://www.vvvzeeland.nl *.hotjar.com *.hotjar.io *.formdesk.com https://tr.snapchat.com https://live.netcamviewer.nl *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com https://*.raffle.ai/;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com *.hotjar.com *.hotjar.io *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com;connect-src 'self' https://*.pinterest.com/ https://api.storyteq.com https://ssl.p.jwpcdn.com https://graph.facebook.com https://www.facebook.com https://www.google.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com https://*.doubleclick.net https://estate.zeeland.com *.cookiebot.com/ https://maps.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.io wss://*.hotjar.com *.snapchat.com *.linkedin.com *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com https://api.brightedge.com https://*.bc0a.com https://cdn.b0e8.com 38.108.179.5 https://*.raffle.ai/;base-uri 'self' 2
frame-ancestors 'self' https://*.etracker.com https://*.etracker.de https://*.zohopublic.eu; 2
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.mediresource.com www.medbroadcast.com medbroadcast.com www.santecheznous.com santecheznous.com www.google.com www.google.ca analytics.google.com fundingchoicesmessages.google.com www.googletagmanager.com tpc.googlesyndication.com pagead2.googlesyndication.com fonts.googleapis.com *.adtrafficquality.google www.gstatic.com fonts.gstatic.com csi.gstatic.com securepubads.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net code.jquery.com cdn.jsdelivr.net tag.contextweb.com unpkg.com cdnjs.cloudflare.com api.receptivity.io www.youtube.com localhost:62543 wss://tm.filter:1502;  object-src 'none'; upgrade-insecure-requests; form-action 'self'; frame-src googleads.g.doubleclick.net www.google.com tpc.googlesyndication.com td.doubleclick.net *.adtrafficquality.google survey.alchemer-ca.com www.youtube.com; frame-ancestors 'none' 2
default-src 'self'  mnews.su.bcebos.com www.gw.com.cn mnews.dzh.com.cn ssp.gw.com.cn static.sensorsdata.cn datain.gw.com.cn dspweb.dzh.com.cn 'unsafe-inline' 'unsafe-eval' blob: data: ; 2
frame-ancestors 'self' https://secure.helpscout.net 2
frame-ancestors yangqianguan.com:* *.yangqianguan.com:* fintopia.tech:* *.fintopia.tech:* *.fengtai.tech:* *.xiaoshuihua.com:* *.geteasycash.asia:* *.sjrtguarantee.com:* *.sjrtguarantee.cn:* *.snxguarantee.cn:* *.snxguarantee.com:* *.klxiaodai.com:* *.easypln.pl:* *.geteasycash.asia:* *.easycash.id:* 2
default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests;media-src blob: data: https:; 2
base-uri 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/  https://api.wildernessdestinations.com/; script-src 'nonce-n5JBF0CLLHPsDe8/7b/Yyg==' 'strict-dynamic' 'unsafe-eval' 'unsafe-hashes' https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tools.luckyorange.com https://*.smartlook.com https://*.smartlook.cloud https://*.crazyegg.com https://*.vimeocdn.com https://*.gstatic.com https://*.convertexperiments.com https://africam.com/ https://africam.com/wp-json/africam/ https://africam-lodge-thumbnails.s3.eu-west-2.amazonaws.com/ https://static.tacdn.com/ https://*.jscache.com/ https://www.jscache.com/ https://*.tripadvisor.com/ https://*.convertexperiments.com/ https://*.cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ajax/libs/zepto/1.2.0/zepto.min.js https://zaraz.cloudflare.com https://*.clarity.ms https://c.clarity.ms https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ *.hsadspixel.net *.hs-analytics.net js.hscta.net js-eu1.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hs-scripts.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hubspotfeedback.com feedback.hubapi.com feedback-eu1.hubapi.com; object-src 'none'; default-src 'none'; img-src 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/  https://api.wildernessdestinations.com/ https://images.wildernessdestinations.com https://www.facebook.com https://i.vimeocdn.com *.vimeo.com data: https://www.google.com/supported_domains https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat *.clarity.ms cdn.jsdelivr.net content-cdn.stackla.com *.cloudfront.net */ads/ga-audiences bat.bing.com *.facebook.com https://*.google-analytics.com maps.googleapis.com maps.gstatic.com *.googletagmanager.com undefined/_nuxt/ https://i.ytimg.com https://ssl.gstatic.com https://www.gstatic.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://ad.doubleclick.net https://*.clarity.ms https://*.visualwebsiteoptimizer.com https://*.inspectlet.com https://*.crazyegg.com https://*.visualwebsiteoptimizer.com https://africam.com/ https://africam.com/wp-json/africam/ https://africam-lodge-thumbnails.s3.eu-west-2.amazonaws.com/ https://static.tacdn.com/ https://*.bing.net https://zaraz.cloudflare.com https://fonts.gstatic.com/ https://ade.googlesyndication.com/ https://*.googleadservices.com https://cdn-cookieyes.com *.hsforms.com *.hubspot.com *.hubspotusercontent.net *.hsusercontent.net track.hubspot.com https://capig.stape.be; style-src 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/  https://api.wildernessdestinations.com/ fonts.googleapis.com assetscdn.stackla.com vjs.zencdn.net onsass.designmynight.com http://assetscdn.stackla.com/media/js/widget/fluid-embed.js https://www.dineplan.com 'unsafe-inline' https://public-prod.dineplan.com https://api.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com https://*.crazyegg.com https://africam.com/ https://africam.com/wp-json/africam/ https://africam-lodge-thumbnails.s3.eu-west-2.amazonaws.com/ https://static.tacdn.com/ https://*.googletagmanager.com; connect-src 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/  https://api.wildernessdestinations.com/ https://vimeo.com https://*.analytics.google.com https://cdn-cookieyes.com https://directory.cookieyes.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://log.cookieyes.com https://csmetrics.hotjar.com https://consentlog.cookieyes.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.g.doubleclick.net https://api.mapbox.com https://events.mapbox.com https://www.facebook.com https://ip2c.org https://*.googletagmanager.com https://ade.googlesyndication.com https://*.clarity.ms https://c.clarity.ms https://*.visualwebsiteoptimizer.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.crazyegg.com https://*.inspectlet.com https://*.mouseflow.com wss://*.inspectlet.com https://*.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live https://*.smartlook.cloud https://*.smartlook.com wss://*.luckyorange.com https://*.visitors.live https://dc.services.visualstudio.com https://*.vimeocdn.com https://*.metrics.convertexperiments.com https://*.convertexperiments.com https://*.infinity-tracking.com https://*.infinity-tracking.net https://bat.bing.com https://api.ipify.org https://africam.com/ https://africam.com/wp-json/africam/ https://africam-lodge-thumbnails.s3.eu-west-2.amazonaws.com/ https://static.tacdn.com/ https://*.bing.net https://platform.dash.cloudflare.com/sentry/envelope https://zaraz.cloudflare.com https://*.recaptcha.net https://www.recaptcha.net/ https://www.recaptcha.net/recaptcha/ https://*.googleadservices.com https://cta-eu1.hubspot.com https://static.hsappstatic.net *.hubapi.com *.hscollectedforms.net *.hsforms.com *.hs-scripts.com https://api-eu1.hubspot.com https://capig.stape.be https://*.doubleclick.net; font-src 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/  https://api.wildernessdestinations.com/ data: fonts.googleapis.com fonts.gstatic.com assetscdn.stackla.com; frame-src 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/  https://api.wildernessdestinations.com/ www.recaptcha.net www.awltovhc.com player.vimeo.com widget.stackla.com www.google.com www.tamgrt.com www.facebook.com www.googletagmanager.com https://www.opentable.ie/ https://headbox.captur3d.io/ https://account.dineplan.com/ https://module.lafourchette.com/ https://www.youtube.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://*.doubleclick.net https://*.crazyegg.com https://*.cloudflarestream.com/ https://zaraz.cloudflare.com https://www.recaptcha.net/ https://www.recaptcha.net/recaptcha/ *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com play.hubspotvideo.com play-eu1.hubspotvideo.com; form-action 'self' www.googletagmanager.com www.facebook.com; frame-ancestors 'self' www.googletagmanager.com https://player.vimeo.com https://www.recaptcha.net https://*.recaptcha.net https://*.proudriver-34a3ab44.ukwest.azurecontainerapps.io https://*.azurewebsites.net/; media-src 'self'; worker-src 'self' blob: https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/ https://zaraz.cloudflare.com; 2
report-uri https://6mqx772b3g.execute-api.us-east-1.amazonaws.com/prod/report; img-src 'self' https://cdn.caseware.com data: https://www.google.ca https://www.caseware.nl https://static.hsappstatic.net https://*.leadinfo.net https://*.leadinfo.com https://*.gravatar.com https://*.ytimg.com https://i.vimeocdn.com https://*.w.org https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.g.doubleclick.net https://*.linkedin.com https://www.facebook.com https://cdn-cookieyes.com https://*.hotjar.com https://yoast.com https://www.wpo365.com https://wp-rocket.me https://wpml.org https://f.vimeocdn.com https://toolset.com https://bat.bing.com https://*.hotjar.com https://yoast.com https://www.wpo365.com https://wp-rocket.me https://wpml.org https://*.leadinfo.net https://*.leadinfo.com https://bat.bing.com; script-src 'self' https://cdn.caseware.com 'unsafe-inline' 'unsafe-eval' blob: https://googleads.g.doubleclick.net https://js.hubspotfeedback.com https://js-eu1.hubspotfeedback.com https://js.hsleadflows.net https://js-eu1.hsleadflows.net https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://js.hscollectedforms.net https://js-eu1.hscollectedforms.net https://js.hsadspixel.net https://js-eu1.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js-eu1.hs-banner.com https://js.hs-analytics.net https://js-eu1.hs-analytics.net https://forms.hsforms.com https://forms-eu1.hsforms.com https://*.usemessages.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://cdn-cookieyes.com https://connect.facebook.net https://*.licdn.com https://www.youtube.com https://*.hotjar.com https://yoast.com https://my.yoast.com https://fast.wistia.com https://beacon-v2.helpscout.net https://*.wpml.org https://g10696554090.co/gr https://*.leadinfo.net https://*.leadinfo.com https://bat.bing.com https://js.zi-scripts.com https://*.googletagmanager.com https://www.clarity.ms/tag/; font-src 'self' https://cdn.caseware.com data: https://*.leadinfo.net https://*.leadinfo.com https://fonts.gstatic.com https://www.youtube.com https://*.hotjar.com https://static2.sharepointonline.com/files/fabric/assets/ https://spoprod-a.akamaihd.net/files/fabric/assets/; frame-src 'self' https://cdn.caseware.com https://4223919.hs-sites.com https://idea-caseware-2109885.hs-sites.com/ https://caseware-co-755348.hs-sites.com https://*.leadinfo.net https://*.leadinfo.com https://www.youtube.com/embed/ https://player.vimeo.com/ https://*.hubspot.com https://forms.hsforms.com https://forms-eu1.hsforms.com https://*.google.com https://www.facebook.com https://145367553.hs-sites-eu1.com; style-src 'unsafe-inline' 'self' https://cdn.caseware.com data: https://*.leadinfo.net https://*.leadinfo.com https://fonts.googleapis.com https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://wp-rocket.me https://www.dailymotion.com; connect-src 'self' https://cdn.caseware.com https://js.hs-banner.com https://js-eu1.hs-banner.com https://*.googlesyndication.com https://*.leadinfo.net https://*.leadinfo.com https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hscollectedforms.net https://hubspot-forms-static-embed-eu1.s3.amazonaws.com/prod/27246368/ https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://cdn-cookieyes.com https://*.cookieyes.com https://cdn.linkedin.oribi.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://yoast.com https://my.yoast.com  https://www.wpo365.com https://www.facebook.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/2109885/ https://*.wpml.org https://api.unbounce.com https://px.ads.linkedin.com https://bat.bing.com https://js.zi-scripts.com https://ws.zoominfo.com https://www.clarity.ms/tag/; object-src 'none'; base-uri 'self' https://cdn.caseware.com; form-action 'self' https://cdn.caseware.com https://*.leadinfo.net https://*.leadinfo.com https://login.microsoftonline.com https://www.facebook.com https://forms.hsforms.com https://forms-eu1.hsforms.com; frame-ancestors 'self' https://cdn.caseware.com 2
connect-src 'self' content.layershift.com maps.googleapis.com vercel.live stats.layershift.com sentry-new.tidio.co socket.tidio.co api-v2.tidio.co api.stripe.com hcaptcha.com *.hcaptcha.com https: wss:;      script-src 'self' content.layershift.com js.stripe.com *.js.stripe.com maps.googleapis.com vercel.live stats.layershift.com code.tidio.co widget-v4.tidiochat.com hcaptcha.com *.hcaptcha.com 'unsafe-inline' 'unsafe-eval';      frame-src *.js.stripe.com js.stripe.com hooks.stripe.com hcaptcha.com *.hcaptcha.com calendar.google.com;      style-src 'self' fonts.googleapis.com https: 'unsafe-inline';      img-src content.layershift.com static.layershift.com maps.gstatic.com cdnjs.cloudflare.com data: https: 'self' data:;      font-src 'self' content.layershift.com static.layershift.com fonts.gstatic.com https: data:;      object-src 'none';      base-uri 'self' https://stats.layershift.com;      form-action 'self';      frame-ancestors https://stats.layershift.com;      block-all-mixed-content;      upgrade-insecure-requests; 2
connect-src 'self' https://matomo.heinlein-support.de https://numbers.heinlein-support.de; font-src 'self'; frame-src 'self' https://www.youtube.com/; img-src 'self' https://cdn.redoc.ly/redoc/ https://i.ytimg.com/ data: 'unsafe-eval'; object-src 'self'; script-src 'self' 'unsafe-inline' https://matomo.heinlein-support.de https://numbers.heinlein-support.de https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.heinlein-support.de/report-uri/enforce 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'   https://google.com.br   https://na.gateway.spring.citi.com   https://test.gateway.spring.citi.com   https://gateway.spring.citi.com   https://*.gateway.spring.citi.com   https://*.citi.com   https://*.salesforceliveagent.com   https://bsptransportes.com.br   https://*.salesforce.com   https://*.gstatic.com   https://*.google.com   https://*.googleadservices.com   https://*.hotjar.com   https://*.goadopt.io   https://service.force.com   https://unpkg.com   https://plugin.handtalk.me   https://bat.bing.com   https://*.googletagmanager.com   https://connect.facebook.net   https://d.la1-core1.sfdc-xwy4ub.salesforceliveagent.com   https://pixel.byspotify.com   https://*.clarity.ms   https://static.hotjar.com   https://*.doubleclick.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'   https://analytics.tiktok.com   https://*.tiktok.com   https://*.tiktokcdn.com   https://na.gateway.spring.citi.com   https://test.gateway.spring.citi.com   https://gateway.spring.citi.com   https://*.gateway.spring.citi.com   https://*.citi.com   https://*.salesforceliveagent.com   https://bsptransportes.com.br   https://*.salesforce.com   https://*.gstatic.com   https://*.google.com   https://*.googleadservices.com   https://*.hotjar.com   https://*.goadopt.io   https://service.force.com   https://unpkg.com   https://plugin.handtalk.me   https://bat.bing.com   https://*.googletagmanager.com   https://connect.facebook.net   https://d.la1-core1.sfdc-xwy4ub.salesforceliveagent.com   https://pixel.byspotify.com   https://*.clarity.ms   https://static.hotjar.com   https://*.doubleclick.net; style-src 'self' 'unsafe-inline'   https://*.gateway.spring.citi.com   https://*.citi.com   https://fonts.googleapis.com   https://service.force.com; img-src 'self' data: blob:   https://analytics.tiktok.com   https://*.tiktokcdn.com   https://*.gateway.spring.citi.com   https://*.citi.com   https://*.youtube.com   https://*.herokuapp.com   https://rte-express-api-d1ec4cd24f7b.herokuapp.com   https://*.bing.com   https://plugin.handtalk.me   https://*.googletagmanager.com   https://*.rodonaves.com.br   https://*.doubleclick.net   https://*.google.com.br   https://*.google.com   https://l.clarity.ms   https://c.clarity.ms   https://*.facebook.com   https://rodonaves.lightning.force.com   https://bat.bing.com; media-src 'self'; frame-src *; font-src 'self'   https://fonts.googleapis.com   https://fonts.gstatic.com   https://fontawesome.com   https://c1.sfdcstatic.com; connect-src 'self'   https://analytics.tiktok.com   https://*.tiktok.com   https://*.gateway.spring.citi.com   https://*.citi.com   https://*.doubleclick.net   https://*.hotjar.io   wss://*.hotjar.com   https://*.handtalk.me   https://*.clarity.ms   https://service.force.com   https://unpkg.com   https://plugin.handtalk.me   https://bat.bing.com   https://checkip.amazonaws.com   https://www.googleadservices.com   https://*.googleadservices.com   https://google.com   https://*.google.com   https://*.goadopt.io   https://analytics.google.com   https://pixels.spotify.com   https://rte-express-api-d1ec4cd24f7b.herokuapp.com   https://*.gateway.spring.citi.com   https://*.citi.com   https://na.gateway.spring.citi.com   https://test.gateway.spring.citi.com; child-src 'self'   https://service.force.com   https://rodonaves.my.salesforce.com; frame-ancestors 'self'   https://prev-site.rodonaves.com.br   https://rodonaves.com.br; 2
style-src-elem 'self' 'unsafe-inline' https://use.typekit.net/pkj4qrr.css https://p.typekit.net/p.css https://i.ytimg.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.youtube.com https://sts.amazonaws.com https://connect.us-east-1.amazonaws.com https://www.google.com https://analytics.google.com https://www.ussteel.com https://stats.g.doubleclick.net;img-src 'self' https://use.typekit.net/pkj4qrr.css  https://p.typekit.net/p.css https://i.ytimg.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.youtube.com https://connect.us-east-1.amazonaws.com https://analytics.google.com https://sts.amazonaws.com https://www.google.com https://www.ussteel.com https://d3utlhu53nfcwz.cloudfront.net https://stats.g.doubleclick.net blob: data:;connect-src 'self' https://webanalytics.psc.uss.com https://geocode.arcgis.com https://forecast.weather.gov/MapClick.php https://www.googleapis.com https://use.typekit.net/pkj4qrr.css https://p.typekit.net/p.css https://i.ytimg.com https://d3utlhu53nfcwz.cloudfront.net https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.youtube.com https://sts.amazonaws.com https://connect.us-east-1.amazonaws.com https://www.google.com https://*.uss.com https://*.ussteel.com https://analytics.google.com https://www.ussteel.com https://stats.g.doubleclick.net; font-src * data:;object-src 'none'; 2
frame-ancestors 'self' https://www.quironsalud.com https://betaweb.quironsalud.es https://international.quironsalud.com https://olympia.quironsalud.com https://olympia.quironsalud.es https://overweightinstitute.fjd.es https://pacientes.healthdiagnostic.es https://rare-genomics.com https://www.cirujanosdelcorazon.es https://www.clinicadelpilar.org https://www.clinicavalles.com https://www.cuidamosdelamujer.es https://www.diverhospital.es https://www.e-quironsalud.com https://www.fjd.es https://www.fundacionquironsalud.org https://www.hgc.es https://www.hgvillalba.es https://www.hope-documental.es https://www.hospitalinfantaelena.es https://www.hospitalpublicocolladovillalba.es https://www.hospitalreyjuancarlos.es https://www.hscor.com https://www.idcsaludenfermeria.es https://www.idcsalud.es https://www.imbanaco.com https://www.jornadaspbp.es https://www.lungscreen.eu https://www.oncohealth.eu https://www.porquesabeselegir.es https://www.quironsalud.es https://www.quironsalud-hospitals.com https://www.rare-genomics.com https://www.recetaenergia.es https://www.redneurosalud.es https://www.ruber.es https://www.ruberinternacional.es https://www.teknonbarcelona.com https://www.teknonbarcelona.it https://www.teknonbarcelona.ru https://www.teknon.es https://www.tucanaldesalud.com 2
default-src 'self'; connect-src 'self' s3.us-west-2.amazonaws.com/upload.com.fmod/uploads/ s3.us-west-2.amazonaws.com/web.com.fmod/v1/media/ d1s9dnlmdewoh1.cloudfront.net dzs87adaua2qh.cloudfront.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com code.jquery.com; font-src 'self' cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com blob:; img-src 'self' d1s9dnlmdewoh1.cloudfront.net d26jga8jjsa591.cloudfront.net dzs87adaua2qh.cloudfront.net; frame-src 'self' www.youtube.com player.twitch.tv; media-src 'self' d26jga8jjsa591.cloudfront.net; worker-src 'self' blob: 2
default-src 'none'; base-uri 'self'; frame-ancestors 'self'; media-src 'self' blob: data:; object-src 'none'; manifest-src 'self'; worker-src 'self' blob:; upgrade-insecure-requests; img-src 'self' data: blob: https:; font-src 'self' data: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com https://use.typekit.net https://fast.wistia.net; style-src 'self' 'unsafe-inline' https://bluesight-support.freshchat.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; form-action 'self' https://forms.hsforms.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://lex.33across.com https://fast.wistia.com https://embed.formhq.net https://snap.licdn.com https://fast.wistia.net https://static.hotjar.com https://script.hotjar.com https://js.hsadspixel.net https://d.adroll.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hubspot.com https://js.hs-scripts.com https://assets.apollo.io https://www.idcomet.com https://s.adroll.com/ https://embed.formhq.net https://public.api.tofuhq.com/ https://bluesight-support.freshchat.com https://forms.hsforms.com/ https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://connect.facebook.net https://forms.hsforms.com https://js.hsforms.net https://app.hubspot.com https://content.hotjar.io https://js.chilipiper.com https://edge.marker.io https://browser.sentry-cdn.com https://cdn.cookiehub.eu https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; connect-src 'self' wss://ws.hotjar.com https://browser.sentry-cdn.com https://fast.wistia.net https://static.hsappstatic.net https://fast.wistia.com https://pipedream.wistia.com https://js.chilipiper.com/marketing.js.map https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://www.idcomet.com https://forms.hsforms.com https://api.formhq.net https://www.googleadservices.com https://aplo-evnt.com https://www.google.com https://www.google-analytics.com https://analytics.google.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://content.hotjar.io https://api.chilipiper.com https://edge.marker.io https://hubspot-forms-static-embed.s3.amazonaws.com/ https://assetscdn-wchat.freshchat.com https://distillery.wistia.com https://embed-cloudfront.wistia.com https://www.facebook.com; frame-src 'self' https://fast.wistia.net https://forms.hsforms.com https://kitcheck.chilipiper.com https://www.facebook.com https://www.googletagmanager.com https://bluesight-support.freshchat.com; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://apis.google.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com/recaptcha/api.js https://*.recaptcha.net https://recaptcha.net https://linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://clarity.ms https://*.clarity.ms https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://cms-front.s3.eu-west-1.amazonaws.com https://cdn.jsdelivr.net/npm/css-vars-ponyfill@2 https://cdn.plyr.io/3.6.8/plyr.polyfilled.js https://cdn.plyr.io https://player.vimeo.com https://player.vimeo.com/api/player.js https://purecatamphetamine.github.io https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://snap.licdn.com; font-src 'self' data: https://*.gstatic.com https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://snap.licdn.com; connect-src 'self' wss://app.allfunds.com https://allfunds.com https://*.googleapis.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://apis.google.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://clarity.ms https://*.clarity.ms https://intranet.allfunds.com https://app.allfunds.com https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://myconnect.allfunds.com https://telemetrics-widgets.allfunds.dev https://myconnect.allfunds.dev https://dashboard-v2.allfunds.dev https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://cms-front.s3.eu-west-1.amazonaws.com https://cdn.jsdelivr.net/npm/css-vars-ponyfill@2 https://cdn.plyr.io/3.6.8/plyr.polyfilled.js https://cdn.plyr.io https://player.vimeo.com https://player.vimeo.com/api/player.js https://purecatamphetamine.github.io https://md8jnn29kj.execute-api.eu-west-1.amazonaws.com https://*.go-mpulse.net; frame-src 'self' https://*.googleapis.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://apis.google.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com/recaptcha/api.js https://*.recaptcha.net https://recaptcha.net https://linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://intranet.allfunds.com https://app.allfunds.com https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://myconnect.allfunds.com https://telemetrics-widgets.allfunds.dev https://myconnect.allfunds.dev https://dashboard-v2.allfunds.dev https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://cms-front.s3.eu-west-1.amazonaws.com https://cdn.jsdelivr.net/npm/css-vars-ponyfill@2 https://cdn.plyr.io/3.6.8/plyr.polyfilled.js https://cdn.plyr.io https://player.vimeo.com https://player.vimeo.com/api/player.js https://purecatamphetamine.github.io; img-src 'self' data: *.allfunds.com https://*.googleapis.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://apis.google.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://cms-front.s3.eu-west-1.amazonaws.com https://purecatamphetamine.github.io; media-src 'self' data: *.allfunds.com https://app.allfunds.com/docs/cms/header_web_5d4b57c95f.mp4 https://*.googleapis.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://apis.google.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.amplitude.com https://amplitude.com https://cms-front.s3.eu-west-1.amazonaws.com https://purecatamphetamine.github.io; frame-ancestors 'self' https://*.allfunds.com https://allfunds.com http://localhost:* https://localhost:* http://127.0.0.1:* https://127.0.0.1:* https://80.28.51.168:* chrome-extension://admira.com https://*.admira.com/ https://admira.com/ file:; object-src 'none'; 2
frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-modals; default-src 'self'; base-uri 'none'; script-src 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unless.com https://*.unless.com https://beamanalytics.b-cdn.net https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://unless.com https://*.unless.com https://fonts.googleapis.com; connect-src 'self' https://unless.com https://*.unless.com wss://*.unless.com https://*.beamanalytics.io https://*.algolianet.com https://*.algolia.net; font-src 'self' https://unless.com https://*.unless.com https://fonts.gstatic.com; frame-src 'self' https://unless.com https://*.unless.com https://calendar.google.com https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: https://unless.com https://*.unless.com https://images.ctfassets.net https://i.ytimg.com; object-src 'none'; base-uri 'none'; 2
font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost; manifest-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.youtube.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: execution-360.homecredit.cz content-360.homecredit.cz delivery-360.homecredit.cz www.homecredit.cz www.homecredit.sk homecredit.cz homecredit.sk execution-360.homecredit.sk content-360.homecredit.sk delivery-360.homecredit.sk *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost www.googletagmanager.com cdn.cookielaw.org *.onetrust.com *.clarity.ms *.seznam.cz *.doubleclick.net *.bing.com bat.bing.com pagead2.googlesyndication.com www.youtube.com *.ytimg.com googleads.g.doubleclick.net www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google-analytics.com www.google.com www.google.cz www.facebook.com *.facebook.net *.smartlook.com *.smartlook.cloud; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: execution-360.homecredit.cz content-360.homecredit.cz delivery-360.homecredit.cz www.homecredit.cz www.homecredit.sk homecredit.cz homecredit.sk execution-360.homecredit.sk content-360.homecredit.sk delivery-360.homecredit.sk www.googletagmanager.com cdn.cookielaw.org *.onetrust.com *.clarity.ms *.seznam.cz *.doubleclick.net *.bing.com bat.bing.com pagead2.googlesyndication.com *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost googleads.g.doubleclick.net www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google-analytics.com www.google.com www.google.cz www.facebook.com *.facebook.net *.smartlook.com *.smartlook.cloud; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: execution-360.homecredit.cz content-360.homecredit.cz delivery-360.homecredit.cz www.homecredit.cz www.homecredit.sk homecredit.cz homecredit.sk execution-360.homecredit.sk content-360.homecredit.sk delivery-360.homecredit.sk www.googletagmanager.com cdn.cookielaw.org *.onetrust.com *.clarity.ms *.seznam.cz *.doubleclick.net www.youtube.com *.ytimg.com *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost *.bing.com bat.bing.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google-analytics.com www.google.com www.google.cz www.facebook.com *.facebook.net *.smartlook.com *.smartlook.cloud; frame-ancestors 'self' *.ci360.sas.com homecredit.cz homecredit.sk www.homecredit.cz www.homecredit.sk *.siteone.cz *.localhost; frame-src www.youtube.com *.ytimg.com www.googletagmanager.com cdn.cookielaw.org *.onetrust.com *.clarity.ms *.seznam.cz *.doubleclick.net; report-uri /csp-report 2
default-src 'self' https://code.jquery.com; connect-src 'self' 'unsafe-inline' https: wss:; media-src 'self' https://media.lifeinside.io blob: data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; font-src 'self' 'unsafe-inline' https: data:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; img-src 'self' data: https:; frame-src 'self' https:; 2
default-src 'self'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.gstatic.com *.googleapis.com apis.google.com googleads.g.doubleclick.net/pagead/id static.doubleclick.net www.googletagmanager.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.nelsonmullins.com cdn-cookieyes.com *.cookieyes.com s.swiftypecdn.com siteimproveanalytics.com api.podcache.net *.amazonaws.com educationcounsel.us11.list-manage.com *.nadn.org; frame-src sites-nelsonmullins.vuture.net www.youtube.com www.youtube-nocookie.com www.google.com/maps/ lookerstudio.google.com content.googleapis.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ connect.nelsonmullins.com e.issuu.com redcircle.com player.vimeo.com *.nadn.org; font-src 'self' fonts.gstatic.com s.swiftypecdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com s.swiftypecdn.com *.mailchimp.com; connect-src 'self' *.cookieyes.com cdn-cookieyes.com s.swiftypecdn.com www.google-analytics.com; 2
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://assets.sitescdn.net https://bat.bing.com https://cdn.wmxtools.com https://cmp.osano.com/ https://connect.facebook.net https://dev.visualwebsiteoptimizer.com https://dx.mountain.com https://googleads.g.doubleclick.net https://js.hs-analytics.net/ https://js.hs-banner.com https://js.hs-scripts.com https://player.vimeo.com https://px.mountain.com https://siteimproveanalytics.com https://snap.licdn.com https://widget.trustpilot.com https://www.lbfhtrk.com https://cdnjs.cloudflare.com https://static.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://script.hotjar.com https://code.jquery.com https://cdn.jsdelivr.net https://cdn.brandfolder.com https://gs.mountain.com cdn.ampproject.org web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://assets.sitescdn.net https://cdn.jsdelivr.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.global.siteimproveanalytics.io https://bat.bing.com https://dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google.com https://www.googletagmanager.com https://www.lgamerica.com https://lgamerica-dev.lgamerica.com https://www.glassdoor.com https://www.nextinsure.com https://cdn.jsdelivr.net https://a.mktgcdn.com *.cloudfront.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.jsdelivr.net; frame-src 'self' https://player.vimeo.com https://td.doubleclick.net https://widget.trustpilot.com https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.fls.doubleclick.net https://api.portal.insurance.io https://insurance.mediaalpha.com https://brandfolder.com https://view.ceros.com https://storage-us-gcs.bfldr.com https://app.supademo.com/ web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://analytics.google.com https://answersstatus.pagescdn.com *.trustpilot.com https://bat.bing.com https://dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com https://www.google.com https://google.com https://stats.g.doubleclick.net https://www.facebook.com https://gs.mountain.com https://www.googleadservices.com https://www.lbfhtrk.com https://www.google-analytics.com https://vc.hotjar.io https://metrics.hotjar.io https://content.hotjar.io *.hotjar.io *.hotjar.com https://assets.sitescdn.net *.feathery.io https://cdn.jsdelivr.net wss://*.hotjar.com https://cmp.osano.com/ forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: https://lgamerica-dev.lgamerica.com https://lgamerica.com web-chat.nativechat.com; frame-ancestors 'self' 2
default-src 'self'; font-src 'self' data:; img-src 'self' data:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://*.datatables.net https://*.jquery.com https://*.jsdelivr.net https://*.googleapis.com https://*.treasury.gov.my https://appscdn.joomla.org; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.datatables.net https://*.jquery.com https://*.jsdelivr.net https://fonts.googleapis.com https://*.mof.gov.my https://*.treasury.gov.my; img-src 'self' data: blob: https://*.mof.gov.my https://*.googleapis.com https://*.facebook.com https://*.instagram.com https://*.x.com https://*.treasury.gov.my https://www.joomshaper.com https://extensionscdn.joomla.org https://appscdn.joomla.org; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.mof.gov.my https://*.treasury.gov.my; connect-src 'self' https://*.cloudflare.com https://*.mof.gov.my https://*.jquery.com https://*.googleapis.com https://*.treasury.gov.my https://appscdn.joomla.org; frame-src 'self' https://rtm-player.glueapi.io https://www.youtube.com https://*.facebook.com https://*.instagram.com https://*.x.com https://*.treasury.gov.my; object-src 'none'; base-uri 'self'; form-action 'self'; 2
script-src *.cludo.com 'unsafe-inline' 'self' localhost *.fontawesome.com *.jsdelivr.net *.googleapis.com 'unsafe-eval' https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js *.wistia.com https://www.googletagmanager.com https://script.crazyegg.com https://px.premion.com blob: https://*.googleads.g.doubleclick.net https://snap.licdn.com https://connect.facebook.net https://googleads.g.doubleclick.net; style-src *.cludo.com 'unsafe-inline' 'self' localhost *.fontawesome.com fonts.googleapis.com fonts.gstatic.com; default-src 'self' localhost 'unsafe-inline' *.fontawesome.com https://mychart.lexmed.com/ *.googleapis.com *.gstatic.com; connect-src 'self' *.cludo.com *.fontawesome.com localhost 'unsafe-inline' *.googleapis.com *.gstatic.com *.truematter.com https://lmcrcs.lexmed.com *.wistia.com *.jsdelivr.net *.lexmed.com https://www.google.com https://analytics.lexhealth.com https://script.crazyegg.com https://px.premion.com https://tracking.crazyegg.com *.crazyegg.com https://*.googleadservices.com; font-src fonts.googleapis.com *.fontawesome.com fonts.gstatic.com localhost 'self' 'unsafe-inline' patientspreview.truematter.com patientspreview.lexhealth.com patientspreview.lexhealth.com:7153 https://fast.wistia.com; img-src *.googleapis.com *.gstatic.com *.truematter.com https://embed-ssl.wistia.com https://fast.wistia.com 'self' localhost https://lexhealth.com *.lexhealth.com https://www.googletagmanager.com data:; media-src blob: https://embed-ssl.wistia.com 'self'; frame-src https://fast.wistia.com https://fast.wistia.net https://www.googletagmanager.com https://analytics.lexhealth.com/ https://analytics.lexhealth.com 2
frame-ancestors 'self' https://st-martin-kub.crono.travel 2
frame-ancestors 'self' https://www.slipcase.com http://marketplace.marsh.com https://www.insubuy.com/travel-and-student-insurance-international-provider-network 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.clickcease.com *.cookiebot.eu *.cookiebot.com *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.fontawesome.com *.google-analytics.com *.linkedin.com *.google.com *.google.pl *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io *.intercom.io *.licdn.com *.onetrust.com *.tawk.to cdn.smsapi.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net js.intercomcdn.com plausible.io sgtm.smsapi.pl bat.bing.com *.clarity.ms *.devsms.com ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.clickcease.com *.cookiebot.eu *.cookiebot.com *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.fontawesome.com *.google-analytics.com *.linkedin.com *.google.com *.google.pl *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io *.intercom.io *.licdn.com *.onetrust.com *.tawk.to cdn.smsapi.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net js.intercomcdn.com plausible.io sgtm.smsapi.pl bat.bing.com *.clarity.ms *.devsms.com ; connect-src 'self' *.clickcease.com *.cookiebot.eu *.cookiebot.com *.cookielaw.org *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com google.com *.hotjar.com *.hotjar.io https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io  https://api-ping.intercom.io https://*.intercom-messenger.com wss://*.intercom-messenger.com https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io  wss://nexus-europe-websocket.intercom.io  https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io  https://uploads.intercomcdn.com https://uploads.intercomcdn.eu  https://uploads.au.intercomcdn.com  https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com *.tawk.to cdn.smsapi.com *.devsms.com cdnjs.cloudflare.com connect.facebook.net i.imgur.com plausible.io smsapi.pl smsapi.com sentry.smsapi.com http://smsapi.pl/* http://*.smsapi.pl/* http://www.smsapi.pl/* wss://www.smsapi.bg wss://www.smsapi.com wss://www.smsapi.pl wss://www.smsapi.ro wss://*.hotjar.com wss://*.tawk.to www.googleadservices.com www.googletagmanager.com www.gstatic.com/recaptcha/ bat.bing.com sgtm.smsapi.pl *.clarity.ms *.oribi.io *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws https://*.googlesyndication.com/ px.ads.linkedin.com ; frame-src *.doubleclick.net *.hotjar.com *.hotjar.io *.youtube-nocookie.com *.youtube.com youtube.com consentcdn.cookiebot.eu consentcdn.cookiebot.com www.facebook.com www.google.com/recaptcha/ www.googletagmanager.com sgtm.smsapi.pl intercom-sheets.com ; img-src data: blob: 'self' *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.facebook.com *.fbcdn.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.hotjar.com *.hotjar.io https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.smsapi.com *.smsapi.pl *.devsms.com *.tawk.to *.twimg.com *.youtube.com *.ytimg.com *.zapier.com cdn.jsdelivr.net i.imgur.com *.linkedin.com www.googletagmanager.com zapier-images.imgix.net *.bing.com *.clarity.ms *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws img.sct.eu1.usercentrics.eu ; style-src 'unsafe-inline' 'self' *.erecruiter.pl *.fontawesome.com *.smsapi.com *.smsapi.pl *.devsms.com *.tawk.to fonts.googleapis.com ; font-src 'self' *.fontawesome.com *.hotjar.com *.hotjar.io *.tawk.to cdnjs.cloudflare.com fonts.gstatic.com js.intercomcdn.com fonts.intercomcdn.com cdn.smsapi.com *.devsms.com ; child-src 'self' blob: fast.wistia.net intercom-sheets.com player.vimeo.com share.intercom.io www.intercom-reporting.com www.youtube.com ; form-action 'self' *.facebook.com api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io app.marketingplatform.com intercom.help ; media-src 'self' *.tawk.to js.intercomcdn.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com ; worker-src 'self' blob:; 2
script-src *.convertexperiments.com *.metrics.converexperiments.com https://api.addressy.com https://app.optimalworkshop.com https://bat.bing.com/ https://cafdonate.cafonline.org https://cdn.cookielaw.org https://cdn3.actito.com/legacy/actito-goal/goal.js https://connect.facebook.net/ https://cookie-cdn.cookiepro.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://digitaltpp.iosh.com/ https://dqm.crownpeak.com/page-checker.js https://googleads.g.doubleclick.net https://i.ytimg.com https://iosh.optimalworkshop.com https://iosh-webcomponents-prod.azurewebsites.net https://iosh-webcomponents-uat.azurewebsites.net https://logs.convertexperiments.com https://mktdplp102cdn.azureedge.net https://no-cdn.convertexperiments.com https://platform.twitter.com https://script.hotjar.com https://services.postcodeanywhere.co.uk https://snap.licdn.com https://static.hotjar.com https://syndication.twitter.com https://tagmanager.google.com https://vc.hotjar.io/ https://www.clarity.ms/ https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/releases/ https://www.instagram.com https://www.linkedin.com https://www.youtube.com https://www3.actito.com/ 'self' 'unsafe-eval' 'unsafe-inline';connect-src *.convertexperiments.com *.metrics.converexperiments.com http://iosh-api.uat.iosh.local/api/ https://api.crownpeak.net/dqm-cms/v1/ https://api.iosh.co.uk/ https://api.iosh.com https://app.optimalworkshop.com https://ask.hotjar.io/api/ https://assets1-gbr.mkt.dynamics.com https://assets-gbr.mkt.dynamics.com https://content.hotjar.io https://cookie-cdn.cookiepro.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://e.clarity.ms/collect https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://googleads.g.doubleclick.net https://gtm-ncxkmtc-ngfhn.uc.r.appspot.com/ https://in.hotjar.com/api/ https://l.clarity.ms/collect https://login.iosh.com/ https://logs.convertexperiments.com https://metrics.hotjar.io/ https://mobile.events.data.microsoft.com https://pagead2.googlesyndication.com/ccm/* https://pagead2.googlesyndication.com/ccm/collect https://public-gbr.mkt.dynamics.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://services.postcodeanywhere.co.uk https://stats.g.doubleclick.net https://surveystats.hotjar.io https://www.facebook.com/ https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://y.clarity.ms https://z.clarity.ms/collect 'self' wss://ws.hotjar.com/api/;script-src-elem *.convertexperiments.com https://api.addressy.com https://app.convert.com/* https://app.convert.com/static/_editor_frame_files/qaOverlayLoader.bundle.js https://app.optimalworkshop.com https://bat.bing.com/ https://cafdonate.cafonline.org https://cdn3.actito.com/legacy/actito-goal/goal.js https://connect.facebook.net/ https://cookie-cdn.cookiepro.com/ https://cxppgbr1rdrect01sa02cdn-endpoint.azureedge.net https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://digitaltpp.iosh.com/ https://dqm.crownpeak.com/page-checker.js https://googleads.g.doubleclick.net https://iosh.optimalworkshop.com https://iosh-webcomponents-prod.azurewebsites.net https://iosh-webcomponents-uat.azurewebsites.net https://logs.convertexperiments.com https://mktdplp102cdn.azureedge.net https://no-cdn.convertexperiments.com https://platform.twitter.com https://script.hotjar.com https://scripts.clarity.ms https://snap.licdn.com https://static.hotjar.com https://syndication.twitter.com https://tagmanager.google.com https://vc.hotjar.io/ https://www.clarity.ms/ https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/releases/ https://www.instagram.com https://www.linkedin.com https://www.youtube.com https://www3.actito.com/ 'self' 'unsafe-eval' 'unsafe-inline';worker-src blob:;img-src data: https://assets1-gbr.mkt.dynamics.com https://assets-gbr.mkt.dynamics.com https://bat.bing.com/ https://c.bing.com https://c.clarity.ms https://cookie-cdn.cookiepro.com/ https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://px.ads.linkedin.com https://script.hotjar.com https://services.postcodeanywhere.co.uk https://tagmanager.google.com https://www.facebook.com/ https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com 'self';font-src data: https://*.cdn.office.net https://cdn.fonts.net https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com https://www.googletagmanager.com 'self';style-src https://api.addressy.com https://app.optimalworkshop.com https://c.clarity.ms https://cdn.fonts.net https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://e.clarity.ms/collect https://fonts.googleapis.com https://l.clarity.ms/collect https://scripts.clarity.ms https://services.postcodeanywhere.co.uk https://tagmanager.google.com https://www.clarity.ms/ https://www.googletagmanager.com https://y.clarity.ms https://z.clarity.ms/collect 'self' 'unsafe-inline';frame-src https://app.convert.com https://app.convert.com/* https://app.swapcard.com https://cafdonate.cafonline.org https://gtm-ncxkmtc-ngfhn.uc.r.appspot.com/ https://iosh-webcomponents-prod.azurewebsites.net https://iosh-webcomponents-uat.azurewebsites.net https://platform.twitter.com https://player.vimeo.com https://prod.umbraco.iosh.com https://stg.umbraco.iosh.com https://syndication.twitter.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.instagram.com https://www.linkedin.com https://www.podbean.com https://www.youtube.com 'self' 'unsafe-inline';frame-ancestors https://prod.umbraco.iosh.com https://stg.umbraco.iosh.com 'self';default-src https://region1.google-analytics.com 'self';object-src 'none' 2
frame-ancestors 'self' *.wpenginepowered.com *.wpengine.com https://cid.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.admixer.net https://www.gstatic.com *.admixer.net *.stacksandbox.com https://partner.googleadservices.com https://cse.google.com *.google.com https://connect.facebook.net https://script.hotjar.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://snap.licdn.com https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://static.hotjar.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://snap.licdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google-analytics.com; object-src 'none'; base-uri *.admixer.net;style-src 'self' 'unsafe-inline' https://script.hotjar.com https://cse.google.com https://cdn.admixer.net https://cse.google.com https://fonts.googleapis.com *.google.com https://cdn.jsdelivr.net https://use.fontawesome.com https://partner.googleadservices.com https://admixer.net https://www.gstatic.com *.stacksandbox.com report-uri https://proximaresearch.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' ; object-src 'self' ; frame-src 'self' ; 2
frame-ancestors 'self' https://workplaceservices.fidelity.com 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https://*.cookiebot.com https://*.etracker.com https://www.etracker.de https://*.youtube-nocookie.com https://www.google.com; frame-ancestors 'self' https://*.etracker.com https://www.etracker.de; style-src-elem 'self' blob: 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com data: https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.cookiebot.com https://*.etracker.com https://*.etracker.de https://*.b-ite.com https://connect.facebook.net https://maps.googleapis.com https://maps.gstatic.com; img-src 'self' data: https: https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://*.google.com https://*.googleusercontent.com; connect-src 'self' https://*.googleapis.com https://*.gstatic.com https://sources.2sxc.org https://*.cookiebot.com https://*.b-ite.com https://*.etracker.com https://www.etracker.de https://www.facebook.com https://*.facebook.com; worker-src 'self' blob:; 2
frame-ancestors 'self' https://portal.punchout2go.com https://eprocurement.esmsolutions.com https://solutions.sciquest.com https://usertest.sciquest.com https://service.ariba.com https://s3.ariba.com 2
frame-ancestors 'self' https://my.cermo360.de https://my.matterport.com; 2
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors *.caf.io 2
default-src 'self'; script-src 'unsafe-eval' 'self' stats.aws.at unpkg.com www.google.com www.gstatic.com www.youtube.com aws.jobbase.io aws.onlyfy.jobs letter.eyepin.com 'nonce-W59jk9Di9' 'nonce-fs4B35gA'; style-src 'self' 'unsafe-inline' fast.fonts.net unpkg.com fonts.gstatic.com; img-src 'self' data: unpkg.com *.tile.openstreetmap.org stats.aws.at; frame-src www.google.com www.youtube.com www.youtube-nocookie.com aws.jobbase.io aws.onlyfy.jobs letter.eyepin.com; font-src 'self' data: fast.fonts.net fonts.gstatic.com; connect-src 'self' stats.aws.at nominatim.openstreetmap.org api.mapbox.com letter.eyepin.com; frame-ancestors 'none' 2
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; 2
default-src 'self'; base-uri 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; style-src * 'unsafe-inline' 2
default-src 'self'; connect-src 'self' *.prosoft.io *.belden.io prosoft.io belden.io cdn.cookielaw.org *.statuspage.io privacyportal.onetrust.com geolocation.onetrust.com *.prosoft-technology.com www.google-analytics.com *.googleapis.com *.mailgun.net *.intercom.io *.s3.us-west-2.amazonaws.com wss:; media-src 'self' *.intercomcdn.com www.google-analytics.com *.intercomassets.com *.prosoft-technology.com *.mailgun.net; img-src 'self' blob: data: maps.google.com cdn.cookielaw.org maps.gstatic.com *.googleapis.com www.google-analytics.com *.intercomcdn.com *.intercomassets.com *.ggpht *.prosoft-technology.com *.mailgun.net; font-src 'self' data: fonts.gstatic.com *.intercomcdn.com *.intercomassets.com *.prosoft-technology.com *.mailgun.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.intercomassets.com *.prosoft-technology.com *.mailgun.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com maps.googleapis.com maps.google.com *.intercom.io *.intercomassets.com *.intercomcdn.com polyfill.io *.prosoft-technology.com *.mailgun.net cdn.cookielaw.org; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com *.intercom.io *.intercomassets.com *.intercomcdn.com polyfill.io *.prosoft-technology.com *.mailgun.net cdn.cookielaw.org *.statuspage.io; frame-src 'self' *.statuspage.io 2
frame-ancestors https://pages.sitecorecloud.io https://dev-xmc-investments.vercel.app https://tst-xmc-investments.vercel.app https://prd-xmc-investments.vercel.app https://aberdeeninvestments.com www.aberdeeninvestments.com connect.aberdeeninvestments.com open.spotify.com connect-test.aberdeeninvestments.com connect-preprod.aberdeeninvestments.com; 2
frame-ancestors 'self' teams.microsoft.com; script-src 'self' cdn.rudderlabs.com 2
frame-ancestors *.imu.nl *.phoenixsite.nl www.thehuddle.nl 2
default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io  https://*.s3.eu-central-1.amazonaws.com https://*.deloitteexperts.com https://*.deloitte.direct https://*.easydeloitte.at https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://*.fulll.io https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.eu01.nr-data.net https://www.googletagmanager.com https://js-agent.newrelic.com https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://*.sentry.io https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://js.stripe.com https://*.fulll.io https://uptime.betterstack.com/widgets/announcement.js https://www.youtube.com https://widget.intercom.io https://app.intercom.io https://js.intercomcdn.com https://*.visitor-analytics.io https://api.session-replays.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.fulll.io; font-src 'self' data: https://fonts.gstatic.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io https://js.intercomcdn.com https://fonts.intercomcdn.com; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io https://www.youtube.com/ https://intercom-sheets.com/; connect-src blob: data: https://bam.eu01.nr-data.net wss://*.fulll.io wss://*.inexweb.fr wss://*.inexweb.io https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitte.direct https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://*.fulll.io https://cdn.jsdelivr.net/npm/@emoji-mart/ https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io  wss://nexus-europe-websocket.intercom.io  https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io  https://uploads.intercomcdn.com https://uploads.intercomcdn.eu  https://uploads.au.intercomcdn.com  https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://vimeo.com https://*.visitor-analytics.io https://api.session-replays.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io 2
default-src https: 'unsafe-inline'; 2
frame-ancestors https://funbridge.com https://*.funbridge.com http://localhost:* http://127.0.0.1:*; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: *; img-src * data: * blob: *; report-uri /local/ajax/CSP.php 2
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://submit.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://submit.jotform.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 2
frame-ancestors https://*.bthhotels.com 2
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://piwik.bioeg.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/ ; frame-src *.frcapi.com 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://fonts.googleapis.com https://consent.cookiebot.com https://www.google.com https://analytics.twitter.com https://api-iam.intercom.io https://api-js.mixpanel.com https://cdn.mxpnl.com https://chimpstatic.com https://consentcdn.cookiebot.com https://cookieconsent.popupsmart.com https://downloads.mailchimp.com https://fonts.gstatic.com https://fonts.gstatic.com https://imgsct.cookiebot.com https://js.intercomcdn.com https://mc.us5.list-manage.com https://pi.pardot.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://region1.analytics.google.com https://snap.licdn.com https://static.ads-twitter.com  https://static.blippar.com https://t.co https://translate-pa.googleapis.com https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com https://widget.intercom.io https://www.gstatic.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.youtube.com https://unpkg.com https://hello.myfonts.net https://www.google.ie wss://nexus-websocket-a.intercom.io https://pagead2.googlesyndication.com https://region1.google-analytics.com 2
default-src 'self'; connect-src 'self' https://*.sata.pt https://*.proscloud.com https://o210366.ingest.sentry.io https://www.google.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.paypal.com https://*.azoresairlines.pt https://azo-cdn.azureedge.net https://tracking.monsido.com https://*.inside-graph.com wss://*.inside-graph.com https://*.googlesyndication.com https://*.quantcast.com https://*.inmobi.com https://www.facebook.com/tr/; font-src 'self' https://i.icomoon.io https://fonts.gstatic.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://azo-cdn.azureedge.net; form-action 'self' https://*.proscloud.com https://*.paypal.com https://*.iata.org https://payments.sata.pt https://*.azoresairlines.pt https://*.sata.pt https://www.facebook.com/tr/; frame-src 'self' https://heyzine.com https://www.youtube.com https://www.google.com https://www.recaptcha.net https://bid.g.doubleclick.net https://*.paypal.com https://static.sojern.com https://*.inside-graph.com https://*.doubleclick.net; frame-ancestors 'self'; img-src 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com; object-src 'none'; script-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://quantcast.mgr.consensu.org https://secure.quantserve.com https://cmp.quantcast.com https://cmp.inmobi.com https://rules.quantcount.com https://www.google.com/recaptcha/ https://www.gstatic.com https://www.recaptcha.net https://www.googletagmanager.com https://storage.googleapis.com https://www.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.paypal.com https://static.sojern.com/utils/sjrn_autocx.js https://cdn.monsido.com https://*.inside-graph.com https://connect.facebook.net https://static.connect.travelaudience.com https://azo-cdn.azureedge.net; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.inside-graph.com https://i.icomoon.io https://azo-cdn.azureedge.net; 2
default-src 'self' *.dab-bank.de https://*.dab-bank.de intent://consors.com https://*.optimizely.com;script-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.bootstrapcdn.com https://*.ensighten.com https://*.googleapis.com https://*.akamaihd.net https://*.tlscdn.com https://*.cloudfront.net https://*.google-analytics.com https://*.akamai.net https://*.dab-partnerprogramm.de https://*.zanox.com https://*.intelliad.de https://*.netrk.net https://*.optimizely.com https://*.amazonaws.com https://*.googleadservices.com https://*.webmasterplan.com  https://*.neqty.net https://*.gstatic.com https://*.doubleclick.net https://*.adform.net https://*.vid.ly https://*.googleusercontent.com *.mdgms.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de  https://*.facebook.com https://*.facebook.net 'unsafe-inline' 'unsafe-eval';img-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.bootstrapcdn.com https://*.ensighten.com *.mdgms.com https://*.netrk.net https://*.adform.net https://*.intelliad.de https://*.zanox.com *.webmasterplan.com https://*.gstatic.com https://*.amazonaws.com https://*.google-analytics.com https://*.akamai.net https://*.neqty.net https://*.twitter.com https://*.google.com https://*.doubleclick.net https://*.google.de https://*.googleadservices.com *.bing.com https://*.akamaihd.net https://*.facebook.com https://*.facebook.net https://*.cloudfront.net https://*.ssl-images-amazon.com https://*.googleapis.com https://*.optimizely.com https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de data:;style-src 'self' 'unsafe-inline' *.dab-bank.de https://*.dab-bank.de https://*.googleapis.com https://*.bootstrapcdn.com https://*.intelliad.de https://*.webmasterplan.com;frame-src 'self' *.dab-bank.de https://*.dab-bank.de push.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.google.de https://*.cloudfront.net https://*.rexx-server.com https://*.amazonaws.com *.mdgms.com https://*.webmasterplan.com *.boerse-frankfurt.de *.volkswagenbank.de https://*.akamaihd.net https://*.intelliad.de http://*.zanox.com http://*.adform.net https://*.netrk.net https://*.neqty.net https://*.googleapis.com https://*.optimizely.com https://*.google-analytics.com https://*.googleadservices.com https://*.ensighten.com https://*.bootstrapcdn.com https://*.doubleclick.net https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.facebook.com https://*.facebook.net https://www.youtube-nocookie.com;font-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.googleusercontent.com https://*.gstatic.com https://*.bootstrapcdn.com;object-src 'self' *.dab-bank.de https://*.dab-bank.de http://boerse.dab-bank.de https://*.akamaihd.net https://*.akamai.net;connect-src 'self' *.dab-bank.de https://*.dab-bank.de wss://*.dab-bank.de https://*.googleapis.com https://*.log.optimizely.com https://*.log.optimizely.com https://test1-onboarding.united-signals.com https://onboarding.united-signals.com https://*.united-signals.com;media-src 'self' *.dab-bank.de https://*.dab-bank.de;report-uri /json/open/csp_report; 2
frame-ancestors 'self' *.tdsecurities.com *.tdbank.ca *.tdbank.com *.td.com 2
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' *.cybersource.com; object-src 'none'; 2
base-uri 'self' https://*.xtm.cloud; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.g2crowd.com *.cookielaw.org *.cookiebot.com consent.cookiebot.com *.vimeocdn.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.googletagmanager.com api.hubapi.com *.hsappstatic.net *.jsdelivr.net *.typeform.com *.fontawesome.com *.licdn.com *.google-analytics.com *.facebook.com *.facebook.net googleads.g.doubleclick.net bat.bing.com *.gstatic.com *.google.com *.hsforms.net js.hsforms.net *.6sc.co *.onetrust.com *.xtm.cloud *.demoboost.com *.pendo.io *.hubspot.com *.apollo.io *.api.irisagent.com player.vimeo.com plugin.sopro.io *.sopro.io cdn.taboola.com trc.taboola.com *.taboola.com a.quora.com *.quora.com tracking-api.g2.com www.clarity.ms *.clarity.ms scripts.clarity.ms yoast.com www.clickcease.com *.clickcease.com www.youtube.com *.feedbucket.app *.convertexperiments.com *.usemessages.com ws.zoominfo.com *.hotjar.com *.eventbrite.com dashboard.searchatlas.com cdn.dreamdata.cloud cdn.drda.io; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.g2crowd.com *.cookielaw.org *.cookiebot.com consent.cookiebot.com *.vimeocdn.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.googletagmanager.com api.hubapi.com *.hsappstatic.net *.jsdelivr.net *.typeform.com *.fontawesome.com *.licdn.com *.google-analytics.com *.facebook.com *.facebook.net googleads.g.doubleclick.net bat.bing.com *.gstatic.com *.google.com *.hsforms.net js.hsforms.net *.6sc.co *.onetrust.com *.xtm.cloud *.demoboost.com *.pendo.io *.hubspot.com *.apollo.io *.api.irisagent.com player.vimeo.com plugin.sopro.io *.sopro.io cdn.taboola.com trc.taboola.com *.taboola.com a.quora.com *.quora.com tracking-api.g2.com www.clarity.ms *.clarity.ms scripts.clarity.ms yoast.com www.clickcease.com *.clickcease.com www.youtube.com *.feedbucket.app *.convertexperiments.com *.usemessages.com ws.zoominfo.com *.hotjar.com *.eventbrite.com storage.googleapis.com static.hsappstatic.net dashboard.searchatlas.com cdn.transifex.com cdn.dreamdata.cloud cdn.drda.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.feedbucket.app https://cdn.transifex.com; connect-src 'self' vimeo.com *.vimeo.com *.cookiebot.com consent.cookiebot.com consentcdn.cookiebot.com imgsct.cookiebot.com *.cookielaw.org cdn.cookielaw.org *.onetrust.com *.hubspot.com api.hubapi.com forms.hsforms.com *.hsforms.com forms.hscollectedforms.net *.hscollectedforms.net hubspot-forms-static-embed.s3.amazonaws.com *.amazonaws.com *.google-analytics.com www.google-analytics.com *.google.com www.google.com *.facebook.com *.hs-analytics.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.clarity.ms c.clarity.ms *.g2.com *.g2crowd.com tracking-api.g2.com *.xtm-intl.com *.feedbucket.app dashboard.feedbucket.app cdn.feedbucket.app *.taboola.com psb.taboola.com aplo-evnt.com *.apollo.io *.fontawesome.com ka-p.fontawesome.com kit.fontawesome.com *.googlesyndication.com pagead2.googlesyndication.com *.googletagmanager.com *.azurewebsites.net sopro-personalisation.azurewebsites.net *.hsappstatic.net static.hsappstatic.net px.ads.linkedin.com *.linkedin.com bat.bing.com *.bing.com *.6sc.co *.6sense.com b.6sc.co stats.g.doubleclick.net *.doubleclick.net *.adnxs.com *.eventbrite.com *.demoboost.com *.pendo.io *.api.irisagent.com *.convertexperiments.com *.yoast.com sa.searchatlas.com live-detector.svc.transifex.net telemetry.svc.transifex.net app.transifex.com cdn.dreamdata.cloud cdn.drda.io *.dreamdata.cloud *.drda.io; img-src 'self' 'unsafe-inline' data: *.google.com *.google.com.ua *.google.pl *.facebook.com *.linkedin.com *.hubspot.com forms.hsforms.com perf-na1.hsforms.com *.hsappstatic.net *.hotjar.com *.quora.com q.quora.com a.quora.com *.taboola.com *.apollo.io *.cookiebot.com imgsct.cookiebot.com *.cookielaw.org *.clarity.ms c.clarity.ms *.bing.com c.bing.com xtm.cloud *.capterra.com ct.capterra.com *.gravatar.com secure.gravatar.com *.feedbucket.app cdn.feedbucket.app px.ads.linkedin.com *.hs-sites.com b.6sc.co connect.facebook.net forms-na1.hsforms.com www.googletagmanager.com *.vimeocdn.com *.typeform.com *.doubleclick.net *.pendo.io *.googleapis.com *.api.irisagent.com *.w.org yoast.com yoa.st cdn.transifex.com 14487846.fs1.hubspotusercontent-na1.net; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com *.fontawesome.com ka-p.fontawesome.com; frame-src 'self' vimeo.com *.vimeo.com *.youtube.com *.youtube-nocookie.com *.cookiebot.com consent.cookiebot.com consentcdn.cookiebot.com *.onetrust.com *.googletagmanager.com www.googletagmanager.com *.hs-sites.com js.hsforms.net *.hsforms.com *.hubspot.com *.typeform.com *.xtm.cloud *.google.com *.demoboost.com *.pendo.io *.doubleclick.net; frame-ancestors 'none'; block-all-mixed-content; report-uri /wp-json/xtm-csp/v1/report 2
default-src 'self' data:; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://player.vimeo.com https://www.youtube.com https://statistik.kug.ac.at; style-src 'self' 'unsafe-inline'; connect-src 'self' https://statistik.kug.ac.at data:; img-src 'self' https://img.youtube.com https://tiles.wmflabs.org https://c.tile.openstreetmap.org; form-action 'self' https://*.ddev.site https://search-kug.obvsg.at; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://services.phaidra.kug.ac.at; media-src 'self'; child-src 'self' blob: https://player.vimeo.com https://www.youtube.com; 2
frame-ancestors 'self' covideo.com *.covideo.com vidmails.com *.vidmails.com eleadcrm.com *.eleadcrm.com forddirectcrm.com *.forddirectcrm.com usherpa.com *.usherpa.com *.autoipacket.com *.autoipacket.net *.ipacket.us *.ipacket.info dealersocket.com *.dealersocket.com dealersocket.engineering *.dealersocket.engineering bb.local.dealersocket.com murraychevbrandon.com *.murraychevbrandon.com linkedin.com *.linkedin.com *.kennected.video watch.kennected.video; 2
default-src 'self' https://mw-ar-recom-prod.pgapi.io/; media-src https://videos.ctfassets.net; style-src 'self' 'unsafe-inline' *; img-src https://* 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; frame-ancestors * 'self' data: https: blob: 2
default-src 'self'; object-src 'none'; form-action 'none'; report-to csp-endpoint; 2
base-uri 'self';   frame-src 'self' https://*.google.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://*.tiqcdn.com https://match.adsrvr.org https://insight.adsrvr.org https://experience.arcgis.com/ https://*.adform.net https://connect.facebook.net https://c1.adform.net https://platform.twitter.com/ https://a.flexbooker.com/ https://www.snappayglobal.com/ https://stage.snappayglobal.com/ https://www.youtube.com/ https://player.vimeo.com/ https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://*.arcgis.com https://hctra.maps.arcgis.com https://www.google.com/maps/ https://www.google.com/maps https://www.google.com https://www.trustedsite.com https://cse.google.com/ https://public.earthcam.net https://td.doubleclick.net;     default-src 'self';   script-src 'self' 'unsafe-inline' https://js.adsrvr.org https://*.tiqcdn.com https://www.googleadservices.com https://*.clarity.ms  https://t.clarity.ms  https://*.stackadapt.com https://*.tvsquared.com  https://*.tvsquared.com/tv2track.js  https://qvdt3feo.com/events.js   https://tags.srv.stackadapt.com https://connect.facebook.net  https://*.adform.net https://www.clarity.ms  https://ads.nextdoor.com  https://platform.twitter.com/js/tweet.b81b6d7af2d75db873cff6099e4f433a.js https://platform.twitter.com/widgets.js https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://bam.nr-data.net https://js-agent.newrelic.com https://cse.google.com https://www.google.com/cse/ https://clients1.google.com https://www.google-analytics.com https://cdn.ywxi.net https://www.googletagmanager.com https://www.google.com https://*.gstatic.com https://www.trustedsite.com https://googleads.g.doubleclick.net https://google.com;         img-src blob: data: 'self' https://trkn.us https://*.trkn.us https://arttrk.com https://*.arttrk.com https://www.facebook.com https://www.googleadservices.com https://tpc.googlesyndication.com https://insight.adsrvr.org https://dpm.demdex.net https://datacloud.tealiumiq.com https://cm.g.doubleclick.net https://match.adsrvr.org https://*.stackadapt.com  https://tags.srv.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js  https://*.mdhv.io   https://*.clarity.ms  https://c.clarity.ms https://pbs.twimg.com https://syndication.twitter.com https://cdn.ywxi.net https://smetrics.hctra.org https://clients1.google.com https://www.google.com/cse/ https://www.google-analytics.com https://www.googleapis.com/ https://ssl.gstatic.com https://encrypted-tbn0.gstatic.com/images https://encrypted-tbn1.gstatic.com/images https://encrypted-tbn2.gstatic.com/images https://encrypted-tbn3.gstatic.com/images https://traffic.houstontranstar.org https://www.adobe.com/images/shared/download_buttons/  https://www.googletagmanager.com https://googleads.g.doubleclick.net;      object-src 'self';    style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://www.google.com/cse/static/;        connect-src 'self' https://connect.facebook.net https://www.googleadservices.com https://insight.adsrvr.org https://*.tealiumiq.com https://*.clarity.ms  https://*.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js https://qvdt3feo.com/events.js  https://y.clarity.ms https://t.clarity.ms  https://tags.srv.stackadapt.com  https://*.adform.net  https://www.google-analytics.com https://s3-us-west-2.amazonaws.com/mfesecure-public/host/ https://bam.nr-data.net https://triposcert.vantiv.com https://tripos.vantiv.com https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com;    form-action 'none';    frame-ancestors 'self';    report-uri /api/sessions/CspViolationLog/ReportViolation/ 2
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: ;frame-src 'self' *;frame-ancestors 'self' *; worker-src 'self' * blob:; 2
frame-ancestors 'self' https://newaccount.wsfsbank.com; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://group1auto-eu-prod.azureedge.net https://inchcape-eu-qa.azureedge.net https://inchcape.azureedge.net https://inchcape-prod.azureedge.net https://prod.group1auto.co.uk https://qa-test.inchcape.co.uk https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com https://prod-external.inchcape.co.uk https://inchcape-sa-prod.azureedge.net https://sa-prod.inchcape.com https://js.stripe.com https://plugins.codeweavers.net https://cdn.gubagoo.io https://gubagoo.io https://group1fordnewbury.tyresonmywebsite.co.uk https://*.dealertyres.co.uk https://form.jotform.com https://cdn-assets-prod.s3.amazonaws.com/ https://cdn.mouseflow.com https://iframe.app.autoconvert.co.uk https://vcc-eu11-cf.8x8.com https://js.monitor.azure.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://widgets.reputation.com https://cdn.autopress.cl https://unpkg.com https://cdn.jsdelivr.net https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://bam.nr-data.net https://pixel.mathtag.com https://api-public.addthis.com https://*.cloudfront.net https://graph.facebook.com https://*.addthis.com https://*.addthisedge.com https://static.hotjar.com https://www.dynamicnumbers.mediahawk.co.uk https://static.analytics.netdirector.auto https://ajax.googleapis.com https://cdn.optimizely.com https://cdn.worldpay.com https://emac-direct.service-plan.co.uk https://maps.googleapis.com https://script.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://ad.doubleclick.net https://pagead2.googlesyndication.com https://js-agent.newrelic.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://t.astutemetrics.com https://vcc-eu11.8x8.com/CHAT/common/js/chat.js https://vcc-eu11.8x8.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://eu.cdn.autosonshow.tv/; style-src 'self' 'unsafe-inline' https://group1auto-eu-prod.azureedge.net https://inchcape-eu-qa.azureedge.net https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com/ https://inchcape-sa-prod.azureedge.net https://sa-prod.inchcape.com https://cdnjs.cloudflare.com https://group1fordnewbury.tyresonmywebsite.co.uk https://widgets.reputation.com https://emac-direct.service-plan.co.uk https://fonts.googleapis.com https://tagmanager.google.com  https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com; img-src 'self' data: https://vcc-eu11-cf.8x8.com https://eu.cdn.autosonshow.tv/ https://gubagoo.io https://cdn.gubagoo.io https://imgsct.cookiebot.com https://vcc-eu11.8x8.com https://*.tyresonmywebsite.co.uk https://*.tyresandservice.co.uk https://componentsprodstorage.blob.core.windows.net/ https://www.group1auto.co.uk/ https://prodsc-mediacdn.azureedge.net https://lh3.ggpht.com https://azsbrglocdnepdnbvoa.azureedge.net https://ad.doubleclick.net https://group1auto-eu-prod.azureedge.net https://inchcape-eu-qa.azureedge.net https://group1autoukcdn.azureedge.net https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-qa.azureedge.net https://oc-prod.inchcape.com https://inchcape-oc-prod.azureedge.net https://inchcape-sa-prod.azureedge.net https://sa-qa.inchcape.com https://js.stripe.com https://cdnjs.cloudflare.com https://azeauglocdnedevbvoa.azureedge.net https://azsbrglocdnedevbvoa.azureedge.net https://azeauglocdnepdnbvoa.azureedge.net https://*.google-analytics.com https://*.analytics.google.com https://media.reputation.com https://widgets.reputation.com https://s3-us-west-1.amazonaws.com https://pixelg.adswizz.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://bam.nr-data.net https://pixel.mathtag.com https://match.adsrvr.org https://track.admaxim.com https://static.hotjar.com https://script.hotjar.com https://www.google.com https://www.google.ie https://www.google.co.uk https://*.g.doubleclick.net https://inchcapecdn.azureedge.net https://inchcapeukcdn.azureedge.net https://images-static.trustpilot.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://via.placeholder.com https://maps.googleapis.com https://maps.gstatic.com https://www.caranddriving.com https://*.googleapis.com https://ssl.gstatic.com https://5490816.fls.doubleclick.net https://www.facebook.com; font-src 'self' data: https://group1auto-eu-prod.azureedge.net https://inchcape-eu-qa.azureedge.net https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com https://inchcape-sa-prod.azureedge.net https://sa-qa.inchcape.com https://cdnjs.cloudflare.com https://widgets.reputation.com https://emac-direct.service-plan.co.uk https://fonts.cdnfonts.com https://static.hotjar.com https://script.hotjar.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://fonts.gstatic.com; connect-src 'self' https://prod.group1auto.co.uk https://group1auto-eu-prod.azureedge.net/ https://prod.inchcape.co.uk https://prod-external.inchcape.co.uk https://qa-test.inchcape.co.uk https://preprod.inchcape.co.uk https://dev.inchcape.co.uk prod.inchcape.co.uk https://emac-direct-api.gforceslivelink.co.uk https://gubagoo.io https://cdn.gubagoo.io https://cbo-loader.gubagoo.io wss://node.gubagoo.io/ wss://socket.io wss://gb1-node.gubagoo.io https://eu01.rec.mouseflow.com https://cloud8-cc-geo.8x8.com https://*.in.applicationinsights.azure.com https://*.doubleclick.net https://api.autopress.cl https://b2b.autopress.cl https://www.google.com https://dn.mediahawk.co.uk https://*.logrocket.io https://*.lr-ingest.io https://analytics.netdirector.co.uk https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://googleads4.g.doubleclick.net https://www.facebook.com https://bam.nr-data.net https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://api.oneweb.inchcape.co.uk https://inchcapeuatapi.azurewebsites.net/ https://inchcapeprodapi.azurewebsites.net https://inchcapeuatsearchapi.azurewebsites.net https://inchcapeproductionsearchapi.azurewebsites.net https://inchcapeuatapi.azurewebsites.net https://inchcapeuatimporterapi.azurewebsites.net https://inchcapeuatsearchapi.azurewebsites.net https://m.addthis.com https://www.dynamicnumbers.mediahawk.co.uk http://*.hotjar.io:* https://*.hotjar.io:* http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https://*.googleapis.com https://*.optimizely.com https://stats.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com; media-src 'self' https://cdn.gubagoo.io/ https://eu.cdn.autosonshow.tv/; object-src 'self'; child-src 'self' blob:; frame-src 'self' https://js.stripe.com https://form.jotform.com https://eu-submit.jotform.com https://group1auto.vehiclevisuals.com https://iframe.app.autoconvert.co.uk/ https://vcc-eu11-cf.8x8.com/ https://*.gubagoo.io https://plugins.codeweavers.net/ https://*.tyresonmywebsite.co.uk/ https://*.dealertyres.co.uk/ https://widgets.reputation.com https://www.bumper.co.uk/ https://www.bumper.co/ https://vcc-eu11.8x8.com/ https://cdn.gubagoo.io https://vmc-qa.inchcape.digital/ https://vmc-prd.inchcape.digital/ https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.optimizely.com https://pixel.mathtag.com https://s7.addthis.com https://sdn.sitecore.net https://inchcape.mua.hrdepartment.com https://player.vimeo.com https://vars.hotjar.com https://*.citnow.com https://www.caranddriving.com https://www.youtube.com https://danclarksoninchcape.wufoo.eu https://danclarksoninchcape.wufoo.com https://5490816.fls.doubleclick.net https://emac-direct.service-plan.co.uk https://www.facebook.com/ https://*.mouseflow.com https://www.google.com https://consentcdn.cookiebot.com https://eu.cdn.autosonshow.tv/; worker-src 'self' blob:; frame-ancestors 'self' https://vmc-qa.inchcape.digital/ https://vmc-prd.inchcape.digital/ https://eu.cdn.autosonshow.tv/; form-action 'self' https://inchcape.mua.hrdepartment.com https://plugins.codeweavers.net www.facebook.com https://eu.cdn.autosonshow.tv/; upgrade-insecure-requests; 2
default-src 'self'; script-src 'self' 'nonce-80a8a89ba2beead10083' hubspot-forms-static-embed.s3.amazonaws.com *.vimeo.com api.usercentrics.eu *.youtube.com *.hsforms.net *.hsforms.com *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsleadflows.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com www.google.com www.gstatic.com www2.123insight.com pages.123insight.com 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src 'self' 'unsafe-inline' hubspot-forms-static-embed.s3.amazonaws.com *.vimeo.com api.usercentrics.eu *.youtube.com *.hsforms.net *.hsforms.com *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsleadflows.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com www.google.com www.gstatic.com www2.123insight.com pages.123insight.com; img-src * blob: data:; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; connect-src *; frame-src *; object-src 'none'; base-uri 'self'; frame-ancestors cms.forterro.com; block-all-mixed-content; upgrade-insecure-requests; media-src https://cms.forterro.com; 2
frame-ancestors https://jsapps.c1gdtat48x-ferreroin2-d1-public.model-t.cc.commerce.ondemand.com https://jsapps.c1gdtat48x-ferreroin2-s1-public.model-t.cc.commerce.ondemand.com https://jsapps.c1gdtat48x-ferreroin2-p1-public.model-t.cc.commerce.ondemand.com https://dev.fanniemay.com https://staging.thorntons.com https://staging.fanniemay.com https://www.fanniemay.com https://www.thorntons.com accstorefront.c1gdtat48x-ferreroin2-d1-public.model-t.cc.commerce.ondemand.com:443 accstorefront.c1gdtat48x-ferreroin2-s1-public.model-t.cc.commerce.ondemand.com:443 accstorefront.c1gdtat48x-ferreroin2-p1-public.model-t.cc.commerce.ondemand.com:443 2
default-src 'none'; connect-src 'self' wss: forms-eu1.hscollectedforms.net https://statistik.bundeswehrkarriere.de/; font-src 'self' data:; frame-src 'self' bundeswehr-karriere.novomind.com www.pw6.de https://auth.pw6.de; img-src 'self' data: tiles.mapz.com forms-eu1.hscollectedforms.net forms-eu1.hsforms.com track-eu1.hubspot.com; media-src 'self'; script-src 'self' js-eu1.hs-scripts.com js-eu1.hscollectedforms.net js-eu1.hs-analytics.net js-eu1.hs-banner.com 'unsafe-inline' https://statistik.bundeswehrkarriere.de/; style-src 'self' 'unsafe-inline' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://connect.facebook.net https://static.doubleclick.net https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://recaptcha.net https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'report-sample' https://www.facebook.com https://connect.facebook.net https://www.gstatic.com; object-src 'none'; base-uri 'self'; connect-src 'self' careem.com platform.careemapis.com https://stats.g.doubleclick.net https://jnn-pa.googleapis.com https://play.google.com https://*.googlevideo.com https://googleads.g.doubleclick.net https://www.google.com https://analytics.google.com https://www.google-analytics.com https://remittance-service.pvt-cx.gw.staging.teamdisplayed.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net  https://www.facebook.com https://www.googletagmanager.com recaptcha.net https://www.youtube.com; img-src 'self' data: https://careem-catalog-media.imgix.net https://www.facebook.com https://yt3.ggpht.com https://i.ytimg.com https://www.gstatic.com https://www.google.com/pagead https://googleads.g.doubleclick.net https://www.google.com.pk https://careem-public-web-media.imgix.net https://upload-cdn.careem.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' blob: https://upload-cdn.careem.com https://careem-public-web-media.imgix.net; report-uri https://646c74d0974ac544f93aad6a.endpoint.csper.io/?v=3; worker-src https://recaptcha.net; form-action 'self' 2
default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; child-src 'self'; object-src blob: 'report-sample'; connect-src 'self' blob: https://www.paypal.com https://www.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://csi.gstatic.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://accounts.google.com https://*.adtrafficquality.google https://fundingchoicesmessages.google.com https://www.google.com.br https://www.google.cl https://www.google.com.py https://www.google.fr https://www.google.com.mx https://www.google.com.bd https://www.google.com.co https://www.google.com.pe https://www.google.nl https://www.google.es https://www.google.com.gt https://www.google.com.uy https://www.google.com.pr https://www.google.com.sg https://www.google.es https://www.google.com.co https://www.google.at https://www.google.ca https://www.google.pl https://www.google.cl https://www.google.es https://www.google.com.ec https://www.google.co.ve https://www.google.jo https://www.google.hu https://www.google.com.ar https://www.google.com.qa https://www.google.com.co https://www.google.it https://www.google.hr https://www.google.co.il https://www.google.co.uk https://www.google.com.mm https://www.google.com.jm https://www.google.pt/ https://www.google.com.pk https://www.google.ca https://www.google.tt https://www.google.ie/ https://www.google.com.mx https://www.google.no https://www.google.com.au https://www.google.fi https://www.google.rs https://www.google.co.th https://www.google.de https://www.google.cz https://www.google.co.in https://www.google.co.nz https://www.google.co.za https://www.google.com.ua/ https://www.google.com.pk https://www.google.co.id https://www.google.com.ar https://www.google.az https://www.google.cl https://www.google.fr https://www.google.ru https://www.google.com.do https://www.google.com.ng https://www.google.co.jp https://www.google.co.zw https://www.google.ch https://www.google.es https://www.google.co.za https://www.google.com.tr https://www.google.co.ke https://www.google.com.sa https://www.google.pt/ https://www.google.dz https://www.google.be https://www.google.com.ph https://www.google.com.my https://www.google.co.id https://www.google.co.ma https://www.google.de https://www.google.com.kw https://www.google.gy https://www.google.hn https://www.google.com.hk https://www.google.co.ao https://www.google.com.eg https://www.google.co.ke https://www.google.co.cr https://www.google.co.tw; media-src blob: 'report-sample'; img-src 'self' blob: data: https://t.paypal.com https://www.paypalobjects.com https://region1.analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.googleusercontent.com https://*.adtrafficquality.google https://*.googlesyndication.com https://*.googletagmanager.com https://region1.analytics.google.com https://www.google.cz https://www.google.com.my https://www.google.co.in https://www.google.com.uy https://www.google.com.ar https://www.google.co.uk https://www.google.pt https://www.google.com.co https://www.google.co.ma https://www.google.bs https://www.google.de https://www.google.cl https://www.google.com.pe https://www.google.it https://www.google.fr https://www.google.com.mx https://www.google.ca https://www.google.bs https://www.google.es https://www.google.com.kw https://www.google.com.ec https://www.google.nl https://www.google.co.ke https://www.google.gr https://www.google.com.vn https://www.google.co.il https://www.google.com.mt https://www.google.com.pk https://www.google.com.jm https://www.google.dk https://www.google.com.bd https://www.google.com.ng https://www.google.hu https://www.google.ie https://www.google.cz https://www.google.pl https://www.google.ae https://www.google.com.hk https://www.google.co.id https://www.google.at https://www.google.com.br https://www.google.com.sa https://www.google.ru https://www.google.co.ve https://www.google.com.ec https://www.google.com.py https://www.google.co.za https://www.google.com.sv https://www.google.ro https://www.google.ch https://www.google.no https://www.google.sn https://www.google.hr https://www.google.com.pr https://www.google.com.ph https://www.google.com.eg https://www.google.se https://www.google.ge https://www.google.com.lb https://www.google.com.ua https://www.google.com.pa https://www.google.be https://www.google.co.nz https://www.google.co.zm https://www.google.com.sg https://www.google.com.gt https://www.google.com.br https://www.google.com.fj https://www.google.com.bo https://www.google.sk https://www.google.com.ni https://www.google.dz https://www.google.com.do https://www.google.rw https://www.google.as https://www.google.com.om https://www.google.co.jp https://www.google.rw https://www.google.md https://www.google.co.th https://www.google.jo/ https://www.google.com.gt/ https://www.google.fi https://www.google.co.tz https://www.google.bg https://www.google.co.kr https://www.google.rs https://www.google.com.au https://www.google.de https://www.google.iq https://www.google.az https://www.google.co.cr https://www.google.com.mm https://www.google.com.ly https://www.google.mw https://www.google.com.qa https://www.google.be https://www.google.hn https://www.google.com.pg/ https://www.google.bf https://www.google.com.tw https://www.google.ws https://www.google.tn https://www.google.com.tr https://www.google.com.np https://www.google.ci/ https://www.google.com.gh https://www.google.ht; script-src 'self' 'report-sample' https://*.googletagmanager.com https://*.google-analytics.com https://ssl.google-analytics.com/ https://apis.google.com https://*.googlesyndication.com https://*.googleadservices.com https://*.googletagservices.com https://cdn.ampproject.org https://www.gstatic.com https://*.adtrafficquality.google https://www.paypal.com https://www.paypalobjects.com 'sha256-b+mf6EIMFYxuAIdk6/2IF09zTUsJrlW6qZaw4opG6QU=' 'sha256-f5g6BkxJ1yWIe/gRp3R+jf8SkUVo9bSekseH2x1cB+k=' https://adservice.google.com https://fundingchoicesmessages.google.com https://accounts.google.com https://adservice.google.com.br https://adservice.google.com.mx https://adservice.google.com.co https://adservice.google.com.ar https://adservice.google.com.pe https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.tr https://adservice.google.com.pk https://adservice.google.com.sa https://adservice.google.com.ec https://adservice.google.com.ph https://adservice.google.com.bo https://adservice.google.com.gt https://adservice.google.com.tr https://adservice.google.com.ng https://adservice.google.com.ua https://adservice.google.com.my https://adservice.google.com.gt https://adservice.google.com.eg https://adservice.google.com.bh  https://adservice.google.co.uk https://adservice.google.co.in https://adservice.google.co.nz https://adservice.google.co.kr https://adservice.google.co.id https://adservice.google.co.ve https://adservice.google.co.il https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.za https://adservice.google.co.ve  https://adservice.google.pl https://adservice.google.it https://adservice.google.es https://adservice.google.pt https://adservice.google.ca https://adservice.google.ru https://adservice.google.fr https://adservice.google.cl https://adservice.google.sk https://adservice.google.cz https://adservice.google.se https://adservice.google.gr https://adservice.google.ie https://adservice.google.hn https://adservice.google.ae https://adservice.google.cl https://adservice.google.hu https://adservice.google.de https://adservice.google.iq https://adservice.google.si https://adservice.google.rs https://adservice.google.nl https://adservice.google.py https://adservice.google.tn https://adservice.google.hu https://adservice.google.at https://adservice.google.fi https://adservice.google.rw https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.com.sg https://adservice.google.com.np https://adservice.google.com.vn https://adservice.google.com.kh https://adservice.google.com.bd https://adservice.google.com.fj https://adservice.google.be https://adservice.google.ro https://adservice.google.dk https://adservice.google.kz https://adservice.google.ch https://adservice.google.lt https://adservice.google.no https://adservice.google.bg https://adservice.google.lv https://adservice.google.com.tw https://adservice.google.lb https://adservice.google.com.bz https://adservice.google.com.py https://adservice.google.com.kw https://adservice.google.com.uy https://adservice.google.com.jm https://adservice.google.com.qa https://adservice.google.com.lb https://adservice.google.com.pr https://adservice.google.com.sv  https://adservice.google.com.cy https://adservice.google.com.hk https://adservice.google.com.et https://adservice.google.com.pa https://adservice.google.co.zm https://adservice.google.co.cr https://adservice.google.co.zw https://adservice.google.co.uz https://adservice.google.co.ug https://adservice.google.tt https://adservice.google.dz https://adservice.google.mu https://adservice.google.cm https://adservice.google.ht https://adservice.google.ee https://adservice.google.bt https://adservice.google.az https://adservice.google.hr https://adservice.google.is https://adservice.google.ad https://adservice.google.lk https://adservice.google.al https://adservice.google.lu https://adservice.google.mw https://adservice.google.ci https://adservice.google.co.mz https://adservice.google.com.mm https://adservice.google.com.na https://adservice.google.com.af https://adservice.google.bj https://adservice.google.bs https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.vi https://adservice.google.com.ag https://adservice.google.com.bn https://adservice.google.com.cu https://adservice.google.com.gh https://adservice.google.com.ni https://adservice.google.com.pg https://adservice.google.fm https://adservice.google.la https://adservice.google.mn https://adservice.google.sn https://adservice.google.sr https://adservice.google.tl https://adservice.google.ws https://adservice.google.jo; style-src 'self' https://*.googletagservices.com https://fonts.googleapis.com 'unsafe-inline' 'report-sample'; font-src 'self' data: 'report-sample' https://fonts.gstatic.com https://use.typekit.net; frame-src blob: https://accounts.google.com https://*.doubleclick.net https://*.googlesyndication.com https://docs.google.com https://drive.google.com https://www.google.com https://*.adtrafficquality.google https://www.paypal.com https://www.paypalobjects.com; 2
default-src * blob: data:; font-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: https://*.paypal.com https://*.paypalobjects.com; connect-src * https://*.paypal.com; img-src * data: https://*.paypal.com https://*.paypalobjects.com; style-src 'self' fonts.googleapis.com https://apps.bazaarvoice.com http://display.ugc.bazaarvoice.com https://embed.salefinder.com.au https://app.medmate.com.au https://test-app.medmate.com.au https://fonts.cdnfonts.com https://embed.typeform.com 'unsafe-inline' https://vercel.live https://*.paypal.com; frame-src * https://*.paypal.com; base-uri 'self'; form-action 'self' https://*.paypal.com; 2
frame-ancestors 'self' *.ssnc.cloud learningcenter.wealthmsi.com learningcenter-uat.wealthmsi.com *.vantagenetwork.net *.vantageira.net dev.missionsquare.com stage.missionsquare.com betaretirement.financialtrans.com retirement.financialtrans.com https://dev--missionsquare-edge-dev--web-msq.aem.page https://stage--missionsquare-edge-stage--web-msq.aem.page https://main--missionsquare-edge--web-msq.aem.page https://dev--missionsquare-edge-dev--web-msq.aem.live https://stage--missionsquare-edge-stage--web-msq.aem.live https://main--missionsquare-edge--web-msq.aem.live https://author-p159156-e1695911.adobeaemcloud.com https://author-p159156-e1695869.adobeaemcloud.com *.missionsquare.com missionsquare.com; 2
frame-ancestors ; connect-src www.mineraltree.com www.google-analytics.com analytics.google.com api.company-target.com company-target.com segments.company-target.com s.company-target.com rlcdn.com *.cookielaw.org *.popt.in *.demandbase.com *.linkedin.com *.visualwebsiteoptimizer.com app.vwo.com *.onetrust.com *.cloudfront.net *.clarity.ms  my.g2.com *.doubleclick.net; default-src 'self' 'unsafe-inline' mineralstage.wpengine.com www.google-analytics.com *.google.com maps.googleapis.com stats.g.doubleclick.net *.chilipiper.com *.clickagy.com www.googletagmanager.com *.breezy.hr *.linkedin.oribi.io *.linkedin.com *.wistia.com *.zoominfo.com *.litix.io cdn.cookielaw.org *.onetrust.com vimeo.com dev.visualwebsiteoptimizer.com *.popt.in *.cloudfront.net *.company-target.com *.demandbase.com *.rlcdn.com; font-src 'self' use.typekit.net fonts.gstatic.com *.popt.in *.cloudflare.com *.on.aws *.cloudfront.net *.amazonaws.com data:; frame-src 'self' 'unsafe-inline' player.vimeo.com js.driftt.com *.bugherd.com mineraltree.breezy.hr *.mineraltree.com *.googletagmanager.com optimize.google.com *.youtube.com *.chilipiper.com *.doubleclick.net *.company-target.com *.google.com *.visualwebsiteoptimizer.com app.vwo.com data:; img-src 'self' mineralstage.wpengine.com www.google.com www.google-analytics.com maps.gstatic.com maps.googleapis.com *.googletagmanager.com optimize.google.com *.linkedin.com lltrck.com b.6sc.co p.adsymptotic.com *.clickagy.com *.rlcdn.com *.bing.com *.wistia.com *.vimeocdn.com *.chilipiper.com cdn.cookielaw.org *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.company-target.com *.clarity.ms hostedseal.trustarc.com images.g2crowd.com data:; media-src 'self' mineralstage.wpengine.com blob:; script-src 'self' 'unsafe-inline' mineralstage.wpengine.com js.driftt.com *.bugherd.com j.6sc.co www.googletagmanager.com www.google-analytics.com maps.googleapis.com www.googleoptimize.com optimize.google.com player.vimeo.com pi.pardot.com ws.zoominfo.com tracking.leadlander.com snap.licdn.com go.mineraltree.com mineraltree.breezy.hr *.chilipiper.com *.bing.com *.clickagy.com *.wistia.com *.capterra.com cdn.cookielaw.org *.visualwebsiteoptimizer.com app.vwo.com cdn.jsdelivr.net cdnjs.cloudflare.com *.popt.in tag.demandbase.com tag-logger.demandbase.com scripts.demandbase.com www.google.com www.gstatic.com *.clarity.ms my.g2.com blob:; style-src 'self' 'unsafe-inline' mineralstage.wpengine.com *.typekit.net *.googleapis.com optimize.google.com *.popt.in *.cloudflare.com *.on.aws *.visualwebsiteoptimizer.com app.vwo.com; 2
base-uri 'self'; report-uri https://csp-logging.m-operations.com/cspheaders; frame-ancestors 'self' constantcontact.com *.constantcontact.com constantcontact.my.site.com constantcontact.my.salesforce-scrt.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' constantcontact.com *.constantcontact.com constantcontact.my.site.com constantcontact.my.salesforce-scrt.com *.moosend.com *.moostaging.com cdn.transifex.com cdn.segment.com *.adroll.com fast.appcues.com widget.intercom.io www.google-analytics.com app.satismeter.com js.intercomcdn.com ajax.googleapis.com cdn.tiny.cloud social.uploadcare.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com pay.google.com songbird.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.paypal.com kit.fontawesome.com storage.googleapis.com js.pusher.com labs.pathfix.com connect.facebook.net sitecoredelivr.sitecorecloud.io portal-staging.sitecore-staging.cloud portal.sitecorecloud.io *.highcharts.com; object-src 'none'; 2
frame-ancestors 'self'; base-uri 'self' https://contenthandler.azureedge.net; object-src 'none'; frame-src 'self' *.googletagmanager.com *.youtube.com *.fieldera.com www.google.com *.incontact.com *.doubleclick.net; upgrade-insecure-requests 2
frame-ancestors 'self' *.edumoov.com *.educartable.com *.kidiquest.com; 2
default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com https://*.rudderlabs.com/ blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline' https://*.rudderstack.com/; font-src * data: https:; frame-src 'self' blob: https: *; 2
form-action 'self' *.coworkingresources.org *.getkisi.com *.hsforms.com *.hsforms.net *.hubspot.com coworkingresources.org getkisi.com production-b3jhdbaf6q-uk.a.run.app staging-b3jhdbaf6q-uk.a.run.app www.facebook.com; script-src 'self' 'unsafe-inline' *.clearbit.com *.clearbitjs.com *.clearbitscripts.com *.hsforms.com *.hsforms.net *.hubspot.com *.smartlook.cloud *.smartlook.com *.typekit.net a.omappapi.com a.optmnstr.com ajax.googleapis.com api.na.chilipiper.com assets.apollo.io bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org fonts.googleapis.com fonts.gstatic.com google.com googleads.g.doubleclick.net idsync.rlcdn.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.na.chilipiper.com js.usemessages.com netlify-cdp-loader.netlify.app optimize.google.com player.cloudinary.com production-b3jhdbaf6q-uk.a.run.app recaptcha.net s.adroll.com script.hotjar.com snap.licdn.com ssl.google-analytics.com staging-b3jhdbaf6q-uk.a.run.app static.ads-twitter.com static.hotjar.com tagmanager.google.com w.appzi.io www.chatbase.co www.clarity.ms www.google-analytics.com www.google.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.youtube.com 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; 2
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval' 'self'; style-src-elem 'unsafe-inline' 'self' data: *.gstatic.com *.googleapis.com *.makewebstatic.com *.makewebeasy.com *.makewebeasy.net *.makewebcdn.com ; font-src 'self' data: *.gstatic.com *.googleapis.com *.makewebstatic.com *.makewebeasy.com *.makewebeasy.net *.makewebcdn.com; 2
default-src 'self';img-src 'self' data: https://i.imgur.com;script-src 'self' https://ajax.googleapis.com 'unsafe-inline';connect-src 'self' https://ipapi.co;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2
default-src 'self' play.vidyard.com; connect-src 'self' *.kampyle.com play.vidyard.com stats.g.doubleclick.net www.google-analytics.com; media-src 'self' play.vidyard.com; font-src 'self' use.fontawesome.com fonts.gstatic.com use.typekit.net data:; style-src 'self' *.kampyle.com *.readyclassroomcentral.com *.i-readycentral.com 'unsafe-inline' use.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net http://*.i-readycentral.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com use.typekit.net *.eloqua.com img.en25.com play.vidyard.com www.googletagmanager.com *.kampyle.com www.google-analytics.com http://*.i-readycentral.com; img-src 'self' *.i-readycentral.com ps.w.org cdn.vidyard.com play.vidyard.com *.eloqua.com *.googletagmanager.com *.kampyle.com www.google.com www.google-analytics.com secure.gravatar.com s.w.org data:; frame-src *.i-readycentral.com play.vidyard.com *.kampyle.com; frame-ancestors 'self' 2
frame-ancestors https://go.poweroffice.net https://identity.poweroffice.net; 2
default-src 'none';script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; base-uri 'self';form-action 'self';object-src 'none';frame-ancestors 'self';connect-src *;media-src *;worker-src *;child-src *;manifest-src *; 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com/ https://noname-drink.appspot.com/stats; style-src 'self' 'unsafe-inline' https://www.google.com/ https://ajax.googleapis.com/; img-src 'self' data: https://*.tile.openstreetmap.org http://*.tile.openstreetmap.de; frame-src 'self' https://pizza.noname-ev.de 2
frame-ancestors 'self' https://ui.dev; 2
default-src 'self' https://wchat.freshchat.com https://hooks.stripe.com https://js.stripe.com;style-src 'self' 'unsafe-inline'  https://baremetrics-dunning.baremetrics.com/css/barepay.css https://wchat.freshchat.com/css/widget.css https://js.stripe.com/v3/* https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.stripe.com/checkout.js https://www.google-analytics.com https://ajax.googleapis.com https://script.crazyegg.com use.fontawesome.com www.google.com cdnjs.cloudflare.com www.gstatic.com grok-2018.local:8890 www.googletagmanager.com d36mpcpuzc4ztk.cloudfront.net baremetrics-dunning.baremetrics.com https://platform.twitter.com https://cdn.syndication.twimg.com https://wchat.freshchat.com/js/widget.js  https://js.stripe.com https://hooks.stripe.com https://js.stripe.com/v3/* https://cdn.jsdelivr.net/npm/anchor-js/anchor.min.js http://www.google-analytics.com/analytics.js https://*.analytics.google.com;connect-src 'self'  https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://dunning.baremetrics.com/customer_status https://script.crazyegg.com https://www.google-analytics.com https://checkout.stripe.com https://*.analytics.google.com/;object-src 'none';font-src 'self' data: https://fonts.gstatic.com/;img-src 'self' data: https://secure.gravatar.com https://www.google.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com https://q.stripe.com www.gstatic.com  https://www.google.pt;frame-src https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://platform.twitter.com www.google.com 2
frame-ancestors 'self' levelone.com *.levelone.com www.realpage.com 2
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src data: 'self'; connect-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com www.youtube.com cdn.laola1.tv player.cloud.wowza.com live.virtual-events.at vimeo.com player.vimeo.com app.lapentor.com playout.3qsdn.com; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 2
img-src     'self' data:     *.gravatar.com     *.twimg.com     *.ytimg.com     s3.amazonaws.com     *.pcdn.co     axeptio.imgix.net     maps.googleapis.com     maps.gstatic.com   ;   frame-src     'self' blob:     *.youtube.com     *.ausha.co     *.google.com   ;   script-src-elem     'self' blob: 'unsafe-eval' 'unsafe-inline'     *.suivi-matomo.fr     *.axept.io     *.google.com     *.gstatic.com     *.googleapis.com     https://cdn.jsdelivr.net     *.ausha.co   ;   script-src     'self' blob: 'unsafe-eval' 'unsafe-inline'     *.suivi-matomo.fr     *.axept.io     *.google.com     *.gstatic.com     *.ausha.co   ;   object-src 'self' ; 2
default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: blob: https://*; worker-src 'self' blob:; font-src 'self' data: https://*; connect-src 'self' webpack: https://*; 2
default-src    'self'  cdn.staging.sigmasoftware.pp.ua cdn.sigma.software; script-src     'nonce-4baymDLvjSZ3laloZfZDVWhsD1kkLRm5' 'sha256-x5/Wpvmgi/b94lESssE71PTBYgd6Mx4P6NpAyLwz1qI=' 'sha256-HH/bz5PkgmJywIYn4ev/qmwwQ+qAFSt4jvF3vMNyzCc=' 'sha256-1VDFRQ4Ld2qO0b1bq1HR+WmTsA4+ndSkCyhXXikt9XM=' 'sha256-tM+MTwJg0/y7RZXRg1sBIZXKicmsojbDdlMxJ7Y2SEU=' 'sha256-FTNeBqquNuBhHaNZc8wTDo/rUGf3rCftdPtVU04t4YY=' 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.sigma.software sigma.software code.jquery.com www.googletagmanager.com geolocation.onetrust.com cdn.cookielaw.org cdn.staging.sigmasoftware.pp.ua staging.sigmasoftware.pp.ua maps.googleapis.com ipinfo.io  bat.bing.com snap.licdn.com connect.facebook.net sc.lfeeder.com www.google-analytics.com cdnjs.cloudflare.com cdn.jsdelivr.net api.w3-edge.com *.clarity.ms stackpath.bootstrapcdn.com ajax.googleapis.com www.behance.net api.behance.net ajax.aspnetcdn.com cse.google.com www.google.com clients1.google.com googleads.g.doubleclick.net *.googleadservices.com *.google.com yoast.com *.jotfor.ms blob:; style-src      'self' 'unsafe-inline' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software data: fonts.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com code.jquery.com cdn.jsdelivr.net www.google.com images.dmca.com; img-src        'self' 'unsafe-inline' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.staging.sigmasoftware.pp.ua cdn.cookielaw.org cdn.sigma.software sigma.software data: sc.lfeeder.com px.ads.linkedin.com *.bing.com www.facebook.com tr.lfeeder.com p.adsymptotic.com *.google-analytics.com *.analytics.google.com www.google.com www.google.com.ua *.gstatic.com www.googletagmanager.com maps.googleapis.com secure.gravatar.com wpmudev.com c.clarity.ms mir-s3-cdn-cf.behance.net assets.goodfirms.co www.googleapis.com clients1.google.com *.google.com googleads.g.doubleclick.net tr-rc.lfeeder.com bat.bing.net *.ytimg.com i.ytimg.com; font-src       'self'  *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software data: *.gstatic.com use.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net; frame-src      'self' 'unsafe-inline' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software *.jotform.com www.facebook.com www.youtube.com *.youtube.com www.youtube-nocookie.com submit.jotformeu.com player.vimeo.com cse.google.com bid.g.doubleclick.net td.doubleclick.net www.googletagmanager.com; connect-src    'self'  *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se adservice.google.com googleads.g.doubleclick.net www.google.com ipinfo.io maps.googleapis.com *.google-analytics.com *.analytics.google.com cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software stats.g.doubleclick.net yoast.com cdn.cookielaw.org *.clarity.ms geolocation.onetrust.com www.facebook.com privacyportal-eu.onetrust.com bat.bing.com cse.google.com cdn.linkedin.oribi.io analytics.google.com pagead2.googlesyndication.com my.yoast.com *.hotjar.io *.hotjar.com *.googleadservices.com wss://ws.hotjar.com px.ads.linkedin.com bat.bing.net *.adtrafficquality.google *.youtube.com; media-src      'self' *.youtube.com www.youtube.com *.ytimg.com blob: data:; base-uri       'self'; frame-ancestors 'self'; script-src-elem   'self' 'unsafe-inline' 'unsafe-eval' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.sigma.software sigma.software code.jquery.com www.googletagmanager.com geolocation.onetrust.com cdn.cookielaw.org cdn.staging.sigmasoftware.pp.ua staging.sigmasoftware.pp.ua maps.googleapis.com ipinfo.io  bat.bing.com snap.licdn.com connect.facebook.net sc.lfeeder.com www.google-analytics.com cdnjs.cloudflare.com cdn.jsdelivr.net api.w3-edge.com *.clarity.ms stackpath.bootstrapcdn.com ajax.googleapis.com www.behance.net api.behance.net ajax.aspnetcdn.com cse.google.com www.google.com clients1.google.com googleads.g.doubleclick.net *.googleadservices.com *.google.com yoast.com px.ads.linkedin.com *.hotjar.com *.googlesyndication.com *.jotfor.ms www.youtube.com *.youtube.com *.ytimg.com *.adtrafficquality.google blob:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://js.adsrvr.org https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.clarity.ms https://fast.wistia.com https://fast.wistia.net *.adobedtm.com *.dialogtech.com *.simpli.fi *.doubleclick.net *.kickfire.com *.googletagmanager.com *.licdn.com *.facebook.com https://apps.usw2.pure.cloud https://privacyportal-cdn.onetrust.com https://rumiview.com https://www.rumiview.com https://s.yimg.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://polyfill.io https://static.addtoany.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://js.adsrvr.org https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.clarity.ms https://fast.wistia.com https://fast.wistia.net *.adobedtm.com *.dialogtech.com *.simpli.fi *.doubleclick.net *.kickfire.com *.googletagmanager.com *.licdn.com *.facebook.com https://apps.usw2.pure.cloud https://privacyportal-cdn.onetrust.com https://rumiview.com https://www.rumiview.com https://s.yimg.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://polyfill.io https://static.addtoany.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://privacyportal-cdn.onetrust.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 2
default-src https: 'unsafe-eval' 'unsafe-inline' blob: data: wss:; img-src 'self' blob: data: https:; object-src 'self'; frame-src 'self' blob: data: https: lavitaapp:; report-uri https://sentry.lavita.io/api/7/security/?sentry_key=6ea35b7ebf064adb9ad7002afcbf1d53; frame-ancestors https://*.etracker.com 2
default-src www.youtube.com www.youtube-nocookie.com; script-src 'self' 'unsafe-inline' *.etracker.com www.etracker.de https://*.jwpcdn.com; connect-src 'self' www.etracker.de https://*.jwpcdn.com; img-src 'self' data: i.creativecommons.org licensebuttons.net/l *.bmwi.de www.existenzgruender.de; style-src 'self' 'unsafe-inline' https://*.jwpcdn.com; font-src 'self' https://*.jwpcdn.com; frame-ancestors 'self'; form-action 'self'; media-src 'self'; 2
frame-ancestors 'self' http://localhost:3000 https://mni-editor-test.vercel.app https://cms.mnimarkets.com/ https://cms.marketnews.com 2
report-uri https://services.madcapsoftware.com/api/CSPReport/Post;      default-src 'self' https://scripts.sirv.com https://*.sirv.com;      manifest-src 'self' https://login.microsoftonline.com *.madcapsoftware.com;      connect-src 'self' blob: *.6sc.co *.6sense.com https://cta-service-cms2.hubspot.com https://cdn.requestmetrics.com https://az416426.vo.msecnd.net https://static.hsappstatic.net https://cdn.sitesearch360.com https://*.qualified.com wss://*.qualified.com ws://localhost:5173 *.trustarc.com *.truste.com https://*.google.com https://insights.sitesearch360.com https://global.sitesearch360.com https://forms-na1.hubspot.com https://forms.hubspot.com https://app.wistia.com https://app.wistia.com/live_event_registration https://distillery.wistia.net/ wss://soketi.hyvor.com https://talk.hyvor.com *.litix.io/ https://embed-cloudfront.wistia.com/ https://distillery.wistia.com/ https://fast.wistia.com https://fast.wistia.net https://pipedream.wistia.com/ https://fast.wistia.net/embed/channel/ https://tracking.g2crowd.com/ https://google.com *.convertexperiments.com https://ws.zoominfo.com *.google-analytics.com *.analytics.google.com https://js.zi-scripts.com https://aorta.clickagy.com https://hemsync.clickagy.com https://settings.luckyorange.net https://in.visitors.live/ajax https://*.luckyorange.com https://madcap.sirv.com https://stats.sirv.com https://video.sirv.com https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://data.stbuttons.click/data https://api.hubapi.com https://forms.hscollectedforms.net https://cdn.linkedin.oribi.io https://analytics.google.com https://api-preview.luckyorange.com/public-auth https://www.g2.com https://www.googletagmanager.com https://fonts.gstatic.com https://public-auth-dot-lucky-orange.appspot-preview.com wss://realtime.luckyorange.com https://settings.luckyorange.com wss://*.visitors.live https://pubsub.googleapis.com https://api.luckyorange.com https://maps.googleapis.com https://www.google-analytics.com https://adservice.google.com/pagead/ https://dc.services.visualstudio.com https://f1.madcapsoftware.com https://scripts.sirv.com https://in.requestmetrics.com https://l.sharethis.com https://stats.g.doubleclick.net https://www.cognitoforms.com https://www.google.com/pagead/ https://*.googleusercontent.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com https://www.google.ca https://www.google.ie https://www.google.co.uk https://px.ads.linkedin.com https://px.ads.linkedin.com/wa/;      font-src 'self' data: https://fast.wistia.com/fonts/walsheim/ *.trustarc.com *.truste.com https://fast.wistia.net https://storage.googleapis.com/lucky-orange-public/fonts/ https://static.cognitoforms.com https://fast.wistia.com/assets/external/fonts/ https://use.fontawesome.com https://s3.amazonaws.com/luckyorange-clickstream/fonts/ https://f1.madcapsoftware.com/websiteFonts/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com https://www.cognitoforms.com; form-action 'self' https://forms.hsforms.com/ *.google.com; frame-ancestors 'self' https://cdn.talentlms.com/madcappm/ https://madcappm.talentlms.com/ https://cdn.talentlms.com/engine/V2/ https://qasecurityheadersclickjacking1.mcoutputqa.com https://dssecurityheadersclickjacking.mcoutputdev.com https://dev.madcaprnd.com/client https://qa.madcaprnd.com https://app.storyblok.com;      frame-src 'self' *.6sc.co *.6sense.com https://*.qualified.com *.trustarc.com *.truste.com https://www.googletagmanager.com https://td.doubleclick.net https://fast.wistia.com/ https://hemsync.clickagy.com https://f1.madcapsoftware.com https://madcap.sirv.com https://forms.hsforms.com https://www.youtube-nocookie.com https://www.g2.com https://optimize.google.com https://talk.hyvor.com *.google.com *.doubleclick.net *.googlesyndication.com https://c.sharethis.mgr.consensu.org https://js.driftt.com https://www.youtube.com https://calendly.com https://t.sharethis.com;      img-src 'self' data: *.6sc.co *.6sense.com https://perf-na1.hsforms.com https://*.qualified.com *.trustarc.com *.truste.com https://fast.wistia.net https://images.sitesearch360.com https://documentation.madcapsoftware.com https://www.gravatar.com https://hyvor.com https://insights.sitesearch360.com/insights/ https://www.madcapsoftware.com/images/ https://cdn.sitesearch360.com/pdf.svg https://cdn.hyvor.com https://talk.hyvor.com https://tools.luckyorange.com/messenger/img/ https://embed-ssl.wistia.com/ https://fast.wistia.com/ https://exceptions.hs-embed-reporting.com https://google.com/pagead/ https://stats.g.doubleclick.net https://pd.sharethis.com https://track.hubspot.com *.google-analytics.com *.analytics.google.com https://forms-na1.hsforms.com https://forms.hsforms.com https://fonts.gstatic.com https://analytics.google.com https://www.g2.com https://optimize.google.com https://d10lpsik1i8c69.cloudfront.net https://*.privacysandbox.googleadservices.com https://assets.madcapsoftware.com https://*.linkedin.com https://linkedin.com https://www.linkedin.com https://ads.linkedin.com https://px.ads.linkedin.com https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com/collect https://prd.jwpltx.com/v1/jwplayer6/ping.gif https://www.google.com.mx/ https://www.google.com.ec https://www.google.com.ua https://www.google.co.uk https://www.google.ie https://www.google.ca https://f1.madcapsoftware.com https://googleads.g.doubleclick.net https://madcap.sirv.com https://maps.googleapis.com https://maps.gstatic.com https://platform-cdn.sharethis.com https://secure.gravatar.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://p.adsymptotic.com https://*.googleusercontent.com https://assets.madcapsoftware.com/branding/ https://l.sharethis.com https://www.googleadservices.com https://assets.madcapsoftware.com/websiteImages/ https://i.ytimg.com https://assets.calendly.com;                       media-src 'self' blob: data: mediastream: https://*.qualified.com https://embed-ssl.wistia.com https://fast.wistia.com https://webinararchive.madcapsoftware.com https://f1.madcapsoftware.com https://madcap.sirv.com https://video.sirv.com https://scripts.sirv.com https://js.driftt.com dai.google.com;      script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.6sc.co *.6sense.com https://js.hubspot.com https://js.qualified.com http://localhost:5173 https://*.trustarc.com https://*.sentry-cdn.com/ https://cdn.sitesearch360.com/ https://storage.googleapis.com/lucky-orange-public/ https://js.sitesearch360.com/ https://js.sentry-cdn.com https://fast.wistia.com https://fast.wistia.net https://fast.wistia.com/assets/external/ https://cdn-4.convertexperiments.com https://no-cdn.convertexperiments.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://djtflbt20bdde.cloudfront.net/ https://use.fontawesome.com/ https://js.hsforms.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js-na1.hs-scripts.com/ https://js.hs-banner.com https://js.hsadspixel.net https://tracking.g2crowd.com/ https://static.cognitoforms.com/ https://d10lpsik1i8c69.cloudfront.net https://tools.luckyorange.com https://ssl.google-analytics.com https://optimize.google.com https://talk.hyvor.com https://connect.facebook.net/en_US/sdk.js https://platform-api.sharethis.com/js/sharethis.js https://t.sharethis.com https://www3.madcapsoftware.com/ https://tpc.googlesyndication.com/ https://www.google.com/pagead/ https://assets.madcapsoftware.com https://az416426.vo.msecnd.net https://buttons-config.sharethis.com https://cdn.requestmetrics.com https://googleads.g.doubleclick.net https://www.google.com https://js.driftt.com https://platform-api.sharethis.com https://scripts.sirv.com https://video.sirv.com https://madcap.sirv.com https://stats.sirv.com https://snap.licdn.com https://www.googleanalytics.com https://www.google-analytics.com https://google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com https://app.storyblok.com/f/storyblok-latest.js https://app.storyblok.com/f/storyblok-v2-latest.js https://www.googleadservices.com https://count-server.sharethis.com https://services.cognitoforms.com https://www.cognitoforms.com https://www.gstatic.com https://maps.googleapis.com https://www.madcapsoftware.com https://f1.madcapsoftware.com https://assets.calendly.com https://ssl.p.jwpcdn.com/;      style-src 'self' 'unsafe-inline' https://*.qualified.com https://tools.luckyorange.com/messenger/css/ https://fast.wistia.com https://use.fontawesome.com/ https://scripts.sirv.com https://www.googletagmanager.com/ https://optimize.google.com https://www3.madcapsoftware.com/ https://scripts.sirv.com/sirvjs/ https://fonts.googleapis.com https://www.cognitoforms.com https://www.madcapsoftware.com https://app.storyblok.com https://assets.calendly.com;      worker-src blob:;      child-src blob: https://*.qualified.com; 2
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 2
img-src 'self' data: *;script-src 'self' 'unsafe-inline' *.qualtrics.com *.igodigital.com *.jsdelivr.net *.cloudflare.com *.youtube.com *.outbrain.com *.clarity.ms 520002707.collect.igodigital.com amplify.outbrain.com snap.licdn.com *.equifax.com img.en25.com googleads.g.doubleclick.net static.hotjar.com static.cloudflareinsights.com www.google.com *.convertexperiments.com *.facebook.net script.hotjar.com bat.bing.com www.gstatic.com *.jquery.com *.googletagmanager.com *.googleapis.com *.bootstrapcdn.com www.google-analytics.com c.supert.ag; frame-src 'self' view.ceros.com *.igodigital.com *.google.com https://www.googletagmanager.com https://www.youtube.com https://youtube.com;style-src 'self' 'unsafe-inline' *.igodigital.com *.cloudflare.com hello.myfonts.net maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.cloudflare.com;connect-src 'self' *.conversionsapigateway.com mpc-prod-15-s6uit34pua-uw.a.run.app *.googleadservices.com *.qualtrics.com *.igodigital.com *.bing.com *.doubleclick.net *.clarity.ms *.outbrain.com *.linkedin.com analytics.google.com browser-intake-datadoghq.com s1125511624.t.eloqua.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io www.googletagmanager.com www.google.com www.google-analytics.com cdn.jsdelivr.net;worker-src 'self' www.google.com blob:;default-src 'self' *.igodigital.com maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com www.youtube.com *.google-analytics.com;object-src 'none';report-to csp-endpoint;form-action 'self' s1125511624.t.eloqua.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com *.isicentral.com *.isicentral.net ajax.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com  *.execute-api.us-west-2.amazonaws.com ; img-src 'self' data: blob:; 2
default-src 'self'; script-src https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ 'self'; connect-src 'self'; img-src http://localhost:* 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src https://www.google.com/recaptcha/ com.citrix.agmacepa://* citrixng://* com.citrix.nsgclient://* vmware-view://* nsgcepa://* application://* receiver://* 'self'; child-src 'self' com.citrix.agmacepa://* citrixng://* com.citrix.nsgclient://* vmware-view://* nsgcepa://nsgcepa application://*; form-action 'self'; object-src 'none'; base-uri 'self'; report-uri /nscsp_violation/report_uri 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.signalize.com/ https://code.etracker.com/ https://dmndfrcstng.com/ https://www.etracker.de/; style-src 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.etracker.de https://dmndfrcstng.com/ https://eu-api.friendlycaptcha.eu/api/ https://api.friendlycaptcha.com/api/; font-src 'self' data:; frame-src 'self' https://www.youtube-nocookie.com https://irs.tools.investis.com; img-src 'self' data:; manifest-src 'self'; media-src 'self'; worker-src blob:; frame-ancestors 'self' https://*.etracker.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.ytimg.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com stats.g.doubleclick.net connect.facebook.net www.facebook.com www.googletagmanager.com; 2
upgrade-insecure-requests; base-uri 'self'; object-src 'self'; frame-ancestors 'self' 2
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; 2
default-src ‘self’; script-src ‘self’ https://cdnjs.cloudflare.com; style-src ‘self’ https://fonts.googleapis.com; img-src ‘self’ data:; object-src ‘none’; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self'; base-uri 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'self'; 2
frame-ancestors 'self' https://ptcarena.lookbookhq.com https://ptcarena.pathfactory.com https://www.arena-community.ptc.com https://arena-education.ptc.com; 2
frame-ancestors 'self' https://stat01.opsanalytics.ch https://marketing.opsone.ch https://content.opsone.ch; 2
default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 2
upgrade-insecure-requests ; frame-ancestors 'self' *.mpowerfinancing.com *.internationalstudent.com insight.adsrvr.org www.youtube.com widget.trustpilot.com *.google.com *.gaconnector.com *.googletagmanager.com *.google-analytics.com *.criteo.com 2
default-src 'self' 'unsafe-inline'; font-src 'self' *.hlx.live *.aem.live *.hlx.page *.aem.page *.pricefx.com *.gstatic.com *.marketo.com *.driftt.com *.adobeaemcloud.com; img-src 'self' about: *.hlx.live *.aem.live *.hlx.page *.aem.page *.scene7.com *.g2crowd.com *.g2.com data: *.google-analytics.com *.prod.bidr.io *.reddit.com *.co *.bizibly.com *.google.com *.linkedin.com *.bizible.com *.googletagmanager.com *.facebook.com *.twitter.com *.google.co.in *.marketo.com *.driftt.com *.adobeaemcloud.com *.hsforms.com *.hubspot.com; script-src 'self' blob: *.pricefx.com 'unsafe-inline' *.hotjar.io *.hlx.live *.aem.live *.hlx.page *.aem.page *.scene7.com *.addtoany.com *.redditstatic.com *.licdn.com *.zoominfo.com *.marketo.com *.g2crowd.com *.6sc.co *.g.doubleclick.net *.to *.pricefx.com *.marketo.net *.googletagmanager.com *.driftt.com *.google-analytics.com *.hotjar.com *.ads-twitter.com *.luckyorange.com *.linkedin.com *.zi-scripts.com *.bizible.com *.facebook.net *.metadata.io *.oktopost.com *.vimeocdn.com *.adobeaemcloud.com *.youtube.com *.hs-scripts.com *.hscollectedforms.net *.usemessages.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com; style-src 'self' *.hlx.live *.aem.live *.hlx.page *.aem.page 'unsafe-inline' *.scene7.com *.gstatic.com *.googleapis.com *.driftt.com *.pricefx.com *.marketo.com *.adobeaemcloud.com; connect-src 'self' *.hotjar.io wss://*.hotjar.com *.6sense.com *.production.g2.com *.zi-scripts.com *.zoominfo.com *.marketo.com *.pricefx.com *.doubleclick.net *.scene7.com *.jobscore.com *.g2crowd.com *.adnxs.com *.google.com *.tt.omtrdc.net *.aem.live *.hlx.live *.hlx.page *.aem.page *.mktoresp.com *.luckyorange.com *.reddit.com *.redditstatic.com *.linkedin.com *.google-analytics.com *.6sc.co *.adobeaemcloud.com *.platformapi.metadata.io *.api-gw.metadata.io *.hubspot.com *.hscollectedforms.net *.hubapi.com; frame-src 'self' *.g2.com *.hlx.live *.aem.live *.hlx.page *.aem.page *.pricefx.com *.googletagmanager.com *.doubleclick.net *.driftt.com *.addtoany.com *.adobeaemcloud.com *.youtube.com *.hubspot.com; media-src 'self' blob: *.scene7.com *.hlx.live *.aem.live *.hlx.page *.aem.page *.driftt.com *.adobeaemcloud.com; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.smartform.cz https://4w.smartform.cz data: *.dragon.cz *.didc.cz https://www.smartsuppchat.com/loader.js *.smartsuppcdn.com  ; style-src 'self' 'unsafe-inline' *.dragon.cz *.didc.cz https://secure.smartform.cz *.smartsuppcdn.com; img-src 'self' data: *.dragon.cz *.didc.cz *.smartsuppcdn.com; font-src 'self' *.dragon.cz *.didc.cz; connect-src 'self' bootstrap.smartsuppchat.com *.smartsuppcdn.com wss://websocket-visitors.smartsupp.com; media-src 'self' *.dragon.cz *.didc.cz; object-src 'self'; child-src 'self'; frame-src 'self' https://www.skylink.cz ; worker-src 'self' https://portal.dragon.cz blob: data:; frame-ancestors 'none'; form-action 'self'; base-uri 'self' 2
frame-ancestors 'self' *.enagic.mobi *.enagic.com *.enagic.ca *.enagiceu.com *.enagic.ng *.enagicwebsystem.com 10.0.2.20:3003 localhost capacitor://* 2
default-src 'self' https://*.sfs.biz https://*.sfs.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://data.my.permaleads.ch/ https://sapui5.hana.ondemand.com/resources/ https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://ucalc.pro https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.cookiebot.com;     style-src 'self' 'unsafe-inline' https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://api.ucalc.pro https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com;     img-src 'self' data: https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com https://*.google-analytics.com https://www.google.com https://www.google.ch https://www.googletagmanager.com https://*.doubleclick.net https://imgsct.cookiebot.com;     frame-src 'self' https://api.ucalc.pro https://www.youtube.com https://irs.tools.investis.com https://www.google.com https://*.sfs.biz https://*.sfs.com https://*.cookiebot.com https://charts3.equitystory.com https://*.doubleclick.net;     frame-ancestors 'self' https://*.sfs.biz https://*.sfs.com https://sfs.com capacitor://sfs.com https://*.grassfish.tv capacitor://hoffmann.grassfish.tv;     font-src 'self' https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com;     connect-src 'self' https://data.my.permaleads.ch/ https://*.google-analytics.com https://stats.g.doubleclick.net https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://newsletter.sfs.biz https://newsletter.dev.sfs.biz https://consentcdn.cookiebot.com; 2
frame-ancestors 'self' https://builder.io https://*.builder.io 2
img-src 'self' data: https: images.ctfassets.net cookie-cdn.cookiepro.com lux.speedcurve.com *.reciteme.com *.googleapis.com; media-src 'self' https: *.ctfassets.net/; connect-src 'self' https: cookie-cdn.cookiepro.com *.applicationinsights.azure.com *.google-analytics.com *.reciteme.com *.googletagmanager.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.googletagmanager.com js.monitor.azure.com cookie-cdn.cookiepro.com cdn.speedcurve.com www.youtube.com api.reciteme.com; style-src 'self' 'unsafe-inline' api.reciteme.com fonts.googleapis.com fast.fonts.net *.typekit.net; frame-src 'self' *.googletagmanager.com www.youtube.com www.instagram.com my.matterport.com viewings.ehouse.co.uk www.google.com universe.queue-it.net universe.com *.universe.com priorptnrs.s3.eu-west-2.amazonaws.com; 2
default-src * 'unsafe-inline'; frame-ancestors *; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; font-src * data:; 2
frame-ancestors 'self' https://config.strato.de https://config.strato.de https://config.strato.es https://config.strato.fr https://config.strato-hosting.co.uk https://config.strato.nl https://config-staging.strato.de 2
upgrade-insecure-requests; object-src 'none'; base-uri 'self'; 2
frame-ancestors 'self' http://*.helixsolution.com https://*.helixsolution.com; 2
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com https://*.yandexcloud.net 2
worker-src 'self' http://localhost blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.highlight.io https://embed.shopgenie.io https://home-c32.nice-incontact.com https://maps.googleapis.com https://surfly.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.clarity.ms https://scripts.clarity.ms https://static.hotjar.com https://script.hotjar.com https://web-modules-de-na1.niceincontact.com https://cdn.mouseflow.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://static.trackedweb.net https://s.adroll.com https://d.adroll.com http://connect.facebook.net http://static.trackedweb.net https://static.trackedweb.net https://live.chatmeter.com https://static.highlight.io https://embed.shopgenie.io https://home-c32.nice-incontact.com https://maps.googleapis.com https://surfly.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.clarity.ms https://scripts.clarity.ms https://static.hotjar.com https://script.hotjar.com https://web-modules-de-na1.niceincontact.com https://cdn.mouseflow.com https://challenges.cloudflare.com https://pixel.veritone-ce.com; object-src 'none'; 2
frame-ancestors 'self' tau2904.com *.tau2904.com *.ttbbank.com *.ttbdirect.com https://*.tau2904.com  https://*.ttbdirect.com https://*.ttbbank.com dev-web-tmbwowoneapp.azurewebsites.net stg-web-tmbwowoneapp.azurewebsites.net https://dev-web-tmbwowoneapp.azurewebsites.net https://stg-web-tmbwowoneapp.azurewebsites.net cms.ttbbank.local cmspilot.ttbbank.local *.tep.ttbbank.local https://www.ttbbusinessone.com https://www.ttbspark.com https://www.ttbconsumer.com 2
report-uri https://app.glitchtip.com/api/11209/security/?glitchtip_key=183461c4612d412989b8da96e7459345;base-uri 'self';connect-src 'self' https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://visualsponline.azurewebsites.net https://translate.googleapis.com https://snap.licdn.com https://static.ads-twitter.com https://platform.twitter.com https://analytics.twitter.com https://js.adsrvr.org https://cdn.linkedin.oribi.io https://*.google-analytics.com https://www.google.com/recaptcha/api.js https://youtube.com https://cmp.osano.com https:;default-src 'self';form-action 'self';img-src 'self' data: https: https://jbs-foods.imgix.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com android-webview-video-poster: https://px.ads.linkedin.com;media-src 'self' https://swift-foods-site-uploads.s3.us-east-2.amazonaws.com https: data:;object-src 'none';script-src 'self' 'nonce-Vq2k10qHwsTvWhoF4YStPsg8Gz8diaA1' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://connect.facebook.net https://legacypicturefill.s3.amazonaws.com https://ssl.google-analytics.com/ga.js https://snap.licdn.com https://static.ads-twitter.com https://platform.twitter.com https://analytics.twitter.com https://js.adsrvr.org https://cmp.osano.com https://cdnjs.cloudflare.com www.google.com 'sha256-g7GYTLqsnK48+lN58VWaViDRN4Qu8JDEnZqq6q0v2Os=' 'sha256-JRDV9if4UkkkXw7zxUwH/1zonOMxmBVcyYMHDZM42KE=' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.linkedin.oribi.io https://polyfill.io/v2/polyfill.min.js;style-src 'self' https://cdn.plyr.io/3.5.2/plyr.css 'unsafe-inline';font-src 'self' https://fonts.gstatic.com https://jbsfoodsgroup.com chrome-extension:;frame-src 'self' https://admin.foods.jbsfoodsgroup.com https://www.googletagmanager.com https://12694960.fls.doubleclick.net/ https://match.adsrvr.org https://www.google.com https://insight.adsrvr.org https://youtube.com https://www.youtube.com https://td.doubleclick.net *.doubleclick.net;worker-src 'self' blob: 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 2
frame-ancestors 'self' https://developer.equifax.com/; 2
frame-ancestors 'none'; style-src https: blob: 'unsafe-inline' 'self' 'unsafe-eval'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.priv.center *.truendo.com https://cdn.jsdelivr.net https://embed.typeform.com *.popupsmart.com blob: 2
worker-src 'none'; 2
default-src 'self' https:; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; worker-src blob:; 2
child-src 'self' *.vimeo.com *.issuu.com *.youtube.com *.youtube-nocookie.com; connect-src 'self' *.pingdom.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.euronext.com *.createsend.com https://createsend.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' *.gstatic.com; manifest-src 'self'; media-src 'self' youtu.be *.vimeo.com *.issuu.com *.youtube.com *.youtube-nocookie.com; object-src 'none'; script-src 'self' 'unsafe-hashes' 'unsafe-inline' *.google-analytics.com *.pingdom.net *.googletagmanager.com *.issuu.com *.youtube.com *.youtube-nocookie.com *.vimeo.com https://i.vimeocdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://polyfill-fastly.io https://unpkg.com js.createsend1.com *.googleapis.com *.euronext.com *.createsend.com https://createsend.com https://www.google.com; script-src-elem 'self' 'unsafe-hashes' 'unsafe-inline' *.google-analytics.com *.pingdom.net *.googletagmanager.com *.issuu.com *.youtube.com *.youtube-nocookie.com *.vimeo.com https://i.vimeocdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://polyfill-fastly.io https://unpkg.com js.createsend1.com *.googleapis.com *.euronext.com *.createsend.com https://createsend.com https://www.google.com; style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.googletagmanager.com *.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self'; base-uri 'self'; frame-ancestors 'self' 2
frame-ancestors 'none' script-src 'self' assets.adobedtm.com www.youtube.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://connect.facebook.net 'unsafe-inline' 2
frame-ancestors 'self' https://eway.my.salesforce.com/; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.axept.io api-sogecommerce.societegenerale.eu cdn.matomo.cloud ajax.googleapis.com script.hotjar.com tessi.matomo.cloud userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net static.hotjar.com maps.googleapis.com cdn.jsdelivr.net unpkg.com www.youtube.com; style-src 'self' 'unsafe-inline' data: api-sogecommerce.societegenerale.eu cdn.matomo.cloud fonts.googleapis.com cdn.jsdelivr.net unpkg.com; img-src 'self' data: qr-code.ithemes.com axeptio.imgix.net captcha.liveidentity.com api-sogecommerce.societegenerale.eu *.w.org cdn.matomo.cloud secure.gravatar.com www.gravatar.com script.hotjar.com userlike-cdn-operators.userlike.com maps.gstatic.com maps.googleapis.com unpkg.com; connect-src 'self' *.axept.io yoast.com *.hotjar.io *.hotjar.com tessi.matomo.cloud userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com axeptio.imgix.net wss://umd.userlike.com maps.googleapis.com; font-src 'self' data: cdn.matomo.cloud fonts.gstatic.com fonts.googleapis.com script.hotjar.com userlike-cdn-umm.b-cdn.net unpkg.com; object-src 'self'; media-src 'self' captcha.liveidentity.com cdn.matomo.cloud userlike-cdn-umm.b-cdn.net; frame-src 'self' *.doubleclick.net www.dailymotion.com www.youtube.com api-sogecommerce.societegenerale.eu *.w.org vars.hotjar.com; report-uri /?gdsih-csp-report; 2
default-src *; connect-src * blob: ; media-src * blob: data:; ; object-src * data: blob:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self' https://scatbook.com https://darkfans.com; 2
frame-ancestors 'self' https://play.ozwincasino.com https://play.ow-journey.com https://m.ow-journey.com:2750 https://m.ow-journey.com https://ozwincasino.com 2
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none' 2
block-all-mixed-content; report-uri https://tfyre.co.za/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=8a13c170b1 2
default-src * 'unsafe-inline' 'unsafe-eval';          img-src * 'unsafe-inline' 'unsafe-eval' data: blob:;          style-src * 'unsafe-inline' 'unsafe-eval';          script-src * 'unsafe-inline' 'unsafe-eval';          font-src * 'unsafe-inline' 'unsafe-eval' data:;          child-src https: http: webrun: webrun2: data:;          media-src * ;          connect-src https: http: wss: blob: data:; 2
frame-ancestors 'self' https://AnyWebsiteYouWantToBeAbleToiFrameYourOtherWebsitesForDemoPurposes.com; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' http://static.site24x7rum.com https://static.site24x7rum.com http://cdn.appdynamics.com https://cdn.appdynamics.com https://www.googletagmanager.com https://www.youtube.com https://player.vimeo.com; object-src 'none' 2
connect-src 'self' 2
frame-ancestors 365datascience.com *.365datascience.com 2
frame-ancestors 'self' *.tennisonly.com.au *.runningwarehouse.com.au *.totalpickleball.com.au www.runningwarehouse.eu www.runningwarehouse.com www.tennis-warehouse.com www.tenniswarehouse-europe.com; 2
frame-ancestors https://booking.sunnycars.nl https://booking.sunnycars.de https://booking.sunnycars.fr https://booking.sunnycars.be https://booking.sunnycars.at https://booking.sunnycars.ch https://cms.sunnycars.app https://service.sunnycars.com https://b2b-content.sunnycars.nl https://b2b-content.sunnycars.fr https://b2b-content.sunnycars.be; 2
default-src 'self' https://geolocation.onetrust.com/ https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://fonts.googleapis.com/css https://fonts.gstatic.com; connect-src 'self' data: https://zn8nxycoiqhzqpd3p-barclaysibcx.siteintercept.qualtrics.com/ https://zn24nkllbilbx5g4i-barclaysib.siteintercept.qualtrics.com/ https://mapsresources-pa.googleapis.com/ https://cdn-ukwest.onetrust.com https://tag-logger.demandbase.com/ https://pagead2.googlesyndication.com/pagead/ https://www.gstatic.com/maps/ https://siteintercept.qualtrics.com/ https://privacyportal-uk.onetrust.com/request/ https://privacyportaluatde.onetrust.com/request/ https://segments.company-target.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://api.company-target.com/api/ https://maps.googleapis.com/ https://dpm.demdex.net/id https://barclaysinternational.sc.omtrdc.net/b/ss/ https://barclaysbankplc.tt.omtrdc.net/m2/barclaysbankplc/mbox/ https://cdn.linkedin.oribi.io/partner/ https://www.media.barclays.co.uk/ https://segments.company-target.com/ https://px.ads.linkedin.com/ https://uat-de.onetrust.com/api/ https://app-uk.onetrust.com/api/ https://www.google.com/; img-src 'self' data: https://www.googletagmanager.com https://adservice.google.co.uk/ https://adservice.google.com/ https://adservice.google.co.in/ https://maps.googleapis.com/ https://adservice.google.com/ https://ad.doubleclick.net/ https://id.rlcdn.com/ https://cdn.cookielaw.org/ https://dev.day.com/ https://www.media.barclays.co.uk/assets/ https://px.ads.linkedin.com/ https://cm.everesttech.net/cm/ https://barclaysinternational.sc.omtrdc.net/b/ss/ https://maps.gstatic.com/ https://www.linkedin.com/ https://www.google.com.au https://www.google.co.bw https://www.google.com.br https://www.google.be https://www.google.ca https://www.google.cn https://www.google.com.cy https://www.google.dk https://www.google.com.eg https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gg https://www.google.com.hk https://www.google.co.in https://www.google.co.id https://www.google.ie https://www.google.im https://www.google.co.il https://www.google.it https://www.google.co.jp https://www.google.je https://www.google.co.ke https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.mu https://www.google.com.mx https://www.google.co.mz https://www.google.nl https://www.google.com.ng https://www.google.no https://www.google.com.pk https://www.google.com.ph https://www.google.pt https://www.google.com.pr https://www.google.com.qa https://www.google.ru https://www.google.com.sa https://www.google.sc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.tz https://www.google.com.tr https://www.google.co.th https://www.google.ae https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.co.zm https://www.google.co.zw https://t.co/ https://analytics.twitter.com/ https://cdn-ukwest.onetrust.com https://ad.doubleclick.net/ https://www.ib.barclays/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteintercept.qualtrics.com/ https://zn8nxycoiqhzqpd3p-barclaysibcx.siteintercept.qualtrics.com/ https://zn24nkllbilbx5g4i-barclaysib.siteintercept.qualtrics.com/ https://cdn-ukwest.onetrust.com https://snap.licdn.com/li.lms-analytics/ https://code.highcharts.com/ https://www.highcharts.com https://platform.twitter.com/widgets.js https://assets.adobedtm.com/ https://www.googletagmanager.com/gtag/ https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://static.ads-twitter.com/ https://tag.demandbase.com/ https://www.media.barclays.co.uk/ https://googleads.g.doubleclick.net/ https://d3js.org/ blob:; frame-src 'self' https://barclaysibcx.qualtrics.com/ https://barclaysib.qualtrics.com/ https://platform.twitter.com/ https://www.investmentbank.barclays.com https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://s.company-target.com/ https://barclaysbankplc.demdex.net/ https://td.doubleclick.net/ https://www.googletagmanager.com/; style-src 'self' https://geolocation.onetrust.com/ https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://fonts.googleapis.com/css https://fonts.gstatic.com 'unsafe-inline' 2
frame-ancestors 'self' hivebrite.com 2
frame-ancestors *.umay.club *.mycollege.kz *.codo.kz *.hrplus.kz *.nis.edu.kz *.edu.kz 2
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https: 'self' https:; frame-ancestors 'self'; img-src 'self' data: https: 'self' data: https:; object-src 'self' https: 'self' https:; script-src-attr 'self' https: 'self' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-src 'self' https: 'self' https:; media-src 'self' https: 'self' https:; worker-src 'self' blob:; 2
default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline'; 2
default-src 'self' *.googleadservices.com *.crazyegg.com *.licdn.com *.facebook.net *.outbrain.com *.youtube.com *.company-target.com; script-src 'self' *.googleapis.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.everestjs.net *.cloudflare.com *.licdn.com *.google.com *.gstatic.com lineagelogistics-external.applynow.net.au candidate-office.s3.amazonaws.com *.googleadservices.com *.bing.com *.newrelic.com *.instagram.com *.nr-data.net cdn.jsdelivr.net *.crazyegg.com blob: acsbapp.com code.jquery.com unpkg.com *.instagram.com *.ensighten.com *.oribi.io *.youtube.com polyfill.io *.facebook.net *.outbrain.com *.demandbase.com tag.demandbase.com *.company-target.com *.hotjar.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' pt.onelineage.com pi.pardot.com *.youtube-nocookie.com *.adsrvr.org https://storage.pardot.com/961942/1714040807BiAtzoZM/attribution_engine.min.js https://pt.onelineage.com/l/961942/2024-04-25/5n7n9/961942/1714040807BiAtzoZM/attribution_engine.min.js *.zi-scripts.com *.datadoghq-browser-agent.com *.vimeo.com js.zi-scripts.com *.zoominfo.com *.clickagy.com *.weglot.com *.clarity.ms; object-src 'none'; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com cdn.jsdelivr.net *.crazyegg.com acsbapp.com *.acsbapp.com code.jquery.com unpkg.com https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.youtube-nocookie.com *.weglot.com; img-src 'self' data: *.crazyegg.com acsbapp.com *.acsbapp.com *.gstatic.com *.googleapis.com https://cdn.cookielaw.org/logos/static/ot_close.svg https://cdn.cookielaw.org/logos/00ede55a-7822-413c-a767-b17482b93176/6a9f63ca-67d4-447a-846e-044d865079f1/fd22dd1b-b5d9-4bdc-803d-bb78e0f32fd3/lineage_logo.png https://cdn.cookielaw.org/logos/static/powered_by_logo.svg https://id.rlcdn.com/464526.gif *.company-target.com *.everesttech.net *.linkedin.com *.bing.com *.doubleclick.net *.google.com *.facebook.com *.googletagmanager.com *.demdex.net *.casalemedia.com *.adnxs.com *.openx.net *.rubiconproject.com *.yahoo.com *.pubmatic.com *.bluekai.com *.cookielaw.org *.clickagy.com *.agkn.com *.sitescout.com *.rlcdn.com *.clarity.ms *.bing.net *.google.nl; media-src *; frame-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com *.google.com lineagelogistics-external.applynow.net.au *.doubleclick.net *.crazyegg.com *.instagram.com *.adsrvr.org *.cloudfront.net *.facebook.com *.pardot.com pt.lineagelogistics.com http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzr http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzv http://go.pardot.com/l/961942/2023-08-22/4hbzk http://go.pardot.com/l/961942/2023-06-27/493x5 *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ recaptcha.google.com:* pt.onelineage.com *.youtube-nocookie.com https://airtable.com/ player.vimeo.com *.googletagmanager.com *.morganstanley.com; frame-ancestors 'self' https://tag.demandbase.com/d80b380c137ea7bb.min.js *.company-target.com tag.demandbase.com pt.onelineage.com *.youtube-nocookie.com; child-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com blob: *.youtube.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js *.youtube-nocookie.com; font-src 'self' *.googleusercontent.com *.gstatic.com *.typekit.net data: acsbapp.com *.acsbapp.com; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.onetrust.com *.bing.com *.nr-data.net *.googleapis.com *.crazyegg.com acsbapp.com *.acsbapp.com *.youtube.com *.google.com *.linkedin.oribi.io *.company-target.com *.demandbase.com https://browser-intake-us5-datadoghq.com *.zi-scripts.com *.zoominfo.com *.hotjar.io *.hotjar.com insight.adsrvr.org https://tag.demandbase.com/d80b380c137ea7bb.min.js https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.linkedin.com *.clickagy.com *; report-uri /report-csp-violation 2
upgrade-insecure-requests; frame-ancestors 'self' nats.aero *.nats.aero nats.co.uk *.nats.co.uk; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; 2
frame-ancestors 'self' https://fingov-prod.softco.com:8443 https://fingov-prod.softco.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mw.thghosting.com https://request.eprotect.vantivcnp.com https://www.dwin1.com https://lantern.roeyecdn.com https://bat.bing.com https://*.pingdom.net https://connect.facebook.com https://connect.facebook.net/ https://www.googletagmanager.com https://code.jquery.com https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://snap.licdn.com/li.lms-analytics/ https://www.googleadservices.com/pagead/; img-src 'self' 'unsafe-inline' data: https://support.thgingenuity.com https://img.zohostatic.eu https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://bat.bing.com https://bat.bing.net https://*.pingdom.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.co.uk https://www.google.com.ua https://www.google.pl https://www.google-analytics.com https://www.facebook.com https://lantern.roeye.com/ https://www.zenaps.com/a/ https://px.ads.linkedin.com/ https://files.readme.io https://*.googleusercontent.com https://support.basekit.com https://cdnjs.cloudflare.com/ajax/libs/twemoji/; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://*.uk2.net https://*.pingdom.net https://fonts.gstatic.com https://www.google.com https://fonts.googleapis.com https://fonts.googleapis.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://cdn.forms-content.sg-form.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/static/ https://player.vimeo.com https://www.youtube.com https://accounts.google.com https://td.doubleclick.net/ https://www.facebook.com/; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.googletagmanager.com https://*.google-analytics.com https://*.paypal.com https://mw.thghosting.com https://googleadservices.com https://stats.g.doubleclick.net https://*.pingdom.net https://fonts.googleapis.com https://www.gstatic.com https://bat.bing.com https://bat.bing.net https://*.sentry.io https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ https://rum-collector-2.pingdom.net/img/ https://region1.google-analytics.com/g/ https://px.ads.linkedin.com/ https://www.google.com/ccm/; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; default-src 'self'; object-src 'none'; 2
frame-ancestors https://eu.beanworks.com https://*.eu.beanworks.com https://beandev.com https://beandev.eu https://*.beandev.com https://*.beanworks.ca https://*.beandev.eu https://*.sageapa.com https://beanworks.ca https://sageapa.com https://*.beanworkspace.com 2
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.sierratel.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://api.w.org https://www.google.com https://www.google-analytics.com https://speedtest.sti.net https://cdn.plyr.io https://cdn.acsbapp.com https://acsbapp.com https://maps.googleapis.com https://maps.gstatic.com http://code.jquery.com https://secure.gravatar.com https://ps.w.org https://code.jquery.com https://cdn.jsdelivr.net https://www.googleapis.com https://s.w.org https://library.elementor.com https://www.youtube.com https://www.youtube-nocookie.com https://i.ytimg.com https://cdn.crowdfiber.io https://app.broadbandconsumerlabels.com https://uiniversal.accessibe.com https://library.phlox.pro https://main.averta.net https://demo.phlox.pro https://storage.googleapis.com https://universal.accessibe.com https://cdnjs.cloudflare.com https://www.w3-edge.com https://wufoo.com https://accesswidget-log-receiver.acsbapp.com/ https://api-js.mixpanel.com https://assets.elementor.com 2
default-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com https://coy2m1lt.cdn.imgeng.in https://consent.cookiefirst.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://files.bpcontent.cloud *.botpress.cloud *.hsforms.com https://*.clarity.ms https://b-code.liadm.com *.neeve.ai *.google.com *.google-analytics.com *.hs-scripts.com *.linkedin.com *.vimeo.com *.cdn.imgeng.in *.hsforms.net *.s3.amazonaws.com *.w3.org *.gravatar.com *.bootstrapcdn.com *.stackadapt.com *.onetrust.com *.cookiefirst.com *.google.com.np *.googletagmanager.com *.vimeocdn.com *.youtube.com *.facebook.net *.facebook.com *.googleapis.com *.gstatic.com *.bing.com *.licdn.com *.googleadservices.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com js.hubspot.com s3-us-west-2.amazonaws.com snid.snitcher.com https://*.clarity.ms googleads.g.doubleclick.net https://cdn.snitcher.com https://www.gstatic.com https://www.google.com/recaptcha/ https://www.google.com/jsapi https://www.recaptcha.net https://cdn.vector.co; connect-src 'self' https://api.cookiefirst.com *.botpress.cloud https://*.hsappstatic.net https://*.clarity.ms https://*.liadm.com https://a.usbrowserspeed.com https://alocdn.com https://cdn.vector.co https://vimeo.com https://api.vector.co https://player.vimeo.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://edge.cookiefirst.com/prod/location https://consent.cookiefirst.com https://api.neeve.ai https://www.google-analytics.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net https://api.hubapi.com https://www.google.com https://px.ads.linkedin.com https://ppt2emy7nkbhu3nf4fatqm5rpe0ymllj.lambda-url.us-east-1.on.aws wss://ws-mt1.pusher.com https://sockjs.pusher.com https://pro.ip-api.com https://radar.snitcher.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/; form-action 'self' *.neeve.ai *.facebook.com https://forms.hsforms.com; frame-ancestors 'none'; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com https://coy2m1lt.cdn.imgeng.in; img-src 'self' data: blob: https://files.bpcontent.cloud *.gravatar.com https://*.googletagmanager.com https://*.cookiefirst.com https://*.liadm.com *.facebook.com *.googleapis.com *.gstatic.com *.cdn.imgeng.in https://*.clarity.ms *.linkedin.com *.youtube.com *.neeve.ai *.vimeocdn.com *.s3.amazonaws.com https://forms.hsforms.com https://perf-na1.hsforms.com https://www.google.com https://www.google.com.np https://track.hubspot.com https://files.bugherd.com https://www.gstatic.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://forms-na1.hsforms.com https://www.bugherd.com; frame-src 'self' *.vimeo.com *.botpress.cloud *.youtube.com *.facebook.com https://www.googletagmanager.com https://www.google.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://forms.hsforms.com ; object-src 'none'; 2
default-src 'self' data: fonts.googleapis.com *.typekit.com;   script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://learn.porchgroupmedia.com https://www.youtube.com https://54.91.124.180 https://540-why-968.mktoweb.com https://540-why-968.mktoresp.com https://td.doubleclick.net https://*.googleapis.com https://maps.google.com https://www.buzzsprout.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://connect.facebook.net https://munchkin.marketo.net https://ws.zoominfo.com https://epsilon.6sense.com/ https://j.6sc.co https://b.6sc.co https://ipv6.6sc.co https://c.6sc.co https://px.ads.linkedin.com https://www.gstatic.com https://snap.licdn.com https://js.hs-scripts.com/ https://stats.sa-as.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://unpkg.com/ https://epsilon-globalaccelerator.6sense.com/ https://js.hsforms.net/ https://forms-na1.hubspot.com https://s3-us-west-2.amazonaws.com https://cdn.vector.co https://a.usbrowserspeed.com https://*.liadm.com https://clearout.io https://js.zi-scripts.com https://kit.fontawesome.com https://ka-p.fontawesome.com;   style-src 'self' data: 'unsafe-inline' https://54.91.124.180 https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://learn.porchgroupmedia.com;   connect-src 'self' https://learn.porchgroupmedia.com https://www.facebook.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://ws.zoominfo.com https://px.ads.linkedin.com https://analytics.google.com https://540-why-968.mktoresp.com https://stats.g.doubleclick.net https://secure.adnxs.com https://forms.hscollectedforms.net https://maps.googleapis.com https://www.google.com https://epsilon-globalaccelerator.6sense.com/ https://eps.6sc.co/ https://v.eps.6sc.co/ https://lottie.host/ https://js.hsforms.net/ https://forms.hsforms.com/ https://forms-na1.hubspot.com https://pro.ip-api.com https://api.vector.co https://alocdn.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://*.liadm.com https://api.clearout.io/ https://clearout.io https://js.zi-scripts.com https://unpkg.com https://ka-p.fontawesome.com;   font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://ka-p.fontawesome.com;   frame-src 'self' https://www.google.com https://www.googletagmanager.com https://learn.porchgroupmedia.com https://td.doubleclick.net https://youtube.com https://www.youtube.com https://www.buzzsprout.com https://bid.g.doubleclick.net https://www.facebook.com https://forms.hsforms.com/ https://*.liadm.com https://clearout.io;   img-src 'self' data: https://54.91.124.180 https://learn.porchgroupmedia.com https://i.ytimg.com https://googleads.g.doubleclick.net https://secure.gravatar.com https://ws.zoominfo.com https://www.google.com https://www.googletagmanager.com https://www.facebook.com https://px.ads.linkedin.com https://b.6sc.co https://stats.sa-as.com https://track.hubspot.com https://forms.hsforms.com https://ps.w.org https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://www.greatplacetowork.com https://forms-na1.hsforms.com/ https://*.liadm.com https://clearout.io https://connect.facebook.net;   upgrade-insecure-requests;     2
default-src 'self';                script-src 'self' 'unsafe-inline' 'unsafe-eval'                 https://click2cart.com                  https://ss.click2cart.com                 *.janraincapture.com                  https://rpxnow.com                  https://www.googleadservices.com                  https://api.tiles.mapbox.com                  https://cdnjs.cloudflare.com                  *.cloudfront.net                  https://www.lightboxcdn.com                  https://api.lightboxcdn.com                  https://pge.segmanta.com                  https://www.upsellit.com                  https://s.pinimg.com                  https://z.moatads.com                  https://c.lytics.io                  https://cdn.segment.com                  https://js-cdn.dynatrace.com                  https://wtbng.pricespider.com                  https://wtbstream.pricespider.com                  https://embeddedcloud.pricespider.com                  https://omni.pricespider.com                  https://locate.pricespider.com                  https://wtbevents.pricespider.com                  https://cdn.pricespider.com                  https://www.youtube.com                  https://pghub.io                  *.cookielaw.org                  *.rudderstack.com                  cdn.rudderlabs.com                  *.onetrust.com                  *.iesnare.com                  connect.facebook.net                  *.crazyegg.com                  *.adsrvr.org                  *.bazaarvoice.com                  *.google-analytics.com                  *.googletagmanager.com                  https://analytics.tiktok.com                  https://ct.pinterest.com                  blob:;                                style-src 'self' 'unsafe-inline'                  https://click2cart.com                  https://quilt-cdn.janrain.com                  https://api.tiles.mapbox.com                  https://s3.lightboxcdn.com                  https://api.lightboxcdn.com                  https://www.lightboxcdn.com                  https://c.lytics.io                  https://cdn.pricespider.com                  https://fonts.googleapis.com;               font-src 'self'                https://s3.lightboxcdn.com                https://fonts.gstatic.com                https://click2cart.com                https://s3.us-west-2.amazonaws.com;               img-src 'self'                  www.facebook.com                  https://click2cart.com                  https://img.youtube.com/                  https://ad.doubleclick.net/                  *.cookielaw.org                  *.cloudfront.net                  https://googleads.g.doubleclick.net                  https://www.google.hr                  https://www.google.co.in                  https://insight.adsrvr.org                  https://40n23zgkic3y-a.akamaihd.net                  https://ct.pinterest.com                  https://submit.lightboxcdn.com                  https://submitcus.lightboxcdn.com                  https://s3.lightboxcdn.com                  https://api.lightboxcdn.com                  https://www.lightboxcdn.com                  https://c.lytics.io                  https://cdn.pricespider.com                  https://wwwassets.pricespider.com                  https://embeddedcloud.pricespider.com                  https://px.moatads.com                  https://www.google.com                  i.ytimg.com                  videos.ctfassets.net                  images.ctfassets.net                  pixel.tapad.com                  *.bazaarvoice.com                  *.google-analytics.com                  *.googletagmanager.com                  https://s3-us-west-2.amazonaws.com                  data:;               media-src 'self'                  https://videos.ctfassets.net                  *.iesnare.com                  data:;               connect-src *                  https://click2cart.com;               frame-src 'self'                  *.janraincapture.com                  https://videos.ctfassets.net                  https://pandg.tapad.com                  https://www.youtube.com                  https://www.youtube-nocookie.com                  *.adsrvr.org                  *.doubleclick.net                  *.jebbit.com                  consumersupport.pg.com                  servedby.flashtalking.com                  pg-lex.my.salesforce-sites.com                  ct.pinterest.com                  www.facebook.com                  https://www.googletagmanager.com;               manifest-src *; 2
frame-ancestors 'self'; frame-src *; 2
default-src 'self' lipseys.uservoice.com www.google.com google.com userway.org cdn.userway.org gunstreamer.com next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com docs.google.com www.youtube-nocookie.com www.youtube.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' static.cloudflareinsights.com www.lipseys.com lipseys.com www.clarity.ms www.google.com google.com gstatic.com www.gstatic.com cdn.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com ajax.googleapis.com cdn.jsdelivr.net cdn.ravenjs.com cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com www.google-analytics.com kit.fontawesome.com https://*.posthog.com lipseycms.lipseyscloud.com;style-src 'self' 'unsafe-inline' cdn.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com fonts.googleapis.com maxcdn.bootstrapcdn.com kit-free.fontawesome.com ka-f.fontawesome.com;connect-src 'self' cdn.userway.org wss://live.lipseysdistribution.net contentapi.lipseysdistribution.net itemsapi.lipseysdistribution.net live.lipseysdistribution.net docs.google.com ka-f.fontawesome.com api.userway.org userway.org *.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com api.lipseys.com sentry.io www.google-analytics.com *.clarity.ms c.bing.com https://*.posthog.com lipseycms.lipseyscloud.com;font-src 'self' cdn.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com maxcdn.bootstrapcdn.com fonts.gstatic.com kit-free.fontawesome.com ka-f.fontawesome.com;img-src * data: blob:;upgrade-insecure-requests;frame-ancestors 'self' lipseycms.lipseyscloud.com;base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none' 2
frame-ancestors 'self' tece.matistik.com; upgrade-insecure-requests 2
frame-ancestors 'self' *.inlinewarehouse.com www.icewarehouse.com www.derbywarehouse.com www.tennis-warehouse.com; 2
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.youtube.com https://cdn.cookielaw.org https://recaptcha.net https://www.gstatic.com https://ajax.cloudflare.com https://static.ads-twitter.com https://snap.licdn.com https://analytics.clickdimensions.com https://static.oktopost.com https://okt.to https://unpkg.com https://www.essencemediacom.com https://*.essencemediacom.com https://*.groupm.com https://*.wppmedia.com https://public.flourish.studio https://flourish.studio https://flo.uri.sh 'unsafe-inline' https://src.litix.io ; style-src 'self' https://p.typekit.net https://use.typekit.net https://api.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://*.datocms-assets.com https://images.ctfassets.net https://i.ytimg.com https://cdn.cookielaw.org https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://analytics.google.com https://px.ads.linkedin.com https://creativereview.imgix.net https://static.licdn.com https://miro.medium.com https://www.theverge.com https://www.wpp.com https://www.groupm.com https://*.groupm.com https://www.essencemediacom.com https://*.essencemediacom.com https://*.wppmedia.com https://public.flourish.studio https://flourish.studio https://flo.uri.sh data: https://image.mux.com https://*.litix.io https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://flo.uri.sh https://*.wppmedia.admin.datocms.com 'self' https://analytics.google.com https://*.essencemediacom.admin.datocms.com https://www.gstatic.com https://*.datocms-assets.com https://ssl.gstatic.com https://*.analytics.google.com https://www.wpp.com https://www.theverge.com https://www.googletagmanager.com https://i.ytimg.com https://px.ads.linkedin.com https://*.g.doubleclick.net https://flourish.studio https://creativereview.imgix.net https://miro.medium.com https://plugins-cdn.datocms.com https://public.flourish.studio https://www.essencemediacom.com https://static.licdn.com https://*.google-analytics.com https://www.wppmedia.com https://www.linkedin.com https://cdn.cookielaw.org https://*.essencemediacom.com https://www.groupm.com https://images.ctfassets.net https://*.wppmedia.com https://*.googletagmanager.com https://*.groupm.com data:; font-src 'self' https://use.typekit.net https://fonts.gstatic.com data:; connect-src 'self' https://www.wpp.com https://www.groupm.com https://*.groupm.com https://www.essencemediacom.com https://creativereview.imgix.net https://static.licdn.com https://miro.medium.com https://www.theverge.com https://images.ctfassets.net https://videos.ctfassets.net https://www.datocms-assets.com https://cdn.cookielaw.org https://p.typekit.net https://use.typekit.net https://*.onetrust.com https://recaptcha.net https://i.ytimg.com https://www.youtube.com https://www.gstatic.com https://api.mapbox.com https://events.mapbox.com https://unpkg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://analytics.google.com https://static.oktopost.com https://okt.to https://static.ads-twitter.com https://snap.licdn.com https://analytics.clickdimensions.com https://px.ads.linkedin.com https://www.essencemediacom.com https://*.essencemediacom.com https://*.wppmedia.com https://public.flourish.studio https://flourish.studio https://flo.uri.sh https://*.mux.com https://*.litix.io https://storage.googleapis.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; frame-src 'self' https://www.youtube.com https://recaptcha.net https://public.flourish.studio https://flourish.studio https://flo.uri.sh; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://plugins-cdn.datocms.com http://localhost https://essencemediacom.admin.datocms.com https://wppmedia.admin.datocms.com https://*.enboarder.com; media-src 'self' blob: https://*.datocms-assets.com https://*.mux.com; object-src 'self' data:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' blob: https://matomo01.cms.kommunale.it; connect-src 'self' https://matomo01.cms.kommunale.it; style-src 'self' 'unsafe-inline' ; img-src 'self' data:; font-src 'self'; object-src 'none';frame-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://online.gamingcampus.fr https://gamingcampus.fr https://wordpress.gamingcampus.fr https://online.guardia.school https://guardia.school https://wordpress.guardia.school https://player.gamingcampus.fr https://player.guardia.school https://*.questeducation.fr data: blob:; 2
default-src https: data: blob: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; 2
default-src 'self' https:;script-src 'self' 'unsafe-inline'  https://www.googletagmanager.com  https://player.vimeo.com/api/player.js  https://policy.app.cookieinformation.com  https://www.youtube.com  https://mktdplp102cdn.azureedge.net  https://cxppusa1formui01cdnsa01-endpoint.azureedge.net  https://assets-eur.mkt.dynamics.com  https://public-eur.mkt.dynamics.com  https://cxppeur1rdrect01sa02cdn.blob.core.windows.net  *.svc.dynamics.com/f  *.svc.dynamics.com/t  *.svc.dynamics.com/t/w  https://dhigroup.matomo.cloud  https://cdn.matomo.cloud/dhigroup.matomo.cloud/container_HH5X4G0y.js  https://cdn.matomo.cloud/dhigroup.matomo.cloud/matomo.js;style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com https:;font-src 'self' *.gstatic.com data: https:;img-src 'self' *.googletagmanager.com data: https:;object-src 'self' 'unsafe-inline' *;frame-ancestors 'none';base-uri 'self';form-action 'none'; 2
default-src 'self' https: data:; script-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https:; frame-src https:; object-src 'none'; base-uri 'self'; form-action 'self' https:; 2
default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: javascript:; report-uri /cspreport/staticyoutube 2
block-all-mixed-content; frame-ancestors 'self'; object-src 'none'; base-uri 'self' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' always 2
base-uri 'self'; connect-src 'self' www.gk-software.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.linkedin.com; font-src 'self' data: fonts.gstatic.com; object-src 'self'; child-src 'self'; frame-src 'self' www.gk-software.com www.google.com www.youtube-nocookie.com forms.office.com; worker-src 'self' blob:; form-action 'self'; frame-ancestors 'self' 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' wss://ws.hotjar.com;  worker-src  'self' blob: 2
frame-ancestors 'self' *.hasselt.be *.visithasselt.be; report-uri /report-csp-violation 2
default-src 'self'  'unsafe-inline';
        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vk.com https://api-maps.yandex.ru https://suggest-maps.yandex.ru http://*.maps.yandex.net https://yandex.ru https://smartcaptcha.cloud.yandex.ru https://yastatic.net https://mc.yandex.ru https://mc.yandex.com https://telegram.org;
        child-src 'self' https://yastatic.net https://api-maps.yandex.ru https://smartcaptcha.cloud.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://vk.com;
        worker-src 'self' blob: data: https://yastatic.net https://api-maps.yandex.ru https://smartcaptcha.cloud.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://vk.com;
        frame-src 'self' https://yastatic.net https://api-maps.yandex.ru https://smartcaptcha.cloud.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://vk.com;
        style-src 'self' 'unsafe-inline' blob: https://yastatic.net;
        font-src 'self' data: https://fonts.gstatic.com;
        img-src 'self' data: https: blob: https://mc.yandex.ru https://mc.yandex.com https://*.maps.yandex.net https://api-maps.yandex.ru https://yandex.ru;
        connect-src 'self' https://yastatic.net https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://*.taxi.yandex.net https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://webvisor.com *.webvisor.com wss: ws://terminal.jewish-museum.ru https://vk.com;
        object-src 'none';
        base-uri 'self';
        form-action 'self' https://wpay.uniteller.ru https://fpay.uniteller.ru;
        frame-ancestors 'self';
     2
default-src 'none'; img-src 'self' https: data: https://www.google-analytics.com/collect https://www.googletagmanager.com https://www.google.com *.hsl.org.br; manifest-src 'self' https: *.hsl.org.br; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.google.com https://www.gstatic.com https://www.googletagmanager.com *.hsl.org.br; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com *.hsl.org.br; font-src 'self' https: https://fonts.googleapis.com https://fonts.gstatic.com *.hsl.org.br; frame-src 'self' https: https://www.google.com *.hsl.org.br; connect-src 'self' https: wss: *.execute-api.us-east-1.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com *.hsl.org.br; 2
default-src 'self' *.checkngo.com *.xact.com *.alliedcash.com *.pocket360.com *.mouseflow.com *.cashstore.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com *.tfaforms.net *.krxd.net *.quantcount.com *.googletagmanager.com *.quantserve.com *.fontawesome.com *.bootstrapcdn.com *.googleanalytics.com https://maps.google.com https://optimize.google.com https://tagmanager.google.com *.googleadservices.com *.googleoptimize.com *.doubleclick.net https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.msecnd.net *.hotjar.com https://tag.brandcdn.com https://adservices.brandcdn.com https://widget.trustpilot.com *.siteimproveanalytics.com *.mouseflow.com *.pinimg.com https://siteimproveanalytics.com *.pinterest.com https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com *.getambassador.com v1.ambassadorsnippet.com cdn.popt.in cdn.segment.com *.fullstory.com *.sentry-cdn.com *.intercom.io pixel.cdnwidget.com https://cdn.popt.in/pixel.js *.satismeter.com cdn.jsdelivr.net *.intercomcdn.com *.mbsy.co *.pusher.com api.getambassador.localhost:8000 https://webto.salesforce.com/* https://cdnjs.cloudflare.com/* unpkg.com https://www.google-analytics.com https://analytics.google.com cdnjs.cloudflare.com/ajax/libs/* *.checkngo.com *.cognitoforms.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.tfaforms.net *.fontawesome.com *.bootstrapcdn.com https://optimize.google.com https://tagmanager.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.myfonts.net *.mouseflow.com *.siteimproveanalytics.com *.cloudflare.com https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com *.cognitoforms.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.tfaforms.net pre-usermatch.targeting.unrulymedia.com e1.emxdgt.com beacon.krxd.net x.bidswitch.net pixel.advertising.com *.quantserve.com www.google.com dynl.mktgcdn.com maps.google.com optimize.google.com *.azureedge.net *.googletagmanager.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com adservices.brandcdn.com insight.adsrvr.org match.adsrvr.org *.doubleclick.net sync.search.spotxchange.com https://*.ggpht.com *.mouseflow.com *.google-analytics.com *.adswizz.com *.pinterest.com *.tapad.com *.tremorhub.com *.googleusercontent.com https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com *.cognitoforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.bootstrapcdn.com *.mouseflow.com https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube.com *.trustpilot.com *.google.com *.mouseflow.com *.tfaforms.net https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com *.cognitoforms.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://*.googleapis.com/ *.googleapis.com *.doubleclick.net https://analytics.google.com *.pinterest.com *.contextine.com *.googletagmanager.com *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://ipinfo.io/ip https://icanhazip.com https://api.ipify.org *.mouseflow.com *.tfaforms.net https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com *.getambassador.com v1.ambassadorsnippet.com cdn.popt.in cdn.segment.com *.fullstory.com *.sentry-cdn.com *.intercom.io pixel.cdnwidget.com https://cdn.popt.in/pixel.js *.satismeter.com cdn.jsdelivr.net *.intercomcdn.com *.mbsy.co *.pusher.com api.getambassador.localhost:8000 https://webto.salesforce.com/* https://cdnjs.cloudflare.com/* unpkg.com https://www.google-analytics.com https://tagmanager.google.com cdnjs.cloudflare.com/ajax/libs/* *.cognitoforms.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' *.checkngo.com *.alliedcash.com cdn.krxd.net *.hotjar.com www.googletagmanager.com *.doubleclick.net adservices.brandcdn.com insight.adsrvr.org *.mouseflow.com *.trustpilot.com *.pinterest.com *.google.com https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com *.cognitoforms.com; object-src 'self' 2
default-src 'self'; script-src 'self' https://static-forms.lacontrevoie.fr/; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self' https://static-forms.lacontrevoie.fr/; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self' data:; worker-src 'self' blob:; 2
frame-ancestors 'self' https://app.contentful.com https://epic-mycharttst01.chsomaha.org https://connect.childrensnebraska.org https://*.chsomaha.org https://*.childrensnebraska.org 2
default-src openstreetmap.fr *.openstreetmap.fr openstreetmap.org *.openstreetmap.org arcgisonline.com *.arcgisonline.com cartocdn.com *.cartocdn.com 'self' 'unsafe-inline' 'unsafe-eval' nasdaqbaltic.com *.nasdaqbaltic.com *.vimeo.com vimeo.com *.paysera.com paysera.com *.doubleclick.net doubleclick.net *.googleadservices.com googleadservices.com *.bing.com *.tawk.to *.youtube.com *.ytimg.com *.jsdelivr.net virtualearth.net *.virtualearth.net placeimg.com data: www.googletagmanager.com maps.googleapis.com www.youtube-nocookie.com www.youtube.com fonts.gstatic.com connect.facebook.net www.facebook.com www.google-analytics.com cdnjs.cloudflare.com www.googleapis.com www.gstatic.com maps.gstatic.com www.google.com www.google.lt stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' data: *.jsdelivr.net maps.gstatic.com www.googleapis.com fonts.googleapis.com *.bing.com *.virtualearth.net virtualearth.net; frame-ancestors 'self'; connect-src 'self' vimeo.com *.vimeo.com virtualearth.net *.virtualearth.net facebook.com *.facebook.com *.bing.com google-analytics.com *.google-analytics.com wss://*.tawk.to *.tawk.to; form-action 'self' bank.paysera.com facebook.com *.facebook.com google.com *.google.com *.bing.com bing.com 2
default-src 'self' https://www.araucoonline.com https://fonts.gstatic.com https://ajax.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://maps.googleapis.com https://stats.wpmudev.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.araucoonline.com https://fonts.gstatic.com https://ajax.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://maps.googleapis.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://stats.wpmudev.com https://stats.wpmucdn.com https://code.jquery.com https://js-cdn.dynatrace.com https://www.youtube.com https://cdn.datatables.net https://www.instagram.com https://www.clarity.ms;     style-src 'self' 'unsafe-inline' https://www.araucoonline.com https://fonts.gstatic.com https://ajax.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://maps.googleapis.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com https://cdn.datatables.net;     img-src 'self' data: blob: https://www.google.cl https://analytics.tiktok.com https://stats1.wpmudev.com https://www.facebook.com https://secure.gravatar.com https://www.google.com.co https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.arauco.cl https://www.arauco.com https://i.ytimg.com http://arauco-qas.arauco.com https://arauco.com https://www.googletagmanager.com https://placehold.it https://www.placeholder.com https://via.placeholder.com https://ps.w.org https://cdn1.iconfinder.com https://cdn.datatables.net https://img.youtube.com https://www.instagram.com https://instagram.fbaq6-1.fna.fbcdn.net;     connect-src 'self' https://analytics.tiktok.com https://region1.analytics.google.com https://stats1.wpmudev.com https://analytics.google.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bf72388lyn.bf.dynatrace.com https://ipinfo.io https://cdn.datatables.net https://www.facebook.com https://www.google.com;     font-src 'self' data: https://www.araucoonline.com https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com;     media-src 'self';     form-action 'self' https://www.facebook.com https://www.googletagmanager.com;     frame-ancestors 'self' https://www.imperial.cl;     object-src 'self';     frame-src 'self' https://www.google.com https://horta30.github.io https://td.doubleclick.net https://www.araucoonline.com https://www.arauco.cl https://www.arauco.com https://www.youtube.com https://www.youtube-nocookie.com https://arauco-qas.arauco.com https://arauco.b3dservice.de https://arauco.esignserver3.com https://orbitvu.co https://issuu.com https://www.facebook.com https://www.googletagmanager.com https://www.optimizadoronline.com https://www.instagram.com https://e.issuu.com;     worker-src 'self' blob:;     manifest-src 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://js.stripe.com https://challenges.cloudflare.com https://app.box.com https://js.live.net https://apis.google.com https://accounts.google.com https://conversations-widget.brevo.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://bat.bing.com https://www.dropbox.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://*.braintreegateway.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.clarity.ms https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.braintreegateway.com; img-src 'self' data: blob: https: http: https://images.unsplash.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' data: blob: https://api.stripe.com https://*.amazonaws.com https://*.s3.amazonaws.com wss: https://challenges.cloudflare.com https://fonts.gstatic.com https://*.onrender.com https://*.brevo.com https://*.braintreegateway.com https://*.braintree-api.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.dropbox.com https://*.dropboxusercontent.com https://*.box.com https://*.boxcloud.com https://graph.microsoft.com https://*.microsoftpersonalcontent.com https://www.googleapis.com https://www.paypalobjects.com https://www.paypal.com https://*.paypal.com https://analytics.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.clarity.ms https://bat.bing.com; frame-src 'self' blob: https://www.google.com https://docs.google.com https://challenges.cloudflare.com https://js.stripe.com https://*.brevo.com https://*.dropbox.com https://www.dropbox.com https://*.box.com https://assets.braintreegateway.com https://*.braintreegateway.com https://*.paypal.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://www.googletagmanager.com https://*.doubleclick.net; media-src 'self' blob: data: https:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 2
img-src blob: https: data:; upgrade-insecure-requests 2
frame-ancestors https://resources.accusoft.com 'self' 2
frame-ancestors  *.brunomarc.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io;     img-src 'self' data: https://www.facebook.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://imgsct.cookiebot.com https://bat.bing.com/ https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google.be https://*.clarity.ms https://*.bing.net https://*.bing.com https://*.gstatic.com;     font-src 'self' data: https://use.typekit.net https://*.gstatic.com;     style-src 'self' 'unsafe-inline' https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io https://*.googleapis.com https://*.googletagmanager.com;     script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com;     script-src-elem 'self' 'unsafe-inline' https://www.clarity.ms https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://bat.bing.com https://*.ddev.site https://*.deltablue.io https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.recaptcha.net https://www.gstatic.com unpkg.com consent.cookiebot.com consentcdn.cookiebot.com https://*.doubleclick.net https://*.newrelic.com;     frame-src 'self' https://www.recaptcha.net/ consentcdn.cookiebot.com *.youtube-nocookie.com *.youtube.com https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io https://*.doubleclick.net https://*.googletagmanager.com https://player.vimeo.com;     frame-ancestors 'self' https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io;     connect-src 'self' https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io https://w.clarity.ms https://bat.bing.com/ https://px.ads.linkedin.com/ consentcdn.cookiebot.com https://*.craftcms.com https://craftcms.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.nr-data.net https://*.clarity.ms https://*.googlesyndication.com https://*.facebook.com https://*.bing.net 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-IJh8ORc2c8VdjK/lsuaSH4DDdUVXcbWKZH9lG8i4ZnU=' 'sha256-we2d5PFlPZi1zKtq7NU9ceDxQK8BLPKxlOTjgNnLz9E=' 'sha256-S+24nz6TXYzsf4RVEyxPLPe2h4S6dcb52swO4hr31mE=' 'sha256-N8TLziUMpTrT6oiMvfX0UjMvavDk2eMDBXLf0SpIiGU='  'sha256-h3MgVw06AzG7j4jseXJWWDLOpLSBlCFPvcfF+zTwTZc=' 'sha256-b7D5RFMGVJvZNo2B4c8YqrIIe7qJEMKi6wtx7OUuPkI=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-hGrRKTmWYJoPoSepEyrpwBBgF+r62SL1TTnSjeaPkPI=' 'sha256-BZwpI1aPGYhLSb7IeM/zUj3yUo/TGa9/vH0xhY2WjhY=' 'sha256-hMat9BBb/A+lKaIpRXT3tg4M8GlwGvzUyhhLi0Pqevs=' https://cdn.segment.com:*/ *.segmentapis.com:*/ https://cdn.cookielaw.org:*/; style-src 'self' 'unsafe-inline'; img-src * data:; connect-src 'self' https://api.getbeamer.com:*/ https://cdn.segment.com:*/ *.segmentapis.com:*/ https://cdn.cookielaw.org:*/ *.onetrust.com:*/; frame-src 'self' https://app.getbeamer.com:*/ https://cdn.cookielaw.org:*/; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.w.org https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://static.cloudflareinsights.com https://*.activehosted.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.bunny.net https://cdn.jsdelivr.net; img-src 'self' data: https: https://s3.patmoshosting.com https://s.w.org; font-src 'self' data: https://fonts.gstatic.com https://s3.patmoshosting.com https://fonts.bunny.net; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://*.activehosted.com wss://adac.api.yoursrs.com; worker-src 'self' blob:; frame-src 'self' https://www.google.com https://*.google.com https://brainstormforce.github.io https://*.patmos.tech https://*.activehosted.com blob:; frame-ancestors 'self' https://patmos.tech; base-uri 'self'; form-action 'self' 2
default-src 'self' 'unsafe-hashes' 'unsafe-inline' https://*.clarity.ms/collect https://www.clarity.ms https://d.clarity.ms/collect https://s.clarity.ms/collect https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google.fr https://td.doubleclick.net https://www.google-analytics.com https://p.clarity.ms https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://use.typekit.net https://analytics.axess.fr https://www.google.com http://www.google.com https://webtracking-v01.bpmonline.com https://portail-int.axess.fr https://portail-int.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://portail.axess.fr https://portail.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://region1.analytics.google.com https://js-eu1.hs-scripts.com https://www.gstatic.com https://appvizer.one https://ariadne.appvizer.one https://inrecruitingfr.intervieweb.it https://bpm-rect.axess.fr https://bpm-rect.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://*.visualwebsiteoptimizer.com data:; script-src 'self' 'unsafe-hashes' 'unsafe-inline' https://*.clarity.ms/collect https://www.clarity.ms https://d.clarity.ms/collect https://s.clarity.ms/collect https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google.fr https://td.doubleclick.net https://www.google-analytics.com https://p.clarity.ms https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://use.typekit.net https://analytics.axess.fr https://www.google.com http://www.google.com https://webtracking-v01.bpmonline.com https://portail-int.axess.fr https://portail-int.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://portail.axess.fr https://portail.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://region1.analytics.google.com https://js-eu1.hs-scripts.com https://www.gstatic.com https://appvizer.one https://ariadne.appvizer.one https://inrecruitingfr.intervieweb.it https://bpm-rect.axess.fr https://bpm-rect.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://*.visualwebsiteoptimizer.com data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://share.trustfolio.co https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://*.clarity.ms/collect https://www.clarity.ms https://d.clarity.ms/collect https://s.clarity.ms/collect https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google.fr https://td.doubleclick.net https://www.google-analytics.com https://p.clarity.ms https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://use.typekit.net https://analytics.axess.fr https://www.google.com http://www.google.com https://webtracking-v01.bpmonline.com https://portail-int.axess.fr https://portail-int.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://portail.axess.fr https://portail.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://region1.analytics.google.com https://js-eu1.hs-scripts.com https://www.gstatic.com https://appvizer.one https://ariadne.appvizer.one https://inrecruitingfr.intervieweb.it https://bpm-rect.axess.fr https://bpm-rect.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://*.visualwebsiteoptimizer.com data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://p.typekit.net https://unpkg.com 2
default-src 'unsafe-inline' https://code.jquery.com https://info.moogsoft.com/ https://092-egh-780.mktoresp.com/ https://moogsoftcom.wpengine.com https://www.moogsoft.com/ https://www.moogsoft.com/wp-admin/admin-ajax.php  https://deliciousbrains.com/wp-json/mdb-api/v1/ https://www.googletagmanager.com/ https://www.youtube.com/ https://moogsoftcom.wpenginepowered.com/wp-content/themes/moogsoft/dist/images/hpaniA052421.webm https://js.driftt.com/ https://info.moogsoft.com/ https://www.moogsoft.com/wp-admin/themes.php; connect-src 'self' https://www.facebook.com/tr/ https://ws.zoominfo.com/formcomplete-v2/ https://cdn.linkedin.oribi.io/ https://ws.zoominfo.com/form-complete/ https://092-egh-780.mktoresp.com/ https://app-sj27.marketo.com http://www.google-analytics.com https://google-analytics.com https://connect.facebook.com https://js.driftt.com https://api.lever.co/ https://yoast.com/ https://my.wpengine.com/ https://stats.g.doubleclick.net/ https://moogsoftcom.wpenginepowered.com/ https://092-egh-780.mktoutil.com/ https://analytics.google.com/g/collect; script-src 'unsafe-inline' 'unsafe-eval' https://info.moogosoft.com https://js.driftt.com https://widget.drift.com https://www.googletagmanager.com/ https://ws-assets.zoominfo.com/formcomplete.js https://www.moogsoft.com/wp-content/uploads/2020/06/teknkl-simpledto-1.0.4.js https://info.moogsoft.com/rs/092-EGH-780/images/teknkl-formsplus-1.0.5.js https://www.moogsoft.com/ https://www.google-analytics.com http:; style-src 'unsafe-inline' https://info.moogsoft.com http:; font-src 'self' https://fonts.gstatic.com/s/worksans/ https://fonts.gstatic.com/s/playfairdisplay/ https://fonts.gstatic.com/s/poppins/ https://fonts.googleapis.com/; media-src 'unsafe-inline' https://youtube.com/ https://moogsoftcom.wpenginepowered.com/ ; img-src 'self' https://info.moogsoft.com http: data:; frame-src https://app-sj27.marketo.com/ https://moogsoftcom.wpenginepowered.com/ https://player.vimeo.com/ https://marketingplatform.google.com/ https://www.facebook.com https://js.driftt.com https://widget.drift.com https://www.youtube.com/ https://info.moogsoft.com/ https://bid.g.doubleclick.net/ https://www.moogsoft.com/ https://www.google.com/; frame-ancestors https://youtube.com https://vimeo.com https://api.lever.co/ https://www.moogsoft.com https://info.moogsoft.com/; manifest-src https://www.moogsoft.com/ https://moogsoftcom.wpenginepowered.com/; form-action 'unsafe-inline' https://info.moogsoft.com/ https://info.moogsoft.com/Trial-Signup-Follow-Up.html https://info.moogsoft.com/Trial-Signup-Thank-You.html https://092-egh-780.mktoresp.com/ https://app-sj27.marketo.com https://www.facebook.com/tr/ https://www.moogsoft.com/ https://webto.salesforce.com; 2
frame-ancestors 'self' https://www.racq.com.au https://rac.com.au https://our.raa.com.au; 2
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' camo.githubusercontent.com 2
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com http://*.webvisor.com https://webvisor.com http://webvisor.com 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://fonts.gstatic.com https://ws.colissimo.fr https://static.lyra.com/static/ *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.n