Values for content-security-policy:
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 21,777
upgrade-insecure-requests 21,006
frame-ancestors 'self' 10,701
upgrade-insecure-requests; 7,499
frame-ancestors 'self'; 4,650
block-all-mixed-content 2,540
block-all-mixed-content; 1,770
frame-ancestors 'none' 1,424
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 1,013
frame-ancestors 'none'; 862
default-src 'self' ws: wss: http: https: data: blob: 'unsafe-inline' 585
frame-ancestors 'self' https://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data: blob:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 530
object-src 'none' 498
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 446
428
report-uri /report-csp-violation 336
default-src https: data: 'unsafe-inline' 'unsafe-eval' 318
frame-ancestors 'self' godaddy.com *.godaddy.com 271
upgrade-insecure-requests;frame-ancestors 'none';object-src 'none' 265
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 240
frame-ancestors * 217
require-trusted-types-for 'script' 209
upgrade-insecure-requests; block-all-mixed-content 201
frame-ancestors 'self' http://webvisor.com 199
script-src 'self' blob: https://morris-server.de:8801 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; media-src 'self' data: blob: https://api.sparkassen-mediacenter.de https://sparkassen-mediacenter.de https://cdn.sparkassen-mediacenter.de 195
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com; 186
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; 183
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 182
default-src 'self';     style-src 'unsafe-inline';     object-src 'none' 174
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 170
upgrade-insecure-requests;object-src 'none' 170
default-src * data: 'unsafe-eval' 'unsafe-inline' 166
frame-ancestors 'self' ; 151
upgrade-insecure-requests; frame-ancestors 'self' 151
frame-ancestors self 143
frame-ancestors 'self' https://*.ally.ac; 142
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.googleapis.com *.cdnnetworks.net *.edgecasts.net *.fasttrackcdn.net *.cdnrocket.net  *.speedysurfcdn.net *.cloudswiftcdn.net *.globalwavecdn.net *.acceleracloud.net *.quickroutecdn.net *.lightningspeedcdn.net *.stormshieldcdn.net *.rapidflarecdn.net *.velocitystream.net *.nexusaccelerate.net *.pacificrouter.com *.cdnhealthcare.net *.traveladventurescdn.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net http://*.sbobet.com; worker-src 'self' blob:; report-uri https://csp.trackittk.net/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa https://csp.trackittk.net/z/44e4f334-51c5-4cdb-b5e0-b33b1ec85c9d 136
frame-ancestors 'self' https://app.grovecms.org/ 134
report-uri /report-csp-violation; upgrade-insecure-requests 131
self 125
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 125
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 121
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob: wss://realtimeeventfeeds.viafoura.co; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 120
frame-ancestors 'self' *.tsoftpanel.com *.paneltsoft.com; 111
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 107
default-src 'none' 102
frame-ancestors https://sinclairstoryline.com https://qa-sinclairstoryline.com https://int-sinclairstoryline.com https://storyline-qa.com https://storyline-int.com https://preview.int-sinclairstoryline.com https://preview.storyline-int.com https://preview.storyline-qa.com https://preview.qa-sinclairstoryline.com https://preview.sinclairstoryline.com; upgrade-insecure-requests 98
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net *.33across.com *.360playvid.info *.abkafurniture.com *.abt.s3.yandex.net *.ad-generation.jp *.ad-plus.com.tr *.adfor.io *.adform.com *.adform.net *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.admost.com *.adnsafe.org *.adnxs.com *.adocean.pl *.adpush.com.tr *.adsby.io *.adsturk.com *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.adtrafficquality.google *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.air.tech *.aistekso.net *.alexametrics.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.anura.io *.api-sports.io *.appnexus.com *.aralego.com *.atombilisim.com.tr *.axonix.com *.baithoph.net *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.binance.com *.bizzclick.com *.cdn.jsdelivr.net *.cdn.proadscdn.com *.cimri.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.com *.criteo.net *.cubepile.com *.dable.io *.dailymotion.com *.devotrans.com *.districtm.io *.doubleclick.net *.dreamwater.com.tr *.dsp-media.eskimi.com *.e-planning.net *.emxdgt.com *.engagebdr.com *.ercdn.net *.erstream.com *.exponential.com *.facebook.com *.facebook.net *.flashtalking.com *.flowplayer.com *.freewheel.tv *.gamoshi.io *.gemius.pl *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.id5-sync.com *.idealmedia.io *.ijit.com *.improvedigital.com *.incehesap.com *.indexexchange.com *.inmobi.com *.instagram.com *.jewelbetting.co *.jewelbetting.net *.jquery.com *.jsdelivr.net *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.moatads.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pixad.com.tr *.player.im *.preply.com *.programattik.com *.protagcdn.com *.publisher-network.com *.pubmatic.com *.radyotelekom.com.tr *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.sanalofisonline.com *.say.ac *.schema.org *.serving-sys.com *.sharethis.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.static.hotjar.com *.stroeer.com *.synacor.com *.taboola.com *.tagon.co *.tebilisim.com *.teimg.com *.tevideo.org *.thalespirlanta.com *.theadx.com *.thebrave.io *.themediagrid.com *.thubanoa.com *.tiktok.com *.tiviplayer.com *.tradingview.com *.tribalfusion.com *.trvdp.com *.ttwstatic.com *.twimg.com *.twitter.com *.ucfunnel.com *.uidapi.com *.unrulymedia.com *.us.com *.videoomy.com *.vidoomy.com *.vidyome.com *.vimeo.com *.virgul.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.net *.yandex.ru *.yastatic.net *.yayin.com.tr *.yieldmo.com *.youtu.be *.youtube.com *.ytimg.com *.zencdn.net 360playvid.info ad-plus.com.tr adfor.io ads.vidoomy.com adsby.io adsturk.com anura.io api-maps.yandex.ru api.adnsafe.org buttons-config.sharethis.com c1.imgiz.com cdn.adhouse.pro cdn.ampproject.org cdn.doubleverify.com cdn.flowplayer.com cdn.id5-sync.com cdn.jsdelivr.net cdn.proadscdn.com cdn.ravenjs.com cdn2.bildirt.com dable.io dsp-media.eskimi.com ep2.adtrafficquality.google erpm-js.erstream.com gdetr.hit.gemius.pl google.com googlesyndication.com id5-sync.com instagram.com invstatic101.creativecdn.com js.globalsun.io jsc.idealmedia.io jscdn.greeter.me jsdelivr.net lidertv.radyotelekom.com.tr mc.yandex.com myvalice.com.tr oa.openxcdn.net onesignal.com pagead2.googlesyndication.com pcode.yads.tech pghub.io platform-api.sharethis.com player.im pool-eu.creative-serving.com preply.com proadscdn.com protagcdn.com say.ac script.4dex.io sp.ad-plus.com.tr static-maps.yandex.ru static.cdn.pixad.com.tr tags.crwdcntrl.net testerparfum.com trgde.adocean.pl tv5-live.ercdn.net twimg.com vjs.zencdn.net yandex.ru yastatic.net; 95
frame-ancestors 'self' https://*.substack.com https://substack.com 94
frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 91
default-src 'self' http: https: data: blob: 'unsafe-inline' 85
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none' 84
frame-ancestors 'self' https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com *.khapps.com *.khapps.jp *.lsapps.oracle.com *.lsapps.oracle.jp *.dev-lsapps.oracle.com https://oraclesso.sharepoint.com https://oracle.sharepoint.com 81
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 79
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/ 76
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 76
frame-ancestors 'self'; upgrade-insecure-requests 72
upgrade-insecure-requests;connect-src * 71
frame-ancestors zyro.com *.zyro.com *.builder-preview.com *.zyro.space *.hostinger.com *.hostinger.io *.hostinger.in *.hostinger.co.uk 71
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 68
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 65
; 65
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 64
frame-ancestors 'self' ; upgrade-insecure-requests; 63
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 63
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 62
frame-ancestors 'self' https://*.akifast.com akifast.com 60
script-src 'self' * https://heapanalytics.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' * https://cdn.us.heap-api.com https://heapanalytics.com 'unsafe-inline' 'unsafe-eval'; img-src * blob: data:; style-src 'self' * https://heapanalytics.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src 'self' * https://heapanalytics.com; font-src 'self' * https://c.us.heap-api.com https://heapanalytics.com data:; 60
frame-ancestors 'self' https://app.contentful.com 59
upgrade-insecure-requests; frame-ancestors 'self'; 58
base-uri 'self' 57
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 57
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 57
upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 56
frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 56
frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com 55
frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 54
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https: 54
default-src 'self' 53
block-all-mixed-content; upgrade-insecure-requests; 53
frame-ancestors 'self' *.google.com *.googleusercontent.com 52
frame-ancestors 'self' https://cms.scrippsdigital.com 51
form-action 'self' 50
default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 50
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 50
frame-ancestors 'self' *.plentymarkets-cloud-de.com *.my.plentysystems.com 50
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 49
default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 49
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 48
default-src https: data: 'unsafe-eval' 'unsafe-inline' blob: 48
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 48
frame-ancestors 'self' https://deco.cx https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ 47
img-src https: data:; upgrade-insecure-requests 46
default-src 'self';  43
frame-ancestors 43
upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ 42
frame-ancestors 'self' *; 42
frame-ancestors 'self' oricohxr.works ricoh.oricohxr.works; 42
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 41
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://cdn.taboola.com https://ads.taboola.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=; 40
default-src * 'unsafe-inline';script-src * 'unsafe-eval' 'unsafe-inline';img-src * 'self' data:;frame-ancestors none;frame-src 'self' mailto: tel: https: 40
upgrade-insecure-requests; block-all-mixed-content; 40
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 40
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 39
base-uri 'self';default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';    script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';form-action * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';report-uri /post_report/;report-to default; 39
frame-ancestors *; 39
base-uri 'self'; 39
default-src https:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss: data: blob:; img-src 'self' https: data: blob:; font-src 'self' https: data: blob:; worker-src 'self' https: blob:; frame-ancestors 'self' *.sitewrench.com *.speakcreative.com 39
default-src 'self' 'unsafe-inline' 39
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none'; 38
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 38
default-src 'self' 'unsafe-inline' https://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 37
default-src data: 'unsafe-inline' 'unsafe-eval' https:;base-uri 'self';frame-ancestors 'self' ;img-src data: https: blob:;font-src data: https:;media-src https: blob:;connect-src https: wss: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:;style-src data: 'unsafe-inline' https:;child-src https: data: blob:;form-action https:;object-src 'none'; 37
frame-ancestors 'self'; report-uri /report-csp-violation 36
frame-ancestors 'self'; upgrade-insecure-requests; 35
frame-ancestors 'self' https://app.storyblok.com 35
child-src * blob: 35
default-src blob: * 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';  font-src * data: 'unsafe-inline'; 35
default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.adform.net *.adsrvr.org *.ads-twitter.com *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.awin1.com *.b2x-env.cloud apps.bazaarvoice.com *.bing.com *.bing.net *.clarity.ms *.cloudflare.com app.contentsquare.com t.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net digitizer.app *.dwin1.com *.g.doubleclick.net *.en25.com *.excentos.com nonce-csp-test *.facebook.net *.foxbase.de *.fullstory.com *.google-analytics.com *.googleadservices.com www.googleanalytics.com maps.googleapis.com www.googleoptimize.com *.googlesyndication.com www.googletagmanager.com *.google.com *.google.de *.gstatic.com *.guuru.com *.iadvize.com s.kelkoogroup.net *.kk-resources.com *.kpcustomer.de *.kuponacdn.de snap.licdn.com *.media01.eu *.metricool.com *.newrelic.com bam.eu01.nr-data.net *.onetrust.com assets.oney.io *.openweathermap.org *.oracleinfinity.in *.outbrain.com *.pages02.net cdn.parcellab.com *.pinimg.com *.pinterest.com *.qualtrics.com *.redditstatic.com lantern.roeyecdn.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.soundcloud.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com userprotect.de.stihl-dns.net *.dam.stihl.cloud *.teads.tv *.tealiumiq.com analytics.tiktok.com *.tiqcdn.com *.trbo.com *.trkkn.com s.uicdn.com d.c.cdnsrv.de typekit.net *.typekit.net unpkg.com *.unpkg.com *.assistant.watson.appdomain.cloud sp.analytics.yahoo.com *.youtube.com *.youtube-nocookie.com *.ytimg.com s.yimg.com *.zemanta.com *.zenaps.com *.zenloop.com; connect-src 'self' adobeioruntime.net *.adobeioruntime.net *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.bazaarvoice.com *.bing.com *.bing.net *.clarity.ms *.cloudflare.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.digitizer.app *.doubleclick.net d.c.cdnsrv.de *.excentos.com ext.nonstoppartner.net *.facebook.com *.foxbase.de *.fullstory.com *.google-analytics.com *.googleadservices.com *.googleapis.com pagead2.googlesyndication.com *.googletagmanager.com *.google.at *.google.be *.google.ch *.google.com *.google.de *.google.es *.google.fr *.google.gr *.google.hu *.google.it *.google.lu *.google.nl *.google.pl *.google.pt *.guuru.com *.iadvize.com s.kelkoogroup.net *.kk-resources.com *.linkedin.com *.media01.eu bam.eu01.nr-data.net *.omtrdc.net *.onetrust.com widget.oney.io *.oribi.io *.outbrain.com api.openweathermap.org *.parcellab.com *.pinterest.com *.qualtrics.com *.reddit.com *.redditstatic.com *.thesciencebehindecommerce.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.stihl.be *.stihl.de *.stihl.es *.stihl.fr *.stihl.lu *.stihl.nl *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com stihl-sso.com stihl.tui-servicelayers.io *.teads.tv collect.tealiumiq.com analytics.tiktok.com *.trbo.com *.trkkn.com typekit.net *.typekit.net *.assistant.watson.appdomain.cloud *.blob.core.windows.net s.yimg.com *.youtube-nocookie.com wss://*.iadvize.com www.wepowerconnections.com *.zenloop.com login.microsoftonline.com graph.microsoft.com *.b2clogin.com; img-src 'self' *.ad-stir.com *.1rx.io *.360yield.com *.3lift.com *.addthis.com *.adingo.jp *.admixer.co.kr *.adscale.de *.adform.net *.adnxs.com *.adtdp.com *.advertising.com *.adyen.com zenloop-assets.s3.eu-west-1.amazonaws.com *.eu-central-1.amazonaws.com *.ants.vn *.aralego.com *.atdmt.com *.awin1.com *.azureedge.net *.b2x-env.cloud *.bazaarvoice.com segment.prod.bidr.io *.bidswitch.net *.billie.io *.bing.com *.bing.net *.bluekai.com *.casalemedia.com *.clarity.ms *.clmbtech.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.dable.io data: *.demdex.net *.dmxleo.com *.doubleclick.net *.dwin1.com *.e-planning.net *.emxdgt.com *.everesttech.net *.excentos.com *.facebook.com *.facebook.net *.foxbase.de *.fullstory.com *.fwnm.net *.google-analytics.com *.googleadservices.com maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.googleusercontent.com *.google.ad *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mi *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.guuru.com *.gstatic.com *.herrenseite.de *.iadvize.com *.id5-sync.com id5-sync.com event.tracker.inlabserving.com *.rediunid.imrworldwide.com *.ivitrack.com *.kargo.com s.kelkoogroup.net *.krxd.net *.liadm.com *.linkedin.com px.ads.linkedin.com *.mail.ru *.meba.kr *.media.net *.mediavine.com *.mediawallahscript.com *.metricool.com *.mgid.com *.microad.jp *.nate.com *.omnitagjs.com *.omtrdc.net assets.oney.io *.openx.net *.outbrain.com *.pages02.net *.parcellab.com *.pinterest.com *.pinterest.de *.postrelease.com *.pubmatic.com *.qualtrics.com *.reddit.com *.rambler.ru *.revcontent.com *.rlcdn.com *.rockysandstudio.com lantern.roeye.com *.rubiconproject.com *.the.sciencebehindecommerce.com t.uimserv.de *.seadform.net *.seznam.cz *.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net *.socdm.com *.stickyadstv.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com dam.stihl.cloud t.co *.taboola.com *.tapad.com *.teads.tv *.tealiumiq.com *.thebrighttag.com *.toast.com *.tpmn.co.kr *.trbo.com *.tremorhub.com *.turn.com *.twiago.com analytics.twitter.com typekit.net *.typekit.net sync.targeting.unrulymedia.com *.wepowerconnections.com *.windows.net storagetimbersportsdata.blob.core.windows.net *.yahoo.com *.yahoo.net *.yandex.ru *.yieldlab.net *.yieldmo.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.zemanta.com *.zenaps.com *.zenloop.com; media-src 'self'; style-src 'self' 'unsafe-inline' *.cookielaw.org digitizer.app *.excentos.com *.foxbase.de fonts.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.iadvize.com *.onetrust.com *.trbo.com cdn.parcellab.com; font-src 'self' zenloop-assets.s3.eu-west-1.amazonaws.com web-chat.global.assistant.watson.appdomain.cloud apps.bazaarvoice.com cdnjs.cloudflare.com data: *.excentos.com *.foxbase.de fonts.googleapis.com fonts.gstatic.com *.guuru.com *.iadvize.com assets.oney.io cdn.parcellab.com *.stihl.de *.trbo.com typekit.net *.typekit.net *.zenloop.com; frame-src 'self' *.ad-srv.net *.adform.net track.adform.net *.adsrvr.org *.adyen.com *.awin1.com segment.prod.bidr.io *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.dwin1.com d.c.cdnsrv.de *.excentos.com *.facebook.com *.fullstory.com *.google.com *.guuru.com *.iadvize.com *.jaggaer.com *.kuponacdn.de pixel.mathtag.com my.matterport.com secure.img-cdn.mediaplex.com *.pinterest.de *.pinterest.fr *.pinterest.at *.pinterest.it *.pinterest.com *.pinterest.co.uk *.pinterest.ru *.pinterest.ch *.pinterest.es *.pinterest.se *.pinterest.ca *.pinterest.dk *.pinterest.jp *.pinterest.ie *.pinterest.pt *.qualtrics.com *.redintelligence.net *.the.sciencebehindecommerce.com *.soundcloud.com static.stihl.com *.dam.stihl.cloud *.stihl-dns.net *.teads.tv *.trbo.com e.video-cdn.net *.youtube.com *.youtube-nocookie.com *.zenaps.com login.microsoftonline.com support-dev.microsoftcrmportals.com graph.microsoft.com; child-src 'self' blob: *.guuru.com 35
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 34
object-src 'none'; 34
frame-ancestors 'self'; object-src 'none' 34
default-src * 'unsafe-inline' 'unsafe-eval' https: http: data: blob:; worker-src blob: 'self'; 34
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 33
frame-ancestors 'self' www.bookends.info *.bookends.info 33
frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 33
frame-ancestors 'self' adultmobile.com *.adultmobile.com babes.com *.babes.com babesnetwork.com *.babesnetwork.com bblmate.com *.bblmate.com biempire.com *.biempire.com bigstr.com *.bigstr.com blackmaleme.com *.blackmaleme.com brazzers.com *.brazzers.com brazzersnetwork.com *.brazzersnetwork.com bromo.com *.bromo.com bromonetwork.com *.bromonetwork.com cambb.xxx *.cambb.xxx cambuilder.com *.cambuilder.com camdevils.com *.camdevils.com camjab.com *.camjab.com camutik.com *.camutik.com clipeek.com *.clipeek.com czechhunter.com *.czechhunter.com danejones.com *.danejones.com debtdandy.com *.debtdandy.com deviante.com *.deviante.com devianthardcore.com *.devianthardcore.com digitalplayground.com *.digitalplayground.com digitalplaygroundnetwork.com *.digitalplaygroundnetwork.com dilfed.com *.dilfed.com dirtyscout.com *.dirtyscout.com doghousedigital.com *.doghousedigital.com dpmate.com *.dpmate.com erito.com *.erito.com eroticspice.com *.eroticspice.com extremetubemate.com *.extremetubemate.com fakehostel.com *.fakehostel.com fakehub.com *.fakehub.com faketaxi.com *.faketaxi.com familyhookups.com *.familyhookups.com familysinners.com *.familysinners.com forgivemefather.com *.forgivemefather.com gilfed.com *.gilfed.com girlgrind.com *.girlgrind.com hentaipros.com *.hentaipros.com hentaiprosnetwork.com *.hentaiprosnetwork.com hotgirlsgame.com *.hotgirlsgame.com househumpers.com *.househumpers.com icfadmin.com *.icfadmin.com iconmale.com *.iconmale.com iknowthatgirl.com *.iknowthatgirl.com kinkyspa.com *.kinkyspa.com lesbea.com *.lesbea.com letspostit.com *.letspostit.com liveporncams.xxx *.liveporncams.xxx loveherass.com *.loveherass.com maleaccess.com *.maleaccess.com men.com *.men.com mennetwork.com *.mennetwork.com menxposed.com *.menxposed.com metrohd.com *.metrohd.com milehighmedia.com *.milehighmedia.com milfed.com *.milfed.com mofos.com *.mofos.com mofosnetwork.com *.mofosnetwork.com momslickteens.com *.momslickteens.com nastycast.com *.nastycast.com noirmale.com *.noirmale.com nudecams.xxx *.nudecams.xxx nudeporncams.xxx *.nudeporncams.xxx onbrazzers.com *.onbrazzers.com onmofos.com *.onmofos.com papi.com *.papi.com prettydirtyteens.com *.prettydirtyteens.com privatamateure.com *.privatamateure.com propertysex.com *.propertysex.com publicagent.com *.publicagent.com realitydudes.com *.realitydudes.com realitydudesnetwork.com *.realitydudesnetwork.com realityjunkies.com *.realityjunkies.com realitykings.com *.realitykings.com rk.com *.rk.com seancody.com *.seancody.com seancodynetwork.com *.seancodynetwork.com sexapemate.com *.sexapemate.com sexroulettelive.net *.sexroulettelive.net sextubemate.com *.sextubemate.com sexworking.com *.sexworking.com sexyhub.com *.sexyhub.com shewillcheat.com *.shewillcheat.com spicevids.com *.spicevids.com spicevidsgay.com *.spicevidsgay.com squirted.com *.squirted.com sweetheartvideo.com *.sweetheartvideo.com sweetsinner.com *.sweetsinner.com taboomale.com *.taboomale.com teenslovehugecocks.com *.teenslovehugecocks.com trannytubemate.com *.trannytubemate.com transangels.com *.transangels.com transangelsnetwork.com *.transangelsnetwork.com transharder.com *.transharder.com transsensual.com *.transsensual.com trueamateurs.com *.trueamateurs.com twinkpop.com *.twinkpop.com twistedfamilies.com *.twistedfamilies.com twistys.com *.twistys.com twistysnetwork.com *.twistysnetwork.com vidsmate.com *.vidsmate.com voyr.com *.voyr.com whynotbi.com *.whynotbi.com; report-uri /api/csp-report; 33
default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 33
frame-ancestors none 32
frame-ancestors  'self' asia.espn.com:* asia.espnqa.com:* *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com https://*.espn.com:* *.espnqa.com:* 32
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src * data: blob: ; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; worker-src * blob:; 32
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net fw-cdn.com *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/ https:; manifest-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to cdn.jsdelivr.net *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/; font-src 'self' fonts.gstatic.com cdn.livechatinc.com *.tawk.to; img-src 'self' cdn.jsdelivr.net tawk.link https: data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com; media-src 'self' data: cdn.databerjalan.com dataset.catgarong.com cdn.livechatinc.com youtube.com vimeo.com geo.dailymotion.com twitch.com; object-src 'self' data:; connect-src 'self' data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com unpkg.com *.tawk.to wss://*.tawk.to https: wss:; frame-src *.tawk.to https:; frame-ancestors 'self'; form-action 'self' *.tawk.to 32
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: mailto: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 31
default-src 'self'; script-src 'self' 'unsafe-inline' 31
frame-ancestors 'self' https://testbaba.virtualcms.it 30
frame-ancestors 'self' devcue.diks.fi cue.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:* http://cue.cue-web:* https://edit-nitrogen-cs-public-alb.diks.fi; 30
sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri https://csp.yahoo.com/beacon/csp?src=redirect 29
frame-ancestors 'self' https://www.fortinet.com 29
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 29
img-src * data:; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'none'; 29
frame-ancestors 'self' http://webvisor.com http://*.webvisor.com 29
object-src 'self' https://www.youtube.com/ https://www.3cx.com/;frame-src 'self' mailto: tel: https://3cx.com https://www.google.com https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://static.ads-twitter.com/ https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com https://player.vimeo.com; frame-ancestors 'self' 29
frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 29
frame-ancestors 'self' https://aboutyou.content.aboutyou.cloud https://aboutyou.content.staging.aboutyou.cloud 28
frame-ancestors 'self' *.insparx.com *.insparx.org; 28
script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval';    connect-src 'self' ws: https:;    style-src 'self' 'unsafe-inline' https:;    font-src 'self' https: data:;    object-src 'none';    worker-src blob:;    img-src 'self' blob: data: https:;    frame-src 'self' blob: data: https:;    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    upgrade-insecure-requests; 27
frame-src * 27
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 27
frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 27
default-src='self' 27
block-all-mixed-content; frame-ancestors 'self' 27
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 27
frame-ancestors https://web.telegram.org 27
default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://*  data: blob:; frame-src 'self' https://*; frame-ancestors 'self';img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 27
frame-ancestors 'self' https://staging-app.boxoffice.com https://app.boxoffice.com 27
default-src 'self'; object-src 'self' blob:; frame-ancestors 'self' flex.cybersource.com; worker-src blob: ; frame-src 'self' blob: *; media-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com  cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com  static.hotjar.com launch-9151dc1e0eb6-development  mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com  www.googletagmanager.com  www.google-analytics.com *.parquesreunidos.es *.optickssecurity.com *.opticksstatic.com *.opticksprotection.com opticksprotection.com assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com www.sandbox.paypal.com checkoutshopper-live.adyen.com sandbox.src.mastercard.com src.mastercard.com assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com  optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net  pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com static.zdassets.com *.optimonk.com sdks.shopifycdn.com ajax.googleapis.com webchat.masvoz.es static.b-ite.com cs-assets.b-ite.com pixel.mathtag.com bat.bing.com cdn.jsdelivr.net farm.plista.com j01l4h3n.com diffuser-cdn.app-us1.com www.rvty.net *.clarity.ms 5mcl.fr *.adnxs.com static.tacdn.com prism.app-us1.com trackcmp.net www.jscache.com cdn.scratcher.io s2.adform.net cdn.leadfamly.com www.tripadvisor.com www.tripadvisor.fr cpi.mirabilandia.it www.opinator.com pe-iw.store.idlewild.com js.adsrvr.org tracker.marinsm.com pe-dw.store.dutchwonderland.com static.zuora.com pe-waw.store.emeraldpointe.com pe-rwsc.store.rwsac.com pe-mn.store.malibunorcross.com *.quantummetric.com t.contentsquare.net pe-bps.store.boomerspalmsprings.com cdn.smooch.io adventurelandresort.secure-cdn.na.accessoticketing.com pe-bv.store.boomersvista.com pe-rwsj.store.rwsplash.com pe-lc.store.lakecompounce.com pe-mm.store.mountasiamarietta.com app.mews.com apps.mews.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com pay.google.com easyway-webchat.s3.eu-north-1.amazonaws.com *.smooch.io sc-static.net tr.snapchat.com *.sprinklr.com apps.mypurecloud.ie surveydynamix.com apps.mypurecloud.com osm.klarnaservices.com js.klarna.com pagead2.googlesyndication.com static.sojern.com *.outbrain.com tib2.tropical-islands.de sla3.slagharen.com mir8.mirabilandia.it mib9.mirabeach.mirabilandia.it war5.parquewarner.com wab6.parquewarnerbeach.parquewarner.com pam4.parquedeatracciones.es mpg3.movieparkgermany.de mar7.marineland.fr zoo2.zoomadrid.com fau4.faunia.es bjl1.bobbejaanland.be bld2.bonbonland.dk dwo7.dutchwonderland.com bnp8.bonoparques.es tus1.tusenfryd.no swa4.selwo.es swm9.selwomarina.es teb6.telefericobenalmadena.com mxa8.atlantisaquarium-madrid.es bel7.belantis.de blk3.blackpoolzoo.org.uk bos6.sommarland.no bor5.oceanarium.co.uk aqs1.aquasplash.fr car1.cartaya.aquopolis.es cda2.costa-dorada.aquopolis.es cul3.cullera.aquopolis.es tor4.torrevieja.aquopolis.es vil5.villanueva.aquopolis.es slp2.sealifeparkhawaii.com ctp3.castlepark.com knw4.kennywood.com adp5.adventurelandresort.com lkc8.lakecompounce.com cnh1.cartoonnetworkhotel.com sct1.sandcastlewaterpark.com stl6.storylandnh.com sny5.splishsplash.com lsa6.livingshores.com rla9.ragingwaters.com syd7.ragingwaterssydney.com.au wco2.watercountry.com wep3.emeraldpointe.com noa8.noahsarkwaterpark.com idw7.idlewild.com webchat.digitalcx.com *.aptrinsic.com *.datatrans.com *.recaptcha.net *.bookingkit.com *.paypalobjects.com *.trackingplan.com *.leadinfo.net *.talkjs.com; style-src * 'unsafe-inline' blob:; font-src * data:; connect-src * 27
frame-ancestors 'self' cloudlogin.co *.cloudlogin.co; 27
frame-ancestors 'self' https://webvisor.com http://webvisor.com; 27
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 26
default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net events.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com www.google.de www.google.com.br cdn.inspectlet.com *.clarity.ms *.bing.com c.seznam.cz pagead2.googlesyndication.com s.yimg.jp ct.pinterest.com cdn.euc-freshbots.ai blob: euc-widget.freshworks.com/widgets/101000002785.js euc-widget.freshworks.com/widgetBase/ b98.yahoo.co.jp https://s.pinimg.com https://track.adform.net https://s2.adform.net;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net www.gstatic.com js.stripe.com d11bh4d8fhuq47.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net use.typekit.net p.typekit.net cdn.euc-freshbots.ai euc-widget.freshworks.com/widgetBase/static/media/;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net d1bz77arbww182.cloudfront.net d1me9yvfki5736.cloudfront.net d6scj24zvfbbo.cloudfront.net *.pbhom-cdnwnd.com *.cbaul-cdnwnd.com *.clvaw-cdnwnd.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com q.quora.com www.google.com www.google.cz www.google.de www.google.com.br www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.clarity.ms *.bing.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi ct.capterra.com d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net cdn.euc-freshbots.ai cdn.freshbots.ai fc-euc1-00-pics-bkt-00.s3.eu-central-1.amazonaws.com https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://ct.pinterest.com https://track.adform.net https://server.seadform.net/serving/cookie/;frame-ancestors 'self'; 26
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.33across.com *.360playvid.info *.abkafurniture.com *.abt.s3.yandex.net *.ad-generation.jp *.ad-plus.com.tr *.adfor.io *.adform.com *.adform.net *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.admost.com *.adnsafe.org *.adnxs.com *.adocean.pl *.adpush.com.tr *.adsby.io *.adsturk.com *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.adtrafficquality.google *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.air.tech *.aistekso.net *.alexametrics.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.anura.io *.api-sports.io *.appnexus.com *.aralego.com *.atombilisim.com.tr *.axonix.com *.baithoph.net *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.binance.com *.bizzclick.com *.cdn.jsdelivr.net *.cdn.proadscdn.com *.cimri.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.com *.criteo.net *.cubepile.com *.dable.io *.dailymotion.com *.devotrans.com *.districtm.io *.doubleclick.net *.dreamwater.com.tr *.dsp-media.eskimi.com *.e-planning.net *.emxdgt.com *.engagebdr.com *.ercdn.net *.erstream.com *.exponential.com *.facebook.com *.facebook.net *.flashtalking.com *.flowplayer.com *.freewheel.tv *.gamoshi.io *.gemius.pl *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.id5-sync.com *.idealmedia.io *.ijit.com *.improvedigital.com *.incehesap.com *.indexexchange.com *.inmobi.com *.instagram.com *.jewelbetting.co *.jewelbetting.net *.jquery.com *.jsdelivr.net *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.moatads.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pixad.com.tr *.player.im *.preply.com *.programattik.com *.protagcdn.com *.publisher-network.com *.pubmatic.com *.radyotelekom.com.tr *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.sanalofisonline.com *.say.ac *.schema.org *.serving-sys.com *.sharethis.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.static.hotjar.com *.stroeer.com *.synacor.com *.taboola.com *.tagon.co *.tebilisim.com *.teimg.com *.tevideo.org *.thalespirlanta.com *.theadx.com *.thebrave.io *.themediagrid.com *.thubanoa.com *.tiktok.com *.tiviplayer.com *.tradingview.com *.tribalfusion.com *.trvdp.com *.ttwstatic.com *.twimg.com *.twitter.com *.ucfunnel.com *.uidapi.com *.unrulymedia.com *.us.com *.videoomy.com *.vidoomy.com *.vidyome.com *.vimeo.com *.virgul.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.net *.yandex.ru *.yastatic.net *.yayin.com.tr *.yieldmo.com *.youtu.be *.youtube.com *.ytimg.com *.zencdn.net 360playvid.info ad-plus.com.tr adfor.io ads.vidoomy.com adsby.io adsturk.com anura.io api-maps.yandex.ru api.adnsafe.org buttons-config.sharethis.com c1.imgiz.com cdn.adhouse.pro cdn.ampproject.org cdn.doubleverify.com cdn.flowplayer.com cdn.id5-sync.com cdn.jsdelivr.net cdn.proadscdn.com cdn.ravenjs.com cdn2.bildirt.com dable.io dsp-media.eskimi.com ep2.adtrafficquality.google erpm-js.erstream.com gdetr.hit.gemius.pl google.com googlesyndication.com id5-sync.com instagram.com invstatic101.creativecdn.com js.globalsun.io jsc.idealmedia.io jscdn.greeter.me jsdelivr.net lidertv.radyotelekom.com.tr mc.yandex.com myvalice.com.tr oa.openxcdn.net onesignal.com pagead2.googlesyndication.com pcode.yads.tech pghub.io platform-api.sharethis.com player.im pool-eu.creative-serving.com preply.com proadscdn.com protagcdn.com say.ac script.4dex.io sp.ad-plus.com.tr static-maps.yandex.ru static.cdn.pixad.com.tr tags.crwdcntrl.net testerparfum.com trgde.adocean.pl tv5-live.ercdn.net twimg.com vjs.zencdn.net yandex.ru yastatic.net; 26
* 26
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net *.33across.com *.ad-generation.jp *.adform.com *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.adpush.com.tr *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.amazon.com *.ampproject.org *.appnexus.com *.aralego.com *.axonix.com *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.bizzclick.com *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.net *.cubepile.com *.dailymotion.com *.districtm.io *.doubleclick.net *.e-planning.net *.emxdgt.com *.engagebdr.com *.exponential.com *.facebook.com *.freewheel.tv *.gamoshi.io *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.idealmedia.io *.ijit.com *.improvedigital.com *.indexexchange.com *.inmobi.com *.instagram.com *.jquery.com *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pubmatic.com *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.stroeer.com *.synacor.com *.taboola.com *.tebilisim.com *.teimg.com *.tevideo.org *.thebrave.io *.themediagrid.com *.tradingview.com *.tribalfusion.com *.twitter.com *.ucfunnel.com *.unrulymedia.com *.us.com *.vidyome.com *.vimeo.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.ru *.yieldmo.com *.youtu.be *.youtube.com bs.yandex.ru cdn.ampproject.org google.com googlesyndication.com onesignal.com pagead2.googlesyndication.com s1.adform.net track.adform.net trgde.adocean.pl; 26
default-src  'self' https://*.dcube.cloud/ ;  script-src  'self'  'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag blob:  https://assets.dcube.cloud  https://*.wogaa.sg  https://assets.adobedtm.com  https://www.google-analytics.com  https://cdnjs.cloudflare.com  https://va.ecitizen.gov.sg  https://*.cloudfront.net  https://printjs-4de6.kxcdn.com  https://unpkg.com  https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net  https://connect.facebook.net  https://graph.facebook.com  https://facebook.com  https://www.facebook.com  https://*.googletagmanager.com https://*.licdn.com  https://webchat.vica.gov.sg  https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud/ https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ;  object-src  'self' ;  style-src  'self'  'unsafe-inline' https://fonts.googleapis.com/  https://*.cloudfront.net  https://va.ecitizen.gov.sg  https://*.wogaa.sg  https://cdnjs.cloudflare.com  https://datagovsg.github.io  https://webchat.vica.gov.sg  https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ;  img-src  * ;  media-src  * ;  frame-src  https://form.gov.sg/  https://wogaa.demdex.net/  https://*.youtube.com  https://*.youtube-nocookie.com  https://*.vimeo.com  https://vimeo.com https://www.google.com  https://checkfirst.gov.sg  https://www.checkfirst.gov.sg  https://docs.google.com  https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ;  frame-ancestors  'none' ;  font-src  *  data: ;  connect-src  'self'  https://dpm.demdex.net  https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com  https://stats.g.doubleclick.net  https://*.wogaa.sg  https://va.ecitizen.gov.sg  https://ifaqs.flexanswer.com  https://*.cloudfront.net  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  https://wogadobeanalytics.sc.omtrdc.net  https://data.gov.sg  https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://console.apac.sabio.cloud/ https://authmiddleware.ap.sabio.cloud https://*.algolia.net https://*.algolianet.com https://*.algolia.io ; 26
frame-ancestors 'self' https://preview.plaece.nl 26
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 25
require-trusted-types-for 'script';report-uri /cspreport 25
default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 25
default-src * 'self' blob:; script-src * 'self' blob: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' blob: 'unsafe-inline'; img-src * 'self' blob: data:; font-src * 'self' blob: data:; media-src * 'self' blob: 25
frame-ancestors 'self' azeu.marketing.adobe.com 25
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 25
frame-ancestors 'self' https://medium.com 24
frame-ancestors 'self' xerox.com *.xerox.com carear.app 24
default-src 'self' *.idrive.com *.idrivesync.com  https://graph.facebook.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chatbot.com https://www.clarity.ms https://*.bing.com https://maxaccess-api.onlineada.workers.dev https://snap.licdn.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://js.zohocdn.com https://salesiq.zoho.com https://embed.tawk.to https://app.chatsupport.co https://*.zendesk.com https://static.zdassets.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://js.hcaptcha.com https://*.facebook.com https://bmrsignal.idrivelite.com https://*.google.com https://apis.google.com https://accounts.google.com https://alcdn.msauth.net https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://cdn.livechatinc.com https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://ajax.googleapis.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.google.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://js.stripe.com https://www.googletagmanager.com https://api.maxaccess.io; img-src https://* 'self' data: blob: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://css.zohocdn.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com; font-src https://* https://fonts.gstatic.com data: ; object-src 'self' https://secure.livechatinc.com; frame-src https://* 'self' data: blob:; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; frame-ancestors 'self'; 24
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 24
frame-ancestors 'self' ;upgrade-insecure-requests; 24
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline'; connect-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline'; frame-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://food.grab.com https://food.stg-myteksi.com 23
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 23
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 23
worker-src 'self' blob: 23
default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' blob: data: https://*; media-src 'self' blob: data: https://*; frame-ancestors 'self'; report-uri /cspreporting.php; report-to csp-endpoint; 23
default-src 'self'; style-src 'self' 'unsafe-inline' *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com tagmanager.google.com fonts.googleapis.com *.googleapis.com cdnjs.cloudflare.com; img-src 'self' data: *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk consent.trustarc.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com immage.monks.tools *.googleapis.com *.google.com *.googleusercontent.com www.digitalassets.starbucks.eu *.starbucks.eu maps.gstatic.com maps.googleapis.com *.trustarc.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com; media-src 'self' *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk; font-src 'self' fonts.gstatic.com *.gstatic.com *.trustarc.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com tagmanager.google.com aswpsdkus.com aswpsdkeu.com try.access.worldpay.com maps.googleapis.com *.youtube.com *.trustarc.com www.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net unpkg.com cdn.gbqofs.com *.cdn-net.com *.accdab.net *.worldpay.com https://static.cloudflareinsights.com; frame-src 'self' *.youtube.com starbucksjobs.de *.accdab.net consent-pref.trustarc.com *.google.com *.googletagmanager.com try.access.worldpay.com secure-test.worldpay.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk gateway.switch.tj *.worldpay.com *.trustarc.com youtu.be; frame-ancestors 'self' *.starbucks.com cms.starbucks.pl cms.starbucks.bg cms.starbucks.hu cms.starbucks.mt cms.starbucksslovakia.sk cms.starbucks.nl cms.starbucks.be cms.starbucks.no cms.starbucks.de cms.starbucks.ro cms.starbucks.co.uk cms.starbucks.ae; connect-src 'self' *.trustarc.com aswpsdkus.com aswpsdkeu.com *.cdn-net.com *.accdab.net six.cdn-net.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.g.doubleclick.net google.com *.google.com aswpapius.com aswpapieu.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.worldpay.com bam.nr-data.net report.starbucks.gbqofs.io stats.g.doubleclick.net https://adservice.google.com maps.googleapis.com *.youtube.com; object-src 'none'; base-uri 'none'; 23
script-src * 'unsafe-inline' 'unsafe-eval' 23
block-all-mixed-content; upgrade-insecure-requests 23
report-uri https://csp-report.opl-prd.mgnlsw.com/reports; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: ws: askyourliver.s3.eu-central-1.amazonaws.com ws.hotjar.com accessdenied.pnc.com ad.doubleclick.net adr.mplore.com api.permutive.com app-oss.byte-app.com cdn.css-tricks.com corp-bhfpwcg05:8080 eliteprospects.de gj.track.uc.cn ib.adnxs.com beacon.deepintent.com p.teads.tv  img.ucweb.com schools-blocked.s3-website-us-east-1.amazonaws.com siteblock.exeloncorp.com uc.gre wedata.net *.crazyegg.com www.enterogermina.com www.stackoverflow.com a.clarity.ms a.icehergame.com a.tribalfusion.com a1.ro aax-eu.amazon-adsystem.com account.affilitizer.com acestream.tv ad.doubleclick.net adbz.cz ade.googlesyndication.com ads-engagement.presage.io ads.tfxiq.com adservice.google.com adtonus.com aidata-sync.rutarget.ru allegra.mycheckstatus.com allegra.pmcprograms.com amomama.es an.yandex.ru analytics-static.ugc.bazaarvoice.com analytics.google.com analytics.pmsrv.co analytics.tiktok.com analytics.twitter.com api-data-connector.abtasty.com api-js.mixpanel.com api.abtasty.com api.adblockertool.com api.aituria.com api.amcreativemedia.com api.bazaarvoice.com api.blocksly.org api.ciuvo.com api.crystal-blocker.com api.fbanalytics.org api.ginger-analytics.com api.global-data-lab.com api.highdataanalytics.com api.killadsapi.com api.lapis-analytics.com api.mapbox.com api.mkmediaworks.com api.moncyber-api.com api.permutive.com api.privacy-protector-adblocker.com api.rabatta.app api.redirects-4.com api.retargetly.com api.sfnix.net api.socialsolutionapp.com api.software-downloading.com api.solaranalyticscorp.com api.solarspireconsulting.com api.srv247app.com api.tiles.mapbox.com api.typeform.com api2.abtasty.com apis.google.com app.abtasty.com appdown.pstatic.net apps.bazaarvoice.com ara.paa-reporting-advertising.amazon ariane.abtasty.com asrv-a.akamaihd.net assets-tracking.crazyegg.com assets.targetimg1.com at.alicdn.com auth.iws-hybrid.trendmicro.com avocadoposts.com b.clarity.ms b.px-cdn.net bahupo.peyenuxema.com bat.bing.com bawproxy.systech.net:8090 block.cdc.gov block.opendns.com blocked.syd-1.linewize.net bokezu.tijapixuno.com bpb.opendns.com bs.serving-sys.com buvihi.xixuzutage.com c.amazon-adsystem.com c.bing.com c.clarity.ms c.pmsrv.co c1.ugc.bazaarvoice.com casprezeny.pluska.sk cb-zscaler-pages.s3.amazonaws.com cdn-eidpp.nitrocdn.com cdn-uicons.flaticon.com cdn.adfenix.com cdn.amomama.es cdn.cookielaw.org cdn.detik.net.id cdn.flowcode.com cdn.goin.cloud cdn.honey.io cdn.jsdelivr.net cdn.knd.ro cdn.krxd.net cdn.leanlibrary.app cdn.liner.hu cdn.medical-news.org cdn.mouseflow.com cdn.pricespider.com cdn.randomhow.com cdn.scite.ai cdn.simplycodes.com cdn.tailwindcss.com cdn.trustpilot.net cdncache1-a.akamaihd.net cdnjs.cloudflare.com cdnml.global-cache.online cds.taboola.com ch-trc-events.taboola.com ckf01.wcasd.net click.ro clientstream.launchdarkly.com cloudjs.netlify.com cm.teads.tv cn-1793901926-23-7vnsr30362.ibosscloud.com cn-1998271222-7vnsr30121.ibosscloud.com cn186503-7rx10900.ibosscloud.com code.jquery.com colegiodiocesanosantaclara.imtlazarus.com:6443 common-fonts.abtasty.com connect.facebook.net conoret.com content.hotjar.io contentorigin.bazaarvoice.com conversions-config.reddit.com cookieaquila.com cookieless-campaign.prd-00.retargetly.com counter.yadro.ru cpportal.vkkd.local cr-input.mxpnl.net crtrgt.bumlam.com cs.frontend.weborama.fr ct.pinterest.com cucinaconmegraziellaeraffaele.it d.clarity.ms d1ikum88ielzsg.cloudfront.net d1lkfzu2puirk6.cloudfront.net d17-a.sdn.cz d39-a.sdn.cz d50-a.sdn.cz data1.bemitch.com data1.besinaf.com data1.bevuak.com data1.bimien.com data1.bresera.com data1.calicluo.com data1.caliculo.com data1.fiktar.com data1.gryplex.com data1.ilipol.com data1.ilplet.com data1.itiarg.com data1.jiciworilo.com data1.lacedefe.com data1.logitalie.com data1.mionqiz.com data1.moiziq.com data1.molaroute.com data1.nadasto.com data1.olcalo.com data1.open-dog.com data1.pletar.com data1.poolif.com data1.scopich.com data1.sebote.com data1.siwathe.com data1.stoploco.com data1.zunelrish.com datenschutz.sanofi.de dcinfos-cache.abtasty.com dcsabingoa423.minigame.vip deo.shopeemobile.com detector.scamsniffer.io dev.visualwebsiteoptimizer.com diffuser-cdn.app-us1.com display.ugc.bazaarvoice.com div.show donna.fidelityhouse.eu dulcolax-prod-server-side-tagging-ox3fbruzaa-od.a.run.app e.clarity.ms edge.fullstory.com editor-assets.abtasty.com embed.2b.uy embed.typeform.com embeddedcloud.pricespider.com emet.live encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com es.e-noticies.cat euw-omni.pricespider.com euw-wtbng.pricespider.com eventping-a.akamaihd.net events.mapbox.com exchange.buzzoola.com exhabigou.com ext.theperspective.com f.clarity.ms fcgt742.com feedback-pa.clients6.google.com fevoki.wejekihota.com filter.techloq.com fledge.teads.tv fonts.cdnfonts.com fonts.googleapis.com fonts.googleapis.com fonts.gstatic.com foodin.site form.typeform.com form.typeform.com fportal.mmo.com.br:8090 gateway.zscaler.net gateway.zscalerone.net gateway.zscalerten.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net gdehu.hit.gemius.pl geolocation.onetrust.com get663.com gfx.antyradio.pl givemeservicesas.com gjtrack.ucweb.com goldbond.mycheckstatus.com goldbond.pmcprograms.com googleads.g.doubleclick.net greasyfork.org grmtech.net gum.criteo.com gw.alicdn.com h.clarity.ms hm.baidu.com honjzlbgame.com hu-gmtdmp.mookie1.com hugde.adocean.pl i.clarity.ms i.clean.gg i.ytimg.com i0.wp.com ib.adnxs.com images.iberion.media images.simplycodes.com images.typeform.com infimv.com infragrid.v.network insight.adsrvr.org irxcm.com j.clarity.ms jastrzabpost.pl joko-mobile-app-media.s3.eu-west-1.amazonaws.com js.adsrvr.org k.clarity.ms kafiro.kuwinesume.com kcdn.kueez.net kessko-utm-1.kessko.de:8090 ketkes.com kobieta.wp.pl kraken.rambler.ru l.clarity.ms l.facebook.com l.mbs.zip l.teads.tv lasrecetasdemiabuela.recipesown.com lazyload.org lett.2buycdn.com lh2.seculab.kr:61443 lh3.google.com lh3.googleusercontent.com livesicilia.it liviza.luwuyetivu.com lm.serving-sys.com locate.pricespider.com log-papago.naver.com log.pinterest.com login.microsoftonline.com login.ourtesco.com luzino.kumureyole.com m.clarity.ms m.youtube.com mab.chartbeat.com magazine.education.investing.com malware.opendns.com mandiner.hu maps.googleapis.com maps.googleapis.com maps.gstatic.com maps.gstatic.com mc.yandex.by mc.yandex.com mc.yandex.kz mc.yandex.md mc.yandex.ru meetlookup.com menoli.nuwipidaro.com metrics-dra.dt.dbankcloud.cn metrics-dre.dt.dbankcloud.cn metrics.hotjar.io modernmic.com mon-va.byteoversea.com mon16-normal-useast5.tiktokv.us mozbar.moz.com mpsnare.iesnare.com mstat.acestream.net myip.duoduodev.com n.clarity.ms namdevice.com:7777 nasacort.pmcprograms.com network-a.bazaarvoice.com network.bazaarvoice.com new229.com news3.chainityai.com newsy.wizaz.pl njs.wigoal.com noop.style notice.iconplc.com novanight-prod-server-side-tagging-ox3fbruzaa-od.a.run.app o.clarity.ms o132438.ingest.sentry.io obneistu.anoyntha.com omni.pricespider.com orademedias.ro overbridgenet.com p.clarity.ms p.skimresources.com p.typekit.net pagead2.googlesyndication.com pagestates-tracking.crazyegg.com papayawolfgamesc-a.akamaihd.net pb.sogou.com pdp-service-v2.prd-00.retargetly.com pdp-service.retargetly.com periodical.maariv.co.il photos-eu.bazaarvoice.com photos-us.bazaarvoice.com ping.chartbeat.net pips.taboola.com pixel-config.reddit.com pixel.rubiconproject.com play1149.atmequiz.com players.brightcove.net plugin.ucads.ucweb.com polki.pl pollen.services.myilume.de pollenapps.com portal.bitglass.com pos.baidu.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com privacy-cs.mail.ru privacyportal-de.onetrust.com privacyportal-eu.onetrust.com prosvet.cz protectsurf-a.akamaihd.net proxy-data.essd.ch proxy.jamo.ind.br:8444 przepiski.pl psb.taboola.com puhuiti.oss-cn-hangzhou.aliyuncs.com pwm-image.trendmicro.com px.adhigh.net px.ads.linkedin.com pysznosci.pl q.clarity.ms qa-assistant.abtasty.com r.clarity.ms r.mradx.net r.skimresources.com r3.mail.ru ray.st rbtds.net readaloud.googleapis.com region1.analytics.google.com region1.google-analytics.com remove.video res-1.cdn.office.net res.cdn.office.net retcode-us-west-1.arms.aliyuncs.com revistajaraysedal.es rialto-gms.s3.amazonaws.com rktds.net rmt01.deos-ag.com:8090 rs.fullstory.com rs.mail.ru rtl.hu rules.quantcount.com s.adroll.com s.amazon-adsystem.com s.clarity.ms s.cytaty.pl s.pinimg.com s.skimresources.com s.tribalfusion.com s.yimg.com s2.ppllstatics.com s3.amazonaws.com s3.ppllstatics.com safe-cws-sase.vmware.com safe.menlosecurity.com safe.rbi-umbrella.com saml.saasprotection.com sanofi-privacy.my.onetrust.com sanofi-uat-privacy.my.onetrust.com sanofi.solution.weborama.fr sase.merck.com savoriurbane.com sc-static.net script.crazyegg.com script.hotjar.com search.imtt.qq.com searchaggr-dre.dt.dbankcloud.com secure-ds.serving-sys.com secure.adnxs.com secure.quantserve.com securepubads.g.doubleclick.net security-us.mimecast.com segnorasque.com selsunblue.pmcprograms.com service.gstatic-cache.com services.global.commerce-connector.com sf16-muse-va.ibytedtos.com shop.pricespider.com shoppable-assets.global.commerce-connector.com shoppable-configs.global.commerce-connector.com shoppable.commerce-connector.com skincare-41329.info skytraf.xyz snap.licdn.com sophos.mvz-uhlenbrock.de:8090 sp.analytics.yahoo.com spanish.gute-info.net spoppe-b.azureedge.net sportal.blic.rs sportowefakty.wpcdn.pl sprawdzone.pl ssl.google-analytics.com ssl.gstatic.com st.top100.ru static.ads-twitter.com static.bumlam.com static.chartbeat.com static.hotjar.com static.hsappstatic.net static.mundodeportivo.com static.preply.com static.rakuten.com static.terratraf.io static.unica.ro static.zip.co static2.sharepointonline.com stats.g.doubleclick.net storage.googleapis.com svcs.tql.com sync.bumlam.com sync.crwdcntrl.net sync.dmp.otm-r.com sync.upravel.com t-azmaps.azurelbs.com t.clarity.ms t.co t.skimresources.com t.teads.tv tafopo.navahididi.com td.doubleclick.net teddytor.abtasty.com testyourliver.abi.ai tiremeetsroad.com tko.pl tl.ytlogs.ru tomarnarede.pt top-fwz1.mail.ru tr.snapchat.com tracking.adsafety.net tracking.crazyegg.com translate-pa.googleapis.com translate.google.com translate.googleapis.com translate.yandex.net trc-events.taboola.com try.abtasty.com tv2play.hu u.clarity.ms ucads-cdn.ucweb.com unisom.mycheckstatus.com unisom.pmcprograms.com unpkg.com up.pixel.ad url.usb.m.mimecastprotect.com urldefense.proofpoint.com use.fontawesome.com use.typekit.net usw-omni.pricespider.com usw-wtbng.pricespider.com utq.vvipquan.com v.clarity.ms v.wpimg.pl valaha.hu vc.hotjar.io vk.com vpn.future-fm.hu:8090 w.clarity.ms w88p9x.com wamiz.pl wellsfargoprod.prod.fire.glass widgets.abtasty.com ws.miqcommerce.com wtbevents.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com www.algopyrin.hu www.allegra.com www.artfut.com www.bing.com www.borsonline.hu www.buscapina.com www.buscopan.com www.bzi.ro www.capitalkoala.com www.ceneo.pl www.ciuvo.com www.clarity.ms www.crazyegg.com www.cvs.com www.dulcolax.ca www.dulcolax.com www.elperiodicomediterraneo.com www.eluniverso.com www.enterogermina.com www.essentiale.com www.essentiale.hk www.eurosport.hu www.facebook.com www.gammedulco.fr www.google-analytics.com www.google-analytics.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tn www.google.to www.google.tt www.google.vu www.googleadservices.com www.googleapis.com www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.happyinshape.com www.icyhot.com www.initiv.com www.instagram.com www.juventusnews24.com www.kanald.ro www.laopinion.co www.libertateapentrufemei.ro www.marca.com www.meczyki.pl www.mindmegette.hu www.mucosolvan.com www.no-spa.com www.pagespeed-mod.com www.publimetro.co www.rappi.com.co www.redditstatic.com www.researchsolutions.com www.revistavea.com.co www.sanofi.us www.slant.co www.sport.es www.superfish.com www.telfast.com www.terracycle.com www.themusicman.uk www.vg.hu www.viva.ro www.wishlist.com www.youtube-nocookie.com www.youtube.com script.crazyegg.com www1.pluska.sk wwwassets.pricespider.com x01.aidata.io xeldurap.peazheut.com xyzal.mycheckstatus.com xyzal.pmcprograms.com y.clarity.ms ya.ru yandex.ru yastatic.net tr6.snapchat.com apiv2.popupsmart.com cdn.taboola.com yt3.ggpht.com z.clarity.ms zantac360.pmcprograms.com maristaschamberi.imtlazarus.com:8992 maristaschamberi.imtlazarus.com:9001 mpsnare.iesnare.com ramonycajal.imtlazarus.com:8992 ramonycajal.imtlazarus.com:9001 view-localhost:50580 ws.hotjar.com trotjidayo-1.algolianet.com trotjidayo-3.algolianet.com trotjidayo-2.algolianet.com trotjidayo-dsn.algolia.net wtbstream.pricespider.com vimeo.com 9509754.fls.doubleclick.net fls.doubleclick.net *.fls.doubleclick.net sanofi-japan-dev.eval.janraincapture.com sanofi-japan-staging.eval.janraincapture.com sanofi-japan.us.janraincapture.com sanofi-dev.us-dev.janraincapture.com sanofi-staging.us-dev.janraincapture.com sanofi.us.janraincapture.com sanofi-dev.eu-dev.janraincapture.com sanofi-staging.eu-dev.janraincapture.com sanofi.eu.janraincapture.com edge.curalate.com *.sqreemtech.com analyticswritenew.xerevo.com opella-privacy.my.onetrust.com td.doubleclick.net www.google.com www.gstatic.com www.telfastcashback.com.au telfast-widget.ambeedata.com selsunblue.mycheckstatus.com;; 23
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests; 23
upgrade-insecure-requests; base-uri 'none'; 23
frame-ancestors 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 23
default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net storage.googleapis.com scribit-pro-hosting.storage.googleapis.com scribit-pro.storage.googleapis.com app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; 23
frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 22
script-src https: 'unsafe-inline' 'unsafe-eval' 22
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 22
frame-ancestors 'self' *.youtube.com 22
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data: 22
upgrade-insecure-requests;  default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/;  script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client;  style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style;  img-src data: https: blob:;  font-src data: https:;  connect-src https: wss: blob: https://accounts.google.com/gsi/;  media-src data: https: blob:;  object-src https:;  child-src https: data: blob:;  form-action https:;  frame-ancestors 'self'; 21
object-src 'self' https://www.youtube.com/;frame-src 'self' mailto: tel: https://3cx.com https://player.vimeo.com/ https://vars.hotjar.com/ https://www.google.com https://cse.google.com https://mc.yandex.com/ https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://td.doubleclick.net/ https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 21
frame-ancestors 'self' https://mycolorcoach-cpd.e-loreal.com 21
frame-ancestors 'none'; upgrade-insecure-requests 20
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.mmcdn.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.mmcdn.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.1ka.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xvideos.com/csp-reports; report-to csp-endpoint 20
upgrade-insecure-requests; frame-ancestors 'none' 20
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 20
frame-ancestors 'self' * 20
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 20
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 20
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist 19
frame-ancestors 'self' *.awsapps.nvidia.com *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com https://salespro.hpe.com https://hpe.seismic.com https://cms.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://cms.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud https://events.rainfocus.com https://docs.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://docs.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud; 19
frame-ancestors 'self' https://premiersupport.intel.com https://c0.avaamo.com *.intel.com; object-src 'self'; 19
worker-src 'self'; 19
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 19
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 19
base-uri 'self'; frame-ancestors 'self' 19
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 19
sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 19
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 18
default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 18
frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.outsideapi.com outsideapi.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com velopress.com *.velopress.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com nationalparktrips.com  *.nationalparktripsmedia.com nationalparktripsmedia.com *.betamtb.com betamtb.com *.mysmokymountainpark.com mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.rollmassif.com rollmassif.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.pinkbike.org pinkbike.org *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com *.gaiagps.com gaiagps.com *.trailforks.com trailforks.com 18
font-src 'self' 18
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.creativecdn.com https://cdn.cquotient.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.dynamicyield.com https://empme11111.pcapredict.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.google-analytics.com https://*.doubleclick.net https://*.dwin1.com https://*.facebook.net https://*.bing.com https://*.criteo.net https://*.stylight.net https://*.linkfire.com  https://*.pinimg.com https://*.adsrvr.org https://sc-static.net https://*.tiktok.com https://*.kuponacdn.de https://*.ad-srv.net https://ad4m.at https://*.ad4m.at https://*.bounce-commerce.de https://*.usemaxserver.de https://*.soreto.com https://*.gsitrix.com https://*.snapchat.com https://*.clarity.ms https://*.criteo.com https://*.paypal.com https://*.scarabresearch.com https://*.cloudfront.net https://*.fatmedia.io https://*.payments-amazon.com https://hal9000.redintelligence.net https://*.klarnacdn.net https://*.adyen.com https://live.adyen.com https://www.googleadservices.com https://api.sovendus.com https://www.awin1.com https://*.sciencebehindecommerce.com https://*.amazonaws.com https://*.b-cdn.net https://*.klarnaservices.com https://*.cquotient.com https://www.glami.sk https://www.glami.cz https://creativecdn.com https://dmdi.pl https://emp-merchandising-gmbh.jobbase.io https://emp-merchandising-gmbh.onlyfy.jobs https://cdn.studentbeans.com/third-party/all.js https://amplify.outbrain.com/cp/obtp.js https://ai.trk42.net/ https://pixel.dmdi.pl/s/tr.js https://c.imedia.cz/js/retargeting.js https://*.osp.live https://widget.sendwise.sevensenders.com https://*.seznam.cz https://*.twitch.tv https://*.getback.ch http://*.static.getback.ch https://www.mainadv.com https://*.thebrighttag.com https://*.rubiconproject.com https://*.klarna.com https://*.pinterest.com https://*.kpcustomer.de https://www.facebook.com https://r.clarity.ms https://p.gsitrix.com https://tr6.snapchat.com https://www.sandbox.paypal.com https://trck.linkster.co https://*.preciso.net https://pixel.byspotify.com https://pixels.spotify.com https://api.recova.ai blob:; 18
frame-ancestors none; 18
frame-ancestors 'self' https://epson.custhelp.com https://epson-es.custhelp.com https://epson-pt.custhelp.com  *.goepson.com 18
frame-ancestors 'self'; object-src 'self' 18
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 18
block-all-mixed-content;connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss:;default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss: 'report-sample';font-src 'self' data: https: blob: wss: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-ancestors 'self' int1.msn.com ntp.msn.cn ntp.msn.com windows-int1.msn.com windows.msn.cn windows.msn.com www.bing.com www.msn.com mathsolver.microsoft.com mathsolver-dev.microsoft.com chrome-extension://lklfbkdigihjaaeamncibechhgalldgl;media-src 'self' https: blob:;report-to csp-endpoint;worker-src 'self' https: blob: 'report-sample'; 17
frame-ancestors 'self' https://shop.kaspersky.co.uk https://shop.kaspersky.ca https://cart.kaspersky.com.br https://loja.kaspersky.pt https://shop.africa.kaspersky.com https://shop.afrique.kaspersky.com https://shop.baltics.kaspersky.com https://shop.bg.kaspersky.com https://shop.hu.kaspersky.com https://shop.il.kaspersky.com https://shop.kaspersky.be https://shop.kaspersky.co.in https://shop.kaspersky.co.jp https://shop.kaspersky.co.kr https://shop.kaspersky.co.th https://shop.kaspersky.com https://shop.kaspersky.com.au https://shop.kaspersky.com.hk https://shop.kaspersky.com.tr https://shop.kaspersky.com.tw https://shop.kaspersky.com.vn https://shop.kaspersky.cz https://shop.kaspersky.de https://shop.kaspersky.dk https://shop.kaspersky.es https://shop.kaspersky.fi https://shop.kaspersky.fr https://shop.kaspersky.gr https://shop.kaspersky.it https://shop.kaspersky.kz https://shop.kaspersky.ma https://shop.kaspersky.nl https://shop.kaspersky.ro https://shop.kaspersky.rs https://shop.kaspersky.ru https://shop.kaspersky.se https://shop.me.kaspersky.com https://shop.no.kaspersky.com https://shop.sea.kaspersky.com https://shop.stan.kaspersky.com https://shop.usa.kaspersky.com https://shop-lt.latam.kaspersky.com https://shop-mx.latam.kaspersky.com; 17
script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 17
frame-ancestors 'self' https://metrika.yandex.ru/ 17
frame-ancestors 'self' https://guides.opentext.com https://content.microfocus.com; default-src data: 'unsafe-inline' 'unsafe-eval' https:;style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src  https:; connect-src https:; object-src https:; child-src https:; 17
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com 17
require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport 17
frame-ancestors 'none'; report-uri https://prod-bk-csp-service.rbictg.com/csp; report-to csp-endpoint 17
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 17
default-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.oribi.io *.cookielaw.org *.onetrust.com *.zscalertwo.net *.googlesyndication.com *.linkedin.com *.hubspot.com *.hubapi.com *.optimizely.com http://cscmarketing-cscdbs-prod-container.azurewebsites.net/blog/wp-json/; script-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.zscalertwo.net 'sha256-uEVZG2aKtvTnCiyd6KE5c0iP+naoyXFMNU6NZqWfTzk=' 'sha256-FTZUkywTeCare2C/3qESeGwIijE/FJIJzHs4QajBqVU=' 'sha256-6EYFRGyxum0IwH2kLdixEkMnfVbkqBt14VQFi8BCJRA=' 'sha256-NEJOYgS3wIia+ss6EnB/d2Kk/XqlS6ES36GronXzmbs=' *.cookielaw.org *.onetrust.com *.googlesyndication.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsadspixel.net *.doubleclick.net *.optimizely.com blob: 'sha256-FYVcJ8j+aeiBImnoPSLVrA8jc6b/AUdJP0H7kMX8XRg=' 'sha256-2pe8k26MWlcKficOeMWZ75CKsCYpC8O7SWL1c80IevA=' 'sha256-xA+Nf+aCToDDa/FWlmohq36+g4wJDUNr/5Z99KzXHAQ=' 'sha256-Ekr4lImICDOvgVtzrLML7wjf3IM4V5Q3+ohyZq4Fi5w='; style-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com 'unsafe-inline'; img-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net *.cookielaw.org *.hubspot.com; font-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.googlesyndication.com *.hsforms.com *.doubleclick.net *.googletagmanager.com; object-src 'none' 17
script-src-elem *.newrelic.com *.maxymiser.net *.googletagmanager.com *.oracleinfinity.io *.crazyegg.com *.facebook.net *.getblue.io *.air.tech *.google-analytics.com *.doubleclick.net *.kommunicate.io *.youtube.com *.soicos.com *.tiktok.com *.yandex.com *.onesignal.com onesignal.com *.verificado.ai https://cdn-mz-gj-vai.verificado.ai/widget/main.js *.google.com *.gstatic.com https://www.google.com/recaptcha/ *.googleadservices.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.lightwidget.com *.clarity.ms *.bing.com unpkg.com *.greencolumnart.com *.hotjar.com *.cloudfront.net *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com code.jquery.com stackpath.bootstrapcdn.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem fonts.googleapis.com *.kommunicate.io *.soicos.com *.verificado.ai *.cloudflare.com *.typekit.net https://www.google.com/recaptcha/ *.googletagmanager.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.crazyegg.com *.clarity.ms *.bing.com *.cdnfonts.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googletagmanager.com *.facebook.com *.transbank.cl *.sabbi.cl *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.cardinalcommerce.com *.paypal.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.payulatam.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com webpay3g.transbank.cl webpay3gint.transbank.cl *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.weltpixel.com *.facebook.com https://web.facebook.com *.google.com *.cnetcontent.com *.vimeo.com https://event.getblue.io *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://notrack.indexado.pmbox.cloud https://emersya.com *.lightwidget.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://firalivepro.blob.core.windows.net/ https://fira-live-player-pro.azurewebsites.net/ https://20839951p.rfihub.com/ *.googletagmanager.com *.doubleclick.net *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.wufoo.com/ https://wufoo.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.soicos.com *.crazyegg.com *.verificado.ai https://komax-tracking.oms.linets.cl/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br mercadopago.cl/ *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.integration.komax.eclt.lnt.cl *.gstatic.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com *.syndigo.com *.syndigo.cloud *.google.com.co *.google.com.pa *.teads.tv *.gap.cl https://fichashppervasive.blob.core.windows.net *.komaxchile.cl/ *.kliper.cl/ https://dc.oracleinfinity.io/ https://s3.amazonaws.com/ https://stags.bluekai.com/ https://cm.g.doubleclick.net https://rrstatic.retailrocket.net/ https://mc.yandex.ru/ https://an.yandex.ru/ https://mc.yandex.md/ *.maxymiser.net *.komaxchile.cl *.bananarepublic.cl *.brooksbrothers.cl *.dcshoes.cl *.kipling.cl *.kivul.cl *.kliper.cl *.marmot.cl *.mammut.cl *.oldnavy.cl *.stoked.cl *.surprice.cl *.thenorthface.cl *.ugg.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io https://km-prod-s3-bucket.s3.amazonaws.com *.elfsight.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.cl *.google.com.pe *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.gap.com.pe news-oldnavy.cl *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.oraclecloud.com *.guess.cl *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com cdn.doofinder.com *.doofinder.com komax-files.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.integration.komax.eclt.lnt.cl https://www.googletagmanager.com tagmanager.google.com cdn.cs.1worldsync.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.facebook.net *.connect.facebook.net *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.bootstrapcdn.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com *.maxymiser.net/ *.kommunicate.io *.retailrocket.net *.oracleinfinity.io *.crazyegg.com *.komaxchile.cl *.oraclecloud.com *.onesignal.com https://onesignal.com/ *.googleoptimize.com *.lightwidget.com *.air.tech *.rfihub.net *.hicloud.com *.tiktok.com *.hotjar.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.elfsight.com https://mc.yandex.ru/ https://mc.yandex.md/ https://an.yandex.ru/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nr-data.net unpkg.com *.soicos.com *.verificado.ai *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com cdn.doofinder.com *.doofinder.com code.jquery.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com *.cloudflare.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com https://rrstatic.retailrocket.net/ https://widget.kommunicate.io/ *.fontawesome.com https://firalivepro.blob.core.windows.net *.brooksbrothers.cl/ https://*.komaxchile.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io unsafe-inline *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com 'self' 'unsafe-inline'; object-src *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.syndigo.com *.syndigo.cloud https://emersya.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.youtube.com youtube.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net https://*.ingest.sentry.io wss://tm.filter:1502/ xml.ssreviewsportal.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.google.com *.paypal.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv *.doubleclick.net *.kommunicate.io *.oracleinfinity.io *.oraclecloud.com *.tiktok.com https://mc.yandex.ru/ https://an.yandex.ru https://mc.yandex.md/ *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.maxymiser.net/ *.elfsight.com https://analytics.pangle-ads.com/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.crazyegg.com *.nr-data.net *.sentry.io *.google-analytics.com *.facebook.net google.com *.soicos.com *.yandex.com *.verificado.ai *.amazonaws.com https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com  wss://*.zendesk.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com wss://*.doofinder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com http: https: blob: 'self' 'unsafe-inline'; default-src *.maxymiser.net *.komaxchile.cl *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com 'self' 'unsafe-inline'; 17
frame-ancestors 'self' http://jack-wolfskin.com https://mywolfpack.jack-wolfskin.com http://staffbase.com capacitor://jack-wolfskin.com capacitor://staffbase.com; 17
require-trusted-types-for 'script';report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport 16
frame-ancestors 'self' https://*.kayak.com https://www.kayak.com.ar https://www.kayak.com.au https://www.kayak.bo https://www.kayak.com.br https://www.kayak.cat https://www.kayak.cl https://www.cn.kayak.com https://www.kayak.com.co https://www.kayak.co.cr https://www.kayak.dk https://www.kayak.com.do https://www.kayak.com.ec https://www.kayak.com.sv https://www.kayak.fr https://www.kayak.de https://www.kayak.com.gt https://www.kayak.com.hn https://www.kayak.com.hk https://www.kayak.co.in https://www.kayak.co.id https://www.kayak.ie https://www.kayak.it https://www.kayak.co.jp https://www.kayak.com.my https://www.kayak.com.mx https://www.kayak.nl https://www.kayak.com.ni https://www.kayak.no https://www.kayak.com.pa https://www.kayak.com.py https://www.kayak.com.pe https://www.kayak.com.ph https://www.kayak.pl https://www.kayak.pt https://www.kayak.com.pr https://www.en.kayak.sa https://www.kayak.sg https://www.kayak.co.kr https://www.kayak.es https://www.kayak.se https://www.kayak.ch https://www.kayak.co.th https://www.kayak.com.tr https://www.kayak.ae https://www.kayak.co.uk https://www.kayak.com.uy https://www.kayak.co.ve 16
frame-ancestors iinet.net.au:* *.iinet.net.au:* westnet.com.au:* *.westnet.com.au:* tpg.com.au:* *.tpg.com.au:* tpgtelecom.com.au:* tpgtelecom.com.au:* *.tpgtelecom.com.au:* internode.on.net:* *.internode.on.net:*; 16
script-src 'self' 16
frame-ancestors 'self'; object-src 'none'; 16
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com s2.adform.net c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com d.la3-c2-ia7.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com map.brightcove.com assets.map.brightcove.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com *.adform.net *.kmtx.io c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com tag.demandbase.com; 16
default-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://strapi.inbox.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.fjordmail.no; 16
default-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com apis.google.com platform.twitter.com ajax.cloudflare.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net cdn.syndication.twimg.com openlayers.org www.gstatic.cn hcaptcha.com *.hcaptcha.com bandcamp.com flo.uri.sh challenges.cloudflare.com;  style-src 'self' data: 'unsafe-inline' miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com use.typekit.net;  img-src blob: 'self' data: miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com *.fbcdn.net i.ytimg.com *.imgbb.com simgbb.com *.simgbb.com ibb.co *.ibb.co *.postimages.org postimgs.org *.postimgs.org postimg.cc *.postimg.cc *.rbxcdn.com cms-imgp.jw-cdn.org hosted.weblate.org;  font-src 'self' data: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org use.typekit.net;  media-src 'self' blob: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com apis.google.com bandcamp.com;  frame-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net www.google.com docs.google.com apis.google.com calendar.google.com web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com lucid.app scratch.mit.edu hcaptcha.com *.hcaptcha.com bandcamp.com challenges.cloudflare.com;  connect-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com 1.1.1.1 translate.googleapis.com games.roblox.com economy.roblox.com; 16
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https: blob:; frame-ancestors 'self'; upgrade-insecure-requests 16
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src *  'unsafe-inline'; 16
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 16
default-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * blob: data:; frame-src https: data: intent:; frame-ancestors 'self' https://michelin.clic2buy.com https://*.iadvize.com https://*.blueconic.net; worker-src blob: data: https:; font-src https: data:; script-src-elem 'unsafe-inline' 'unsafe-eval' * blob: 16
frame-ancestors 'self'; report-uri csp-reports; report-to csp-endpoint; 16
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 16
default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src *; 16
font-src *;img-src * data:; 16
frame-ancestors 'self' *.mydukaan.io; 16
base-uri 'self'; report-uri https://csp-logging.m-operations.com/cspheaders; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.moosend.com *.moostaging.com cdn.transifex.com cdn.segment.com *.adroll.com fast.appcues.com widget.intercom.io www.google-analytics.com app.satismeter.com js.intercomcdn.com ajax.googleapis.com cdn.tiny.cloud social.uploadcare.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com pay.google.com songbird.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.paypal.com kit.fontawesome.com storage.googleapis.com js.pusher.com labs.pathfix.com connect.facebook.net sitecoredelivr.sitecorecloud.io portal-staging.sitecore-staging.cloud portal.sitecorecloud.io *.highcharts.com; object-src 'none'; 16
frame-ancestors 'self' https://omnidoctor.ru/ 16
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https: ; worker-src 'self' blob: ; media-src 'self' blob: https: ; 15
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 15
default-src 'self'; style-src 'self' * 'unsafe-inline';style-src-attr 'self' 'unsafe-inline' *; style-src-elem 'self' 'unsafe-inline' *; font-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; connect-src *; img-src 'self' 'unsafe-inline' data: blob: *; manifest-src *; frame-src *; media-src * blob: 15
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 15
script-src 'unsafe-inline' 'unsafe-eval' http: https: 15
require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport 15
frame-ancestors 'self' *.affino.com; 15
frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.do 15
frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it 15
form-action 'self'; 15
default-src 'self' blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com;connect-src 'self' blob: wss: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.metart.network *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com *.metartmoney.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com api.ipify.org *.s3.eu-central-1.amazonaws.com;style-src 'self' blob: 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com;font-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.vwo.com;script-src 'self' 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com;frame-src 'self' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.twitter.com *.youtube.com *.vimeo.com *.atlassian.net *.metartmoney.com *.visualwebsiteoptimizer.com *.vwo.com *.google.com;img-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.nsimg.net *.twimg.com *.twitter.com *.zopim.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.vscdns.com *.strpst.com *.google.com;media-src 'self' data: blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.nsimg.net *.zdassets.com *.visualwebsiteoptimizer.com *.vwo.com;worker-src 'self' data: blob: wss:;object-src 'none' 15
connect-src http://ip-api.com/ 'self' https: data: 15
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; 15
img-src 'self' * blob: data:;script-src 'self' 'unsafe-eval' blob: cdnjs.cloudflare.com 1million.casino;default-src 'self' api-v2.psg777.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 15
default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com https://maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net https://maxcdn.bootstrapcdn.com 15
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *; 15
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.medcity.net https://youtube.com https://www.youtube.com https://*.googleapis.com https://*.google.com https://*.formstack.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.healthgrades.com *.undertone.com *.facebook.net *.facebook.com *.trkn.us *.jotform.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://translate.google.com https://www.gstatic.com https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.go-mpulse.net/ https://*.akstat.io/ https://*.akamaihd.net/ https://dc.hcafloridahealthcare.com https://dc.hcafloridaphysicians.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud https://player.vimeo.com https://embed.vidbeo.com/ https://*.azure.com https://*.microsoft.com https://*.visualstudio.com blob: https://dc.mymdnow.com/ https://dc.carenow.com/ https://dc.stdavids.com/ https://dpx-xsf-func-maps-eastus2-dev-bbasc5hha3dfexh6.eastus2-01.azurewebsites.net https://solutions.invocacdn.com/ https://pnapi.invoca.net/ https://*.podium.com https://*.analyticspodium.com https://dpx-xsf-func-maps-eastus2-prod-bnf2g4e0a8fvhahy.eastus2-01.azurewebsites.net; img-src 'self' data: https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.ytimg.com https://*.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://carelinkhca.my.salesforce-sites.com *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.s3.amazonaws.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud https://i.vimeocdn.com/ https://*.podium.com; style-src 'self' 'unsafe-inline' https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.microsoft.com https://*.podium.com; font-src 'self' 'unsafe-inline' data: https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.microsoft.com https://atlas.microsoft.com https://*.podium.com; frame-src 'self' 'unsafe-inline' https://*.clearstep.health *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://www.youtube.com https://youtube.com https://player.vimeo.com https://embed.vidbeo.com/ *.crazyegg.com https://*.medcity.net *.doubleclick.net https://mammogramscreenbotcontainer.azurewebsites.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://mycarenowbiltmoreparkbot.azurewebsites.net; upgrade-insecure-requests; block-all-mixed-content ; 15
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 15
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 15
default-src 'self'; img-src 'self';script-src 'self' 'sha256-J+Y4l+yfxXd4cYzH9LhXUSHSb7zZu2bgddfCumVZJMo=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self' 'sha256-OU0LTytxyR8kjQ+DRjRCDKhUAKEeH7rb0D5nBWOzRlQ=' 15
default-src 'none'; connect-src https://yastatic.net http://pagead2.googlesyndication.com *.yandex.ru  https://csi.gstatic.com  https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ua https://mc.yandex.uz https://pagead2.googlesyndication.com https://www.google-analytics.com yandex.ru https://ymetrica1.com *.google.com https://*.strm.yandex.net 'report-sample'; font-src https://fonts.gstatic.com https://yastatic.net 'report-sample'; frame-src https://ad.mail.ru https://googleads.g.doubleclick.net https://mc.yandex.md https://mc.yandex.com https://rutube.ru https://player.vimeo.com https://nuum.ru https://tpc.googlesyndication.com *.google.com https://www.youtube.com https://yastatic.net *.yandex.ru 'report-sample'; img-src 'self' data: an.yandex.ru *.mds.yandex.net counter.yadro.ru https://*.verify.yandex.ru https://amc.yandex.ru https://csi.gstatic.com https://favicon.yandex.net https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.ua https://mc.yandex.uz https://verify.yandex.ru https://www.google-analytics.com https://www.google.ru https://www.googletagmanager.com https://www.gstatic.com https://yastatic.net imagecache.worldwide-ad-network.biz mc.yandex.ru pagead2.googlesyndication.com *.googleusercontent.com *.google.com 'report-sample'; script-src 'self' 'unsafe-inline' an.yandex.ru https://fundingchoicesmessages.google.com  http://pagead2.googlesyndication.com https://ad.mail.ru https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.hk https://adservice.google.com.lb https://adservice.google.com.mx https://adservice.google.com.ng https://adservice.google.com.pa https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.uz https://pagead2.googlesyndication.com https://partner.googleadservices.com https://r.mradx.net https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com https://yandex.ru https://yastatic.net mc.yandex.ru www.googletagmanager.com 'report-sample'; style-src 'self' 'unsafe-inline' https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://fonts.googleapis.com; media-src data: strm.yandex.ru *.strm.yandex.net; report-uri /csp-report.php 15
default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com login.microsoftonline.com www.google.com google.com adservice.google.com pagead2.googlesyndication.com td.doubleclick.net www.googletagmanager.com; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com www.googletagmanager.com/gtag/js www.googleadservices.com/pagead/ www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ adservice.google.com/pagead/ pagead2.googlesyndication.com/pagead/ www.googletagmanager.com/gtag/destination merchantpool1.linkedin.com/mdt.js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com flo.uri.sh *.fls.doubleclick.net www.googletagmanager.com td.doubleclick.net li.protechts.net *.xlgmedia.com *.px-cloud.net merchantpool1.linkedin.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gg 14
default-src 'none' ; connect-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; manifest-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; media-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; script-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' ; font-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; img-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; style-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; form-action  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-ancestors 'self' https://html.duckduckgo.com; base-uri 'self' ; block-all-mixed-content ; 14
upgrade-insecure-requests; frame-ancestors 'self' https://explore.bitdefender.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.storylane.io *.mountain.com *.bttrack.com *.simpli.fi *.pathfactory.com *.impactcdn.com *.tiktok.com *.emarsys.net *.ofgreencolumn.com *.usercentrics.eu *.amazon *.redditstatic.com *.roeyecdn.com *.unpkg.com *.googleadservices.com *.2checkout.com *.cookielaw.org *.criteo.com *.dwin1.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se *.bitdefender.co.jp bitdefender.co.jp bitdefender.applytojob.com *.adobe.com *.facebook.com *.facebook.net *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.ads-twitter.com  *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.hsforms.net *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de dpm.de *.mdex.net mdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net *.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net *.scarabresearch.com *.zenaps.com pixel.xonaz.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com *.outgrow.us *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net fullstory.com ad4m.at *.googletagmanager.com bat.bing.com *.impactradius-event.com *.outbrain.com *.gartner.com *.gstatic.com *.licdn.com *.bizible.com *.clarity.ms *.demandbase.com *.hs-scripts.com *.sf14g.com *.hsadspixel.net *.hs-analytics.net *.hsleadflows.net *.hs-banner.com *.usemessages.com *.company-target.com *.techtarget.com *.privacyportal-de.onetrust.com *.geolocation.onetrust.com *.avads.net cdn.jsdelivr.net *.hlx.live; 14
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 14
default-src * 'unsafe-inline' 'unsafe-eval' 14
frame-ancestors 'self' *.marketing.ai *.myclickfunnels.com; 14
frame-ancestors 'self' https://es.chevrolet.com 14
object-src 'none'; base-uri 'self' 14
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self'; style-src 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'none' 14
frame-ancestors 'self'; base-uri 'self' 14
frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru 14
object-src 'none'; frame-ancestors 'self' 14
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 14
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 14
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 14
frame-ancestors https://cms-prod.brxm.grandvision.io 14
frame-ancestors http://*.interactcp.com https://*.interactcp.com 'self'; 14
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php 14
default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com https://*.zdassets.com;  script-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; connect-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com wss://*.zopim.com https://*.zdassets.com; upgrade-insecure-requests; report-uri /csp.cgi; 14
frame-ancestors 'self' *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ bam.nr-data.net/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.1c-bitrix.ru gw.timeweb.com https://smartcaptcha.yandexcloud.net smartcaptcha.yandexcloud.net https://cdn.mxpnl.com cdn.mxpnl.com *.jivo.ru *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ *.timeweb.net *.timeweb.ru timeweb.eu vds-static.timeweb.com cloud.timeweb.com timeweb.cloud public-api.timeweb.com content.timeweb.com api.craftum.com api-v2.craftum.com *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com sentry.timeweb.net:4443 data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net myreviews.dev https://myreviews.dev webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ wss://*.jivosite.com https://www.googleoptimize.com/ blob: timeweb.com content.saas-support.com cdn.envybox.io whitesaas.com https://directus-twtech.timeweb.net https://api-qa.timeweb.ru 13
frame-ancestors *.shein.com https://www.shein.com.hk https://s1.shein.com https://www.shein.com.mx https://www.shein.co.uk https://www.shein.tw https://www.shein.se https://co.shein.com https://www.shein.com.co 13
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js  https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js https://js.zi-scripts.com/zi-tag.js *.mutinycdn.com https://www.clarity.ms https://j.6sc.co/j/81ad4853-7699-4145-be50-4c0e963c8034.js *.roundprinceweb.com https://www.redditstatic.com/ads/pixel.js https://go.proofpoint.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * *.mutinycdn.com; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; frame-ancestors 'self' https://app.mutinyhq.com; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com * *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com; report-uri /report-csp-violation 13
frame-ancestors 'self' https://www.thomsonreuters.com 13
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarivate.com https://*.clarivate.com https://clarivate.com https://*.nr-data.net *.en25.com https://js.zi-scripts.com https://epsilon.6sense.com/ https://static.lightning.force.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivateanalytics.my.site.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://code.jquery.com https://connect.facebook.net https://derwent.com *.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com  https://cdn.jsdelivr.net https://app.vwo.com https://*.googlesyndication.com https://*.zoominfo.com https://translate.google.com https://*.googleapis.com https://*.amcharts.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 13
frame-ancestors 'self' app.storyblok.com 13
default-src=self; 13
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; reflected-xss block; upgrade-insecure-requests; 13
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 13
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 13
frame-ancestors 'self' https://app.eu.contentful.com; 13
default-src 'self' data: http: https: ws: wss:; script-src 'unsafe-inline' 'unsafe-eval' http: https:; style-src 'unsafe-inline' 'unsafe-eval' http: https:; 13
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 13
frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 13
frame-ancestors https://dgbuilder.io http://dgbuilder.io 13
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 13
frame-ancestors https://app.contentful.com https://dash.cloudflare.com 13
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 13
default-src 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: http: https:; font-src 'self' http: https:; connect-src 'self' http: https:; frame-src 'self' http: https: 13
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval'; 13
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 12
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://*.smassets.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com https://api2.amplitude.com https://*.crazyegg.com wss://*.hotjar.com wss://*.qualified.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com https://*.microsoft365.com https://*.cloud.microsoft 12
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 12
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.mmcdn.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.mmcdn.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xnxx.com/csp-reports; report-to csp-endpoint 12
frame-ancestors 'self' https://localhost:* https://*.bustle.com https://*.bdg.com 12
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 12
frame-ancestors 'self' *.funke.cue.cloud; 12
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sanity.io www.youtube.com www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com fonts.gstatic.com www.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk static.hotjar.com static.ads-twitter.co mwww.facebook.com dc.ads.linkedin.com t.co vars.hotjar.com in.hotjar.com p.adsymptotic.com analytics.twitter.com cdn.jsdelivr.net dqm.crownpeak.com geolocation.onetrust.com static.ads-twitter.com connect.facebook.net snap.licdn.com staticcontents.investisdigital.com script.hotjar.com maps.googleapis.com sc.lfeeder.com netlify-cdp-loader.netlify.app cd-prod.wdesk.com www.googleadservices.com assets.adobedtm.com unilever.d3.sc.omtrdc.net acdn.adnxs.com js-agent.newrelic.com bam.nr-data.net insight.adsrvr.org cdn.cookielaw.org *.demdex.net cm.everesttech.net c.evidon.com aemcs.unileversolutions.com 12
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 12
default-src http:; img-src * data:; script-src https:* http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline'; 12
frame-ancestors 'self' *.purpledshub.com 12
“upgrade-insecure-requests� 12
frame-ancestors 'self' https://app.contentful.com; 12
frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com https://tools.jll.com https://journeys.jll.com https://qa-journeys.jll.com; 12
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://bat.bing.net  https://*.cliplister.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.criteo.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.lidlplus.com  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://*.scon.schwarz  wss://endpoint-prod.scon.schwarz  'unsafe-inline'  https://*.adyen.com  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cliplister.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.criteo.com  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  https://manuals.sit-connect.com  'unsafe-inline'  https://*.adyen.com; img-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cliplister.com  https://*.cookiebot.com  https://*.criteo.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.lidlplus.com  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://content.odj.cloud  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://sync.targeting.unrulymedia.com  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://sync.1rx.io  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  https://*.upe.schwarz  'unsafe-inline'  https://*.adyen.com  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.criteo.com  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://manuals.sit-connect.com  'unsafe-eval'; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.criteo.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.criteo.com  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 12
; frame-ancestors 'self' 12
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' ;  object-src 'none' ;  frame-ancestors 'self' ;  base-uri 'self' ;  prefetch-src 'self' ;  img-src https: data: ; 12
frame-ancestors 'self' *.daysmartpayments.com http://localhost:4200/ 12
object-src 'self' 12
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 12
default-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob:; 12
default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 12
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 12
script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.tiktok.com vimeo.com www.vimeo.com www.youtube.com *.treasuredata.com snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com checkoutshopper-live.adyen.com *.cdn.adyen.com; object-src 'none'; child-src 'self' www.youtube.com youtube.com www.google.com google.com *.doubleclick.net player.vimeo.com www.googletagmanager.com checkoutshopper-live.adyen.com *.cdn.adyen.com maps.google.com.sg www.google.com maps.google.com goo.gl google.com www.facebook.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests 12
frame-ancestors 'self' *.laccd.edu *.elac.edu *.wlac.edu *.lapc.edu *.lamission.edu *.lavc.edu *.lasc.edu *.lahc.edu *.lacc.edu *.lattc.edu 12
frame-ancestors 'self' *.facebook.com 12
block-all-mixed-content; frame-ancestors 'none'; 12
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 12
frame-src * 'self' blob: mediastream: 'unsafe-inline'; fullscreen 'self' 12
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 12
frame-ancestors 'self' https://secure.safecharge.com; 12
frame-ancestors whitelabel.camspower.com cams.dnxlive.com 12
frame-ancestors 'self' https://www.quandoo-partner.com/ https://ws.ephapay.net/ https://pp.ephapay.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://adservice.google.com https://google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pay.google.com https://www.googletagmanager.com https://www.gstatic.com https://region1.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://region1.analytics.google.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://analytics.tiktok.com https://tr.snapchat.com https://spay.samsung.com https://4625502.fls.doubleclick.net https://5181002.fls.doubleclick.net https://s7.addthis.com https://6nw8ohlf.micpn.com https://api.woosmap.com https://bda.bookatable.com https://bf61376cao.bf.dynatrace.com https://bookings.designmynight.com https://castle.verseapps.co.uk https://cdn.jsdelivr.net https://code.jquery.com https://cognito-identity.eu-west-1.amazonaws.com https://ep.smct.co https://firehose.eu-west-1.amazonaws.com https://ipl.smct.io https://js.smct.co https://js.smct.io https://miller-and-carter.sjv.io https://partners.designmynight.com https://platform.twitter.com https://rules.quantcount.com https://safekey-3.americanexpress.com https://sc-static.net https://script.hotjar.com https://sdk.woosmap.com https://secure.quantserve.com https://servedby.flashtalking.com https://smct.co https://static.hotjar.com https://static.uk.eagleeye.com https://stats.g.doubleclick.net https://svht.tradedoubler.com https://utt.impactcdn.com https://vintage-inns.pxf.io https://widgets.designmynight.com https://cdn.fingerprint.host https://cdn.fingerprint-staging.host https://www.dwin1.com https://*.webtrends-optimize.com https://analytics.tiktok.com https://*.azurewebsites.net https://*.onetrust.com; object-src 'none'; base-uri 'none'; 12
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org 12
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 12
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 12
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ 12
frame-ancestors 'self' *.hexia.io *.zigtools.nl *.zig365.nl 12
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline'; 12
default-src 'self' 'unsafe-inline' https://* data: wss://*.hotjar.com; frame-ancestors 'none' 12
frame-ancestors 'self' https://gtranslate.io; 12
upgrade-insecure-requests; default-src data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://www.googletagmanager.com https://*.google-analytics.com https://*.mouseflow.com https://*.youtube.com https://*.googleadservices.com https://*.googleapis.com; img-src data: 'self' https://*.usercentrics.eu https://*.suedpack.com https://*.google-analytics.com https://*.ytimg.com https://*.doubleclick.net https://*.google.com https://*.google.de https://*.googletagmanager.com; connect-src 'self'  https://*.google.com https://*.googlesyndication.com https://*.usercentrics.eu https://*.mouseflow.com https://*.google-analytics.com https://*.doubleclick.net https://*.friendlycaptcha.com; frame-src 'self' https://*.usercentrics.eu https://www.google.com https://*.youtube-nocookie.com https://*.googletagmanager.com; worker-src 'self' blob:; 12
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https:; frame-src http: https: data:; upgrade-insecure-requests 11
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://*.genesys.com https://*.genesyscsdt.com https://*.genesyscsdteng.com https://resources.genesys.com https://*.seismic.com https://know.genesys.com https://help.genesys.com https://*.contentsquare.net app.contentsquare.com genesys.lightning.force.com genesys.file.force.com; 11
frame-ancestors 'self' https://app.storyblok.com; 11
frame-ancestors 'self' letmedate.com www.letmedate.com 11
upgrade-insecure-requests;frame-ancestors 'self' https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ https://www.staging.medscape.com/ https://www.skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ https://endocrinologistnation.com https://www.endocrinologistnation.com https://amgenicpsp.lightning.force.com/ https://nephrologistconnect.com https://rheumatologynation.com https://dermatologistnation.com 11
frame-ancestors https://app.contentful.com 11
frame-ancestors 'self' *.ci360.sas.com app.contentstack.com login.celebrations.com 11
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 11
default-src 'self'; connect-src 'self' *.yoast.com *.authorize.net *.facebook.com stats.addtoany.com *.google.com *.google-analytics.com cdn.cookielaw.org *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com s3.eu-west-1.amazonaws.com *.marker.io stats.g.doubleclick.net *.clarity.ms *.mktoresp.com *.ziftsolutions.com *.ziftone.com *.ziftmarcom.com *.onetrust.com *.cookielaw.org *.newrelic.com bam.nr-data.net *.googlesyndication.com *.gstatic.com scout.salesloft.com cdn.linkedin.oribi.io *.mktoutil.com *.bonterratech.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com bat.bing.com *.convertexperiments.com *.linkedin.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.vimeo.com *.cloudinary.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ct.capterra.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com; frame-src 'self' app.marker.io *.driftt.com *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com *.zensource.cloud vars.hotjar.com *.desire2learncapture.com *.everyaction.com *.mktoresp.com *.spotify.com *.googlesyndication.com tpc.googlesyndication.com *.googleads.com *.googleapis.com go.bonterratech.com hemsync.clickagy.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com; img-src 'self' *.wpengine.com *.w.org secure.gravatar.com data: *.bonterratech.com test-bonterra-corporate-v2.pantheonsite.io live-bonterra-corporate-v2.pantheonsite.io *.driftt.com maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com zensource-salisbury.s3.amazonaws.com chat.mcsoftware.com *.timevaluecalculators.com *.ytimg.com *.ziftsolutions.com *.ziftone.com *.cookielaw.org *.googlesyndication.com www.google-analytics.com googleads.g.doubleclick.net www.google.com ad.doubleclick.net ade.googlesyndication.com *.bing.com px.ads.linkedin.com www.linkedin.com c.clarity.ms cdn.kimbia.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com *.clarity.ms *.linkedin.com *.google.ca ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.vimeo.com *.cloudinary.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' *.vimeo.com *.youtube.com *.spotify.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.cloudinary.com; object-src 'self' *.oembed.com *.vimeo.com *.youtube.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.cloudinary.com; script-src 'self' 'unsafe-eval' https://cdn.cookielaw.org *.marker.io *.driftt.com *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com *.vimeo.com s.ytimg.com *.googlesyndication.com *.hotjar.com unpkg.com *.timevaluecalculators.com *.w55c.net *.chatbeacon.io *.marketo.net *.everyaction.com *.mktoresp.com *.ziftsolutions.com cdn.cookielaw.org go.bonterratech.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.cloudinary.com cdn-4.convertexperiments.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.driftt.com munchkin.marketo.net *.ziftsolutions.com cdn.cookielaw.org widgets.kimbia.com cdn.kimbia.com *.newrelic.com go.everyaction.com *.googlesyndication.com snap.licdn.com bat.bing.com scout-cdn.salesloft.com www.clarity.ms connect.facebook.net googleads.g.doubleclick.net *.convertexperiments.com go.bonterratech.com www.googleadservices.com *.6sc.co ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdn-4.convertexperiments.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' fonts.googleapis.com tagmanager.google.com *.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com *.timevaluecalculators.com *.marketo.net *.everyaction.com *.mktoresp.com *.ziftsolutions.com *.driftt.com go.everyaction.com cdn.cookielaw.org go.bonterratech.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.typekit.net  https://www.googletagmanager.com go.everyaction.com fonts.googleapis.com *.ziftsolutions.com cdn.kimbia.com go.bonterratech.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self'; 11
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 11
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net; script-src 'self' 'unsafe-inline' ametekemip--dev.sandbox.my.site.com ametekemip.my.site.com enterprise-demo.tfaforms.net js.sentry-cdn.com affimvip.baidu.com static.lightning.force.com creaform.my.salesforce.com c.la1-core1.sfdc-58ktaz.salesforceliveagent.com creaform.my.site.com d.la1-core1.sfdc-58ktaz.salesforceliveagent.com chatai-cdn.ametek.com ametekpds.us17.list-manage.com mc.us17.list-manage.com static.addtoany.com fast.wistia.net wappass.baidu.com hmcdn.baidu.com fast.wistia.com static.zdassets.com affim.baidu.com safe.cdn.bcebos.com aifanfan.baidu.com a.omappapi.com go.zygo.com aff-im.cdn.bcebos.com cdnjs.cloudflare.com goutong.baidu.com player.youku.com hm.baidu.com js.hscollectedforms.net dmpstatic.cdn.bcebos.com sofire.bdstatic.com aiff.cdn.bcebos.com cdn.syndication.twimg.com api.twitter.com platform.twitter.com cdn.jsdelivr.net embed.tawk.to shopapi.dunkermotoren.de dwebshoptest.plan-software.de aff-im.cdn.bcebos.com ametekcdn2.azureedge.net ametekcdn.azureedge.net cdn.cookielaw.org go.phantomcamera.es go.phantomcameras.cn go.phantomcamera.fr wistia.com wistia.net go.ametekesp.com go.powervar.com go.precitech.com go.precitech.com.de *.creaform-engineering.com *.zygo.tw *.introtek.com *.alphasense.com *.egsautomation.de *.rtds.com *.skybitz.com *.ametek.com *.ametekweb.com go.sunpowerinc.com go.ameteksi.com go.ortec-online.com ajax.cloudflare.com static.cloudflareinsights.com facebook.com facebook.net connect.facebook.net googleads.g.doubleclick.net google-analytics.com www.google-analytics.com ssl.google-analytics.com google.com www.google.com support.google.com www.googleadservices.com fonts.googleapis.com ajax.googleapis.com maps.googleapis.com fonts.gstatic.com www.gstatic.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.hubspot.com js.hscollectedforms.net t.sharethis.com code.jquery.com ws.sharethis.com info.ametek-land.com go.spectro.com twitter.com player.vimeo.com/api/ webtraxs.com youku.com youtube.com www.youtube.com go.techmfg.com go.techmfg.cn go.techmfg.de go.techmfg.jp go.techmfg.es chimpstatic.com cookie-cdn.cookiepro.com emip.ametek.com emipi.ametek.com geolocation.onetrust.com go.ametekaerospaceanddefense.com go.ametek-airtechnology.com go.ametekcalibration.cn go.ametekcalibration.com go.ametek-coining.com go.ametekfactoryautomation.com *.ametek-measurement.com go.ameteksfms.com go.ametekstc.com go.ametektest.cn go.ametektest.com go.ametektest.fr go.ametekusg.com go.brookfieldengineering.cn go.brookfieldengineering.com go.brookfieldengineering.de go.brookfieldengineering.in go.brookfieldengineering.uk go.drexelbrook.com go.emip.ametek.com go.fmhaerospace.com go.hughes-treitler.com go.hunterspringandreel.com go.pd-tech.com go.phantomcamera.de go.phantomhighspeed.com go.phantomcamera.fr go.phantomcameras.cn go.precitech.cn go.precitech.co.kr go.precitech.com.de go.precitech.jp go.precitech.tw go.rauland.com go.rauland.com go.spectro.de go.spectro.jp go.store.csiheat.com go.zygo.cn go.zygo.com.cn go.zygo.de go.zygo.jp *.zygo.kr go.zygo.sg go.zygo.th info.ametekland.com info.ametek-land.com info.ameteksurfacevision.com listadmin.ametek.com pardot1022173.ametek.com privacyportal.onetrust.com www.linkedin.com players.brightcove.net brightcvove.com brightinfo.com vjs.zencdn.net *.amazonaws.com js.hscta.net js.hs-banner.com js.hsleadflows.net analytics-eu.clickdimensions.com widgets.wp.com snap.licdn.com *.salesforceliveagent.com service.force.com bat.bing.com *.salesforce.com www.googletagmanager.com static.doubleclick.net fwww.surveymonkey.com fr.surveymonkey.com es.surveymonkey.com nl.surveymonkey.com de.surveymonkey.com jp.surveymonkey.com help.surveymonkey.com it.surveymonkey.com apply.surveymonkey.com pt.surveymonkey.com ru.surveymonkey.com sv.surveymonkey.com fi.surveymonkey.com da.surveymonkey.com zh.surveymonkey.com ko.surveymonkey.com no.surveymonkey.com tr.surveymonkey.com secure.surveymonkey.com contribute.surveymonkey.com fdeveloper.surveymonkey.com godaddy.surveymonkey.com linuxfoundation.surveymonkey.com eu.surveymonkey.com cx.surveymonkey.com investor.surveymonkey.com widget.surveymonkey.com engage.surveymonkey.com smenterprise.surveymonkey.com smaudience.surveymonkey.com blog.electiontracking.surveymonkey.com seattle.surveymonkey.com de.eu.surveymonkey.com uber.surveymonkey.com jpmc.surveymonkey.com en.surveymonkey.com ourstory.surveymonkey.com carerstrust.surveymonkey.com lp.surveymonkey.com demo.cx.surveymonkey.com cx-help.surveymonkey.com engage-help.surveymonkey.com images.surveymonkey.com kab.surveymonkey.com sgs.surveymonkey.com mobile.surveymonkey.com att.surveymonkey.com thearcus.surveymonkey.com winnipeg.surveymonkey.com petersburgmedicalcenter.surveymonkey.com cs.surveymonkey.com cy.surveymonkey.com el.surveymonkey.com ro.surveymonkey.com asm.surveymonkey.com cfchildren.surveymonkey.com ga.surveymonkey.com kooziegroup.surveymonkey.com mcafee.surveymonkey.com audience.surveymonkey.com fit.eu.surveymonkey.com click.outbound.surveymonkey.com secure.eu.surveymonkey.com anpost.eu.surveymonkey.com oesb.surveymonkey.com kla.surveymonkey.com nycdohmh.surveymonkey.com csl.surveymonkey.com wwww.surveymonkey.com blumenthalarts.surveymonkey.com api.surveymonkey.com labelmaster.surveymonkey.com thelynxgroup.surveymonkey.com try.surveymonkey.com assets01.surveymonkey.com lcoa.surveymonkey.com bnymellon.surveymonkey.com placer.surveymonkey.com ayuda.surveymonkey.com avon.surveymonkey.com auth0.surveymonkey.com maximus.surveymonkey.com sasb.surveymonkey.com nmhs.surveymonkey.com csp.surveymonkey.com strong365northwell.surveymonkey.com be.surveymonkey.com augustatech.surveymonkey.com woodplc.surveymonkey.com go.surveymonkey.com fr.eu.surveymonkey.com nychealthandhospitals.surveymonkey.com hca.surveymonkey.com nhl.surveymonkey.com slsnz.surveymonkey.com ds.surveymonkey.com ww.surveymonkey.com symplr.surveymonkey.com ca.surveymonkey.com aktionen.surveymonkey.com pncpa.surveymonkey.com seiu1021.surveymonkey.com kornferry.surveymonkey.com streetwisepartners.surveymonkey.com gamechange.surveymonkey.com jp.blog.surveymonkey.com google.surveymonkey.com styles.surveymonkey.com 222.surveymonkey.com pg.surveymonkey.com engineering.surveymonkey.com scitechinstitute.orgwww.surveymonkey.com surveymonkeysv.surveymonkey.com aide.surveymonkey.com levelaccess.surveymonkey.com roamrobotics.surveymonkey.com smonkey.surveymonkey.com resources.surveymonkey.com ar.surveymonkey.com bg.surveymonkey.com bs.surveymonkey.com et.surveymonkey.com hr.surveymonkey.com hu.surveymonkey.com id.surveymonkey.com is.surveymonkey.com lv.surveymonkey.com ms.surveymonkey.com pl.surveymonkey.com sk.surveymonkey.com sl.surveymonkey.com sr.surveymonkey.com th.surveymonkey.com tl.surveymonkey.com uk.surveymonkey.com vi.surveymonkey.com scfirststeps.surveymonkey.com www.qlzn6i1l.com secure.neck6bake.com go.universalanalyzers.com go.store.universalanalyzers.com cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com login.mailchimp.com kb.mailchimp.com blog.mailchimp.com us1.admin.mailchimp.com admin.mailchimp.com styleguide.mailchimp.com polyfill.mailchimp.com developer.mailchimp.com templates.mailchimp.com ux.mailchimp.com api.mailchimp.com connect.mailchimp.com us16.admin.mailchimp.com us19.admin.mailchimp.com us7.admin.mailchimp.com us17.admin.mailchimp.com us3.admin.mailchimp.com us10.admin.mailchimp.com us2.admin.mailchimp.com us11.admin.mailchimp.com us20.admin.mailchimp.com us4.admin.mailchimp.com us12.admin.mailchimp.com us18.admin.mailchimp.com us14.admin.mailchimp.com us8.admin.mailchimp.com apidocs.mailchimp.com us13.admin.mailchimp.com experts.mailchimp.com us1.api.mailchimp.com img.mailchimp.com us15.admin.mailchimp.com status.mailchimp.com us5.admin.mailchimp.com us6.admin.mailchimp.com us9.admin.mailchimp.com us1.mailchimp.com ls.mailchimp.com devs.mailchimp.com shopware.mailchimp.com postcards.mailchimp.com delivery.mailchimp.com plums.mailchimp.com linkedin.mailchimp.com mixpanel.mailchimp.com partner-assets.mailchimp.com patreon.mailchimp.com inspiration.mailchimp.com us11.mailchimp.com us9.mailchimp.com us16.mailchimp.com us19.mailchimp.com us20.mailchimp.com us15.mailchimp.com creative.mailchimp.com posthaste.mailchimp.com us3.mailchimp.com us6.mailchimp.com us4.mailchimp.com us12.mailchimp.com us14.mailchimp.com us2.mailchimp.com us12.api.mailchimp.com us10.mailchimp.com sopresto.mailchimp.com us17.mailchimp.com us7.mailchimp.com us18.mailchimp.com us13.mailchimp.com us8.mailchimp.com us20.api.mailchimp.com meowmart.mailchimp.com fastfives.mailchimp.com us2.api.mailchimp.com us5.mailchimp.com designlab.mailchimp.com us7.api.mailchimp.com img2.mailchimp.com us11.api.mailchimp.com us5.api.mailchimp.com us16.api.mailchimp.com sawa-usercontent.mailchimp.com us9.api.mailchimp.com docmakers.mailchimp.com us6.api.mailchimp.com help.mailchimp.com resources.mailchimp.com us15.api.mailchimp.com nonprofits.mailchimp.com m.mailchimp.com us4.api.mailchimp.com us19.api.mailchimp.com lurvin.mailchimp.com jungle.mailchimp.com us17.api.mailchimp.com us10.api.mailchimp.com us18.api.mailchimp.com us3.api.mailchimp.com privacyportal-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com privacyportal-eu.onetrust.com www.onetrust.com privacyportal.onetrust.com cdn-ukwest.onetrust.com app.onetrust.com privacyportalde-cdn.onetrust.com geolocation.onetrust.com app-de.onetrust.com privacyportal-de.onetrust.com cdn-apac.onetrust.com app-eu.onetrust.com privacyportal-hulu-cdn.onetrust.com privacyportal-uk-cdn.onetrust.com cdn.onetrust.com privacyportal-uk.onetrust.com privacyportal-br-cdn.onetrust.com my.onetrust.com privacyportal-br.onetrust.com cruise-requests.my.onetrust.com privacyportal-na01-cdn.onetrust.com privacyportal-fr.onetrust.com iapp.onetrust.com sncf-portail.my.onetrust.com dpd-paris2.my.onetrust.com app.elq.onetrust.com tastemade-privacy.my.onetrust.com cdn-au.onetrust.com privacyportal-au.onetrust.com images.elq.onetrust.com allegion-privacy.my.onetrust.com privacyportal-ch.onetrust.com tcf.onetrust.com ggoutfitters-requests.my.onetrust.com privacyportal-apac.onetrust.com portal-verint.my.onetrust.com app-au.onetrust.com developer.onetrust.com uat-de.onetrust.com movado-privacy.my.onetrust.com privacyportal-allstate-cdn.onetrust.com proximospirits-privacy.my.onetrust.com free.onetrust.com privacy-portal-manpowergroup.my.onetrust.com privacyportal-discover-cdn.onetrust.com web.onetrust.com privacyportal-uat-cdn.onetrust.com privacyportal-uatde-cdn.onetrust.com info.onetrust.com support.onetrust.com chownow-requests.my.onetrust.com privacyportal-cisco-cdn.onetrust.com tv.onetrust.com data-protection-man-privacy.my.onetrust.com privacyportal-free-cdn.onetrust.com privacyportaluat.onetrust.com privacyportal-apac-cdn.onetrust.com privacyportal-free.onetrust.com smartfit-dsar.my.onetrust.com privacyportal-ch-cdn.onetrust.com privacyportaltrial-cdn.onetrust.com app-uk.onetrust.com app-apac.onetrust.com app-br.onetrust.com app-ca.onetrust.com app-ch.onetrust.com privacyportal-na01.onetrust.com lunagrill-requests.my.onetrust.com cbcfcu-requests.my.onetrust.com dropps-privacy.my.onetrust.com otcc-training.onetrust.com tdic-privacy.my.onetrust.com caire-requests.my.onetrust.com goodworldwide-requests.my.onetrust.com telteclgpd-privacy.my.onetrust.com privacyportaluatde.onetrust.com certain-requests.my.onetrust.com engieimpact-privacy.my.onetrust.com agriness-privacy.my.onetrust.com trial.onetrust.com ideas.onetrust.com lendico-privacy.my.onetrust.com go.pardot.com pi.pardot.com go.obcorp.com go.csiheat.com go.cardinaluhp.com go.barbenanalytical.com optinmonster.com cdn.datatables.net s7.addthis.com v1.addthisedge.com 'unsafe-eval'; style-src * 'unsafe-inline' creaform.my.site.com service.force.com ton.twimg.com platform.twitter.com ametekcdn2.azureedge.net ametekcdn.azureedge.net tagmanager.google.com fonts.googleapis.com; font-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net fonts.gstatic.com data:; img-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net img.mailchimp.com img2.mailchimp.com images.surveymonkey.com images.elq.onetrust.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com data: abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com; frame-src * 'unsafe-inline' enterprise-demo.tfaforms.net service.force.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com/video/ ametekcdn2.azureedge.net ametekcdn.azureedge.net; connect-src * 'unsafe-inline' creaform.my.site.com ametekcdn2.azureedge.net ametekcdn.azureedge.net www.google-analytics.com cloudflareinsights.com; worker-src 'self' ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; media-src 'self' *.akamaihd.net manifest.prod.boltdns.net *.wistia.com aifanfan.baidu.com ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; object-src 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net aifanfan.baidu.com 'self' 11
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; 11
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 11
frame-ancestors 'self'; frame-src  *.facebook.com *.google.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.yourhosting.nl *.freshdesk.com *.freshchat.com demo.arcade.software *.typeform.com *.hsforms.com *.doubleclick.net yoursitehulp.nl app.vwo.com *.versio.nl *.hubspot.com yourhosting-25507368.hs-sites-eu1.com *.adroll.com 11
none 11
default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 11
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 11
frame-ancestors 'self' http://admin.bonami.cz 11
font-src 'none' 11
default-src https: 'unsafe-inline' 'unsafe-eval' 11
block-all-mixed-content;upgrade-insecure-requests; 11
frame-ancestors 'none' ; 11
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 11
frame-ancestors 'self' mitiendanube.com *.mitiendanube.com lojavirtualnuvem.com.br *.lojavirtualnuvem.com.br mitiendanube.com.ar *.mitiendanube.com.ar mitiendanube.com.mx *.mitiendanube.com.mx mitiendanube.com.co *.mitiendanube.com.co mitiendanube.cl *.mitiendanube.cl; upgrade-insecure-requests 11
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.youtube.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 11
frame-ancestors 'self' https://citylightcloud.com https://geocentric.com https://citylight.studio 11
frame-ancestors 'self' https://*.getresponse.com 11
default-src 'self' blob: wss://umd.userlike.com/ www.connectcdk.com *.drivecentric.io *.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 gubagoo.io *.gubagoo.io *.analytics.google.com/ *.autouncle.de *.aws.porsche-preview.cloud/ *.aws.porsche.cloud/ *.clarity.ms *.cloudfront.net *.doubleclick.net *.facebook.com *.fls.doubleclick.net *.google-analytics.com/ *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googletagmanager.com *.hcaptcha.com *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com *.qualtrics.com tags.tiqcdn.com tags.tiqcdn.cn tags-eu.tiqcdn.com *.storystream.ai *.usercentrics.eu *.userlike.com ad.doubleclick.net adservice.google.com analytics.tiktok.com api.drivecentric.com assets.autouncle.com assets.prod.analytics.dealer.com bat.bing.com c.bing.com c.clarity.ms cm.teads.tv connect.facebook.net d.adroll.com dealership3d.com dealership3d.s3.ap-southeast-2.amazonaws.com edge.fullstory.com files.superchat.de fledge.teads.tv ftm.fluencyinc.co/ftm-ddc.js googleads.g.doubleclick.net https://js-agent.newrelic.com/ http://cdn.ui.porsche.com/ https://app.carnow.com/ https://cdn.gubagoo.io https://config.eu.usercentrics.eu https://hcaptcha.com https://maps.googleapis.com https://pixall.esm1.net https://porsche.com https://static.app.carnow.com https://themes.static.app.carnow.com https://sync.graph.bluecava.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com idsync.rlcdn.com ignitify-insite-scripts.drivecentric.io ignitify-insite.drivecentric.io ignitify-tagmanager-scripts.drivecentric.io ignitify-tagmanager.drivecentric.io img06.en25.com o2.eyereturn.com p.teads.tv pixel.mathtag.com px.ads.linkedin.com px4.ads.linkedin.com r.turn.com rs.fullstory.com s.adroll.com sc-static.net script.crazyegg.com scripts.foureyes.io snap.licdn.com stags.bluekai.com static-tracking.klaviyo.com static.klaviyo.com static.matterport.com t.teads.tv tags.bkrtx.com tags.bluekai.com tags.srv.stackadapt.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com tracking.crazyegg.com unpkg.com ut.foureyes.io v.clarity.ms videochat.mobilapp.io widget.superchat.de widgets.binotel.com 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net bam.nr-data.net my.tealiumiq.com evt.autouncle.com bat.bing.net wss://node.gubagoo.io; img-src 'self' blob: bat.bing.net fra1.qualtrics.com siteintercept.qualtrics.com i.ytimg.com https://userlike-cdn-operators.userlike.com/ gubagoo.io *.gubagoo.io *.aws.porsche.cloud/ *.aws.porsche-preview.cloud/ *.autouncle.de *.clarity.ms *.cloudfront.net *.doubleclick.net/ *.facebook.com *.fls.doubleclick.net *.ggpht.com *.google-analytics.com/ *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googleapis.com/ *.googletagmanager.com *.gstatic.com *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com *.usercentrics.eu ad.doubleclick.net adservice.google.com analytics.tiktok.com api.drivecentric.com assets.autouncle.com assets.prod.analytics.dealer.com bat.bing.com c.bing.com c.clarity.ms cm.teads.tv connect.facebook.net d.adroll.com dealership3d.com dealership3d.s3.ap-southeast-2.amazonaws.com edge.fullstory.com files.superchat.de fledge.teads.tv googleads.g.doubleclick.net http://cdn.ui.porsche.com/ idsync.rlcdn.com ignitify-insite-scripts.drivecentric.io ignitify-insite.drivecentric.io ignitify-tagmanager-scripts.drivecentric.io ignitify-tagmanager.drivecentric.io img06.en25.com o2.eyereturn.com p.teads.tv pixel.mathtag.com px.ads.linkedin.com px4.ads.linkedin.com r.turn.com rs.fullstory.com s.adroll.com s1755874914.t.eloqua.com script.crazyegg.com scripts.foureyes.io snap.licdn.com stags.bluekai.com static-tracking.klaviyo.com static.klaviyo.com static.matterport.com t.teads.tv tags.bkrtx.com tags.bluekai.com tags.srv.stackadapt.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com unpkg.com ut.foureyes.io v.clarity.ms videochat.mobilapp.io widget.superchat.de widgets.binotel.com static.app.carnow.com data:; style-src 'self' *.cloudfront.net *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com api.drivecentric.com *.googletagmanager.com tags.srv.stackadapt.com themes.static.app.carnow.com 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://userlike-cdn-umm.b-cdn.net/ *.porsche.cn *.porsche.com *.cloudfront.net *.porsche-preview.cn *.porsche-preview.com 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; frame-src 'self' blob: www.connectcdk.com privacyportal.onetrust.com porsche-emails-v2.s3.eu-west-2.amazonaws.com *.accelerate.dealer.com *.autouncle.de *.clarity.ms *.creditbureauconnection.com *.doubleclick.net/ *.facebook.com *.fls.doubleclick.net *.google.com *.google.de *.googleadservices.com *.googletagmanager.com *.hcaptcha.com/ *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com *.usercentrics.eu/ ad.doubleclick.net adservice.google.com analytics.tiktok.com api.drivecentric.com assets.autouncle.com assets.prod.analytics.dealer.com bat.bing.com c.bing.com c.clarity.ms cm.teads.tv connect.facebook.net cs.esm1.net d.adroll.com dealership3d.com dealership3d.s3.ap-southeast-2.amazonaws.com edge.fullstory.com files.superchat.de fledge.teads.tv googleads.g.doubleclick.net https://app.carnow.com/ https://consumer.xtime.com/ https://creditbureauconnection.com https://pauc.syndication.kbb.com/ https://porsche.com https://static.app.carnow.com https://sync.graph.bluecava.com idsync.rlcdn.com ignitify-insite-scripts.drivecentric.io ignitify-insite.drivecentric.io ignitify-tagmanager-scripts.drivecentric.io ignitify-tagmanager.drivecentric.io img06.en25.com o2.eyereturn.com p.teads.tv pixel.mathtag.com px.ads.linkedin.com px4.ads.linkedin.com r.turn.com rs.fullstory.com s.adroll.com script.crazyegg.com scripts.foureyes.io snap.licdn.com stags.bluekai.com static-tracking.klaviyo.com static.klaviyo.com static.matterport.com t.teads.tv tags.bkrtx.com tags.bluekai.com tags.srv.stackadapt.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com unpkg.com ut.foureyes.io v.clarity.ms videochat.mobilapp.io widget.superchat.de widgets.binotel.com https://www.youtube.com app-prod.flipacar.com e.issuu.com fca1.wpengine.com conscheduling.tekioncloud.com player.vimeo.com consumer.xtime.net.au www.cognitoforms.com api.connectcdk.com gain-vi.ca www.youtube-nocookie.com porsche-production.discover.chargetrip.com suite.dtdrs.dealertrack.com porsche-shared.vercel.app; 11
frame-ancestors https://*.login.smartweb.test https://*.admin.shop-sftest.io https://*.webshop-admin.scannet.dk https://*.admin.hostedshop.io https://*.admin.hostedcms.io https://*.webshop.dandomain.dk 11
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net *.newsbreak.com *.newsbreakapp.com *.upday-content.com *.upday.com *.samsung-news.com; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 10
upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com *.brightspeed.com http://static.virtualroi.com/; 10
frame-ancestors self https://*.wayfair.com https://*.wayfair.ca https://*.wayfair.co.uk https://*.wayfair.de https://*.wayfair.ie https://*.jossandmain.com https://*.allmodern.com https://*.birchlane.com https://*.perigold.com 10
frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com https://www.gather.town; 10
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com 10
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 10
frame-ancestors *.ivanti.com https://dash.cloudflare.com 10
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob: 'self' data:; object-src 'none'; child-src https: data: blob:; form-action https:; block-all-mixed-content; 10
object-src 'none'; base-uri 'none'; frame-ancestors 'self'; upgrade-insecure-requests 10
frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ https://customerportal.solarwinds.com/ https://www.g2.com/ https://app.mutinyhq.com/ 10
frame-ancestors 'self'; base-uri 'self'; 10
reflected-xss block 10
script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.verbraucherzentrale.de cdn.jsdelivr.net player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com verbraucherzentrale-sachsen.cloud.purpleview.de https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/  https://secure.spendenbank.de https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/ https://unpkg.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://secure.spendenbank.de https://matomo.verbraucherzentrale.de ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw https://unpkg.com ; frame-ancestors 'self' *.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de cdn.jsdelivr.net gemeinschaftsredaktion.de *.gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de www.fakeshoperkennung.de www.fake-shop-erkennung.de www.fakeshop-finder.de warnung.fakeshop-finder.de www.verbraucherzentrale-niedersachsen.de www.verbraucherzentrale-niedersachsen.de; object-src 'self' cdn.jsdelivr.net  *.verbraucherzentrale.de; 10
frame-ancestors https://*.flexera.com https://*.flexera.de https://*.revenera.com https://*.revenera.de https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com *.visualwebsiteoptimizer.com app.vwo.com; default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: useruploads.vwo.io *.visualwebsiteoptimizer.com app.vwo.com; form-action 'self'; script-src * 'unsafe-eval' 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com 'self' blob:; style-src * 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https: 10
frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com *.clevernt.com *.cleverwebserver.com 10
default-src * blob: data: about:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob:; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self' https://cdn.justpremium.com; form-action 'self' 10
frame-ancestors 'self' https://*.infomaker.io https://login.leaddesk.com https://login-qed.leaddesk.com https://login-qed-fi1.leaddesk.com https://login-qed-fi2.leaddesk.com 10
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: https://was-nam-us-prd-bhapi.azurewebsites.net wss://ws.qualified.com wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bhgateway.azurewebsites.net; font-src 'self' https:; frame-ancestors 'self' https; 10
frame-ancestors 'self' https://*.etracker.com 10
script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com d10lpsik1i8c69.cloudfront.net google-analytics.com analytics.google.com www.google-analytics.com iongroupdev.wpenginepowered.com; 10
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 10
default-src * data: 'unsafe-inline' 'unsafe-eval'; 10
frame-ancestors 'self' https://*.bdo.global 10
frame-ancestors 'self' https://translate.google.com 10
default-src * 'unsafe-inline' 'unsafe-eval' data: 10
default-src 'self' 'unsafe-inline' *.myconnectsuite.com *.schoolinsites.com *.pcmac.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; base-uri 'self'; form-action 'self' 'unsafe-inline' *; img-src 'self' *; connect-src 'self' *; frame-src *; media-src 'self' blob: *; worker-src 'self' blob: * 10
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; 10
base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/; font-src 'self' data: *.cloudfront.net; form-action 'self'; frame-ancestors 'self' *.mycleverpush.com; img-src * data:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' *.cloudfront.net *.usabilla.com *.getback.ch *.abtasty.com; upgrade-insecure-requests; worker-src blob: 'self' static.cleverpush.com 10
default-src 'self' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-src https:; img-src data: https:; media-src https:; object-src 'none'; sandbox allow-downloads allow-forms allow-pointer-lock allow-presentation allow-same-origin allow-scripts allow-popups; 10
upgrade-insecure-requests; frame-ancestors 'self' http://localhost https://localhost https://assaconnect.azurewebsites.net https://assaconnect-qa.azurewebsites.net https://assaconnect-staging.azurewebsites.net https://connect.assaabloy.com; default-src * data: 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; base-uri 'self'; 10
default-src http: data: 'unsafe-inline' 'unsafe-eval' 10
connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 10
frame-ancestors 'self'; report-uri /_/commcsp?disposition=enforce 10
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.33across.com *.ad-generation.jp *.adform.com *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.adpush.com.tr *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.amazon.com *.ampproject.org *.appnexus.com *.aralego.com *.axonix.com *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.bizzclick.com *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.net *.cubepile.com *.dailymotion.com *.districtm.io *.doubleclick.net *.e-planning.net *.emxdgt.com *.engagebdr.com *.exponential.com *.facebook.com *.freewheel.tv *.gamoshi.io *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.idealmedia.io *.ijit.com *.improvedigital.com *.indexexchange.com *.inmobi.com *.instagram.com *.jquery.com *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pubmatic.com *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.stroeer.com *.synacor.com *.taboola.com *.tebilisim.com *.teimg.com *.tevideo.org *.thebrave.io *.themediagrid.com *.tradingview.com *.tribalfusion.com *.twitter.com *.ucfunnel.com *.unrulymedia.com *.us.com *.vidyome.com *.vimeo.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.ru *.yieldmo.com *.youtu.be *.youtube.com bs.yandex.ru cdn.ampproject.org google.com googlesyndication.com onesignal.com pagead2.googlesyndication.com s1.adform.net track.adform.net trgde.adocean.pl; 10
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn01l.vaillant-group.com *.adalyser.com *.adform.com *.adform.net *.adroll.com *.bing.com *.consentmanager.net contactis.ua *.contentsquare.net *.criteo.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.googleapis.com *.google.com *.google.de *.gstatic.com *.hotjar.com *.ibm.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.presage.io *.serving-sys.com *.taboola.com *.youtube.com *.zenloop.com a.mgid.com acdn.adnxs.com c.seznam.cz c1.rfihub.net cdn.inis360.com cdn.oribi.io cdn-assets-prod.s3.amazonaws.com cloudrizon.formstack.com graph.facebook.com heizungonline.vaillant.de heyzine.com io.fusedeck.net mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offer.vaillant.be offre.bulex.be optimizely.s3.amazonaws.com popup.campaign.playable.com preventivi.vaillant.it s.pinimg.com s.yimg.com snap.licdn.com static.ads-twitter.com static.cleverpush.com static.criteo.net tags.creativecdn.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl widget.trustpilot.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.recaptcha.net www.instalxpert.be; connect-src 'self' ws: *.analytics.google.com *.bing.com *.bing.net *.clarity.ms *.contentsquare.net *.criteo.com *.delivery.consentmanager.net *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.hotjar.com *.hotjar.io *.linkedin.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.serving-sys.com *.taboola.com ams.creativecdn.com api.cleverpush.com capi.vaillant.es capig.stape.cc heizungonline.vaillant.de ib.adnxs.com mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offre.bulex.be offer.vaillant.be preventivi.vaillant.it s.yimg.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; style-src 'self' 'unsafe-inline' *.zenloop.com cdn01l.vaillant-group.com cloudrizon.formstack.com contactis.ua fonts.googleapis.com heizungonline.vaillant.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offer.vaillant.be offre.bulex.be preventivi.vaillant.it toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud verkoopkansen.vaillant.nl www.googletagmanager.com www.instalxpert.be; img-src 'self' blob: data: *.adalyser.com *.adform.net *.adroll.com *.bidswitch.net *.bing.com *.bing.net *.clarity.ms *.consentmanager.net *.contentsquare.net *.doubleclick.net *.facebook.net *.facebook.com *.g.doubleclick.net *.google.de *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.loyjoy.com *.outbrain.com *.presage.io *.pubmatic.com *.taboola.com a.mgid.com a.twiago.com ad.360yield.com ad.yieldlab.net app.optimizely.com c.seznam.cz capturemedia-assets.com cdn01l.vaillant-group.com cdn.optimizely.com clientes.vaillant.es clientes.saunierduval.es contactis.ua contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv e1.emxdgt.com eb2.3lift.com exchange.mediavine.com dis.criteo.com dpm.demdex.net dsum-sec.casalemedia.com fusedeck.com gum.criteo.com hb.yahoo.net heizungonline.vaillant.de ib.adnxs.com id5-sync.com jadserve.postrelease.com match.sharethrough.com matching.ivitrack.com mes-devis.saunierduval.fr mkt.saunierduval.es mkt.vaillant.es mojklient.vaillant.pl toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de offerte.bulex.be offre.bulex.be offer.vaillant.be pixel.rubiconproject.com pixel.tapad.com preventivi.vaillant.it rtb-csync.smartadserver.com r.casalemedia.com res.cloudinary.com server.seadform.net sp.analytics.yahoo.com static.cleverpush.com sync-criteo.ads.yieldmo.com us-u.openx.net ups.analytics.yahoo.com verkoopkansen.vaillant.nl visitor.omnitagjs.com; font-src 'self' data: *.loyjoy.com cdn01l.vaillant-group.com fonts.cdnfonts.com heizungonline.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offre.bulex.be offer.vaillant.be preventivi.vaillant.it script.hotjar.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; object-src 'none'; base-uri 'self'; form-action 'self' eshopspares.protherm.sk pontbevaltas.saunierduval.hu self-service.vaillant.de shop.vaillant.at http://sso.wigam.com sso.wigam.com https://sso.wigam.com:8016 http://www.columbusconnect.it *.columbusconnect.it *.officego.de *.plansoft-online.de *.saunierduval.es *.vaillant.es *.vaillant-group.com; frame-src 'self' *.adroll.com *.adform.net *.captivate.fm *.cdn.optimizely.com *.cdn-pci.optimizely.com *.consentmanager.net *.criteo.com *.doubleclick.net *.g.doubleclick.net *.google.com *.oplead.com *.pinterest.com *.protherm.cz *.rfihub.com *.saunierduval-piecedetachee.fr *.saunierduval.es *.taboola.com *.vaillant-systeme.de *.vaillantkotle.cz *.vaillant.es *.vaillant.ua 27052801.hs-sites-eu1.com aides.saunierduval.fr ams.creativecdn.com apps.vaillantgroup.org bayi.demirdokum.net cat.vaillant.it cat.hermann-saunierduval.it cloud.at.vgmarketingcloud.com contotermicovaillant.vaillantgroup.it contotermicohsd.vaillantgroup.it customer.vaillant.com.tr epaper.paper2web.ch fiches-qce.saunierduval.fr foerdermittelsuche.betatool.de form.jotform.com forms.iframes-saunierduval.es forms.office.com gutschein.vaillant.de heyzine.com identity.vaillant-group.com iframe.vaillantbayiminternette.com iqg.vaillant.com mapapartnerov.protherm.sk marktraum.betatool.de mkt.saunierduval.es optimum.vaillant.at optimum.vaillant.pl pompe-a-chaleur.saunierduval.fr portal.vaillant.ua powerfinder.vaillant.it powerfinder.hermann-saunierduval.it servicevaillant.wufoo.com servis.demirdokum.net servis.protherm.sk share-eu1.hsforms.com simulator.vaillant.com tarif-public.saunierduval.fr tools.vaillant.nl ucretsizkesif.demirdokum.com.tr urunler.demirdokum.com.tr vaillant.cleverpush.com vaillant.cyber-time.at vaillantclub.vaillant.com.tr vaillant-group.campaign.playable.com vaillant-systeme.de vf.r3f.technology widget.trustpilot.com wpcalc.vaillant.ch wwwvaillantbe.mycleverpush.com www.foerderdata.at www.foerdermittelauskunft.de www.googletagmanager.com www.kalkulator-vaillant.pl www.mepcontent.com www.recaptcha.net www.youtube.com; upgrade-insecure-requests; 10
frame-ancestors 'self' *.plataformaneo.com.br 10
frame-ancestors 'self' meisterdrucke.com meisterdrucke.de meisterdrucke.at; 10
base-uri 'self';frame-ancestors 'self' 10
object-src 'none'; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; 10
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 9
frame-ancestors 'self' *.kameleoon.com 9
script-src 'sha256-flaplfDfCH6f6Thm+ICG8kydENJ2F3U3NEppxWd2Ihw=' 'self' jobs.jobvite.com www.googletagmanager.com cdn.jwplayer.com ssl.p.jwpcdn.com; worker-src blob: 9
frame-ancestors 'self'; frame-src 'self' https://*.google.com https://www.sitecdn.com braintreegateway.com assets.braintreegateway.com googletagmanager.com https://client.dropcatch.com https://*.paypal.com https://*.paypalobjects.com https://ssl.kaptcha.com; script-src 'self' https://*.google.com https://*.gstatic.com https://*.paypal.com https://*.googletagmanager.com https://secure.dropcatch.com https://*.google-analytics.com 'unsafe-inline'; connect-src 'self' https://*.google.com https://*.amazonaws.com https://*.braintreegateway.com https://*.braintree-api.com https://uilogging.tcdevops.com https://logging.dropcatch.com https://*.google-analytics.com https://translate.dropcatch.com https://client.dropcatch.com wss://rt.dropcatch.com https://*.launchdarkly.com 9
frame-ancestors https://*.ringcentral.com https://*.ringcentral.ca https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://support.ringcentral.biz https://outlook.live.com https://outlook.office365.com https://outlook.office.com 9
default-src 'self' vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'inline-speculation-rules' https://cdn.heapanalytics.com *.heapanalytics.com https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://www.youtube.com *.doubleclick.net cdn.vercel-insights.com va.vercel-scripts.com vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com;style-src 'self' 'unsafe-inline' vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com;img-src 'self' blob: data: *.github.io avatars.githubusercontent.com user-images.githubusercontent.com vercel.com assets.vercel.com cdn.raster.app https://images.ctfassets.net https://heapanalytics.com https://*.ads.linkedin.com https://www.google.com https://i.ytimg.com https://s3.amazonaws.com;media-src 'self' blob: data: vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com;connect-src 'self' data: *.chilipiper.com *.ingest.sentry.io *.ingest.us.sentry.io wss://ws-us3.pusher.com sockjs-use3.pusher.com https://api.getkoala.com https://analytics.google.com https://www.google-analytics.com *.ads.linkedin.com *.doubleclick.net vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com;font-src 'self' vercel.com assets.vercel.com vercel.live fonts.gstatic.com *.vercel.sh;frame-ancestors 'none'; 9
frame-ancestors 'self' *.nokia.com *.ceros.com 9
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors: 'self' *.mheducation.com; 9
object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com http://*.cvent.cloud https://*.cvent.cloud; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com  https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com http://*.cvent.cloud https://*.cvent.cloud; report-uri /report-csp-violation 9
script-src 'self' 'unsafe-inline' 9
object-src 'none'; form-action 'self'; frame-ancestors 'self'; 9
default-src https: 'unsafe-eval' 'unsafe-inline'; worker-src blob:; object-src 'none'; frame-ancestors 'none' 9
frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org  www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net match.adsrvr.org; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.recaptcha.net *.lpsnmedia.net *.liveperson.net https://va.idp.liveperson.net match.adsrvr.org; 9
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: legacy.questdiagnostics.com www.questdiagnostics.com *.scene7.com  tags.tiqcdn.com  www.googletagmanager.com www.youtube.com analytics.js *.google-analytics.com *.qualtrics.com img04.en25.com cdn.cookielaw.org maps.googleapis.com *.questdiagnostics.com *.demandbase.com js.hs-analytics.net secure.quantserve.com bs.serving-sys.com api.fouanalytics.com *.linkedin.com  *.licdn.com *.facebook.net *.facebook.com *.hotjar.com; connect-src 'self' *.scene7.com  target.questdiagnostics.com *.google-analytics.com stats.g.doubleclick.net *.qualtrics.com cdn.cookielaw.org *.onetrust.com maps.googleapis.com *.questdiagnostics.com dpm.demdex.net wss: directline.botframework.com api.company-target.com api.fouanalytics.com *.demandbase.com  *.linkedin.com  *.licdn.com *.facebook.net *.facebook.com *.hotjar.com; frame-ancestors 'self' *.questdiagnostics.com *.qdx.com 9
frame-ancestors 'self' https://*.refinitiv.com https://*.lseg.com; 9
report-uri https://99designs.report-uri.com/r/d/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 9
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; 9
upgrade-insecure-requests; frame-ancestors 'none'; object-src 'none' 9
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests 9
object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 9
upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src https:; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 9
frame-ancestors 'self' https://dato-plugin-3zrf.vercel.app https://factorial-next.admin.datocms.com *.factorial.be *.factorial.ch *.factorial.co *.factorial.es *.factorial.fr *.factorial.it *.factorial.mx *.factorialhr.ar *.factorialhr.be *.factorialhr.ch *.factorialhr.cl *.factorialhr.co *.factorialhr.co.uk *.factorialhr.com.ar *.factorialhr.com.br *.factorialhr.com.de *.factorialhr.de *.factorialhr.es *.factorialhr.fr *.factorialhr.it *.factorialhr.mx *.factorialhr.pt *.fatorial.pt *.factorialhr.com 9
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 9
frame-ancestors 'self'; object-src 'self'; 9
default-src 'self'; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://suggestqueries.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 9
default-src * 'unsafe-inline' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.rambler.ru dsp-rambler.ru *.dsp-rambler.ru *.rambler-co.ru *.top100.ru *.s3.yandex.net *.market.yandex.ru *.yandex.ru *.maps.yandex.net yandex.ru yastatic.net *.webvisor.org smartcaptcha.yandexcloud.net www.google-analytics.com www.googletagmanager.com *.weborama.fr *.weborama-tech.ru weborama-tech.ru *.adlooxtracking.com adlooxtracking.com *.adlooxtracking.ru adlooxtracking.ru adriver.com adriver.ru *.adriver.com *.adriver.ru *.serving-sys.ru *.serving-sys.com serving-sys.ru serving-sys.com *.smi2.net *.smi2.ru smi2.ru *.24smi.net *.mail.ru *.mindbox.ru *.rnet.plus *.adfox.ru *.jsdelivr.net *.pushwoosh.com *.createjs.com *.facebook.net *.reddigital.ru *.geniusaudience.com *.gnezdo.ru *.hit.gemius.pl *.prom.app.sberdevices.ru *.2xclick.ru *.infox.sg *.otm-r.com stat.media *.terratraf.io *.soloway.ru vk.com *.getsitecontrol.com www.tns-counter.ru *.mradx.net *.ampproject.org *.bumlam.com *.imgsniper.com *.terratraf.com *.digitaltarget.ru blob:; report-to csp.rambler-co.ru 9
frame-ancestors 'self' *.contentstack.com 9
img-src 'self' data:; default-src 'self' 'unsafe-inline' 9
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 9
frame-ancestors 'self'  teams.microsoft.com *.teams.microsoft.com 9
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 9
frame-ancestors 'self' https://*.hubspot.com 9
frame-ancestors 'self' https://*.qtx.dev https://*.dev.qtxquartz.com https://*.stage.qtxquartz.com https://www.fiercewireless.com https://www.fiercetelecom.com https://sample.dragonforms.com https://*.questexinfo.com http://resources.questex.com https://resources.questex.com 9
default-src 'self'; connect-src *; font-src data: *; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 9
frame-src 'self' https://cflscoreboard.cfl.ca/ http://cflscoreboard.cfl.ca/ https://*.googlesyndication.com https://www.facebook.com/ https://www.google.com/ https://players.brightcove.net/ https://*.doubleclick.net https://player.simplecast.com/ https://*.oseg.ca https://www.youtube.com/ https://*.fevo.com/ https://forums.cfl.ca/ https://*.argonauts.ca/ https://player.vimeo.com/ https://w.soundcloud.com/ https://*.f2p.media.geniussports.com/ https://cdn.flipsnack.com/ https://mlse.formstack.com/ https://issuu.com/ https://gsm-widgets.betstream.betgenius.com/ https://chat.satis.fi/ https://tradablebits.com/ https://embed.waze.com/ https://gamezone.cfl.ca/ https://platform.twitter.com/ https://www.instagram.com/ https://www.tiktok.com/ https://interland3.donorperfect.net/ https://chartbeat.com/ https://static2.chartbeat.com/ https://*.acuityscheduling.com/ https://*.tagboard.com/ https://caimgs.s3-ca-central-1.amazonaws.com/ https://cdn.userway.org/ https://www.surveymonkey.com/ https://player.streamguys.com/ https://www.buzzsprout.com https://www.googleadservices.com/ https://console.googletagservices.com/ https://play.ottawaredblacks.com/ https://www.googletagservices.com/ https://www.tdplace.ca/ https://www.placetd.ca/ https://fevo-enterprise.com/ https://x.adroll.com/ https://www.googletagmanager.com/ https://ep2.adtrafficquality.google/; 9
frame-ancestors 'self' pro.leparking.ch pro.dasparking.de pro.leparking.fr pro.theparking-cars.co.uk pro.theparking.ca pro.theparking-cars.com pro.leparking.be bresil.leparking.fr pro.nl.leparking.be pro.fr.theparking.ca roextpro.ads4all.fr atextpro.ads4all.fr bgextpro.ads4All.fr czextpro.ads4all.fr eeextpro.ads4all.fr grextpro.ads4all.fr hrextpro.ads4all.fr huextpro.ads4all.fr ltextpro.ads4all.fr luextpro.ads4all.fr lvextpro.ads4all.fr siextpro.ads4all.fr skextpro.ads4all.fr pro.de.leparking.ch keextpro.ads4all.fr pro.el-parking.es pro.oparking.pt pro.theparking.eu pro.el-parking.pe pro.leparking.ma pro.ilparking.it; 9
object-src 'self'; 9
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.sharethis.com *.botmd.io *.google-analytics.com  cdn.ampproject.org; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.simsys.sg *.sharethis.com *.cdninstagram.com *.botmd.io *.s3.amazonaws.com *.google-analytics.com *.google.com *.google.com.sg; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.sharethis.com player.vimeo.com *.facebook.com *.youtube.com *.botmd.io *.google.com https://form.gov.sg td.doubleclick.net youtu.be www.googletagmanager.com my.matterport.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.sharethis.com bcp.crwdcntrl.net *.ent.ap-southeast-1.aws.found.io *.google-analytics.com https://stats.g.doubleclick.net *.amazonaws.com https://data.stbuttons.click/data c.ltmsphrcl.net; media-src 'self' data: blob: *.cdninstagram.com *.botmd.io *.s3.amazonaws.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: data:; object-src 'none' 9
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com; frame-ancestors 'none'; img-src 'self' data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https:; upgrade-insecure-requests; 9
frame-ancestors https://app.storyblok.com/ 9
frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; script-src 'sha256-7/fy7EjXUskn9MLHbin/b0A7LQ32mACPQ2SdNj/O/vA=' 'unsafe-inline'; require-trusted-types-for 'script'; 9
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:; 9
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://statistikk.fnsp.no/ https://web-sdk-eu.aptrinsic.com/ https://code.jquery.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ https://cdn.tiny.cloud https://www.cdisol.blog https://js.monitor.azure.com; object-src 'none'; manifest-src https://www.cdisol.blog; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://web-sdk-eu.aptrinsic.com/ https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net/ https://www.cdisol.blog; font-src 'self' data: https://fonts.gstatic.com/ https://dhm5hy2vn8l0l.cloudfront.net/ https://web-sdk-eu.aptrinsic.com/; img-src 'self' data: https://*.nhn.no https://www.fnsp.no https://www.ahus.no/ https://ahus.no https://www.betanienhospital.no/ https://betanienhospital.no/ https://www.betaniensykehus.no https://betaniensykehus.no https://www.diakonhjemmetsykehus.no https://diakonhjemmetsykehus.no https://fellesinnhold.hn.nhn.no/ https://www.finnmarkssykehuset.no https://finnmarkssykehuset.no https://www.haraldsplass.no/ https://haraldsplass.no/ https://www.hsr.as https://hsr.as https://www.helgelandssykehuset.no https://helgelandssykehuset.no https://www.helse-bergen.no https://helse-bergen.no https://www.helse-fonna.no https://helse-fonna.no https://www.helse-forde.no https://helse-forde.no https://www.helse-midt.no https://helse-midt.no https://www.helse-mr.no https://helse-mr.no https://www.helsenordikt.no https://helsenordikt.no https://www.helse-nord.no https://helse-nord.no https://www.hnt.no https://hnt.no https://www.helse-sorost.no https://helse-sorost.no https://www.helse-stavanger.no https://helse-stavanger.no https://www.helse-vest-ikt.no https://helse-vest-ikt.no https://www.helse-vest.no https://helse-vest.no https://www.helseplattformen.no https://helseplattformen.no https://www.hdo.no/ https://hdo.no/ https://www.hemit.no https://hemit.no https://www.kvalitetsregistre.no https://www.lovisenbergsykehus.no https://lovisenbergsykehus.no https://www.luftambulanse.no https://luftambulanse.no https://www.martinahansen.no/ https://martinahansen.no/ https://www.jdps.no/ https://jdps.no/ https://www.olaviken.no https://olaviken.no https://www.nordlandssykehuset.no https://nordlandssykehuset.no https://www.nortrials.no/ https://nortrials.no/ https://www.nyemetoder.no/ https://nyemetoder.no/ https://www.oslo-universitetssykehus.no https://oslo-universitetssykehus.no https://www.pasientreiser.no https://pasientreiser.no https://www.revmatismesykehuset.no/ https://revmatismesykehuset.no/ https://www.saman.no https://saman.no https://www.sjukehusapoteka-vest.no https://sjukehusapoteka-vest.no https://www.solli.no https://solli.no https://www.sshf.no/ https://sshf.no/ https://sthf.no https://www.sthf.no https://www.spesialisthelsetjenesten.no https://spesialisthelsetjenesten.no https://www.stolav.no https://stolav.no https://www.sunnaas.no/ https://sunnaas.no/ https://www.sykehusapotekene.no https://sykehusapotekene.no https://www.sykehusapotek-nord.no https://sykehusapotek-nord.no https://www.sykehusapoteket.no https://sykehusapoteket.no https://www.sykehusbygg.no https://sykehusbygg.no https://www.sykehuset-ostfold.no https://sykehuset-ostfold.no https://siv.no/ https://www.siv.no/ https://www.sykehuset-innlandet.no https://sykehuset-innlandet.no https://www.sykehusinnkjop.no https://sykehusinnkjop.no https://www.sykehuspartner.no https://sykehuspartner.no https://www.unn.no https://unn.no https://www.vestreviken.no https://vestreviken.no https://bjorkeli.no https://www.bjorkeli.no https://sp.tinymce.com; media-src 'self' https://*.nhn.no https://www.ahus.no/ https://ahus.no https://www.betanienhospital.no/ https://betanienhospital.no/ https://www.betaniensykehus.no https://betaniensykehus.no https://www.diakonhjemmetsykehus.no https://diakonhjemmetsykehus.no https://fellesinnhold.hn.nhn.no/ https://www.finnmarkssykehuset.no https://finnmarkssykehuset.no https://www.haraldsplass.no/ https://haraldsplass.no/ https://www.hsr.as https://hsr.as https://www.helgelandssykehuset.no https://helgelandssykehuset.no https://www.helse-bergen.no https://helse-bergen.no https://www.helse-fonna.no https://helse-fonna.no https://www.helse-forde.no https://helse-forde.no https://www.helse-midt.no https://helse-midt.no https://www.helse-mr.no https://helse-mr.no https://www.helsenordikt.no https://helsenordikt.no https://www.helse-nord.no https://helse-nord.no https://www.hnt.no https://hnt.no https://www.helse-sorost.no https://helse-sorost.no https://www.helse-stavanger.no https://helse-stavanger.no https://www.helse-vest-ikt.no https://helse-vest-ikt.no https://www.helse-vest.no https://helse-vest.no https://www.helseplattformen.no https://helseplattformen.no https://www.hdo.no/ https://hdo.no/ https://www.hemit.no https://hemit.no https://www.lovisenbergsykehus.no https://lovisenbergsykehus.no https://www.luftambulanse.no https://luftambulanse.no https://www.martinahansen.no/ https://martinahansen.no/ https://www.jdps.no/ https://jdps.no/ https://www.olaviken.no https://olaviken.no https://www.nordlandssykehuset.no https://nordlandssykehuset.no https://www.nortrials.no/ https://nortrials.no/ https://www.nyemetoder.no/ https://nyemetoder.no/ https://www.oslo-universitetssykehus.no https://oslo-universitetssykehus.no https://www.pasientreiser.no https://pasientreiser.no https://www.revmatismesykehuset.no/ https://revmatismesykehuset.no/ https://www.saman.no https://saman.no https://www.sjukehusapoteka-vest.no https://sjukehusapoteka-vest.no https://www.solli.no https://solli.no https://www.sshf.no/ https://sshf.no/ https://sthf.no https://www.sthf.no https://www.spesialisthelsetjenesten.no https://spesialisthelsetjenesten.no https://www.stolav.no https://stolav.no https://www.sunnaas.no/ https://sunnaas.no/ https://www.sykehusapotekene.no https://sykehusapotekene.no https://www.sykehusapotek-nord.no https://sykehusapotek-nord.no https://www.sykehusapoteket.no https://sykehusapoteket.no https://www.sykehusbygg.no https://sykehusbygg.no https://www.sykehuset-ostfold.no https://sykehuset-ostfold.no https://siv.no/ https://www.siv.no/ https://www.sykehuset-innlandet.no https://sykehuset-innlandet.no https://www.sykehusinnkjop.no https://sykehusinnkjop.no https://www.sykehuspartner.no https://sykehuspartner.no https://www.unn.no https://unn.no https://www.vestreviken.no https://vestreviken.no https://bjorkeli.no https://www.bjorkeli.no; connect-src 'self' https://fellesinnhold.fnsp.nhn.no https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://pui.episerver.net/ https://dc.services.visualstudio.com/; frame-src 'self' https://dashboard.find.episerver.net/ https://uib.cloud.panopto.eu/ https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://vimeo.com/ https://youtu.be/ https://medfilm.se/ https://film.oslo-universitetssykehus.no/ https://ntnu.cloud.panopto.eu/ https://open.spotify.com/ https://podcasts.apple.com https://ekstranett.helse-midt.no/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://fellesinnhold.fnsp.nhn.no https://fnsp.fnsp.nhn.no https://www.fnsp.no https://navikt.github.io https://acast.com/ https://www.acast.com/ https://players.brightcove.net/ https://sketchfab.com https://*.fnsp.nhn.no https://app.powerbi.com https://prat.fnsp.no https://login.microsoftonline.com https://skde.org https://test.skde.no https://apps.skde.no https://data.stolav.no/ https://prod-tabellverk.skde.org/; frame-ancestors 'self'; 9
frame-ancestors 'self' *.sivuviidakko.fi *.lianacms.com *.tagomocms.fi; 9
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: amazon-adsystem.com *.amazon-adsystem.com  paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *; frame-ancestors 'self' ekat.festool.de *.festool.com 9
style-src 'self' blob: 'unsafe-inline' *.maze.co *.google.com *.gstatic.com *.abtasty.com *.crazyegg.com *.googleapis.com *.satisfait-ou-rembourse-braun.fr *.offre-promotionnelle.fr *.salesforce-sites.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.googleanalytics.com *.pg.com *.bazaarvoice.com *.force.com *.pricespider.com *.lytics.io *.mapbox.com *.akamaihd.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: static.affilae.com de-grafana-agent-prod.pg.com de-grafana-agent-dev.pg.com unpkg.com *.maze.co *.abtasty.com *.googleoptimize.com *.crazyegg.com *.googleanalytics.com *.impactcdn.com *.crwdcntrl.net *.googleadservices.com *.pg.com *.offre-promotionnelle.fr *.satisfait-ou-rembourse-braun.fr *.salesforce-sites.com *.salesforce.com *.my.salesforce.com *.criteo.com *.adform.net *.outbrain.com *.pypestream.com *.serving-sys.com *.tiktok.com *.youtube.com *.braun.com *.googletagmanager.com *.dynatrace.com dynatrace.com *.ads-twitter.com *.salesforceliveagent.com google.com gstatic.com *.gstatic.com *.google.com *.abtasty.com *.pypestream.eu *.force.com *.salesfoce.com *.cookielaw.org *.google-analytics.com *.facebook.net *.pricespider.com *.segment.com *.lytics.io *.jebbit.com pghub.io *.doubleclick.net *.crazyegg.com *.googleapis.com *.zeotap.com *.adsrvr.org *.iesnare.com *.ipify.org *.bazaarvoice.com *.moatads.com *.mapbox.com *.akamaihd.net feed.pghub.io pandg.tapad.com ; font-src 'self' *.maze.co *.gstatic.com *.googleapis.com *.gstatic.com *.pg.com *.windows.net fonts.gstatic.com maxcdn.bootstrapcdn.com res.cloudinary.com data: feed.pghub.io pandg.tapad.com ; img-src * 'self' data: https: blob: *.maze.co *.google.com *.abtasty.com *.amazonaws.com *.crazyegg.com *.pricespider.com *.ctfassets.net ; default-src 'self' data: wss: *.maze.co *.twitch.tv *.sjv.io *.azureedge.net *.flashtalking.com www.cashback-silkepil-et-accessoires.fr *.sor-braun.fr *.lightyearapi.com *.crazyegg.com *.google.com *.abtasty.com *.crwdcntrl.net *.youtube-nocookie.com youtube-nocookie.com pg-lex--dev.sandbox.my.salesforce-sites.com *.offre-promotionnelle.fr *.satisfait-ou-rembourse-braun.fr *.salesforce-sites.com *.analytics.google.com *.braun-concours-jenifer.fr *.concours-braun.fr *.offre-promotionnelle.fr *.pg.com *.criteo.com *.serving-sys.com *.serving-sys.com *.tiktok.com *.cashback-braun.fr *.cashbackipls2.fr *.cashbackshaverss2.fr *.satisfaitourembourse-braun.fr *.digital-promo.de *.dynatrace.com *.azure-api.net *.braun-ics.com *.braun.com *.braun.de *.youtube.com *.force.com *.doubleclick.net *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.adsrvr.org *.tapad.com *.segment.io *.segment.com *.lytics.io *.crazyegg.com *.googleapis.com *.zeotap.com *.facebook.com *.doubleclick.net *.jebbit.com *.windows.net geolocation-db.com *.onetrust.com *.iesnare.com *.bazaarvoice.com *.moatads.com *.mapbox.com *.pricespider.com *.akamaihd.net *.pg.com *.algolia.net *.contentful.com *.ctfassets.net feed.pghub.io ; 9
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 9
default-src * ; script-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; object-src *; media-src *; frame-src *; connect-src *; worker-src * blob:; 9
unsafe-inline 9
report-to default 9
default-src * 'unsafe-eval' 'unsafe-inline' data: mediastream: blob: filesystem:; 9
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 9
default-src 'self'; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; 9
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' unsafe-inline; script-src 'self' * data: blob: unsafe-inline 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: unsafe-inline 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: unsafe-inline 'unsafe-inline'; img-src * data: blob: unsafe-inline 'unsafe-inline'; media-src * data: blob: unsafe-inline 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: unsafe-inline 'unsafe-inline'; font-src * data: blob: unsafe-inline 'unsafe-inline'; frame-ancestors 'none' 9
frame-ancestors https://customer.educations.com 9
default-src 'none'; connect-src yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://fundingchoicesmessages.google.com  http://pagead2.googlesyndication.com https://csi.gstatic.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com https://clk.streamgo.ru 'report-sample'; font-src https://yastatic.net https://fonts.gstatic.com; frame-src https://yastatic.net https://*.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com 'report-sample'; img-src * data: 'report-sample'; manifest-src 'self'; media-src data: 'self' https://strm.yandex.ru https://*.strm.yandex.net https://cdn.streamgo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yandex.ru https://yastatic.net https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.gh https://adservice.google.com.ng https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://adservice.google.sk https://adservice.google.sn https://adservice.google.tm https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://mc.yandex.com 'report-sample'; style-src 'self' 'unsafe-inline' https://www.gstatic.com 'report-sample'; report-uri /csp-report.php 9
frame-ancestors 'self' *.plentymarkets-cloud-ie.com *.my.plentysystems.com 9
script-src 'self' 'unsafe-eval' blob: open.spotifycdn.com open-exp.spotifycdn.com open-review.spotifycdn.com open-exp-review.spotifycdn.com quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://www.redditstatic.com/ads/pixel.js https://t.contentsquare.net/uxa/22f14577e19f3.js https://get.microsoft.com/badge/ms-store-badge.bundled.js 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=' 'sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s='; frame-ancestors 'self' https://adgen-dev.spotify.com/account/*/ad/*/details https://adgen-dev.spotify.com/preview/* https://local.spotify.net/account/*/ad/*/details https://local.spotify.net/preview/*; 8
frame-ancestors 'self' *.cybersource.com *.salesforce.com *.force.com *.salesforce-sites.com ; form-action *.cybersource.com *.salesforce.com *.force.com 'self' *.salesforce-sites.com 8
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 8
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.company-target.com *.basis.net *.sitescout.com *.mktoresp.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com s1795.t.eloqua.com script.hotjar.com scripts.demandbase.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com secure.eloqua.com dpm.demdex.net api.demandbase.com autocomplete.demandbase.com tag.demandbase.com platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net app.integrate.com munchkin.marketo.net https://js.sentry-cdn.com https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.company-target.com *.basis.net *.sitescout.com *.mktoresp.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com s1795.t.eloqua.com script.hotjar.com scripts.demandbase.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com secure.eloqua.com dpm.demdex.net api.demandbase.com autocomplete.demandbase.com tag.demandbase.com platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net app.integrate.com munchkin.marketo.net https://js.sentry-cdn.com https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; style-src 'self' 'unsafe-inline' *.redhat.com fonts.googleapis.com js.driftt.com autocomplete.demandbase.com https://static.redhat.com https://www.redhat.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' tracks.redhat.com; report-uri https://o425042.ingest.sentry.io/api/5370002/security/?sentry_key=676ea2c2d4a147c2834066d24c04a9e4&sentry_environment=prod 8
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 8
object-src *; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; 8
frame-ancestors 'self' https://blog.hootsuite.com https://app.contentful.com https://hootsuite.com https://staging.hootsuite.com/; report-uri https://o3805.ingest.sentry.io/api/6608832/security/?sentry_key=f44c14ec894c4667b3fd34b84042794d 8
default-src 'self';  worker-src 'self' blob:;  script-src 'self' 'unsafe-eval' 'unsafe-inline'     https://*.googleapis.com     https://*.gstatic.com     *.google.com     https://*.ggpht.com     *.googleusercontent.com     blob:     https://www.jsctool.com     https://jsctool.com     https://*.optimizely.com     https://secure.pay1.de     https://www.img-bahn.de     https://cms.static-bahn.de     https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com     https://hcaptcha.com     https://*.hcaptcha.com     https://*.bahn.de     https://*.bahn.com     https://app.crossengage.io     https://ucm-eu.verint-cdn.com     https://*.go-mpulse.net;  connect-src 'self'     https://*.googleapis.com     *.google.com     https://*.gstatic.com     data:     blob:     https://p11.techlab-cdn.com     https://www.jsctool.com     https://jsctool.com     https://assets.static-bahn.de     https://dmp.adform.net     https://siteintercept.qualtrics.com     https://logx.optimizely.com     https://*.optimizely.com     https://hcaptcha.com     https://*.hcaptcha.com     https://collect.tealiumiq.com     https://trk-api.crossengage.io     https://accounts.bahn.de     https://ucm-eu.verint-cdn.com     https://hoover-eu.verint-api.com     https://*.akstat.io     https://*.go-mpulse.net     wss://hoover-eu.verint-api.com;  frame-src 'self'     https://s-bahn-hh.specials-bahn.de/     *.google.com     https://cms.static-bahn.de     https://secure.pay1.de     https://hcaptcha.com     https://*.hcaptcha.com     https://*.bahn.de     https://www.abo-bahn.de     https://db.novafind.eu     https://transport.novafind.eu     https://a791773171.cdn.optimizely.com/     https://s-bahn-muenchen-live.de     https://accounts.bahn.de     https://db-bordgastronomie.de     https://ersatzkarte-dbregiobusnord.de     https://analytics.geops.de     https://*.sbahnm.geops.de     https://fipo.deutschebahn.com     https://regioforce.my.salesforce-sites.com     https://www.jugendticket-nds.de     https://a1.adform.net     https://dbstreckenagent.de     https://www.dbstreckenagent.de;  frame-ancestors 'self';  style-src 'self'     https://fonts.googleapis.com     https://www.jsctool.com     https://jsctool.com     https://hcaptcha.com     https://*.hcaptcha.com     'unsafe-inline';  font-src 'self' data: https://fonts.gstatic.com;  img-src 'self'     https://*.static-bahn.de     https://*.googleapis.com     https://*.gstatic.com     *.google.com     *.googleusercontent.com     https://www.awin1.com     https://partner-bahn.de     https://cm.g.doubleclick.net     https://fcmatch.google.com     https://fcmatch.youtube.com     https://dmp.adform.net     https://cdn.optimizely.com     https://*.qualtrics.com     https://assets.static-bahn.de     https://*.bahn.de     https://assets-ri.extranet.deutschebahn.com     https://cms.static-bahn.de     https://*.akstat.io     data:;  media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 8
upgrade-insecure-requests;report-uri /csp-violation-report-endpoint/ 8
base-uri 'self'; style-src 'self' 'unsafe-inline' https://static.popmechanic.ru https://events.nethouse.ru https://fonts.googleapis.com *.jivo.ru *.jivosite.com; img-src 'self' https://res.cloudinary.com https://vk.com https://*.vk.com https://*.mindbox.ru https://www.google-analytics.com https://top-fwz1.mail.ru https://*.googlesyndication.com https://tr.lfeeder.com https://www.google.ru https://tr-rc.lfeeder.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com *.jivo.ru *.jivosite.com data: blob:; connect-src 'self' https://*.doubleclick.net https://res.cloudinary.com https://www.google-analytics.com https://top-fwz1.mail.ru https://privacy-cs.mail.ru https://analytics.google.com https://*.analytics.google.com https://fundingchoicesmessages.google.com https://*.googlesyndication.com https://mc.yandex.ru https://mc.yandex.com https://yandex.ru https://yandex.com https://*.mindbox.ru https://jivo-userdata.obs.ru-moscow-1.hc.sbercloud.ru wss://*.jivosite.com wss://*.jivo.ru *.jivo.ru *.jivosite.com; form-action 'self'; frame-ancestors 'self' *.jivo.ru *.jivosite.com https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://cloudinary.com https://*.cloudinary.com; child-src https://mc.yandex.ru https://mc.yandex.com; frame-src 'self' *.jivo.ru *.jivosite.com https://*.youtube.com https://vk.com https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://*.facebook.com https://top-fwz1.mail.ru https://*.marquiz.ru https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://events.nethouse.ru https://cloudinary.com https://*.cloudinary.com https://go.vooozer.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha; block-all-mixed-content; 8
frame-ancestors https://*.marketo.com 8
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com duo.com *.umbrella.com *.pricespider.com *.mapbox.com  *.vercel.app cdnjs.cloudflare.com https://community.cisco.com/; 8
default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 8
frame-ancestors 'self' https://cxone.niceincontact.com https://cxone-gov.niceincontact.com 8
script-src 'self' 'unsafe-eval' 'unsafe-inline' app.storyblok.com connect.facebook.net analytics.tiktok.com cdn.brcdn.com *.adform.net www.google-analytics.com sc-static.net s.pinimg.com fsi.thomann.de www.youtube.com challenges.cloudflare.com *.payments-amazon.com www.googleadservices.com userlike-cdn-umm.b-cdn.net bat.bing.com www.googletagmanager.com www.googletagservices.com tr.snapchat.com ct.pinterest.com js.appboycdn.com *.g.doubleclick.net widgets.trustedshops.com tpc.googlesyndication.com *.clarity.ms cdn.avo.app maps.googleapis.com pagead2.googlesyndication.com unpkg.com/@hotwired/turbo; frame-src 'self' *.g.doubleclick.net *.safeframe.googlesyndication.com challenges.cloudflare.com ct.pinterest.com td.doubleclick.net tpc.googlesyndication.com tr.snapchat.com www.facebook.com www.google.com www.youtube-nocookie.com www.googletagmanager.com; frame-ancestors 'self' app.storyblok.com; object-src 'none' 8
block-all-mixed-content;frame-ancestors *.mail.com 8
frame-ancestors *; upgrade-insecure-requests; object-src 'none' 8
frame-src https://www.google.com https://app.hubspot.com https://forms.hsforms.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; form-action 'self' https://forms.hsforms.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://js.usemessages.com/conversations-embed.js https://js.hsforms.net/forms/embed/v2.js https://ssl.google-analytics.com/ga.js https://www.pagespeed-mod.com/v1/taas; 8
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 8
frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id https://*.videoconverter.com https://*.fastreel.com http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707147/security/?sentry_key=839cab03978446cdbf603f5f5022e843&sentry_environment=production; report-to csp-endpoint 8
frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.vfz-services.nl https://*.prod.aws.ziggo.io https://*.acc.aws.ziggo.io https://*.dev.aws.ziggo.io https://*.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl; 8
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://live.flyp.tv; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://*.flockler.com https://*.twimg.com; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://*.flockler.com https://*.twimg.com; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital https://preview-kaenef.bmwk.de https://live.flyp.tv; frame-ancestors 'self' http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; 8
frame-ancestors 'self' *.tournamentsoftware.com *.toernooi.nl 8
frame-ancestors *.npo.nl *.bijnpo.nl *.npotest.nl *.npoacc.nl 8
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://hossa.inwx.com *.zammad.inwx.de ws: wss: *.google-analytics.com stats.g.doubleclick.net *.hossa.inwx.com; 8
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net c.la3-c1-fra.salesforceliveagent.com d.la3-c1-fra.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com c.la2-c2-cdg.salesforceliveagent.com c.la1-c2-par.salesforceagent.com d.la2-c2-cdg.salesforceliveagent.com bam-cell.nr-data.net fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com sc-static.net analytics.tiktok.com bat.bing.com fpt.absa.co.za p.teads.tv 8
upgrade-insecure-requests; frame-ancestors 'none'; 8
upgrade-insecure-requests ; default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; style-src 'self' https://*.apple.com 'unsafe-inline'; font-src 'self' https://*.apple.com; media-src 'self' https://*.apple.com blob:; connect-src 'self' https://*.apple.com https://*.mzstatic.com; script-src 'self' https://*.apple.com 'unsafe-eval' 'sha256-4ywTGAe4rEpoHt8XkjbkdOWklMJ/1Py/x6b3/aGbtSQ=' blob:; frame-src 'self' https://*.apple.com itmss: itms-appss: itms-bookss: itms-itunesus: itms-messagess: itms-podcasts: itms-watchs: macappstores: musics: apple-musics: podcasts: videos:; 8
img-src 'self' data: https: 8
worker-src 'self' https:; 8
default-src https: data: wss://*.hotjar.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 8
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 8
child-src 'self' blob:;connect-src * ws-mt1.pusher.com https://accounts.google.com/gsi/;default-src 'self' assets.travix.com *.cdn-net.com;img-src 'self' * data:;font-src 'self' data: assets.travix.com fonts.googleapis.com fonts.gstatic.com js.skyscnr.com;object-src 'self';media-src 'self';manifest-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https: cdnjs.cloudflare.com/polyfill assets.travix.com six.cdn-net.com tagmanager.google.com *.criteo.com *.cdn-net.com *.doubleclick.net *.facebook.net *.facebook.com *.googleadservices.com ad.zanox.com ads.travelaudience.com adservice.google.com analytics.skyscanner.net awin1.com bat.bing.com cdn.pushalert.co ck.ncclick.co.kr click.accesstrade.in.th clkuk.tradedoubler.com connect.facebook.net deploy.mopinion.com ds1.nl dwin1.com emjcd.com google-analytics.com googletagmanager.com securepubads.g.doubleclick.net kayak.com static.ads-twitter.com t.cfjump.com t1.daumcdn.net tm.tradetracker.net track.adform.net track.omguk.com tradedoubler.net ts.tradetracker.net wcs.naver.net *.creativecdn.com cars.cartrawler.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://accounts.google.com/gsi/client *.cartrawler.com static.assets.uat.trip.travix.com static-assets.travix.com;style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com tagmanager.google.com googletagmanager.com cars.cartrawler.com product-router.cartrawler.com d6tizftlrpuof.cloudfront.net https://accounts.google.com/gsi/style *.cartrawler.com;frame-src www.booking.com *.bstatic.com *.doubleclick.net ogone-tpp.prd.travix.com aci-tpp.prd.travix.com centinelapi.cardinalcommerce.com pay.google.com *.cdn-net.com product-router.cartrawler.com https://claims.cloud.hopper.com/ https://checkout.paypal.com/ https://www.sandbox.paypal.com/ https://www.paypal.com/ *.cardinalcommerce.com https://www.google.com/maps/ https://www.youtube.com/embed/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.creativecdn.com https://accounts.google.com/gsi/ *.trip.com;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 8
img-src * data: 8
frame-ancestors 'self' https://*.fun.com 8
default-src 'self';connect-src 'self' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com https://accounts.google.com/gsi/ *.google-analytics.com www.googletagmanager.com csi.gstatic.com habboo-a.akamaihd.net d29usylhdk1xyu.cloudfront.net;img-src 'self' data: *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com *.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com habboo-a.akamaihd.net images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com cdn.rpxnow.com pay.openbucks.com trck.spoteffects.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.habbo.com https://appleid.cdn-apple.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com connect.facebook.net https://accounts.google.com/gsi/client *.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com apis.google.com rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net;style-src 'self' 'unsafe-inline' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com;child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com data:;frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br;form-action 'self' https://login.habbo.com https://help.habbo.com https://help.habbo.de https://help.habbo.es https://help.habbo.fi https://help.habbo.fr https://help.habbo.it https://help.habbo.nl https://help.habbo.com.br https://help.habbo.com.tr habbohelpbr.zendesk.com habbohelpen.zendesk.com habbohelpde.zendesk.com habbohelpes.zendesk.com habbohelpfi.zendesk.com habbohelpfr.zendesk.com habbohelpit.zendesk.com habbohelpnl.zendesk.com habbohelptr.zendesk.com;upgrade-insecure-requests ;report-uri /csp/report 8
object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self'; 8
upgrade-insecure-requests; default-src *; media-src * data: blob: rtmp: mediastream:; child-src * data: blob: gsa: webviewprogressproxy:; img-src * data: blob: android-webview-video-poster:; script-src * 'unsafe-inline' 'unsafe-eval' data: opera:; frame-src * 'unsafe-inline' data: gsa: webviewprogressproxy:; style-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' ws: wss:; font-src * data:; object-src *; report-uri /members/util/log_csp/ 8
frame-ancestors https://*.com 8
frame-ancestors 'self' *.hivelocity.net 8
frame-ancestors 'self' https://school.novakidschool.com 8
frame-ancestors https://*.enjoy4fun.com https://*.beesads.com 8
script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 8
upgrade-insecure-requests; base-uri 'self' 8
default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 8
frame-ancestors 'self' www.charleskeith.com www.pedroshoes.com 8
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; form-action 'self'; 8
frame-ancestors https://*.teknikproffset.se https://pj-guiding-content.sanity.studio 'self' 8
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist 8
upgrade-insecure-requests;script-src * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src * 'unsafe-inline';img-src * data:;font-src *;connect-src *;manifest-src data:;frame-ancestors 'self';form-action *;base-uri 'self';object-src 'none' 8
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 8
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 8
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 8
frame-ancestors 'self' https://virtual-tours.msccruises.com; 8
default-src http: 'unsafe-inline' 'unsafe-eval' 8
object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 8
font-src fonts.gstatic.com use.typekit.net *.cdnfonts.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://media.flixcar.com https://media.flixfacts.com *.oppwa.com https://cdn.cs.1worldsync.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.twitter.com https://credomatic.compassmerchantsolutions.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://staging.ptranz.com/api/spi/Conductor https://gateway.ptranz.com/api/spi/Conductor https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.google.com/ https://www.youtube.com *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.v1.modern-life-interactive.com https://v1.modern-life-interactive.com hn.ficoposonline.com *.cloudfront.net https://notrack.indexado.pmbox.cloud media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://centinelapistag.cardinalcommerce.com/ https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://vpos.infonet.com.py/ https://vpos.infonet.com.py:8888/ https://centinelapi.cardinalcommerce.com https://centinelapi.cardinalcommerce.com/V1/Cruise/Collect 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://www.magezon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://lcoimgprod-grupounicomer.netdna-ssl.com https://cmsuat.lacuracaonline.com https://maps.gstatic.com https://maps.googleapis.com/ *.online-metrix.net https://radioshackla-uat-grupounicomer.netdna-ssl.com https://log.pinterest.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://img.youtube.com https://www.facebook.com https://unicomer--c.na100.visual.force.com https://unicomer--c.vf.force.com https://unicomer.lightning.force.com https://unicomer.my.salesforce.com https://unicomer--uat.sandbox.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec *.demoup.com https://media.flixcar.com https://rt.flix360.com https://event.syndigo.cloud https://event.webcollage.net https://fonts.gstatic.com https://www.googletagmanager.com https://d3np41mctoibfu.cloudfront.net https://media.flixfacts.com https://content.syndigo.com https://s3-sa-east-1.amazonaws.com *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.ggpht.com https://cdn.cs.1worldsync.com https://files.alquimio.cloud https://fichashppervasive.blob.core.windows.net *.cc.cnetcontent.com https://mycliplister.com/ *.igodigital.com/ https://grupounicomerhelp.zendesk.com https://static.zdassets.com *.zendesk.com/ media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ https://cdn.cookielaw.org/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com * www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com *.fontawesome.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cdnfonts.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://service.force.com https://integracion.alignetsac.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://gollo.force.com https://unicomer.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://unicomer--uat.sandbox.my.site.com https://media.flixcar.com https://www.googletagmanager.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.1worldsync.com media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ unsafe-inline assets.braintreegateway.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; object-src https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://image.unicomermktg.com 'self' blob: *.demoup.com *.oppwa.com https://static.zdassets.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net * www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com thm.visa.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://maps.googleapis.com https://service.force.com/ https://log.pinterest.com https://h.online-metrix.net https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx blob: media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 8
frame-ancestors https://auto-emotion.cupra.de https://showcase.cupra.de.showcase.dev.cupra.de 'self' 8
frame-ancestors 'self' ersag.com.tr *.ersag.com.tr 8
default-src *; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri /report-csp-violation 8
img-src 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; report-uri https://psi.pixum.com/?ns=content-security-policy&service=base&module=status&action=report 8
frame-ancestors 'self' *.bambuser.com 8
frame-ancestors 'self'; base-uri 'self'; object-src 'none'; 8
<options and value> 8
default-src data: blob: 'unsafe-inline' 'self' *.domainoo.com images.prismic.io 8
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/ChromeWebStoreConsumerFeUi/cspreport/allowlist 8
frame-ancestors 'self' https://accept.authorize.net 8
default-src 'self' *.via-mobilis.com api.via-mobilis.com http://media.viamobilis.export.doorlinkenvoorraad.nl https://stockway.pro securepubads.g.doubleclick.net  *.gvt1.com accounts.google.com www.google.com *.googleadservices.com *.calendly.com *.drimify.com *.trustpilot.com *.googlesyndication.com *.googletagservices.com *.adtrafficquality.google *.static-viamobilis.com static-viamobilis.com *.ampproject.net https://acdn.adnxs.com/ *.doubleclick.net *.criteo.com *.youtube.com youtube.com *.komoot.de photon.kamoot.de *.komoot.io photon.komoot.io *.hotjar.com *.usersnap.com criteo.net *.criteo.net *.tawk.to cloud.panono.com poulalion.eu *.vimeo.com www.recaptcha.net *.facebook.com https://platform.twitter.com ; img-src * *.google-analytics.com securepubads.g.doubleclick.net *.googletagmanager.com data: blob: 'self' ; script-src * *.googleanalytics.com *.google-analytics.com securepubads.g.doubleclick.net *.googleoptimize.com https://photon.komoot.de/ https://my.via-mobilis.com/ 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline' https://static-viamobilis.com; font-src * data:; connect-src * securepubads.g.doubleclick.net  data: 'self'; base-uri 'self' ; worker-src * data: blob: 8
policy 8
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sprinklr.com 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com https://*.fonts.net https://*.sprinklr.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' https://storage.cloud.kargo.com *.invocacdn.com pnapi.invoca.net *.invoca.net https://*.recaptcha.net  *.bridgestonetire.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.jquery.com *.twitter.com *.ads-twitter.com https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://login.dotomi.com/ https://www.youtube.com/ https://*.cloudfront.net/ https://*.incontact.com/ https://*.dialogtech.com/ https://*.sprinklr.com/; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' https://*.fonts.net https://*.bridgestoneresources.com data:; media-src 'self' https://assets.bridgestonetire.com 8
worker-src 'self' blob:; 8
default-src 'self' https://videos.ctfassets.net/;            style-src 'self' 'unsafe-inline' *;            img-src * 'self' data: https: blob:;            script-src * data: blob: 'unsafe-inline' 'unsafe-eval';            connect-src * data: blob: 'unsafe-inline';            font-src * data: blob: 'unsafe-inline';            frame-src *; 8
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 8
default-src 'self';    img-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net *.tixpo.jp;    media-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net *.tixpo.jp;    style-src 'self' 'nonce-yiyABNgr0rFv5i+sndZpFTeyWOw=' fonts.googleapis.com cdn.jsdelivr.net *.cloudfront.net *.tixpo.jp;    style-src-attr 'self' 'nonce-yiyABNgr0rFv5iasndZpFTeyWOw=';    script-src 'self' 'nonce-acga38w6Qa0Xoa7JsaBE0xAWWP0=' www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ajax.googleapis.com *.cloudfront.net *.mul-pay.jp *.tixpo.jp *.emtg.co.jp;    font-src 'self' data: fonts.gstatic.com fonts.googleapi.com *.cloudfront.net *.tixpo.jp;    form-action 'self' *.mul-pay.jp *.emtg.co.jp;    connect-src 'self' www.google-analytics.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com;    frame-ancestors 'self'; 8
frame-ancestors 'self' localhost:* *.pages.dev *.tickettando.it tickettando.it; 8
upgrade-insecure-requests; object-src 'none' 8
frame-ancestors 'self' teams.microsoft.com; script-src 'self' cdn.rudderlabs.com 8
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com snap.licdn.com cookie-cdn.cookiepro.com cdn.cookielaw.org googletagmanager.com *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com www.buzzsprout.com/ cdn.jsdelivr.net/gh/ckeditor/ static.pathmotion.io pathmotion.com equans.career-inspiration.com/ *.doubleclick.net *.googleadservices.com connect.facebook.net fbcdn.net cdn.jsdelivr.net consent.cookiebot.com siteimproveanalytics.com cdn.matomo.cloud cdn.siteimprove.net www.youtube.com unpkg.com odyssiant.azureedge.net *.bootstrapcdn.com js-agent.newrelic.com *.linkedin.com snippet.capybara.lmc.cz s.go-mpulse.net tags.data-driven.fr *.byspotify.com *.tiktok.com cdn.cookielaw.org eu.textrecruit.com *.hotjar.com sc-static.net secure.data-insight365.com; object-src 'none' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net snippet.capybara.lmc.cz unpkg.com/leaflet@1.7.1/dist/leaflet.css unpkg.com/leaflet.markercluster/dist/MarkerCluster.css unpkg.com/leaflet.markercluster/dist/MarkerCluster.Default.css; img-src 'self' data: https:;; media-src 'self'; frame-src 'self' *.youtube.com/ *.vimeo.com/ apply.refline.ch engie.taleo.net www.google.com www.buzzsprout.com equans.career-inspiration.com/ facebook.com *.doubleclick.net/ cdn.linkedin.oribi.io www.facebook.com www.equans.co.uk json3d.tftlabs.com www.yousty.ch www.googletagmanager.com; frame-ancestors 'self' https://n3g.4projects.com  n3g.4projects.com; child-src 'self' https://*.youtube.com/ https://*.vimeo.com/ engie.taleo.net; font-src 'self' fonts.gstatic.com snippet.capybara.lmc.cz data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net snap.licdn.com *.cookiepro.com cdn.cookielaw.org geolocation.onetrust.com/ static.pathmotion.io pathmotion.com equans.career-inspiration.com api.mixpanel.com *.algolia.net equans.matomo.cloud privacyportal-fr.onetrust.com cdn.linkedin.oribi.io my2.siteimprove.com id.siteimprove.com contentassistant.eu.siteimprove.com id.eu.siteimprove.com *.algolianet.com *.odyssiant.com *.googlesyndication.com bam.nr-data.net *.linkedin.com *.algolianet.com api.capybara.lmc.cz *.ingest.sentry.io c.go-mpulse.net *.akstat.io *.tiktok.com *.byspotify.com *.textrecruit.tools *.akamaihd.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.data-driven.fr api.mapbox.com; upgrade-insecure-requests 8
default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com consent.trustarc.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com *.nr-data.net *.datadome.co *.captcha-delivery.com *.googletagmanager.com *.jquery.com *.cloudflare.com s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com *.sardine.ai;script-src-attr 'unsafe-inline';connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com *.nr-data.net stats.g.doubleclick.net *.datadome.co *.blackhawknetwork.com *.sardine.ai;img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com data: s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com;style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com www.googletagmanager.com;frame-src *;object-src 'none';media-src 'self' *.iesnare.com data:;frame-ancestors 'self' cardholder.jokercard.ca;base-uri 'self';form-action 'self';upgrade-insecure-requests 8
frame-ancestors 'self' *.roomlynx.net 8
frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 8
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests 8
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*; object-src 'self' data: blob: https://*; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 'self' https:; frame-src *; style-src * 'unsafe-inline'; 8
default-src 'unsafe-inline' 'self' *; script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self' *; style-src-elem 'unsafe-inline' 'self' *; font-src 'self' *; img-src 'self' data: * 8
frame-ancestors 'self' https://*.funeraltechonline.com https://*.tributecenteronline.com https://*.funeraltechweb.com https://*.funeraltechweb2.com https://*.ogdenfuneralhome.com https://hiddenvalleyfunerals.com https://www.archerandsons.com.au http://macarthurfh.com http://www.macarthurfh.com http://haugheymemorials.com http://www.haugheymemorials.com https://www.hslm.ca http://dev.fullmooncreative.com https://neshamajfs.com  http://neshamajfs.com http://howelllussi.com https://howelllussi.com http://prod-site.arbormemorial.ca/en.html https://prod-site.arbormemorial.ca/en.html http://www.arbormemorial.ca/en/ https://www.arbormemorial.ca/en/ http://www.calgarycrematorium.com https://www.calgarycrematorium.com http://calgarycrematorium.com https://calgarycrematorium.com; object-src 'none'; 8
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru api-maps.yandex.ru enterprise.api-maps.yandex.ru *.maps.yandex.net yandex.ru www.tbank.ru api-statist.tinkoff.ru cdn.tbank.ru cfg.tinkoff.ru business.tbank.ru acdn.tinkoff.ru www.cdn-tinkoff.ru api.tinkoffinsurance.ru geocode-maps.yandex.ru delivery.tinkoff.ru broker-api.tinkoffinsurance.ru api-osago.tbank.ru cybertonica.tinkoff.ru imgproxy.cdn-tinkoff.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: https://tinkoff.ru https://www.tinkoff.ru https://www.youtube.com api-maps.yandex.ru enterprise.api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://tinkoff.ru https://www.tinkoff.ru http://img.youtube.com *.maps.yandex.net api-maps.yandex.ru enterprise.api-maps.yandex.ru yandex.ru http://static.tinkoffinsurance.ru https://i.ytimg.com; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://www.youtube.com https://newatom.spaaace.io https://order.atom.auto rutube.ru; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data:; report-uri https://www.tbank.ru/api/front/pwaplatform/log/csp-error?appName=pwaplatform&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru; frame-ancestors 'self' https://tinkoff-insurance.com tbank.ru *.tbank.ru *.tcsbank.ru tinkoff.ru *.tinkoff.ru *.tbank-online.com https://auto.ru https://t-insurance.avito.com 8
style-src * 'self' 'unsafe-inline'; 8
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 8
default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp 7
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru mycdn.me http://*.mycdn.me https://*.mycdn.me http://st-ok.cdn-vk.ru https://st-ok.cdn-vk.ru wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://cdn.consentmanager.net https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru static.dzeninfra.ru blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru http://st-ok.cdn-vk.ru https://st-ok.cdn-vk.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://*.consentmanager.net https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru static.dzeninfra.ru;  worker-src blob: 'self';  connect-src * wss: blob: data:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 7
frame-ancestors 'self' https://*.nbcnews.com https://*.today.com https://*.msnbc.com https://*.telemundo.com https://*.nbcnewstools.net https://*.eonline.com https://*.cnbc.com; 7
frame-ancestors 'self' *.deloitte.com; 7
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://payments-prod-test-stable.corp.google.com https://payments.google.com/ https://www.youtube.com https://youtube.googleapis.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://ajax.googleapis.com https://mannequin.storage.googleapis.com https://static.corp.google.com https://storage.googleapis.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://payments.sandbox.google.com https://www.googleadservices.com https://maps.googleapis.com https://www.google.com/js/bg/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/Gstore/cspreport/allowlist;worker-src blob: 7
frame-ancestors 'self' *.zdnet.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 7
frame-ancestors 'self' *.lycos.com 7
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; worker-src 'self' blob:; 7
frame-ancestors 'self' https://nurture.solarwinds.com/ 7
default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn ai.azure.com *.ai.azure.com learn-video.azurefd.net docs.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests 7
script-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.dwin1.com/ https://smct.co/ https://lantern.roeyecdn.com/ https://connect.facebook.net https://static.cloudflareinsights.com/;connect-src 'self' https://maps.googleapis.com/ https://analytics-global.planethoster.com https://analytics-eu.planethoster.com https://*.google-analytics.com https://pagead2.googlesyndication.com/ https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.fr;img-src 'self' data: https://maps.googleapis.com/ https://lantern.roeye.com https://www.facebook.com https://analytics-global.planethoster.com https://analytics-eu.planethoster.com https://*.google-analytics.com https://pagead2.googlesyndication.com/ https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.fr;script-src-attr 'self' 'unsafe-inline';frame-src 'self' https://player.vimeo.com/ https://www.google.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 7
upgrade-insecure-requests; upgrade-insecure-requests; frame-ancestors *.brigitte.de *.gala.de *.guj.digital *.guj.rocks *.eltern.de *.vip.de *.essen-und-trinken.de *.schoener-wohnen.de *.livingathome.de *.urbia.de *.vorname.com; frame-src *; 7
frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks 7
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://js.adsrvr.org https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://*.decibelinsight.net https://*.decibel.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://*.razorpay.com https://public.flourish.studio/resources/embed.js https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://insight.adsrvr.org https://ade.googlesyndication.com https://match.adsrvr.org https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com https://maersk.my.salesforce-sites.com https://public.flourish.studio https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; frame-src https://*.maersk.com https://*.maersk.com.cn https://insight.adsrvr.org https://www.googletagmanager.com https://match.adsrvr.org https://*.maersk.io https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://*.razorpay.com  https://flo.uri.sh/ https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://maersk-designsystem.azureedge.net https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; connect-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://login.microsoftonline.com https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://maersk.my.salesforce-scrt.com https://chatbot-test-app.herokuapp.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com wss://proxy2.scm.maersk.com https://*.razorpay.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com; worker-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv blob:; 7
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 7
frame-ancestors 'self' *.commscope.com *.ruckusnetworks.com *.punchout2go.com *.ariba.com ; 7
frame-ancestors 'self' https://*.cornerstoneondemand.com https://csod-studio.vercel.app https://*.csod-preview.com;upgrade-insecure-requests;default-src 'self' https://*.cornerstoneondemand.com;connect-src *;font-src *;form-action *;frame-src *;img-src * data:;manifest-src * 'unsafe-inline';media-src *;object-src *;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';worker-src * blob: 7
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.arbeitsagentur.de *.assono.de *.b-ite.com *.betterplace.org *.bitkomplex.de *.canto.global *.cdn.office.net *.chathero.ai *.cloudfront.net *.cookiebot.com *.cookiebot.eu *.dvinci-hr.com *.easy-feedback.com *.etracker.com *.etracker.de *.eu-west-1.playback.live-video.net *.exmap.de *.facebook.com *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk-baustellen-portal.de *.ihk-berlin.org *.ihk.de *.ihk24.de *.ihk24.ihk.de *.jobcluster.de *.kununu.com *.lineupr.com *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.newsletter2go.com *.office.com *.office365.com *.openstreetmap.org *.podigee-cdn.net *.podigee.io *.signalize.com *.spotify.com *.staticflickr.com *.stream24.net *.sweap.io  *.sylphen.com *.thinglink.com *.thinglink.me *.twitch.tv *.twitter.com *.unikam.de *.usercentrics.eu *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.webstream.eu *.xing-events.com *.youstreamit.de *.youtube.com *.zynd.de api.flockler.app api.mapbox.com app.powerbi.com app.powr.io app.sli.do ausbildung.berlin	 auskunft.nvv.de baustellennavi.de berufsausbildung-aachen-ihk.de branchenpuls.odis-berlin.de bxb-festival.app cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.knightlab.com cdn.podigee.com cdn.podlove.org cdnjs.cloudflare.com chat.gr-apps.de client.inecos.de code.jquery.com/jquery-3.1.1.min.js code.jquery.com/jquery-3.4.1.min.js connect.facebook.net consentcdn.cookiebot.com cta.ihk.i40.de datawrapper.dwcdn.net detmold.ihk-beitragsrechner.de dihk.imageplant.de dms.licdn.com doo.net e.video-cdn.net easy-feedback.com easy-feedback.de embed.nexx.cloud eoa2.bildung1.gfi.ihk.de events-to-impress.activehosted.com expertenpool.automatisierungsregion.de fahrinfo.vbb.de fl-1.cdn.flockler.com geometro-cockpit.com geometro-cockpit.de geoportal-hamburg.de geoportal.metropolregion.hamburg.de gwatch.events haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net heimatshoppen.ihk-industrie-treffpunkt.de hk24.sharepoint.com html5-player.libsyn.com iframe.wvd-portfolio.de ihk-baustellen-portal.de:5555 ihk-berlin-meetings.webex.com ihk-darmstadt-portal.rexx-recruitment.com ihk-essen.jobs.personio.de ihk-hl.gr-live.de ihk-kassel.perbit-job.de ihk-wahl.info ihk-weiterbildung-oldenburg.de ihk-zu-dortmund-1.jobs.personio.de ihk.prototype.berlin ihk.selbstdenker.com ihk24.epccm19.com ihk24.omq.de ihk24.omq.io ihknw.pi-asp.de imagemarker.com isi.hdb-hamburg.de jobs.guidecom.de jobs.ihk-niederrhein.de jsfiddle.net konjunkturboard-bw.de link.webropolsurveys.com live.c3networking.de livestream.kemweb.de livestream.watch/vp/nachhaltigkeitsdialog.html login.microsoftonline.com mailto: matomo.rexx-systems.commatomo.js maxcdn.bootstrapcdn.com media-api.flockler.com media.graphassets.com media.graphcms.com media.licdn.com media.video.taxi mediathek.ihk-gfi.de mukihk24.z6.web.core.windows.net my.immobilienfotograf-berlin.com my.tikee.io myihk.com myjobboard.de n873043.websitebuilder.online news.ihk-sh.de online.fliphtml5.com organigramm.cloud-ihk-cottbus.de p668079.webspaceconfig.de pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com pruefungen-cottbus-ihk.de publish.flyeralarm.digital rh1.chatmodul.de roundme.com s2survey.net s3.fraunhofer.de service.tecintelli.de share.ihkzuschwerin.de  sihk-zu-hagen.jobs.personio.de smart.ihk-berlin.de standortfinder.rlp.de start.video-stream-hosting.de static-exp1.licdn.com static.dvinci-easy.com stats-api.flockler.app stats.g.doubleclick.net streaming.sendewerk.berlin tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tel: userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com vimeo.com w.soundcloud.com walls.io web.inxmail.com weltmetropole.app widget.taggbox.com wms02.exmap.de wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.architekt-krieger.de www.ardmediathek.de www.aufstiegs-bafoeg.de www.bahn.de www.berufe.tv www.branchenpuls.berlin www.bso-hessen.de www.chatbase.co www.econda-monitor.de www.etermin.net www.eventbrite.de www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.google.analytics.com www.googletagmanager.com www.handelskammer-bremen.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-lehrstellenboerse.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-rlp.de www.ihkac-anwendungen.de www.inno-vet.de www.instagram.com www.iwd.de www.leg-thueringen.de www.media42day.com www.menti.com www.mint-in-hessen.de www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.stadtradeln.de www.terminland.de www.total-lokal.de www.tvo.de www.vvs.de www.webstream.eu www.youtube-nocookie.com zukunftsdialog-fachkraefte.berlin zukunftsforum-wirksame-bildung.de zukunftsforum.app zvlms.fraunhofer.de zynd.de  ;  report-uri /blueprint/servlet/csplogging/logViolation ; 7
frame-ancestors 'self' *.maxon.net 7
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.auscheck.gov.au https://*.CISC.gov.au https://*.cetc.gov.au https://*.osi.gov.au https://*.gov.au https://bordertv.au.vbrickrev.com https://*.translation.gov.au https://*.odwt.app 7
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 7
default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: https: 'self'; connect-src blob: https: 'self' 'unsafe-inline' wss://*.hotjar.com; frame-ancestors 'self' 7
default-src 'self' atos.net *.atos.net eviden.com *.pardot.com assets.adobedtm.com cdn.jsdelivr.net *.cloudflare.com *.cloudfront.net *.vimeo.com *.vimeocdn.com *.akamaized.net *.tiny.cloud *.tinymce.com *.bootstrapcdn.com yoast.com *.yoast.com data: 'unsafe-inline' 'unsafe-eval' blob: *.friendlycaptcha.com code.jquery.com *.gravatar.com ps.w.org klasresearch.com  *.marketo.net *.mktoresp.com *.mktoweb.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.rlcdn.com *.bidr.io *.accountinsight.cloud *.licdn.com atos.tt.omtrdc.net content.onlinexperiences.com onlinexperiences.com w.soundcloud.com *.aio-events.com *.appspot.com cdn.syndication.twimg.com *.twimg.com *.twitter.com *.microsoft.com *.azureedge.net *.botframework.com *.bizzabo.com updates.themepunch-ext-c.tools updates.themepunch-ext-b.tools updates.themepunch-ext-a.tools updates.themepunch.tools sliderrevolution.com *.sliderrevolution.com *.olympicchannel.com olympics.com *.cookielaw.org *.onetrust.com optanon.blob.core.windows.net *.glassdoor.com indd.adobe.com *.libsyn.com smartslider3.com *.twimg.com *.googleusercontent.com yt3.ggpht.com *.cdninstagram.com *.xx.fbcdn.net *.matomo.cloud cdn.linkedin.oribi.io; frame-ancestors 'self' atos.net *.atos.net atosnews.net atos365.sharepoint.com; 7
object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fonts.bunny.net https://js-agent.newrelic.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://a.optnmstr.com https://www.youtube.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://bot.leadoo.com https://www.buzzsprout.com https://www.facebook.com https://platform.marksmen.nl *.mouseflow.com https://js-eu1.hs-scripts.com https://js-eu1.hsforms.net https://js-eu1.hs-banner.com https://js-eu1.hsleadflows.net https://js.hsforms.net https://forms.hsforms.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tag.simpli.fi https://bat.bing.com https://www.bing.com https://i.simpli.fi cdn.jsdelivr.net dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 7
default-src 'self' wss://socket.24live.co https: data: blob: 'unsafe-inline' 'unsafe-eval' 7
frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com  quantserv.com  adnxs.com  impactradius-event.com  dgm-au.com  everestjs.net  everesttech.net  yahoo.com  xg4ken.com *.online-metrix.net *.uplift.com  *.quantummetric.com api.securedvisit.com  track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com *.mypurecloud.com  *.nagich.com cloudfront.net  bing.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au *.salecycle.com abgnz.wufoo.com *.youtube-nocookie.com; 7
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com;object-src 'none'; 7
frame-ancestors 'self' https://cdn.adkaora.space; 7
connect-src 'self' https://api2.amplitude.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ *.visualwebsiteoptimizer.com app.vwo.com https://cdn.schemaapp.com https://data.schemaapp.com https://api.schemaapp.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ *.ascension.org;default-src 'self' blob: *.ascension.org;font-src 'self' fonts.gstatic.com https://fonts.googleapis.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://stackpath.bootstrapcdn.com data: *.ascension.org;frame-src 'self' *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ *.youtube.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js app.vwo.com *.visualwebsiteoptimizer.com https://www.google.com/ *.ascension.org;img-src 'self' https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ https://ascensioncrm.my.site.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com *.doubleclick.net *.google-analytics.com analytics.google.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js data: *.ascension.org;object-src 'none' ;script-src 'self' 'unsafe-eval' https://cdn.amplitude.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://tfaforms.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/react/18.2.0/ https://cdnjs.cloudflare.com/ajax/libs/react-dom/18.2.0/  https://cdnjs.cloudflare.com/ajax/libs/es6-shim/ https://cdnjs.cloudflare.com/ajax/libs/es5-shim/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ blob: *.visualwebsiteoptimizer.com app.vwo.com https://cdn.schemaapp.com https://data.schemaapp.com https://api.schemaapp.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://www.gstatic.com/recaptcha/ *.ascension.org;style-src 'self' 'unsafe-eval' 'unsafe-inline' https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ https://ascensioncrm.my.site.com/ fonts.gstatic.com https://fonts.googleapis.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ *.visualwebsiteoptimizer.com app.vwo.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://stackpath.bootstrapcdn.com *.ascension.org; 7
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 7
frame-ancestors 'self' https://www.spikenow.com https://spikenow.com https://lp.spikenow.com 7
frame-ancestors 'self' *.thalesgroup.com *.imperva.com 7
connect-src 'self' data: *.ampproject.org *.clarity.ms/collect *.facebook.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.linximpulse.net *.loggly.com *.plyr.io *.rdstation.com.br *.retargeter.com.br *.shopback.net *.shopconvert.com.br *.shoptarget.com.br *.voxus.tv api.ipify.org ckies.net https://ampcid.google.com.br https://analytics.tiktok.com/ https://api2.amplitude.com/2/httpapi https://app.securiti.ai https://app.splithero.com/api/sync https://bat.bing.com https://boards-api.greenhouse.io https://cdn-prod.securiti.ai https://cdn.linkedin.oribi.io https://cdn.privacytools.com.br https://dashboard.purplemetrics.com.br https://freegeoip.app https://noembed.com https://notify.bugsnag.com https://px.ads.linkedin.com https://s.yimg.com https://stats.g.doubleclick.net https://suportelinx.my.salesforce-scrt.com https://viacep.com.br https://www.googletagmanager.com wss://*.hotjar.com www.google-analytics.com https://*.tintim.app; font-src 'self' data: *.gstatic.com script.hotjar.com https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ampproject.org *.bizographics.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.novahaus.com.br *.omguk.com *.rawgit.com *.rdstation.com.br *.reclameaqui.com.br *.shopback.net *.shopconvert.com.br *.shoptarget.com.br *.tailtarget.com *.unpkg.com *.voxus.com.br *.w3-edge.com *.youtube.com *.ytimg.com https://analytics.tiktok.com https://app.splithero.com https://bat.bing.com https://cdn-prod.securiti.ai https://cdn.amplitude.com https://cdn.jsdelivr.net/gh/davidmz/apng-canvas@v2.0.0/build/apng-canvas.min.js https://cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@3.3.0/dist/index.js https://cdn.mouseflow.com https://cdn.privacytools.com.br https://dashboard.purplemetrics.com.br https://s.yimg.com https://suportelinx.my.site.com https://unpkg.com https://www.clarity.ms snap.licdn.com targeting.voxus.tv https://*.tintim.app/; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net https://cdn-prod.securiti.ai https://dashboard.purplemetrics.com.br/widget/widget.css https://dashboard.purplemetrics.com.br/widget/styles.css https://cdn.privacytools.com.br/ https://suportelinx.my.site.com; img-src 'self' data: *.linx.com.br *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com https://www.gstatic.com https://bat.bing.com https://sp.analytics.yahoo.com https://*.tailtarget.com https://qr-code.ithemes.com https://*.purplemetrics.com.br/ https://c.clarity.ms/ https://c.bing.com/ https://cdn.privacytools.com.br/; default-src https: 7
upgrade-insecure-requests; default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; 7
frame-ancestors 'self' https://cms.hanleywood.com 7
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot *.nhsggc.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 7
frame-ancestors https://*.rtl.de 7
frame-ancestors https://kpmg.experiencecloud.adobe.com https://assets.kpmg.com https://kpmg.com 7
default-src https: *.willistowerswatson *.wtwco data: blob: 'unsafe-eval' 'unsafe-inline' 7
default-src https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://gameduell.de https://gameduell.com https://gameduell.fr https://gameduell.nl https://gameduell.co.uk https://gameduell.se https://gameduell.dk https://gameduell.at https://gameduell.ca https://gameduell.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: asset: https://assets.gameduell.de *.google-analytics.com https://webchat.helpshift.com https://seal.digicert.com https://seal-goldengate.bbb.org https://connect.facebook.net https://www.redditstatic.com https://www.dwin1.com https://www.awin1.com https://lantern.roeyecdn.com https://the.sciencebehindecommerce.com https://*.micropayment.de https://*.checkout.com 'report-sample'; img-src 'self' data: blob: https://mein.gameduell.de https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es blob: https://assets.gameduell.de https://media.gameduell.de https://www.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com https://lh3.google.com https://lh3.googleusercontent.com https://seal.digicert.com https://d2duuy9yo5pldo.cloudfront.net https://www.facebook.com https://alb.reddit.com https://www.awin1.com https://lantern.roeye.com https://lantern.roeyecdn.com https://www.wepowerconnections.com 'report-sample'; style-src 'self' blob: 'unsafe-inline' https://assets.gameduell.de https://seal-blue.bbb.org; object-src 'self' https://*.gameduell.de https://assets.gameduell.de; connect-src 'self' wss://*.gameduell.de wss://my.gameduell.com wss://mon.gameduell.fr wss://mijn.gameduell.nl wss://www.gameduell.de wss://www.gameduell.com wss://www.gameduell.fr wss://www.gameduell.nl wss://www.gameduell.co.uk wss://www.gameduell.se wss://www.gameduell.dk wss://www.gameduell.at wss://www.gameduell.ca wss://www.gameduell.es https://*.gameduell.de blob: https://assets.gameduell.de https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://perf-events.cloud.unity3d.com https://www.redditstatic.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://the.sciencebehindecommerce.com https://*.checkout.com https://*.boku.com; form-action 'self' https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es 'report-sample'; child-src 'self' blob: https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com; font-src 'self' data: blob: https://assets.gameduell.de https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://www.awin1.com https://*.micropayment.de https://*.checkout.com https://*.boku.com https://orange.w-ha.com https://3dsecure-vrp.de; worker-src 'self' blob:; media-src 'self' data: blob: https://assets.gameduell.de; frame-ancestors 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://admintool.gameduell.de; base-uri 'self' https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; manifest-src blob: 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; report-uri /gd/rest/jslog/csp 7
frame-ancestors *.lotvue.com *.insearch-ds.net resource.ecisolutions.com ecisoftwaresolutions.pathfactory.com 'self' 7
block-all-mixed-content; default-src 'self' blob:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://www.googletagmanager.com cdn.cookielaw.org *.sdworx.com *.pardot.com a458c8fcc5c8447d898446e84c87217b.js.ubembed.com www.google-analytics.com assets.ubembed.com cdn.landbot.io connect.facebook.net *.clarity.ms bat.bing.com snap.licdn.com *.firebaseio.com www.googleoptimize.com *.googleapis.com https://assets.calendly.com https://web103.reachmee.com https://tracking.intentsify.io https://sc.lfeeder.com https://secure.norm0care.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://static.landbot.io https://www.youtube.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://secure.agile-company-365.com https://cdn.leadinfo.net https://form.jotform.com https://*.hotjar.com https://optimize.google.com my.visme.co https://*.skedify.io *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com https://*.jotform.ms https://*.jotform.com https://app.readpeak.com/js/rpa.js https://sdworx.stackbase.nl/ https://tags.inzynk.io/6ol4roju/iztag.js https://analytics.inzynk.io https://vercel.live/ https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net https://ldynamicspublicapi.leadforensics.com https://secure.intelligent-business-7.com https://vercel.live https://va.vercel-scripts.com/v1/speed-insights/script.debug.js https://plugin.skedify.io https://*.sleeknote.com px.ads.linkedin.com/ *.convertexperiments.com; style-src 'self' 'report-sample' 'unsafe-inline' data: *.typekit.net fonts.googleapis.com cdn.landbot.io *.googletagmanager.com https://assets.calendly.com https://plugin.skedify.io https://*.hotjar.com https://optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://vercel.live https://*.sleeknote.com; img-src 'self' data: blob: *.typekit.net cdn.cookielaw.org fonts.gstatic.com www.google-analytics.com *.googleapis.com https://px.ads.linkedin.com www.linkedin.com bat.bing.com www.facebook.com p.adsymptotic.com https://*.ads.linkedin.com https://*.gstatic.com https://assets.calendly.com i.ytimg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://tr-rc.lfeeder.com https://www.googletagmanager.com https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://develop-sr3snxi-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be https://country-cms.prd.sdworx.com  https://*.hotjar.com https://optimize.google.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws *.sleeknote.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.jotform.ms https://*.jotform.com https://c.clarity.ms https://webeo-web-content.s3-eu-west-1.amazonaws.com https://vercel.live https://vercel.com https://development-q5nzhaa-srgqxffdos4hk.eu-5.platformsh.site https://acceptance-yfiuy3a-srgqxffdos4hk.eu-5.platformsh.site https://sdworx-lms-cms.prd.reference.be https://strgeuwaccsdworxlearning.blob.core.windows.net https://static.landbot.io https://www.sdworx.com https://strgeuwprdsdworxlearning.blob.core.windows.net https://cdne-euw-acc-ext-sdworxlearning.azureedge.net  https://cdne-euw-dev-ext-sdworxlearning.azureedge.net https://cdne-euw-prd-ext-sdworxlearning.azureedge.net blob: sleeknotestaticcontent.sleeknote.com analytics.sleeknote.com https://lms-cms.prd.sdworx.com; font-src 'self' data: fonts.googleapis.com use.typekit.net https://use.typekit.net https://fonts.gstatic.com cdn.landbot.io https://*.hotjar.com *.sleeknote.com https://vercel.live https://assets.vercel.com; connect-src 'self' *.typekit.net fonts.gstatic.com *.onetrust.com *.googleapis.com cdn.cookielaw.org googleads.g.doubleclick.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net *.pardot.com *.landbot.io *.sdworx.com *.clarity.ms wss://*.firebaseio.com *.firebaseio.com *.analytics.google.com https://*.algolia.net https://*.algolianet.com https://*.apm.eu-west-1.aws.cloud.es.io https://cdn.linkedin.oribi.io https://idx.liadm.com https://www.facebook.com https://ldynamicspublicapi.leadforensics.com https://collector.leadinfo.net https://api.leadinfo.com wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://a458c8fcc5c8447d898446e84c87217b.events.ubembed.com https://bat.bing.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws cdnjs.cloudflare.com *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com https://px.ads.linkedin.com/wa/ https://sdworx.stackbase.nl/ px.ads.linkedin.com/ https://ldynamicspublicapi.leadforensics.com https://vercel.live wss://ws-us3.pusher.com https://*.ingest.sentry.io https://*.sleeknote.com *.convertexperiments.com https://analytics.inzynk.io; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; frame-src https://player.springcast.app/ *.firebaseio.com https://*.hotjar.com https://calendly.com go.sdworx.com https://www.youtube.com https://www.youtube-nocookie.com https://trainings.sdworx.de https://datawrapper.dwcdn.net https://survey.sdworx.com https://web103.reachmee.com https://www.videoask.com https://embed.acast.com https://a458c8fcc5c8447d898446e84c87217b.pages.ubembed.com https://www.google.com https://outlook.office365.com https://www.sd.be https://optimize.google.com https://form.jotform.com https://www.facebook.com my.visme.co https://eu-submit.jotform.com/ https://*.skedify.io *.sleeknote.com onsite-subscribe.getdrip.com app.vwo.com *.visualwebsiteoptimizer.com https://iswebb.com/ https://td.doubleclick.net/ https://vercel.live/ https://www.googletagmanager.com/; worker-src 'self' blob:; media-src 'self' https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://develop-sr3snxi-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be https://country-cms.prd.sdworx.com https://lms-cms.prd.sdworx.com; 7
frame-ancestors 'self' https://www.ringier-advertising.ch https://ringier-staging.hacepiby.cyon.site; 7
frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com *.williamhill-pp1.es *.williamhill.es *.williamhill-pp1.it *.williamhill.it *.plugnplay.host *.wlscasino.com 7
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go.radancy.com/analytics https://pi.pardot.com/analytics https://pi.pardot.com/pd.js https://pagead2.googlesyndication.com https://www.youtube.com https://www.googleadservices.com https://s45065.pcdn.co https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://*.talentbrew.com/ https://www.google.com https://www.googletagmanager.com/; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://s45065.pcdn.co https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://apply.talentbrew.io https://cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://stats.g.doubleclick.net https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://www.facebook.com; font-src 'self' data: https://s45065.pcdn.co; frame-src 'self' blob: https://s45065.pcdn.co https://www.radancy.com https://www.googletagmanager.com https://go.pardot.com https://www.youtube.com https://td.doubleclick.net https://s45361.p1717.sites.pressdns.com https://app.survale.com https://3969344.fls.doubleclick.net https://go.radancy.com; img-src 'self' data: https://www.linkedin.com https://www.google.at https://ade.googlesyndication.com https://www.googletagmanager.com https://i.ytimg.com https://ad.doubleclick.net https://s45065.pcdn.co https://www.google-analytics.com https://analytics.twitter.com https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://*.talentbrew.com https://www.facebook.com https://www.google.com; manifest-src 'self'; media-src 'self' https://s45065.pcdn.co https://*.talentbrew.com; worker-src 'self' blob: ; 7
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' 'self' *; img-src 'self' data: *; connect-src *; frame-src 'self' *; font-src data: 'self' https://*.typekit.net https://fonts.gstatic.com; media-src 'self' https://*.cloudfront.net https://*.vo.msecnd.net; worker-src 'self' blob: *; form-action 'self' https://www.facebook.com/tr/ https://*.cdn-net.com https://www.pages01.net; frame-ancestors 'self'; 7
frame-ancestors  https://*.netinfo.bg/ 7
default-src https: 7
frame-ancestors 'self' https://event.on24.com/ https://insightsoftware.highspot.com/ 7
frame-ancestors https://*.myworldfix.com https://*.beesads.com https://*.gamebridge.games http://*.gamebridge.games 7
'self' ; 7
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ 7
frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 7
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 7
default-src 'self'; script-src 'self' 'strict-dynamic' 'sha256-l3tfobNGSDsiWwzSdX9QqvprTaL+kQGzfRzpdkbM1m0=' 'sha256-aXFWSsQLd4kfpqpWNQwLKFmiDgjd+I1iaw3mCViRRUc=' 'unsafe-inline' 'wasm-unsafe-eval' https://vrt.be https://*.vrt.be https://previewshared.mediahuis.be/cxense/cxense.vrtnu.js https://*.sentry-cdn.com https://assets.adobedtm.com https://cdn.cxense.com/cx.js https://api.cxense.com https://cdn.jsdelivr.net/npm/@snowplow/browser-plugin-performance-timing@latest/dist/index.umd.min.js https://gabe.hit.gemius.pl https://gdpr-wrapper.privacymanager.io https://gdpr.privacymanager.io https://imasdk.googleapis.com/js/sdkloader/ima3.js https://*.qualtrics.com https://www.gstatic.com https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js https://*.opecloud.com https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js https://www.clarity.ms; style-src 'self' 'unsafe-inline' https://vrt.be https://*.vrt.be https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://chat.stream-io-api.com wss://chat.stream-io-api.com wss://api-dev.vrt.radio/socket.io/ wss://api-stag.vrt.radio/socket.io/ wss://api.vrt.radio/socket.io/ https://vrt.be https://*.vrt.be https://*.vrtcdn.be https://vrtmax.stag.a51.be https://d33ksfmeznrrrv.cloudfront.net https://*.omtrdc.net https://*.streamtheworld.com https://*.akamaized.net https://o140591.ingest.sentry.io https://dpm.demdex.net https://siteintercept.qualtrics.com https://time.akamai.com https://license.theoplayer.com https://widevine-proxy.drm.technology/proxy https://gdpr-wrapper.privacymanager.io https://*.privacymanager.io https://*.uplynk.com https://gabe.hit.gemius.pl https://*.smartocto.com https://*.contentinsights.com https://fairplay-license.drm.technology https://csi.gstatic.com https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://vrt-live.cdn.vustreams.com https://*.buffup.net wss://*.buffup.net https://api.amplitude.com https://api-dev.vrt.radio https://api-stag.vrt.radio https://api.vrt.radio https://unpkg.com/theoplayer@6.2.1/ https://unpkg.com/theoplayer@6.7.0/ https://cdn.jsdelivr.net/npm/@mux/mux-data-theoplayer@5.1.7/ https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js https://*.opecloud.com https://*.googlesyndication.com https://*.doubleclick.net https://*.doubleverify.com https://*.clarity.ms https://sporza-api.stag.a51.be https://api.sporza.be https://resources.vudrm.tech https://*.litix.io https://cdnjs.cloudflare.com/polyfill/v3/ https://growthbook-api.datascience.a51.be; font-src 'self' https://vrt.be https://*.vrt.be https://buffup-web-sdk.core.buffup.net https://files.qualifio.com/library/vrt/fonts/; frame-src 'self' https://vrt.be https://*.vrt.be https://*.ketnet.be https://vrtbe.demdex.net https://cdn.cxense.com https://*.privacymanager.io https://ls.hit.gemius.pl https://imasdk.googleapis.com https://unpkg.com/; img-src 'self' data: https://vrt.be https://*.vrt.be https://vrt.sc.omtrdc.net https://comcluster.cxense.com https://licensing.theoplayer.com https://ib.adnxs.com https://secure.adnxs.com https://*.doubleclick.net https://*.postrelease.com https://*.cxense.com https://cm.everesttech.net https://*.demdex.net https://*.opecloud.com https://*.qualtrics.com https://*.buffup.net https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googlesyndication.com https://*.cloud.ovh.net https://dublin.stream-io-cdn.com/; manifest-src 'self'; media-src 'self' blob: data: https://*.vrt.be https://*.vrtcdn.be https://d33ksfmeznrrrv.cloudfront.net https://*.streamtheworld.com https://*.akamaized.net https://*.uplynk.com https://*.adnxs-simple.com https://buffup-public.s3.eu-west-2.amazonaws.com https://assets.vrt.buffup.net https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.gvt1.com https://*.adsafeprotected.com https://*.doubleverify.com https://*.moatads.com https://*.flashtalking.com https://*.adform.net https://*.mediahuis.be https://*.2mdn.net https://resources.vudrm.tech https://vrt.simplecastaudio.com; worker-src 'self' blob:; 7
frame-ancestors 'self' https://platform.fynd.com 7
object-src 'self'; frame-ancestors 'self' 7
default-src 'self'; connect-src * data: 'unsafe-inline'; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src 'self' blob:; child-src blob:; 7
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';  style-src 'self' 'unsafe-inline'; img-src * data:; 7
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 7
frame-ancestors 'self' https://consent.axarnet.es https://*.axarnet.es https://consent.cookiefirst.com;frame-src 'self' data: youtube.com https://www.youtube.com youtu.be https://youtu.be embedsocial.com https://embedsocial.com livechat.messagebird.com https://livechat.messagebird.com/ ocw.messagebird.com/ https://ocw.messagebird.com/; 7
default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 7
default-src * https: data: blob: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 7
frame-ancestors https://*.myshopify.com https://admin.shopify.com 7
frame-ancestors 'self';; upgrade-insecure-requests 7
default-src * 'unsafe-inline' 'unsafe-eval'; 7
default-src https: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' ;img-src https: blob: data:;font-src https: data:;connect-src https: wss:;worker-src https: blob:; 7
frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa *.mapfreinsurance.com *.mapfre.com.tr *.mapfre.cr; 7
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.clarity.ms www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com d.la3-c2-ia7.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com s2.adform.net c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.artfut.com my.tealiumiq.com t.contentsquare.net d.la3-c2-ia7.salesforceliveagent.com canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com map.brightcove.com assets.map.brightcove.com tags.srv.stackadapt.com members.cj.com *.adform.net *.kmtx.io c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com tag.demandbase.com; 7
frame-ancestors 'self' 'yousign.app'; 7
default-src 'self' 'unsafe-inline';  script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn-ukwest.onetrust.com https://img.en25.com https://connect.facebook.net https://use.typekit.net https://az416426.vo.msecnd.net https://www.civica.com https://snap.licdn.com https://cdnjs.cloudflare.com https://*.episerver.net https://www.youtube.com https://geolocation.onetrust.com/ https://s3121.t.eloqua.com https://cdn.tiny.cloud/ https://static.oktopost.com/ https://okt.to/ https://*.demandbase.com/ https://s2079104782.t.eloqua.com/ https://cdn.cookielaw.org/ https://*.hotjar.com;  connect-src 'self' https://*.onetrust.com https://*.visualstudio.com https://*.google-analytics.com https://stats.g.doubleclick.net https://s3121.t.eloqua.com https://civica-privacy.my.onetrust.com https://cookiesuksouth.blob.core.windows.net/  https://cdn.linkedin.oribi.io https://img.en25.com https://*.demandbase.com/ https://api.company-target.com https://www.google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://cdn.cookielaw.org/  https://segments.company-target.com https://tracking.civica.co.uk/ https://*.hotjar.com wss://ws.hotjar.com https://*.hotjar.io https://pagead2.googlesyndication.com/;  object-src 'none';  media-src 'self' data:;  img-src 'self' data: https://www.facebook.com https://*.eloqua.com https://p.typekit.net https://*.google-analytics.com https://*.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.co.in https://licensebuttons.net https://p.adsymptotic.com https://sp.tinymce.com https://*.onetrust.com https://www.googletagmanager.com https://id.rlcdn.com/ https://segments.company-target.com/;  style-src 'self' 'unsafe-inline' data: https://cdn.tiny.cloud;  frame-ancestors 'self';  child-src 'self';  frame-src 'self' https://www.youtube.com https://*.fls.doubleclick.net/ https://player.vimeo.com https://www.facebook.com/ https://s.company-target.com/ https://www.googletagmanager.com/;  font-src 'self' https://use.typekit.net; 7
img-src *; 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 7
style-src * 'unsafe-inline'; font-src * data:; img-src * data:; connect-src *; object-src 'self'; frame-ancestors 'self'; 7
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.erwinhymergroup.com https://*.laika.it 7
frame-ancestors 'self' https://drivmp--fullcopy.lightning.force.com https://drivmp--fullcopy.my.salesforce.com https://drivmp--fullcopy--c.visualforce.com https://drivmp.lightning.force.com https://drivmp.my.salesforce.com https://drivmp--c.visualforce.com https://drivmp--fullcopy.sandbox.lightning.force.com https://drivmp--fullcopy.sandbox.my.salesforce.com https://drivmp--fullcopy--c.sandbox.visualforce.com https://drivmp--fullcopy--c.sandbox.vf.force.com https://drivmp--c.vf.force.com 7
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' 7
font-src https://components-bnpl-pe-bbva-moprestamo-com.s3.amazonaws.com *.fontawesome.com *.alothemes.com *.magepow.com 'self' data: *.typekit.net *.moprestamo.com *.connectif.cloud data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' business.facebook.com webpay3g.transbank.cl webpay3gint.transbank.cl *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.paynet.com.mx *.openpay.mx *.openpay.co c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.apurata.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com 'self' data: *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.facebook.com *.apptrian.com *.postimg.cc *.openpay.mx *.scene7.com p.typekit.net *.gstatic.com *.googleapis.com *.google.cl *.hotjar.com *.google.com.co *.mercadopago.cl *.mercadopago.com.pe *.bing.com *.clarity.ms *.notifications-icommkt.com *.track-icommkt.com *.connectif.cloud *.converse.cl *.converse.com.pe *.newbalance.com.pe *.merrell.com.pe *.stevemadden.com.pe *.catlifestyle.pe coliseumstore.cl *.coliseumstore.cl *.coliseum.com.pe www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.apurata.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.net business.facebook.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.google.com unpkg.com cdn.jsdelivr.net *.magento-datasolutions.com *.magento-ds.com amcglobal.sc.omtrdc.net use.typekit.net *.online-metrix.net *.converse.cl *.google.cl *.hotjar.com *.getblue.io *.connectif.cloud *.tiktok.com *.bing.com *.emarsys.net *.clarity.ms *.cloudfront.net *.crazyegg.com *.zdassets.com *.vnforapps.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.moprestamo.com *.fontawesome.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.typekit.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.apurata.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.openpay.mx *.openpay.co *.openpay.pe *.google-analytics.com *.paypal.com api.mercadopago.com tm.filter:* *.snplow.net *.pingdom.net *.woorank.com *.adobe.io *.adobedc.net *.youtube.com *.googleapis.com *.magento-ds.com performance.typekit.net *.sentry.io *.converse.cl *.google.cl *.hotjar.com wss://ws.hotjar.com *.hotjar.io stats.g.doubleclick.net *.google.com.co *.tiktok.com *.connectif.cloud *.bing.com notifications-icommkt.com track-icommkt.com *.crazyegg.com *.clarity.ms *.zdassets.com *.powerpay.pe apurata.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 7
script-src https://www.gstatic.com/ https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.gstatic.com/ https://translate.googleapis.com/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; default-src 'self'; frame-src https://docs.e-iepdata.com 'self'; font-src https://www.gstatic.com/ https://fonts.gstatic.com/ 'self'; img-src data: https: 'self'; connect-src https://*.e-iepdata.com https://www.gstatic.com/ https://csp.withgoogle.com https://translate.googleapis.com/ https://translate-pa.googleapis.com 'self'; 7
default-src * data: 'unsafe-inline' 'unsafe-eval' 7
default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://plenti-cms.herokuapp.com/v3 ws://localhost:3000 https://api.plenti.com.au https://cdn-assets-prod.s3.amazonaws.com https://cdn.prod.website-files.com https://*.browser-intake-datadoghq.com https://io.clickguard.com https://*.doubleclick.net https://stats.g.doubleclick.net https://rs.fullstory.com https://analytics.google.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://cdn.heapanalytics.com https://www.linkedin.com https://cdn.linkedin.oribi.io https://hello.myfonts.net https://*.pinterest.com https://*.tgtag.io https://api.trafficguard.ai https://vitals.vercel-insights.com/v1/vitals https://vimeo.com https://*.youtu.be https://*.youtube.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com ws://vts.zohopublic.com wss://vts.zohopublic.com; font-src 'self' data: https://cdn.prod.website-files.com https://css.zohocdn.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.bankstatements.com.au https://io.clickguard.com https://*.doubleclick.net https://bid.g.doubleclick.net https://stats.g.doubleclick.net https://optimize.google.com https://www.googletagmanager.com https://cdn.heapanalytics.com https://*.pinterest.com https://widget.trustpilot.com https://vercel.live https://player.vimeo.com https://*.youtu.be https://*.youtube.com https://forms.zohopublic.com https://hardship.plenti.com.au; img-src 'self' data: localhost https://p.adsymptotic.com https://bat.bing.com https://res.cloudinary.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.prod.website-files.com https://io.clickguard.com https://*.doubleclick.net https://www.facebook.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.google.com https://www.google.com.au https://www.google.pl https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://heapanalytics.com https://cdn.heapanalytics.com https://*.ads.linkedin.com https://*.pinterest.com https://trc.taboola.com https://*.tgtag.io https://assets.vercel.com https://i.ytimg.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com; media-src 'self' https://res.cloudinary.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-assets-prod.s3.amazonaws.com https://bat.bing.com https://io.clickguard.com https://www.datadoghq-browser-agent.com https://connect.facebook.net https://edge.fullstory.com https://rs.fullstory.com https://optimize.google.com https://tagmanager.google.com https://www.google.com https://www.google.com.au https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://cdn.heapanalytics.com https://snap.licdn.com https://s.pinimg.com https://tgtag.io https://*.tgtag.io https://widget.trustpilot.com https://vercel.live https://player.vimeo.com https://*.cloudfront.net https://*.youtu.be https://*.youtube.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com https://ajax.googleapis.com https://cdn.prod.website-files.com; style-src 'self' 'unsafe-inline' https://cdn.prod.website-files.com https://optimize.google.com https://tagmanager.google.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com; worker-src blob:; 7
... 7
default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 7
default-src 'self' blob:; img-src 'self' 'unsafe-eval' data: blob: stats.g.doubleclick.net *.trbo.com *.gstatic.com *.google.de *.google.com img.youtube.com *.eu-central-1.amazonaws.com *.bing.com *.clarity.ms photoservice.cloud *.google-analytics.com *.cdninstagram.com *.saal-digital.net *.saal-digital.com *.saal-digital.de *.photo-portal.shop http://localhost:60101 *.googleusercontent.com *.paypal.com *.paypalobjects.com *.hotjar.com *.facebook.com *.ytimg.com *.cookiepro.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.trbo.com *.saal-digital.net *.photo-portal.shop *.clarity.ms *.bing.com *.hotjar.com connect.facebook.net blob: *.cookiepro.com s3.eu-central-1.amazonaws.com photoservice.cloud *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.google.com *.paypalobjects.com *.paypal.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.eu-central-1.amazonaws.com *.eu-central-1.amazonaws.com photoservice.cloud *.cookiepro.com fonts.googleapis.com *.hotjar.com *.saal-digital.net; font-src 'self' *.eu-central-1.amazonaws.com photoservice.cloud oam-software.com om.ssw-software.com *.gstatic.com *.paypalobjects.com *.hotjar.com; connect-src 'self' data: blob: *.dropboxapi.com *.eu-central-1.amazonaws.com photoservice.cloud *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.cookiepro.com *.googleusercontent.com http://localhost:60139 http://localhost:60600 http://localhost:60111 http://localhost:60101 http://localhost:60200 http://localhost:49860 *.saal-digital.net *.photo-portal.shop *.saal-digital.net *.amazoncognito.com *.paypal.com *.clarity.ms c.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src *; object-src 'none'; 7
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.domain-robot.org https://maxcdn.bootstrapcdn.com  https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.google.com https://*.usercentrics.eu https://www.googleadservices.com https://snap.licdn.com https://*.facebook.net https://googleads.g.doubleclick.net https://*.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://t.co https://*.google.de https://*.google.com https://*.facebook.com https://seal.digicert.com blob: data: https://fonts.googleapis.com/css;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 7
img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data: 7
frame-ancestors 'self' https://mcnk64xr71xx8t-v1mr4dcx1zk84.pub.sfmc-content.com 7
script-src 'self' 'unsafe-eval' 'unsafe-inline' b2c.benuta.at b2c.benuta.ch b2c.benuta.co.uk b2c.benuta.cz b2c.benuta.de b2c.benuta.dk b2c.benuta.es b2c.benuta.eu b2c.benuta.fi b2c.benuta.fr b2c.benuta.it b2c.benuta.nl b2c.benuta.no b2c.benuta.pl b2c.benuta.pt b2c.benuta.se b2c.benuta.com connect.getflowbox.com www.googletagmanager.com tagmanager.google.com www.youtube.com www.google.com www.gstatic.com x.klarnacdn.net pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com load.sumo.com vercel.live bat.bing.com connect.facebook.net sumo.com cdn.vercel-insights.com *.sovendus.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://collector-37445.tvsquared.com *.tvsquared.com https://pixel.biano.it https://it.bianopixel.com dynamic.criteo.com sslwidget.criteo.com static.ads-twitter.com widget.reviews.io *.newrelic.com *.cnstrc.com cnstrc.com *.powerrobotflower.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com *.vimeo.com vimeo.com https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.mgr.consensu.org p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com snap.licdn.com sync.taboola.com s.analytics.yahoo.com; connect-src 'self' data: sockjs-us3.pusher.com *.sentry.io eu.playground.klarnaevt.com eu.klarnaevt.com https://wchat.freshchat.com *.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com www.google-analytics.com stats.g.doubleclick.net graphql.contentful.com *.ksearchnet.com ksearchnet.com www.google.com sumo.com ct.pinterest.com googleads.g.doubleclick.net bat.bing.com vitals.vercel-insights.com vercel.live *.pusher.com *.adyen.com wss://ws-us3.pusher.com *.klarnacdn.net *.klarna.com *.appspot.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com ws://127.0.0.1:53911 *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://p.biano.it https://it.bianopixel.com ads.x.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com tiktok.com public.app.priceshape.io measurement-api.criteo.com api.reviews.io *.nr-data.net *.googlesyndication.com *.cnstrc.com cnstrc.com *.powerrobotflower.com *.hyr.so *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.vimeo.com vimeo.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' data: tagmanager.google.com wchat.freshchat.com www.benuta.eu www.googletagmanager.com assets.reviews.io widget.reviews.io d1azc1qln24ryf.cloudfront.net d19ayerf5ehaab.cloudfront.net cdn.icomoon.io *.cnstrc.com cnstrc.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com; font-src 'self' data: assets.vercel.com assets.reviews.io d19ayerf5ehaab.cloudfront.net cdn.icomoon.io; prefetch-src 'self'; img-src 'self' blob: data: ssl.gstatic.com www.gstatic.com x.klarnacdn.net *.adyen.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.cloudfront.net googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com ct.pinterest.com bat.bing.com media.sumo.com assets.vercel.com b2b.benuta.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com *.getflowbox.com https://collector-37445.tvsquared.com *.tvsquared.com checkoutshopper-live.adyen.com x.klarnacdn.net images.ctfassets.net downloads.ctfassets.net downloads.ctfassets.net www.paypalobjects.com www.checkoutshopper-live.adyen.com *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com *.b2b.benuta.com checkoutshopper-live.adyen.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com t.co *.cnstrc.com cnstrc.com *.reviews.co.uk *.reviews.io *.powerrobotflower.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.mgr.consensu.org p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com snap.licdn.com sync.taboola.com s.analytics.yahoo.com; media-src 'self' videos.ctfassets.net *.vimeo.com vimeo.com; manifest-src 'self' 7
font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com use.fontawesome.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors www.paypalobjects.com https://auth.services.adobe.com/ 'self'; form-action https://enews.dynatrap.com/ https://enews.terro.com/ https://enews.victorpest.com/ https://enews.havahart.com/ https://enews.mosquitomagnet.com/ https://enews.perkypet.com/ https://enews.saferbrand.com/ https://enews.zarebasystems.com/ https://enews.vlink.victorpest.com/ https://enews.woodstreambrands.ca/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src api.tiles.mapbox.com widget.freshworks.com *.usablenet.com *.udev1a.net https://fonts.googleapis.com/ https://*.typekit.net/ *.adobe.com fonts.googleapis.com *.sharethis.com   assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com use.fontawesome.com cdn.listrakbi.com cdn.pricespider.com https://js.klevu.com 'self' 'unsafe-inline'; script-src *.pricespider.com api.tiles.mapbox.com snap.licdn.com widget.freshworks.com *.udev1a.net https://www.google.com/ https://www.gstatic.com/ https://commerce.adobedtm.com/ https://app.jazz.co/ *.marketingcloudfx.com c.amazon-adsystem.com https://s.pinimg.com/ct/core.js ct.pinterest.com s.pinimg.com/ct/ *.usablenet.com bam.nr-data.net js-agent.newrelic.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.klevu.com *.ksearchnet.com maps.googleapis.com *.googleapis.com *.maxmind.com services.listrak.com *.listrakbi.com *.tiktok.com *.bing.com *.hotjar.com connect.facebook.net wtbevents.pricespider.com locate.pricespider.com cdn.leadmanagerfx.com agent.marketingcloudfx.com use.fontawesome.com *.truevaultcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.cdninstagram.com *.adobe.com player.vimeo.com download-video.akamaized.net https://download-video-ak.vimeocdn.com/v3-1/playback/9fd159ef-cfc8-425b-b81d-00002b57d3dd/9f99cd6f-bf6cd135 'self' 'unsafe-inline'; img-src bat.bing.com *.google.ca *.pricespider.com px.ads.linkedin.com *.cdninstagram.com *.mapbox.com   cdnjs.cloudflare.com  polaris.truevaultcdn.com https://samples.woodstream.com/ *.google.com.ua *.google.pl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com   www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.klevu.com *.ksearchnet.com flagpedia.net maps.gstatic.com www.facebook.com *.google.com *.usablenet.com www.dynatrap.com *.listrakbi.com www.gstatic.com www.zarebasystems.com maps.googleapis.com www.woodstream.com www.woodstreampartnerportal.com www.woodstreampartnerportal.ca www.terro.com www.victorpest.com www.havahart.com www.mosquitomagnet.com www.perkypet.com www.saferbrand.com vlink.victorpest.com www.woodstreambrands.ca storage.googleapis.com mediacdn.espssl.com *.woodstreampartnerportal.com s7d2.scene7.com data: 'self' 'unsafe-inline'; frame-src www.paypalobjects.com s.amazon-adsystem.com https://a40.usablenet.com/ https://ws-nameplate-printer.netlify.app/ services.listrak.com player.flipsnack.com https://auth.services.adobe.com/ www.facebook.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.googleapis.com *.google.com *.weltpixel.com *.usablenet.com 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net content.hotjar.io *.hotjar.com bat.bing.com cdn.linkedin.oribi.io widget.freshworks.com vc.hotjar.io woodstream.freshdesk.com https://commerce.adobedc.net/ https://commerce.adobe.io/ https://graph.instagram.com/ https://prod-29.westus.logic.azure.com/ *.webpagefx.org https://us-central1-ws-m2-dev-migration-map.cloudfunctions.net https://instagramfeed-lvc56rmsca-uc.a.run.app *.pricespider.com cdnjs.cloudflare.com  https://pagead2.googlesyndication.com/ https://prod-180.westus.logic.azure.com/ googleads.g.doubleclick.net js.go2sdk.com *.amazon-adsystem.com ara.paa-reporting-advertising.amazon *.google-analytics.com https://www.facebook.com/ *.truevaultcdn.com *.mapbox.com *.marketingcloudfx.com *.leadmanagerfx.com bam.nr-data.net *.tiktok.com recs.listrakbi.com *.mmapiws.com paypal.com *.googleapis.com maps.googleapis.com https://ct.pinterest.com/v3/ https://ct.pinterest.com/user/ ws://localhost:* dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.klevu.com *.ksearchnet.com www.gstatic.com *.tiktok.com recs.listrakbi.com wss://*.hotjar.com/ 'self' 'unsafe-inline'; 7
frame-ancestors 'self' http://*.elsevier.es/ 7
frame-ancestors https://app.pendo.io; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io;  font-src 'self' https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io  https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; frame-src 'self' https://app.pendo.io; worker-src 'self' 7
default-src 'self' data: blob: ; worker-src 'self' data: blob: ; font-src 'self' *.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com consent.trustarc.com https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com *.nr-data.net *.datadome.co *.captcha-delivery.com *.googletagmanager.com *.jquery.com *.cloudflare.com s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com *.sardine.ai https://*.hotjar.com; script-src-attr 'unsafe-inline'; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com *.nr-data.net stats.g.doubleclick.net *.datadome.co *.blackhawknetwork.com *.sardine.ai *.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com data: s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com *.googleapis.com maps.gstatic.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com *.googleapis.com www.googletagmanager.com unpkg.com https://*.hotjar.com; frame-src *; object-src 'none';media-src 'self' *.iesnare.com data:; frame-ancestors 'self' cardholder.jokercard.ca;base-uri 'self'; form-action 'self';upgrade-insecure-requests 7
default-src 'self' * blob: data:; script-src * about: 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src * data: blob:; media-src * blob:; frame-ancestors 'self'; upgrade-insecure-requests 7
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 7
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none', frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 7
connect-src 'self' at-cdn14.streamdiver.com https://eu-api.friendlycaptcha.eu tools.investis.com https://*.verbund.com https://verbund.matomo.cloud https://cdn.matomo.cloud/ https://consent.verbund.com/ https://region1.google-analytics.com/ https://www.google.com/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net/; default-src 'self'; font-src 'self' https://consent.verbund.com/; frame-src 'self' base.streamdiver.com my.walls.io irs.tools.investis.com https://www.googletagmanager.com/ https://td.doubleclick.net/; img-src 'self' https://www.foto-webcam.eu https://kaprun.it-wms.com tile.geofabrik.de data: https://jobdata.prescreen.io https://content.prescreen.io https://chcloudverbundprod.blob.core.windows.net https://*.verbund.com https://a.storyblok.com https://consent.verbund.com/ https://www.google.at/ https://www.google.com; media-src 'self' data: blob: *;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.walls.io/ https://*.verbund.com/ https://verbund.matomo.cloud https://cdn.matomo.cloud/ https://consent.verbund.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://verbund.matomo.cloud https://cdn.matomo.cloud/ https://consent.verbund.com/; worker-src blob: 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 7
default-src 'self' 'unsafe-inline' https://* data: wss://*.hotjar.com; frame-ancestors 'none',frame-ancestors 'self' 7
upgrade-insecure-requests; frame-ancestors: self 7
default-src * https: data: blob: wss: 'unsafe-inline' 7
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.cloudsend.pro https://api.customer-core.sky-services.cc https://www.googletagmanager.com https://www.google-analytics.com;    style-src 'self' 'unsafe-inline';    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    upgrade-insecure-requests; 7
default-src *; font-src 'self' data: https://static.opencityitalia.it https://fonts.gstatic.com https://acsbapp.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; img-src * 'self' data: https: blob: 7
frame-ancestors *;  report-uri /log/csp-violation 7
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com github.githubassets.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/ 6
report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' apis.roblox.com roblox.com *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com js.rbxcdn.com js.stripe.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com arkoselabs.roblox.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net cdn.veriff.me *.lightstep.com client-api.arkoselabs.com api.arkoselabs.com *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com; img-src 'self' data: *.cloudfront.net *.gilcdn.com *.gldcdn.com *.google-analytics.com *.google.com *.kaptcha.com *.rblx.org *.rbxcdn.com *.roblox.com *.robloxlabs.com googleads.g.doubleclick.net i.ytimg.com www.googletagmanager.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat *.stripe.com *.tarobicdn.com *.tarobidevsandboxcdn.com www.facebook.com *.snapchat.com; connect-src 'self' *.roblox.com *.robloxlabs.com *.rblx.org *.rbx.com *.rbxcdn.com *.roblox.cn *.simulpong.com *.lightstep.com *.ns1p.net *.arkoselabs.com *.kaptcha.com *.google.com *.google-analytics.com *.doubleclick.net *.sentry.io wss://realtime.roblox.com wss://realtime.sitetest1.robloxlabs.com wss://realtime.sitetest2.robloxlabs.com wss://realtime.sitetest3.robloxlabs.com wss://realtime-signalr.roblox.com *.braintree-api.com *.braintreegateway.com d1q2u37vreaobr.cloudfront.net funcaptcha.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com; 6
upgrade-insecure-requests; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src 'self' https://assets.guim.co.uk https://pasteup.guim.co.uk https://interactive.guim.co.uk https://dashboard.ophan.co.uk data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none'; base-uri 'none' 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com 6
default-src 'self' *.livejournal.com *.livejournal.net *.dsp-rambler.ru *.google.com google.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru *.tiktok.com tiktok.com *.youtube.com youtube.com; script-src 'self' *.livejournal.com *.livejournal.net *.adfox.ru *.adlooxtracking.com adlooxtracking.com *.adlooxtracking.ru adlooxtracking.ru ad.mail.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org cdn.jsdelivr.net cdnjs.smi2.ru content.adriver.ru *.criteo.com *.criteo.net data.24smi.net *.doubleclick.net *.dropbox.com dsp-rambler.ru *.dsp-rambler.ru *.exelator.com *.facebook.com vk.com *.facebook.net gist.github.com googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.google.ru *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.googletagservices.com *.gstatic.com *.instagram.com js.mamydirect.com jsn.24smi.net *.lj.ru mc.yandex.com mc.yandex.ru *.newrelic.com *.nr-data.net *.ok.ru openstat.net pingback.giphy.com *.pingdom.com *.pingdom.net *.pinterest.com *.plista.com privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg r.mradx.net *.rnet.plus *.rubiconproject.com r.webturn.ru *.scorecardresearch.com sdk.canva.com *.services.livejournal.com smi2.ru ssl.p.jwpcdn.com static.smi2cdn.ru static.smi2.net static.xx.fbcdn.net stat.media telegram.org tiktokcdn-us.com *.tiktok.com tiktok.com tns-counter.ru *.top100.ru top-fwz1.mail.ru tpc.googlesyndication.com *.ttwstatic.com twemoji.maxcdn.com *.twimg.com *.twitter.com *.videos.livejournal.com *.vk.com *.weborama.fm weborama.fm *.weborama.fr weborama.fr *.weborama.ru weborama.ru *.weborama-tech.ru weborama-tech.ru *.webturn.ru *.webvisor.org *.yahooapis.com *.yandex.ru yandex.ru yastatic.net ymetrica.com *.youtube.com youtube.com z.moatads.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src blob: http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src 'self' *.livejournal.com *.livejournal.net ad.adriver.ru ad.mail.ru *.ad-tech.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org *.criteo.com csi.gstatic.com data00.adlooxtracking.com dsp-rambler.ru *.dsp-rambler.ru *.eaglecdn.com export-download.canva.com *.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com graph.facebook.com gstatic.com *.lj.ru lj.stat.eagleplatform.com mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.ru pingback.giphy.com *.pingdom.net privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg *.rnet.plus *.services.livejournal.com *.ssp.rambler.ru ssp.rambler.ru static-mon.yandex.net static.xx.fbcdn.net stat.media stats.g.doubleclick.net smi2.net smi2.ru sve.online.sberbank.ru *.tiktok.com tiktok.com top-fwz1.mail.ru *.twitter.com *.webturn.ru *.webvisor.org wss://www.livejournal.com yandexmetrica.com yandexmetrica.com:29010 yandexmetrica.com:30103 *.yandex.ru yandex.ru yastatic.net ymetrica1.com ymetrica.com *.youtube.com youtube.com; report-uri https://www.livejournal.com/csp_reports; report-to livejournal; media-src http: https: data: storage.mds.yandex.net; frame-ancestors 'self'; worker-src 'self' blob:; object-src 'self' blob: *.livejournal.net youtube.com *.youtube.com; child-src 'self' blob:; 6
frame-ancestors 'self' *.dynatrace.org *.dynatrace.com *.dynatrace.cn 6
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 6
frame-ancestors 'self' https://*.scaleway.com http://localhost:9000 http://localhost:9001; 6
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://cdn.mouseflow.com https://static.cloudflareinsights.com https://assets.adobedtm.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://pi.pardot.com https://static.ads-twitter.com https://go.elsevier.com https://script.leadboxer.com https://activitymap.adobe.com https://www.googleadservices.com https://digitalfeedback.us.confirmit.com https://www.surveygizmo.eu https://dotcom.tags.elsevier.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com; img-src 'self' data: https://secure-ecsd.elsevier.com images.ctfassets.net https://smetrics.elsevier.com metrics.elsevier.com https://cm.everesttech.net https://cdn.cookielaw.org https://cdn.nonprod.3d4medical.com https://cdn.3d4medical.com *.google-analytics.com https://dpm.demdex.net https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.nl https://t.co https://analytics.twitter.com https://id.rlcdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://bam.nr-data.net https://osmose-it.s3.amazonaws.com https://survey.us.confirmit.com https://px4.ads.linkedin.com https://www.googleadservices.com https://www.googletagmanager.com https://dotcom.tags.elsevier.com; font-src 'self'; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://dpm.demdex.net elsevierlimited.tt.omtrdc.net https://smetrics.elsevier.com https://bam.nr-data.net *.notify.elsevier.com *.google-analytics.com https://account.elsevier.com https://account.staging.ecommerce.elsevier.com https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com localhost:* *.snplow.net https://tag-logger.demandbase.com https://kibana.leadboxer.com https://pagead2.googlesyndication.com https://digitalfeedback.us.confirmit.com https://adservice.google.com https://px.ads.linkedin.com https://o2.mouseflow.com https://widgixeu-beacon.s3.amazonaws.com https://business.api.elsevier.com https://gtm-dotcom.staging.webpresence.elsevier.com https://dotcom.tags.elsevier.com https://www.google.com/ccm/collect; media-src 'self' videos.ctfassets.net assets.ctfassets.net; object-src 'none'; frame-ancestors 'self' https://app.contentful.com https://3d4medical.com https://completeanatomy.cn; frame-src 'self' https://elsevierlimited.tt.omtrdc.net https://campaigns.elsevier.com https://www.googletagmanager.com https://elsevier.demdex.net https://www.facebook.com https://s.company-target.com https://activitymap.adobe.com https://td.doubleclick.net https://survey.alchemer.eu; base-uri 'self'; form-action 'self'; 6
media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; 6
frame-ancestors 'self' www.united-internet-media.de adimg.uimserv.net advideo.uimserv.net 6
worker-src * 6
frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://sites.dev.penguinrandomhouse.com/ https://sites.tst.penguinrandomhouse.com/ https://sites.prh.com/ https://iteratehq.com/ *.penguinrandomhouse.com *.dev.penguinrandomhouse.com *.tst.penguinrandomhouse.com 6
default-src 'self' 'unsafe-inline' 'unsafe-eval'              *.nextdoor.com              *.smarty.com              *.crazyegg.com              *.invocacdn.com              *.invoca.net              *.statistinamics.com              static.traversedlp.com              api.traversedlp.com              js.alocdn.com              p.alocdn.com  https://cableone1615402851.zendesk.com/  https://zendesk-eu.my.sentry.io              *.zendesk.com  https://fidelitycommunications.referralrock.com/  https://apps.sitecore.net              *.office.com              *.google.com              *.hsforms.com              *.hsforms.net              *.slgnt.us              *.youtube.com              *.googletagmanager.com              *.sparklight.com              *.zdassets.com              *.googleapis.com              snapwidget.com              fonts.googleapis.com              maps.gstatic.com              cableone.zendesk.com              wss://widget-mediator.zopim.com             *.zopim.com              static.ada.support              sparklight.ada.support              rollout.ada.support              sentry.io  www.cableone.net              *.zopim.com              *.bing.com              *.google-analytics.com              static.hotjar.com              *.googleadservices.com              *.facebook.net              cltgtstor001.blob.core.windows.net              *.adsrvr.org              *.doubleclick.net              *.hotjar.com              cdn.polyfill.io              *.slgnt.us              *.speedtestcustom.com              *.clarity.ms              sparklight.slgnt.us              code.jquery.com              cdnjs.cloudflare.com              woobox.com              *.smartmove.us              jsonip.com              *.wufoo.com              *.gstatic.com              *.googleoptimize.com              optimize.google.com              wss://*.hotjar.com              *.hotjar.io              blob:              dev.visualwebsiteoptimizer.com              *.cognitivlabs.com             *.smooch.io             *.zendesk.com             *.ipify.org             *.zdassets.com             *.visualwebsiteoptimizer.com             wss://api.smooch.io;         style-src 'self' 'unsafe-inline'              *.crazyegg.com              *.googleapis.com              stackpath.bootstrapcdn.com              use.fontawesome.com              *.smartmove.us              *.google.com;          img-src 'self' data:              cableone1615402851.zendesk.com              *.crazyegg.com              dev.visualwebsiteoptimizer.com              v2assets.zopim.io              *.gstatic.com  www.cableone.net  www.sparklight.com  www.facebook.com              *.google-analytics.com              *.google.com              cableone.zendesk.com              *.smartmove.us              ctam.demdex.net              *.googletagmanager.com              *.clarity.ms              *.bing.com              *.hsforms.com              *.doubleclick.net              *.nextdoor.com             *.rlcdn.com             *.cognitivlabs.com             *.zdassets.com             *.ada.support             *.gravatar.com;          font-src 'self' 'unsafe-inline'  https://fonts.gstatic.com              use.fontawesome.com;          upgrade-insecure-requests;          block-all-mixed-content; 6
default-src * 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.prebanco.com.br *.adobedtm.com *.bing.com *.google.com *.google.com.br *.facebook.com *.facebook.net *.youtube.com *.youtube.com.br *.tiktok.com *.googleapis.com https://fonts.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com static.ads-twitter.com *.doubleclick.net *.rybena.com.br *.navdmp.com t.co https://banco.bradesco *.bradesco.com.br *.banco.bradesco *.interneth.bradesco.com.br *.bradescopessoajuridica.com.br *.bradescocelular.com.br *.omny.fm *.ggpht.com *.ytimg.com https://turn2c-sandbox.com https://wa.onelink.me https://apps.sae1.pure.cloud *.virtualearth.net https://bancobradesco.tt.omtrdc.net https://dpm.demdex.net https://www.unibrad.com.br/; img-src * 'self' data: https:; font-src * 'self' data:; 6
frame-ancestors 'self' https://easyweb.td.com https://banquenet.td.com 6
frame-ancestors https://*.blackboard.com https://*.anthology.com; 6
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 6
default-src 'self' data: blob:; 6
frame-ancestors 'self';upgrade-insecure-requests; report-uri https://l.iplsc.com/logger/ 6
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://*.streamlock.net/ https://*.ingest.sentry.io https://*.zeturf.com https://*.zeturf.be https://maps.googleapis.com https://zz.connextra.com https://*.clarity.ms https://*.bing.com https://www.facebook.com https://*.zdassets.com https://*.zendesk.com wss://*.zendesk.com https://privacy.trustcommander.net https://privacy.commander1.com/ https://collect.commander1.com/ https://*.xiti.com/; frame-src 'self' https://consentcdn.cookiebot.com/ https://vision.prod.thebetmakers.com/ https://api-vcs-awstbmtst002.mugbookie.com/ https://www.youtube.com/ https://www.googletagmanager.com/ https://td.doubleclick.net https://www.facebook.com https://*.zendesk.com; img-src 'self' https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com/ https://www.google.fr https://www.google.com https://cdnjs.cloudflare.com https://maps.gstatic.com https://maps.googleapis.com https://*.googleusercontent.com data: blob: https://*.zeturf.com https://*.zeturf.be https://*.ytimg.com https://zz.connextra.com https://*.adnxs.com https://*.bidr.io https://www.facebook.com https://connect.facebook.net https://*.cookiebot.com https://*.clarity.ms https://*.bing.com https://www.paypalobjects.com https://*.zdassets.com https://*.zendesk.com https://*.zdusercontent.com https://manager.tagcommander.com/; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/ https://github.com https://*.zeturf.com https://*.zeturf.be; media-src 'self' https://*.streamlock.net/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.jsdelivr.net https://maps.googleapis.com https://*.cookiebot.com https://*.zeturf.com https://*.zeturf.be https://*.sentry-cdn.com https://connect.facebook.net https://static.ads-twitter.com https://zz.connextra.com https://*.clarity.ms https://*.zdassets.com https://*.zendesk.com https://cdn.tagcommander.com https://cdn.trustcommander.net https://tag.aticdn.net https://ga.jspm.io/ blob: data:; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://*.zeturf.com https://*.zeturf.be 6
frame-ancestors 'self' https://*.analog.com 6
default-src * 'unsafe-inline' 'unsafe-eval' data:; 6
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 6
frame-ancestors 'self' *.telekurier.at; 6
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: about:; frame-src 'self' *; worker-src blob:; object-src https://wnyc-project-prod.s3.amazonaws.com; frame-ancestors 'self' localhost *; media-src 'self' *; 6
frame-ancestors 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au https://keepersecurity.jp https://keepersecurity.ca; 6
frame-ancestors test.lightstream.com www.lightstream.com; 6
frame-ancestors https://app.storyblok.com; 6
frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com https://siteblocks.com; 6
frame-ancestors https://app.storyblok.com 6
default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src     'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net;style-src   'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *; 6
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 6
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 6
frame-ancestors 'self' https://www.johnsoncontrols.com 6
frame-ancestors 'none'; object-src 'none' 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rtx.com https://*.raytheon.com https://*.rtxapps.com blob: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://*.crazyegg.com https://ipmeta.io https://*.licdn.com https://*.linkedin.com https://static.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://www.googleadservices.com https://*.twimg.com https://*.twitter.com https://rockwellcollinsaerospace.us-7.evergage.com https://static.ctctcdn.com https://listgrowth.ctctcdn.com https://visitor2.constantcontact.com/api/v1/signup_forms/209bf8ea-ae37-4c00-b293-172a892f887b https://siteimproveanalytics.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: data: https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/development/scripts/evergage.min.js  https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/production/scripts/evergage.min.js;          img-src 'self' https://*.rtx.com data: www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.linkedin.com https://p.adsymptotic.com https://*.licdn.com https://t.co https://www.facebook.com https://*.twimg.com https://*.twitter.com https://static.ctctcdn.com https://*.siteimproveanalytics.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.ggpht.com data:;            style-src 'self' 'unsafe-inline' https://*.rtx.com https://*.raytheon.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.licdn.com https://*.twitter.com https://*.twimg.com https://static.ctctcdn.com;            font-src 'self' https://*.rtx.com https://cdnjs.cloudflare.com https://fonts.gstatic.com;            frame-src 'self' https://app.prattwhitney.com https://*.twitter.com https://*.fls.doubleclick.net https://*.rtx.com https://*.youtube.com/ https://*.raytheon.com https://www.rockwellcollins.com https://*.salesforce.com *.google.com; upgrade-insecure-requests; block-all-mixed-content; worker-src blob: ; 6
base-uri 'self'; object-src 'none'; frame-ancestors 'self'; 6
frame-ancestors 'self' *.brandwatch.com https://insights.hotjar.com; object-src 'none'; form-action 'self'; 6
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'self'; block-all-mixed-content 6
upgrade-insecure-requests; frame-ancestors 'self' https://*.xn--d1aqf.xn--p1ai 6
frame-ancestors 'self' https://*.emerson.com https://*.emerson.cn https://*.emerson.co.jp https://*.emerson.kr https://*.ariba.com https://*.tradecentric.com https://mypunchoutsite.com https://*.coupahost.com https://*.determine.com https://*.gep.com https://emerson.pathfactory.com https://*.jaggaer.com https://*.sciquest.com https://*sp24.phitr.com https://*sp15.phibred.com 6
default-src 'self' data: ; child-src 'self' blob: ; img-src * data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://remote.captcha.com https://hcaptcha.com https://*.hcaptcha.com blob: ; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com ; base-uri 'none' ; font-src 'self' data: ; form-action 'self' ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com blob: ; frame-ancestors 'self' ; connect-src 'self' https://xmpp.contactoffice.com https://hcaptcha.com https://*.hcaptcha.com https://blockchain.info https://api.coinlayer.com https://api.friendlycaptcha.com ; 6
child-src 'self' https://*.ringcentral.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://e.issuu.com https://*.recaptcha.net https://*.snapchat.com https://*.translate.naver.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://www.shoplooks.com https://s1.thcdn.com https://d2d7do8qaecbru.cloudfront.net https://tpc.googlesyndication.com https://api.bam-x.com https://www.awin1.com blob: https://gum.criteo.com https://www.pinterest.com https://www.pinterest.co.uk https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://maybelline-uk.beauty-campaigns.com https://qlic.it https://*.abtasty.com https://ct.pinterest.com https://ams.creativecdn.com https://tr.snapchat.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.provenance.org; connect-src 'self' wss://*.ringcentral.com https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.baidu.com https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://mc.yandex.ru https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://ct.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.parcellab.com https://www.google.co.uk https://analytics.tiktok.com https://smct.co https://*.smct.co https://api.bam-x.com https://*.contentsquare.net https://tr.snapchat.com https://ampcid.google.com.tw https://ampcid.google.com.hk https://ampcid.google.cn https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.criteo.com https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.criteo.net https://*.obsess-vr.com https://di.rlcdn.com https://api.rlcdn.com https://t.rlcdn.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.abtasty.com https://*.modiface.com https://us-east4-modiface-production.cloudfunctions.net https://sgtm.lookfantastic.com https://ml-services-grpc-gateway-4mhosmzo.nw.gateway.dev https://ams.creativecdn.com https://tr6.snapchat.com https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://api.provenance.org https://www.provenance.org https://api.segment.io https://appsignal-endpoint.net https://*.ringcentral.com; default-src https://*.lpsnmedia.net; font-src 'self' data: https://*.thcdn.com https://fonts.gstatic.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://static.thgcdn.cn data: https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net https://cdn.obsess-vr.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://shadematching.modiface.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com; form-action 'self' https://www.facebook.com https://*.lookfantastic.com https://www.glossybox.co.uk https://www.glossybox.se https://www.glossybox.com https://connect.facebook.net https://*.snapchat.com https://www.lookfantastic.com.sg https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk https://www.lookfantastic.cn https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://res.cloudinary.com https://www.provenance.org https://*.ringcentral.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob: https://static.thgcdn.cn https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://cdn.obsess-vr.com https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai https://*.lookfantastic.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.translate.naver.net https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.bing.com https://*.doubleclick.net https://s.pinimg.com https://static.ads-twitter.com https://*.google.co.uk https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.thgcdn.cn https://*.liveperson.com https://tpc.googlesyndication.com https://static.narrativ.com https://*.obsess-vr.com https://static.goqubit.com https://*.qubit.com https://*.contentsquare.net https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://app.contentsquare.com https://cdn.pubnub.com https://assets.dekopay.com https://*.modiface.com blob: https://*.abtasty.com https://tr.snapchat.com https://sgtm.lookfantastic.com https://tags.creativecdn.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://unpkg.com/@provenance/ https://consent.cookiebot.com https://www.provenance.org https://*.ringcentral.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://*.shoplooks.com https://*.translate.naver.net https://*.googleapis.com https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net https://cdn.obsess-vr.com https://modules.obsess-vr.com https://*.abtasty.com https://*.gstatic.com https://cms-cdn.modiface.com https://fonts.googleapis.com https://fonts.smct.io https://*.ringcentral.com; upgrade-insecure-requests; report-to report-endpoint 6
frame-ancestors dev.mwcbarcelona.com www.mwcbarcelona.com mwcbarcelona.com dev.mwc-africa.com www.mwc-africa.com mwc-africa.com dev.mwclasvegas.com www.mwclasvegas.com mwclasvegas.com dev.gsmaevents.com www.gsmaevents.com staging.gsmaevents.com gsmaevents.com gsma.force.com gsma.my.site.com 6
https: 6
default-src https: 'unsafe-inline' 6
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.azureedge.net *.monitor.azure.com *.livechatinc.com https://static.meiqia.com secure-fra.livechatinc.com *.google.com *.gstatic.com/ https://cdn.matomo.cloud https://hms.matomo.cloud https://cdn.cookielaw.org/ https://hm.baidu.com/ https://snap.licdn.com/ https://cdn.leadinfo.net https://*.ldnfrpl.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api https://cdn.matomo.cloud; font-src 'self' data: api.stockdio.com *.googletagmanager.com *.gstatic.com https://at.alicdn.com/ https://cdn.leadinfo.net; connect-src 'self' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.onetrust.com dc.services.visualstudio.com *.azureedge.net *.hms-networks.com https://api.instatus.com  *.meiqia.com *.livechatinc.com https://hms.matomo.cloud/ https://cdn.cookielaw.org/ https://px.ads.linkedin.com/ wss://camorope-client-a.meiqia.com/ https://collector.leadinfo.net www.hms-networks.cn https://api.leadinfo.com https://*.ldnfrpl.com https://li-replay.s3-accelerate.amazonaws.com https://www.google.com/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com; img-src 'self' data: blob: *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.azureedge.net *.meiqia.com *.cookielaw.org https://cdn.cookielaw.org/ https://hm.baidu.com/ https://px.ads.linkedin.com/ https://tenant-assets.meiqiausercontent.com/ https://cdn.livechat-static.com/ https://cdn.livechat-files.com/ https://*.meiqiausercontent.com https://cdn.files-text.com/  https://collector.leadinfo.net https://cdn.leadinfo.net https://www.google.com/ https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src 'self' 'unsafe-inline' api.stockdio.com *.googletagmanager.com *.googleapis.com https://cdn.leadinfo.net https://cdn.insight.sitefinity.com https://dec.azureedge.net; frame-src 'self' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.azureedge.net *.bihl-wiedemann.de secure-fra.livechatinc.com *.google.com https://www.youtube.com warranty.hms-networks-data.com https://td.doubleclick.net/; media-src 'self' data: blob: *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.azureedge.net https://static.meiqia.com/; child-src 'self' blob: *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.bihl-wiedemann.de 6
frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com 6
default-src bf11981lkb.bf.dynatrace.com *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.demdex.net *.day.com *.everesttech.net *.scene7.com *.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.ski-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com *.teads.tv brp.my.salesforce-sites.com cdn.jsdelivr.net stconsumercaseapip01.blob.core.windows.net arttrk.com *.yimg.com www.filepicker.io *.unchartedsociety.com *.qualtrics.com sp.analytics.yahoo.com *.adsrvr.org alb.reddit.com *.googlesyndication.com *.attribution.adswizz.com *.contentsquare.net data.adxcel-ec2.com s.pinimg.com yulvr.ca www.redditstatic.com  ct.pinterest.com *.axept.io *.axeptio.eu axeptio.imgix.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self'; 6
default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com; worker-src * blob:; style-src * 'unsafe-inline'; 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' 6
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.hotjar.com https://in.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hubspot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com *.hubspot.com; media-src 'self' data: blob:; frame-src 'self' https://interactive-img.com https://www.youtube.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.mktoresp.com https://*.google-analytics.com https://*.analytics.google.com https://*.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.hscollectedforms.net https://*.googletagmanager.com; 6
default-src data: https: blob: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; report-uri /_csp; report-to default 6
frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com https://hyland.highspot.com https://view-su2.highspot.com; 6
frame-ancestors 'self' https://web.telegram.org 6
img-src 'self' data: https:; 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.everbridge.com https://*.everbridge.net https://*.g2crowd.com https://*.site.com https://*.salesforce-sites.com https://cdn.cookielaw.org https://*.onetrust.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.adsymptotic.com https://bestinenterpriseresilience.com https://*.bestinenterpriseresilience.com https://secure.adnxs.com https://*.cookiebot.com https://*.addtoany.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io https://www.g2.com  https://*.linkedin.com https://snap.licdn.com https://*.marketo.net https://*.marketwire.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://analytics.twitter.com https://static.ads-twitter.com https://*.driftt.com https://*.hotjar.com https://*.6sense.com https://*.6sc.co https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://www.comparably.com https://*.itcentralstation.com https://www.peerspot.com https://cdn.amcharts.com https://*.gravatar.com https://*.cdninstagram.com https://*.instagram.com https://player.simplecast.com https://*.vimeo.com https://vpn.seminolecountyfl.gov/ https://*.youtube.com https://*.ytimg.com https://*.zoominfo.com https://t.co/i/adsct https://*.gstatic.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.linkedin.oribi.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://*.adsrvr.org https://script.googleusercontent.com https://*.ziftsolutions.com https://*.ziftmarcom.com https://*.ziftone.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; media-src 'self' https://js.driftt.com; object-src 'self' https://*.everbridge.com;  style-src 'self' 'unsafe-inline' https://*.everbridge.com https://*.site.com https://*.force.com https://*.salesforce-sites.com https://fonts.googleapis.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.google-analytics.com https://static.addtoany.com https://*.marketo.com https://*.ziftsolutions.com;  6
frame-ancestors 'self' https://cms.nextmedia.com.au; 6
frame-ancestors www.kaufland.de www.kaufland-pp.de media.kaufland.de media.kaufland.com wissen-kaufland.kcenter.usu.com kaufland.staffbase.com 'self' 6
object-src 'none'; form-action 'self'; frame-ancestors 'none' 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.orsted.com *.azureedge.net orsted.com.au *.app.cookieinformation.com tools.euroland.com cdn.appdynamics.com *.eum-appdynamics.com www.googletagmanager.com *.gstatic.com www.googleoptimize.com www.googleadservices.com *.googleapis.com *.bing.com *.doubleclick.net *.t.co *.pardot.com *.youtube.com *.linkedin.com *.twitter.com *.globenewswire.com orsted.23video.com report.23video.com delivery.twentythree.com orsted.containers.piwik.pro orsted.piwik.pro *.crazyegg.com unpkg.com cs.lf-discover.com *.puzzel.com *.arcgis.com code.jquery.com *.lfeeder.com orsted-global-graduate-programme.simplecast.com omny.fm cdnjs.cloudflare.com *.bootstrapcdn.com *.defgo.com *.defgo.net *.vimeo.com presscloud.com *.ritzau.dk *.simplecast.com *.elnet.danskenergi.dk *.sli.do *.audioboom.com *.licdn.com *.adsrvr.org *.soundcloud.com *.google.com *.google.com.my *.google.nl *.google.dk; 6
default-src 'self' https://mw-ar-recom-prod.pgapi.io/; style-src 'self' 'unsafe-inline' *; img-src https://* 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; frame-ancestors * 'self' data: https: blob: 6
'self' 6
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 6
block-all-mixed-content; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 6
default-src 'self' 'unsafe-inline' *.2degreesmobile.co.nz *.2degreesbroadband.co.nz *.2degrees.nz *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.lift.acquia.com *.sentry.io *.addsearch.com *.qualtrics.com *.youtube.com unpkg.com *.nice-incontact.com staticcdn.co.nz *.doubleclick.net *.google.com *.hotjar.com *.newrelic.com *.bugsnag.com *.nr-data.net *.googleadservices.com *.segment.com *.segment.io *.amplitude.com *.contentsquare.net *.youtube-nocookie.com  *.rawgit.com *.licdn.com blob: wss: *.googleapis.com *.facebook.net *.fullstory.com chosen.css *.jquery.js; object-src 'none'; img-src * data: 6
default-src 'self' https:; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; form-action 'self' https:; frame-src 'self' https:; frame-ancestors 'self' *.ahc.root.loc *.dirsvcs.org *.epichosted.com; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: wss:; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 6
default-src ‘self’; object-src ‘none'; form-action 'none’; report-to csp-endpoint; 6
upgrade-insecure-requests; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 6
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 6
frame-ancestors 'self' https: 6
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 6
object-src 'self'; manifest-src 'self'; worker-src 'self' blob: https://customer-t79v13gisi5h8yrx.cloudflarestream.com; font-src 'self' data: https://fonts.gstatic.com;; frame-ancestors 'self'; 6
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; 6
default-src 'self' 'unsafe-inline'; 6
default-src https:; font-src 'unsafe-inline' https: data:; child-src https: blob:; connect-src https: blob:; worker-src https: blob:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https:; object-src; base-uri 'none'; style-src 'unsafe-inline' https: data:; img-src https: data:; 6
default-src https: 'unsafe-inline'; frame-ancestors 'self' 6
upgrade-insecure-requests; base-uri 'none'; default-src 'self' https://*.crazyegg.com; connect-src 'self' https: ws: https://*.crazyegg.com; img-src 'self' https: data: blob: https://*.sovos.com https://cdn.bfldr.com https://*.crazyegg.com; media-src 'self' data: blob: https://*.sovos.com; object-src 'self' https://*.sovos.com https://cdn.bfldr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; worker-src 'self' blob:; frame-src 'self' https://*.sovos.com https://*.youtube.com https://*.marketo.com https://fast.wistia.com https://fast.wistia.net https://js.driftt.com https://www.google.com https://www.googletagmanager.com https://documentcloud.adobe.com https://*.flowpaper.com https://e.infogram.com https://td.doubleclick.net https://recruit.hirebridge.com https://maps.google.com https://app.getreprise.com https://cdn.bfldr.com https://*.crazyegg.com; frame-ancestors 'self' https://*.sovos.com; 6
frame-ancestors 'self' https://eu-app.contentstack.com; report-uri /_/reports 6
frame-ancestors 'self'; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub16f8f4157f115b184e143716929b3d8c&dd-evp-origin=content-security-policy&ddsource=csp-report; 6
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; script-src-attr 'none'; upgrade-insecure-requests; 6
frame-ancestors https://*.realitykings.com 6
default-src 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; frame-ancestors 'self' 6
upgrade-insecure-requests; form-action 'self' https://www.impeka.in/submit; frame-ancestors 'self'; object-src 'none'; base-uri 'none' 6
frame-ancestors 'self' temenos.seismic.com 6
worker-src blob:;default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://go.to.peoplefluent.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com https://www.clickcease.com https://td.doubleclick.net;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://go.to.peoplefluent.com https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://www.clickcease.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://www.youtube.com https://*.brilliantlocco.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://microapps.pf-labs.net https://cdn.inspectlet.com https://go.to.peoplefluent.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.brilliantlocco.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://s.clarity.ms https://c.bing.com https://*.clarity.ms https://*.brilliantchap.com https://i.ytimg.com https://googleads.g.doubleclick.net https://*.brilliantlocco.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://go.to.peoplefluent.com https://stats.g.doubleclick.net https://monitor.clickcease.com https://region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://adservice.google.com https://*.google.com https://cdn.linkedin.oribi.io https://s.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.api.sanity.io https://px.ads.linkedin.com https://*.brilliantlocco.com https://googleads.g.doubleclick.net https://www.googletagmanager.com 6
frame-ancestors 'self' https://smarthub.keystoneacademic.com https://sanity.keg.com; 6
default-src https: 'unsafe-inline' 'unsafe-eval' data: 6
default-src 'self' https: blob:;                                                   style-src 'self' 'unsafe-inline' *.ensemblevideo.com *.ntst.com *.marketo.net *.marketo.com *.typekit.net *.bootstrapcdn.com *.googleapis.com *.twitter.com *.twimg.com *.cdn-prod.securiti.ai *.securiti.ai *.app.securiti.ai;                                                    script-src 'self' 'unsafe-inline' fast.wistia.net fast.wistia.com blob: *.marketo.net *.marketo.com *.mktoresp.com *.bugherd.com *.liveperson.net *.lpsnmedia.net *.terminus.services *.jwpcdn.com *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleapis.com  *.adsrvr.org *.twitter.com *.twimg.com *.oktopost.com okt.to *.adroll.com *.adroll.mgr.consensu.org *.sounder.fm *.facebook.net *.ntst.com *.licdn.com dg0hgb42195s9.cloudfront.net *.ramblechat.com *.cdn-prod.securiti.ai *.securiti.ai *.app.securiti.ai *.hj.contentsquare.net;                                                    object-src 'self';                                                   connect-src 'self' px.ads.linkedin.com stats.g.doubleclick.net analytics.google.com *.wistia.com *.litix.io *.terminus.services *.securiti.ai *.ntst.com dg0hgb42195s9.cloudfront.net wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com *.ramblechat.com *.mktoutil.com *.mktoresp.com *.google-analytics.com *.googleapis.com *.gstatic.com wss://*.ramblechat.com data:;                                                    font-src 'self' *.bootstrapcdn.com *.typekit.net *.gstatic.com data:;                                                    img-src * *.jwpltx.com data:;                                                   frame-ancestors 'self' *.ensemblevideo.com *.marketo.com *.marketo.net netsmart.highspot.com; 6
frame-ancestors 'self' https://*.batchgeo.com 6
default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 6
frame-ancestors 'self' app.amplience.net; upgrade-insecure-requests; 6
frame-ancestors https://*.builder.io https://builder.io 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io	 https://solve-widget.forethought.ai https://decagon.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://cdn01.boxcdn.net https://cdn.sprig.com https://assets.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com;connect-src 'self' data: blob: https://img.notionusercontent.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com	 https://makenotion.zendesk.com	 https://api.smooch.io	 wss://api.smooch.io	 https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://api.palette.dev wss://msgstore.www.notion.so https://msgstore.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://prod-files-secure-euc1.s3.eu-central-1.amazonaws.com https://prod-notion-temporary-files-euc1.s3.eu-central-1.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://file.notion.so notion://file.notion.so https://www.notion.com https://calendar.notion.so;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://img.notionusercontent.com https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io https://file.notion.so notion://file.notion.so;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build;frame-ancestors 'self' https://mail.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com https://file.notion.so notion://file.notion.so;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://identity.notion.so 6
default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; 6
upgrade-insecure-requests; base-uri 'self'; 6
default-src 'self';                                              base-uri 'self';                                              connect-src 'self' *.clarity.ms https://consent.cookiebot.com https://q.clarity.ms/collect https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com https://api.herefish.com https://c.6sc.co https://consentcdn.cookiebot.com https://distillery.wistia.com *.applicationinsights.azure.com https://embed-cloudfront.wistia.com https://fast.wistia.com https://ipv6.6sc.co https://js.zi-scripts.com https://l.sharethis.com https://pipedream.wistia.com https://px.ads.linkedin.com https://r.clarity.ms https://stats.g.doubleclick.net https://tracking.g2crowd.com https://ws.zoominfo.com https://www.google-analytics.com https://www.google.com *.crwdcntrl.net https://fg8vvsvnieiv3ej16jby.litix.io;                                              font-src 'self' *.epiqglobal.com *.bluemod.us https://cdnjs.cloudflare.com https://fonts.gstatic.com data: https://fast.wistia.com;                                              frame-src 'self' *.epiqglobal.com https://app.herefish.com https://www.googletagmanager.com https://form.typeform.com https://www.youtube.com https://fast.wistia.net https://player.vimeo.com https://www.g2.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://t.sharethis.com https://www.google.com https://go.epiqglobal.com/ https://www.buzzsprout.com;                                              frame-ancestors 'self' *.epiqglobal.com *.bluemod.us *.bluemod.me;                                              img-src 'self' data: *.bing.com *.clarity.ms *.bluemod.us *.bludmod.me *.epiqglobal.com *.linkedin.com https://f.hubspotusercontent20.net https://insights.hgpresearch.com https://privacy-policy.truste.com https://pic3.zhimg.com https://pages.hyperiongp.com https://besixth.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.net https://storage.pardot.com https://via.placeholder.com *.sharethis.com https://b.6sc.co https://fast.wistia.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com;                                              manifest-src 'self';                                              media-src 'self' blob:;                                              object-src 'none';                                              report-uri https://6658ad1fa52bdea0f50df6d5.endpoint.csper.io/;                                              script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: https://api.herefish.com https://www.epiqglobal.com https://www.clarity.ms https://googleads.g.doubleclick.net https://snap.licdn.com https://embed.typeform.com https://fast.wistia.net https://player.vimeo.com https://www.googletagmanager.com https://platform-api.sharethis.com/panorama.js https://api.herefish.com/scripts/hf.js https://buttons-config.sharethis.com/js/60c0851926c3eb001107c372.js https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fast.wistia.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/766208465/ https://j.6sc.co/6si.min.js https://js.monitor.azure.com/scripts/b/ai.2.min.js https://js.zi-scripts.com/zi-tag.js https://pi.pardot.com/analytics https://platform-api.sharethis.com/js/sharethis.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://t.sharethis.com/1/k/t.dhj https://tracking.g2crowd.com/attribution_tracking/conversions/1006581.js https://ws-assets.zoominfo.com/formcomplete.js https://www.clarity.ms/tag/dv7zchxaog https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com/gtm.js https://js.sentry-cdn.com https://js.hsforms.net/forms/v2.js https://pi.pardot.com/pd.js https://go.epiqglobal.com https://www.buzzsprout.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://browser.sentry-cdn.com;                                              style-src 'report-sample' 'self' 'unsafe-inline' https://app.herefish.com https://embed.typeform.com https://cdnjs.cloudflare.com https://fonts.googleapis.com;                                              worker-src 'none'; 6
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 6
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.intellimizeditor.com https://intellimizeditor.com https://cdn.intellimize.co https://ajax.googleapis.com https://ajax.cloudflare.com https://analytics.twitter.com https://api.intellimize.co https://app-abk.marketo.com https://audience.nrich.ai https://bat.bing.com https://boards.greenhouse.io https://cdn.ampproject.org https://cdn.cookielaw.org https://cdn.onesignal.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://js.chilipiper.com https://maps.googleapis.com https://munchkin.marketo.net https://onesignal.com https://player.vimeo.com https://s.yimg.com https://sc.lfeeder.com https://script.crazyegg.com https://script.hotjar.com https://secure.esignlive.com https://secure.onespan.com https://serve.nrich.ai https://ssl.google-analytics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://static.hotjar.com https://tag.demandbase.com https://tag.nrich.ai https://tpc.googlesyndication.com https://translate.google.com https://tribl.io https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://d41.co https://*.d41.co https://embed.ustudio.com https://asana-user-private-us-east-1.s3.us-east-1.amazonaws.com https://id.rlcdn.com https://scout-cdn.salesloft.com https://tracking.g2crowd.com https://j.6sc.co https://view.ceros.com https://app.leandata.com https://js.driftt.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://optimize.google.com https://www.googleoptimize.com/ https://extend.vimeocdn.com https://code.highcharts.com https://cdn.bizible.com https://www.vimeo.com https://vimeo.com https://cdn.jsdelivr.net https://rc-sc.js.driftt.com https://site-concierge.driftt.com blob:; style-src 'self' 'report-sample' 'unsafe-inline' https://app-abk.marketo.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://js.chilipiper.com/ https://onesignal.com https://secure.onespan.com https://tag.demandbase.com https://translate.googleapis.com https://tribl.io https://use.fontawesome.com https://cdn.jsdelivr.net https://optimize.google.com https://www.googletagmanager.com https://www.gstatic.com; form-action 'self'; base-uri 'self'; object-src 'none'; connect-src 'self' https://*.clarity.ms https://*.company-target.com https://*.nr-data.net https://308-zmt-742.mktoresp.com https://308-zmt-742.mktoutil.com https://adservice.google.com https://analytics.google.com https://api.chilipiper.com https://api.intellimize.co https://audience.nrich.ai https://bat.bing.com https://cdn.cookielaw.org https://in.hotjar.com https://log.intellimize.co https://maps.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://s.yimg.com https://secure.onespan.com https://serve.nrich.ai https://stats.g.doubleclick.net https://tag.nrich.ai https://tracking.chilipiper.com https://translate.googleapis.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://cdn.linkedin.oribi.io https://www.facebook.com https://www.google-analytics.com https://app.leandata.com https://js.zi-scripts.com https://ws.zoominfo.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.by https://www.google.bs https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.cz https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.cg https://www.google.com.co https://www.google.com.cy https://www.google.com.cu https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kh https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.li https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.nl https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.com https://www.google.cu https://www.google.de https://www.google.dk https://www.google.dl https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fl https://www.google.fr https://www.google.ge https://www.google.gm https://www.google.gr https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.lk https://www.google.li https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rw https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.vu https://www.google.zm https://www.googletagmanager.com https://cs.lf-discover.com https://*.d41.co https://d41.co https://se-services.intellimize.co https://*.salesloft.com https://*.6sc.co https://www.google.co.ls https://www.google.bi https://www.google.com.af https://www.google.tt https://www.google.ws https://www.google.st https://www.google.gg https://www.google.im https://secure.adnxs.com/ https://js.driftt.com https://www.googletagmanager.com https://content.hotjar.io https://metrics.hotjar.io https://epsilon.6sense.com https://px.ads.linkedin.com https://*.6sense.com https://rc-sc.js.driftt.com https://site-concierge.driftt.com https://tracking.g2crowd.com https://tracking-api.production.g2.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src https://*.esignlive.com/ https://*.onespan.com https://api.intellimize.co https://app.intellimize.co https://*.intellimizeio.com https://onespan.chilipiper.com https://apps.chilipiper.com https://app-abk.marketo.com https://bid.g.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://sandbox.esignlive.com https://secure.onespan.com https://test.api.intellimize.co https://tpc.googlesyndication.com https://tribl.io https://vars.hotjar.com https://vimeo.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.youtube.com https://youtube.com https://*.prod.acquia-sites.com https://embed.ustudio.com/ https://view.ceros.com/ https://app.leandata.com https://js.driftt.com https://optimize.google.com https://webikeo.fr/ https://td.doubleclick.net/ http://stg.onespan.com/ http://www.onespan.com/ https://rc-sc.driftt.com https://rc-sc.js.driftt.com https://site-concierge.driftt.com; img-src 'self' data: blob: *; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://ea04e958cc13a15d0bbc4cbc506ff315.report-uri.com/r/d/csp/enforce; 6
default-src 'self'; style-src 'self' 'unsafe-inline'; 6
frame-ancestors "none" 6
frame-ancestors 'self' *.azdev.direct *.adobe.com direct.lvh.me:8080 6
default-src https://faelix.net; img-src https://faelix.net https://faelix.net/static/ https://analytics.faelix.link https://platform.twitter.com https://syndication.twitter.com; script-src https://faelix.net/static/javascripts/ https://faelix.net/elasticlunr.min.js https://faelix.net/search_index.en.js https://analytics.faelix.link https://platform.twitter.com/widgets.js https://unpkg.com/website-carbon-badges@1.1.3/b.min.js 'unsafe-eval' 'unsafe-inline'; connect-src https://fulcrm.email/webform/1/5/faelix.net/website-enquiry/contact/person.name/person.email/email/8r7lurl0u31535mccf86l0r341l650f3 https://api.websitecarbon.com/b https://analytics.faelix.link; frame-src https://platform.twitter.com https://grafana.faelix.net https://youtu.be https://www.youtube.com; font-src https://faelix.net; style-src 'unsafe-inline' https://faelix.net/static/css/ https://faelix.net/static/main.css https://faelix.net/static/webfonts.css https://faelix.net/static/stylesheets/ https://faelix.net/static/iconoir/ 6
frame-ancestors 'self' my.samsonite.test.frucon.net my.samsonite.staging.frucon.net my.samsonite.com *.narvar.com narvar.com *.integrations-narvar.com dobit.com *.dobit.com samsonite-dxp.dobit.com http://localhost:88; base-uri 'self'; 6
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.typekit.net *.audioeye.com cdn.shopify.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com *.gstatic.com *.jst.ai ajax.googleapis.com *.affirm.com *.launchdarkly.com connect.facebook.net *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com *.demdex.net www.googletagmanager.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.vimeo.com *.hotjar.com *.doubleclick.net *.jst.ai *.paymetric.com *.affirm.com *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws *.zdassets.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net validator.swagger.io *.cdninstagram.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com via.placeholder.com *.klaviyo.com *.google.com *.google.ca *.facebook.com *.fls.doubleclick.net googleapis.com *.affirm.com *.jst.ai cdn.cookielaw.org *.audioeye.com *.imgur.com blob: *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com https://imgs.signifyd.com https://*.online-metrix.net s7d9.scene7.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com *.instagram.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.airbud.io demo.airbud.io ajax.googleapis.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com *.jst.ai *.kmail-lists.com *.affirm.com *.launchdarkly.com *.audioeye.com *.imgur.com cdn.cookielaw.org *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com api.smooch.io wss://api.smooch.io https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net *.affirm.com *.launchdarkly.com connect.facebook.net *.jst.ai *.audioeye.com web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.imgur.com blob: web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com *.youtube.com *.affirm.com *.launchdarkly.com *.jst.ai *.audioeye.com *.imgur.com hyropublic.blob.core.windows.net *.cookielaw.org *.onetrust.com *.clarity.ms *.bing.com web.hyro.ws wss://web.hyro.ws wss://widget-mediator.zopim.com *.zdassets.com *.adobedtm.com api.smooch.io wss://api.smooch.io wheelpros.tt.omtrdc.net https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
report-to csp-reports; 6
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://i.checkmybus.com https://dev1assets.checkmybus.com https://assets.checkmybus.com https://testassets.checkmybus.com https://cdn.priv.center https://prod-origin.truendo.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.bstatic.com https://*.services.visualstudio.com https://script.crazyegg.com https://*.msecnd.net https://cdn.jsdelivr.net https://*.doubleclick.net https://securepubads.g.doubleclick.net https://adservice.google.de https://script.crazyegg.com https://tpc.googlesyndication.com https://*.google.com https://*.googleusercontent.com https://*.gstatic.com https://www.googleadservices.com https://cdn.ampproject.org https://*.facebook.net https://*.facebook.com https://*.fontawesome.com https://monitor.azure.com https://*.monitor.azure.com https://e-js.zonka.co https://www.clarity.ms https://unpkg.com https://bat.bing.com https://www.atmrum.net https://cdn.debugbear.com https://ep2.adtrafficquality.google securepubads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://i.checkmybus.com https://dev1assets.checkmybus.com https://assets.checkmybus.com https://testassets.checkmybus.com https://fonts.googleapis.com https://*.fontawesome.com https://accounts.google.com https://*.googletagmanager.com; frame-src 'self' https://*.googletagmanager.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.booking.com https://*.bstatic.com https://cdnjs.cloudflare.com https://*.gstatic.com https://*.google.com https://*.youtube.com/ https://*.facebook.com https://*.msecnd.net https://*.services.visualstudio.com https://e.zonka.co https://ep2.adtrafficquality.google; worker-src 'self' blob: 'unsafe-eval' 'unsafe-inline' www.checkmybus.com; form-action 'self' www.checkmybus.com.ar www.checkmybus.com.br https://blog.checkmybus.com.br www.checkmybus.cz www.checkmybus.cl www.checkmybus.co www.checkmybus.de https://blog.checkmybus.de www.checkmybus.co.uk https://blog.checkmybus.co.uk www.checkmybus.com https://blog.checkmybus.com www.checkmybus.es https://blog.checkmybus.es www.checkmybus.fr https://blog.checkmybus.fr www.checkmybus.hr www.checkmybus.it https://blog.checkmybus.it www.checkmybus.my www.checkmybus.com.mx www.checkmybus.nl www.checkmybus.at www.checkmybus.pe www.checkmybus.pl https://blog.checkmybus.pl www.checkmybus.pt www.checkmybus.ch www.checkmybus.com.tr partner-bahn.de reiseauskunft.bahn.de; base-uri 'self' i.checkmybus.com 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; 6
frame-ancestors https: 6
referrer no-referrer 6
style-src 'self' 'unsafe-inline' 6
default-src     'self'; frame-ancestors 'self'; style-src       'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; script-src      'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; style-src-elem  'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; font-src        'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com data:; connect-src     'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; frame-src       'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; form-action     'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; img-src         'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com data:; upgrade-insecure-requests 6
frame-ancestors 'self' weleda.sabio.de 6
default-src https: wss://*.hotjar.com wss://wc.dcbprotect.com:8080 'unsafe-inline' 6
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 6
frame-ancestors 'self' *.arcgis.com *.esri.com learn.esri.ca 6
object-src 'none'; frame-ancestors 'none' 6
default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src * 6
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 6
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 6
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; 6
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 6
upgrade-insecure-requests; default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 6
frame-ancestors 'self' https://app.storyblok.com/ 6
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 6
frame-ancestors 'self' *.get-paid.com *.flokigames.com *.localhost freebitcoin.io http://localhost:3000 6
default-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:; 6
default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval' 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.wpsandwatch.com *.kasandwatch.net *.collect.igodigital.com *.adyen.com apps.bazaarvoice.com whirlpool-cdn.thron.com digitalassets-cdn.thron.com *.algolianet.com *.algolia.net *.ctfassets.net *.vtexassets.com https://vimeo.com *.vimeo.com *.vimeocdn.com *.sentry.io *.newrelic.com *.nr-data.net *.bazaarvoice.com *.onetrust.com *.cookielaw.org *.doubleclick.net *.youtube.com *.ytimg.com https://flagcdn.com s3-eu-west-1.amazonaws.com *.execute-api.eu-west-1.amazonaws.com *.facebook.com *.facebook.net *.pinimg.com *.pinterest.com *.paypal.com *.kitchenaid.ie *.airpr.com *.hotjar.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.hotjar.io *.dwin1.com *.awin1.com *.zenaps.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.upsellit.com https://the.sciencebehindecommerce.com https://*.qualtrics.com https://cdnjs.cloudflare.com https://api.sandbox.getalma.eu/v2/payments/eligibility https://api.getalma.eu/v2/payments/eligibility https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.min.css https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.umd.js https://osm.klarnaservices.com/lib.js https://x.klarnacdn.net/ui/fonts/v1.3/fonts.css *.contentsquare.net *.contentsquare.com *.criteo.com https://t.contentsquare.net app.contentsquare.com https://wepowerconnections.com https://lantern.roeyecdn.com https://lantern.roeye.com s2.go-mpulse.net c.go-mpulse.net cdn.fonts.net *.akstat.io *.akamaihd.net; img-src * data: ; media-src *; frame-src *; frame-ancestors 'self' 6
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: wss: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; report-uri https://912c98659423667ae9a3372f78cdda6d.report-uri.com/r/d/csp/enforce 6
default-src 'self'; font-src *;img-src * data:; script-src *; style-src *; 6
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; 6
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net *.twistoo.co; connect-src 'self' *.googletagmanager.com *.igodigital.com *.maxcdn.com *.polyfill.io *.facebook.net *.facebook.com *.searchnode.io *.omnisrc.com *.bitrec.io *.google.com *.google.ee *.google.fi *.google.lv *.google.lt *.google-analytics.com *.doubleclick.net *.soundestlink.com *.nr-data.net *.esto.ee *.hotjar.io *.cookieinformation.com *.searchnode.net *.bing.com *.googleapis.com *.googleadservices.com *.issuu.com *.cookiebot.com stape.io capig.stape.host analytics.tiktok.com *.twistoo.co t.cometlytrack.com; font-src 'self' *.gstatic.com data: *.123formbuilder.com *.issuu.com *.bootstrapcdn.com *.twistoo.co; frame-src 'self' *.123formbuilder.com *.facebook.com *.cookieinformation.com *.youtube.com *.youtube-nocookie.com *.issuu.com *.videoly.net *.cookiebot.com *.doubleclick.net *.flippingbook.com publuu.com; img-src 'self' data: kotrynagroup.lt *.kotrynagroup.lt *.babycity.lt *.babycity.lv *.babycity.ee *.kidzone.lt *.kidzone.lv *.kidzone.ee *.kidzone.fi *.toycity.lt *.toycity.lv *.zaisluplaneta.lt *.jukukeskus.ee *.toysplanet.lv *.igodigital.com *.bing.com *.facebook.com *.google-analytics.com *.google.com *.google.lt *.google.lv *.google.ee *.google.fi *.ytimg.com *.videoly.co *.adnxs.com *.reddit.com *.googleapis.com *.gstatic.com *.youtube.com *.ckeditor.com *.doubleclick.net *.kotrynagroup.com *.googleadservices.com *.googletagmanager.com *.issuu.com *.wistia.com *.wistia.net *.cookiebot.com analytics.tiktok.com *.twistoo.co; media-src *.twistoo.co data:; script-src 'self' 'unsafe-hashes' 'unsafe-eval' 'unsafe-inline' *.nr-data.net *.google.com *.google.lt *.google.lv *.google.fi *.google.ee *.igodigital.com polyfill.io *.bitrec.com *.googletagmanager.com *.facebook.net *.searchnode.io *.google-analytics.com *.doubleclick.net *.hotjar.com *.bing.com *.youtube.com omnisrc.com *.sentry-cdn.com *.soundestlink.com omnisnippet1.com *.doubleclick.net *.newrelic.com *.videoly.co *.123formbuilder.com *.esto.ee *.redditstatic.com *.cookieinformation.com *.adnxs.com *.googleapis.com *.ckeditor.com *.jsdelivr.net *.googleadservices.com *.issuu.com *.youtube-nocookie.com *.ytimg.com *.videoly.net *.cookiebot.com stape.io capig.stape.host analytics.tiktok.com *.publuu.com cdnjs.cloudflare.com *.twistoo.co t.cometlytrack.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.123formbuilder.com *.ckeditor.com *.jsdelivr.net *.issuu.com *.bootstrapcdn.com cdnjs.cloudflare.com *.twistoo.co 6
frame-ancestors 'self' app.optimizely.com unileverde.inone.useinsider.com *.adobe.com *.adobemc.com  https://api.useinsider.com/;script-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;style-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;img-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;font-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;connect-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;frame-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com; 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: intent: fb-messenger:; frame-ancestors self; 6
frame-src https: 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 6
frame-ancestors 'self';  report-uri /log/csp-violation 6
frame-ancestors 'self'; report-uri /_/commcsp?disposition=enforce; 6
frame-src 'self' https://www.googletagmanager.com https://*.youtube.com https://*.google.com https://www.facebook.com https://*.gov.bd https://*.*.gov.bd; 6
frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 6
frame-ancestors 'self' imdb.com *.imdb.com *.media-imdb.com withoutabox.com *.withoutabox.com amazon.com *.amazon.com amazon.co.uk *.amazon.co.uk amazon.de *.amazon.de translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com 5
frame-ancestors 'self' app.storyblok.com; 5
frame-ancestors nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com; form-action 'self' *.nypdev.com nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com 5
default-src 'self' *.techcrunch.com; frame-src 'self' https: consent.yahoo.com guce.techcrunch.com; style-src 'self' s0.wp.com *.typekit.net *.techcrunch.com 'unsafe-inline' *.tiktok.com *.ttwstatic.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokv.com *.tiktokcdn.com *.musical.ly *.muscdn.com tiktokcdn.com.c.worldfcdn.com; img-src 'self' * data: https: ganon.yahoo.com geo.yahoo.com; connect-src 'self' https: consent.yahoo.com ganon.yahoo.com geo.yahoo.com guce.techcrunch.com api.privacy-center.org/v1/events api.privacy-center.org/v1/metrics api.privacy-center.org/v1/sync api.privacy-center.org/v1/locations sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/; object-src 'none'; script-src 'self' 'unsafe-eval' wnsrvbjmeprtfrnfx.ay.delivery *.polarcdn.com *.mrf.io *.facebook.net *.twitter.com *.x.com *.instagram.com *.licdn.com *.reddit.com js.hsadspixel.net stats.wp.com *.gstatic.com *.cxense.com *.marker.io www.npttech.com *.tinypass.com *.yahoosandbox.com s0.wp.com *.google.com *.yimg.com *.yahoo.com *.yahoo.net consent.cmp.oath.com *.typekit.net *.techcrunch.com *.g.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googletagmanager.com *.hsforms.net *.hscollectedforms.net *.hubspot.com static.criteo.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net 'unsafe-inline' *.tiktok.com *.ttwstatic.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokv.com *.tiktokcdn.com *.musical.ly *.muscdn.com tiktokcdn.com.c.worldfcdn.com; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; media-src 'self' *.youtube.com; font-src 'self' *.typekit.net data: s0.wp.com; 5
frame-ancestors 'self' *.nike.com *.nikecloud.com *.nikedev.com 5
frame-ancestors 'self' https://*.otto.de https://*.ottogroup.com https://og2gether.sharepoint.com https://otto.mpp360.cloud; 5
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com www.mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net www.knotch-cdn.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com; 5
frame-ancestors 'self' https://*.rapid7.com 5
frame-ancestors 'self' https://support.ancestry.com 5
frame-ancestors https://app.mutinyhq.com 5
default-src *.asus.com *.asus.com.cn *.freshworksapi.com http://127.0.0.1:24830 http://127.0.0.1:24831 http://127.0.0.1:24832 https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:;style-src * 'unsafe-inline';object-src *; script-src *.asus.com *.asus.com.cn https: 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors 'self' *.asus.com; 5
frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com; 5
default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: com.mmm.postit.miro: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 5
form-action https: 5
frame-ancestors 'self' appsec.aarp.org  secure.aarp.org  cms.aarp.org arenax-testing2-games.aarp.org aarp.staging.jibeapply.com aarp.devserver.cloud navigator.aarp.org events.xg4ken.com ayuda-sp.aarp.org ayuda-s.aarp.org ayuda.aarp.org app.devserver.cloud nutrition.aarp.org aarp.jibeapply.com arenax-testing3-games.aarp.org aarp.theworkademy.com stage.jobskills.aarp.org jobskills.aarp.org feeds.aarp.org memberoffers.aarp.org aarp.org cdn.aarp.net appsec.aarp.org secure-pi.aarp.org test.elearn.aarp.org dev.livablemap.aarp.byf1.dev livablemap.aarp.org nextgen.jobs.aarp.org jobs.aarp.org arenax-testing-games.aarp.org games.aarp.org futureofhousing.aarp.org  aarpfutureodev.wpengine.com aarpfohstage.wpengine.com help-s.aarp.org test.elearn.aarp.org elearn.aarp.org local.aarp.org staging.local.aarp.org longtermscorecard.org careers.aarp.org www.aarp.org yqa.livetech.dev yqa.test caretotalk.aarp.org policybook.aarp.org  policybookdb8jfimehk.devcloud.acquia-sites.com livindexhub.aarp.org livabilityindex.aarp.org livablemap.aarp.org press.aarp.org stage.mediaroom.com policybookwmcd4qm5qv.devcloud.acquia-sites.com dev.livindex-21.aarp.byf1.dev stage.livindex-21.aarp.byf1.dev veterans.aarp.org learn.aarp.org help.aarp.org community.aarp.org services.share.aarp.org secure.aarp.org virtualevents.aarp.org cdn.kitewheel.com aarp.brand.live aarpsandbox.brand.live test.virtualevents.aarp.org elearn.aarp.org blog.aarp.org taxappointment.aarp.org banksafetraining.aarp.org virtualevents.aarp.org; 5
frame-ancestors 'self' https://*.brightsites.co.uk; 5
frame-ancestors 'self' *.adobe.com *.assets.adobedtm.com 5
frame-ancestors 'self' *.windy.com:* 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.citi.com *.google.com *.qualtrics.com bat.bing.com ct.pinterest.com www.youtube.com cdn.plaid.com code.jquery.com pwm-image.trendmicro.com *.google-analytics.com js.adsrvr.org s.pinimg.com ui.powerreviews.com *.liveperson.com nexus.ensighten.com cdn.boomtrain.com lptag.liveperson.net s.yimg.com gc.kis.v2.scr.kaspersky-labs.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com live.rezync.com mpsnare.iesnare.com negbar.ad-blocker.org video.limelight.com cdn.gbqofs.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net get663.com c1.rfihub.net www.adobetag.com c.tvpixel.com www.googleadservices.com tpc.googlesyndication.com bcdn-god.we-stats.com a.rfihub.com services-dev.sdiapi.com *.online-metrix.net blob: p11.techlab-cdn.com; object-src 'none'; frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 5
frame-ancestors 'self' piwik.mpg.de statistics.mpg.de statistik.mpg.de; 5
frame-ancestors 'self' https://dashboard.weglot.com https://*.translations.weglot.io; base-uri 'self'; upgrade-insecure-requests; 5
frame-ancestors https://events.searchengineland.com https://searchengineland.com 5
default-src 'self' blob:; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' data: app-ab56.marketo.com cdn.jsdelivr.net d2c7xlmseob604.cloudfront.net  js.hs-scripts.com munchkin.marketo.net translate.google.com/translate_a/element.js web.bentley.com *.ads.linkedin.com *.ads-twitter.com *.amazonaws.com *.bentley.com *.bing.com *.brightcove.net *.byspotify.com www.clarity.ms *.cloudflare.com *.cloudfront.net *.company-target.com *.demandbase.com *.doubleclick.net *.facebook.net *.feedbackify.com *.flockler.com *.getsmartling.com *.google-analytics.com *.google.com googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com *.gstatic.cn *.gstatic.com *.hsforms.net *.jotform.com *.marketo.com *.marketo.net *.mouseflow.com *.onetrust.com *.pagespeed-mod.com *.pingdom.net pixel.byspotify.com qvdt3feo.com *.recaptcha.net *.redditstatic.com static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js  *.salesloft.com *.surveysparrow.com tags.srv.stackadapt.com *.tourial.com *.twitter.com *.userway.org *.zencdn.net 1.safecdn01.com accessibilityserver.org api.hubspot.com bat.bing.com/bat.js beacon-v2.helpscout.net/ bentleypocstg.wpengine.com blibok.com c.itaozi.cn cdn.cookielaw.org cdn.mathjax.org cdn.mouseflow.com click.easypower.com  client.prod.mplat-ppcprotect.com connect.facebook.net conoret.com cookie-cdn.cookiepro.com d2c7xlmseob604.cloudfront.net fast.wistia.com form.jotform.com/static/feedback.js forms.hubspot.com gateway.on24.com images.uc.cn js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectforms.net js.hsforms.net js.hsleadflows.net js.hubspot.com js.usemessages.com mstat.acestream.net munchkin.marketo.net ob.segreencolumn.com pixel.byspotify.com players.brightcove.net  relatedgamesnet-a.akamaihd.net scout-cdn.salesloft.com search.imtt.qq.com  service.excentos.com snap.licdn.com snap.licdn.com/li.lms-analytics/insight.min.js static.ads-twitter.com tag.demandbase.com tags.srv.stackadapt.com ucads-cdn.ucweb.com unpkg.com unpkg.zhimg.com vjs.zencdn.net w8o39.m70vee7.com *.youtube.com *.visualwebsiteoptimizer.com app.vwo.com;style-src 'self' 'report-sample' 'unsafe-inline' data: app-ab56.marketo.com *.bentley.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.easypower.com service.excentos.com s3.amazonaws.com tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com *.userway.org web.bentley.com; object-src 'self' *.brightcove.net; connect-src 'self' data: localhost: ad.doubleclick.net gjtrack.ucweb.com https: *.doubleclick.net *.hubspot.com adservice.google.com bcbolt446c5271-a.akamaihd.net bcsecure01-a.akamaihd.net forms.hubspot.com manifest.prod.boltdns.net stats.g.doubleclick.net wss://www.bentley.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: themes.googleusercontent.com https:; frame-ancestors 'self' *.bentley.com *.docebosaas.com/ bentleysystems.gcs-web.com/ bentleysystems-preview.gcs-web.com/; frame-src 7668309.hs-sites.com/ app-ab56.marketo.com www.facebook.com *.bentley.com *.brightcove.net *.core.windows.net *.doubleclick.net *.facebook.com *.flickr.com *.getsmartling.com *.google.com *.googletagmanager.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hubspot.com *.jotform.com *.menlosecurity.com *.on24.com *.onetrust.com *.podbean.com *.recaptcha.net *.surveysparrow.com *.tourial.com *.twitter.com *.userway.org *.wpengine.com *.youtube.com *.zscalerthree.net 7rx80283.ibosscloud.com block.opendns.com blocked.freedom.to bpb.opendns.com cdn.cookielaw.org click.easypower.com div.show gateway.zscaler.net gateway.zscalertwo.net gateway.zscloud.net leap13.github.io login.zscloud.net mozbar.moz.com *.statuspage.io remove.video s.company-target.com skytraf.xyz www.ciuvo.com zswpmanager.wip.mmc.com wp-rocket.me/ app.vwo.com *.visualwebsiteoptimizer.com; img-src 'self' blob: data: www.bentley.com https: t.co *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; manifest-src 'self' www.bentley.com; media-src 'self' blob: data: https:; report-uri 6449169ef1e3671a29137d52.endpoint.csper.io?v=7; worker-src 'self' blob:; 5
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self'; 5
default-src 'self' *.alamy.com *.alamyimages.de *.alamyimages.it *.alamyimages.fr; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.alamy.com *.alamyimages.fr *.notifpush.com *.notifpush.com *.gjigle.com *.gddglis.com *.notifadz.com notifpush.com notifpush.com gjigle.com gddglis.com notifadz.com *.live.net *.link5view.com *.termly.io *.usersnap.com usersnap.com *.leadinfo.com alamy.my.site.com *.ads.google.com ads.google.com *.surveymonkey.com *.formisimo.com *.facebook.net *.impactradius-event.com *.cookieyes.com *.cdn-cookieyes.com *.leadinfo.net *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.depositphotos.com *.amazonaws.com *.addthis.com *.jquery.com *.cardinalcommerce.com *.postcodeanywhere.co.uk *.salesforce.com *.commercetools.com *.cybersource.com *.salesforceliveagent.com *.googleapis.com *.newrelic.com *.trackedlink.net *.force.com *.licdn.com *.trackedweb.net *.stackadapt.com *.abtasty.com *.clarity.ms *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com; style-src * 'unsafe-inline' data:; img-src * data:; font-src * data:; frame-ancestors 'self' *.alamy.com; frame-src * data:; connect-src *; object-src 'none'; base-uri 'self'; manifest-src 'self' *.alamy.com; media-src 'self' *.alamy.com *.amazonaws.com *.depositphotos.com; worker-src 'self' *.alamyimages.fr notifpush.com gjigle.com gddglis.com notifadz.com *.notifpush.com *.gjigle.com *.gddglis.com *.notifadz.com; 5
default-src 'self' *.vidyard.com *.onetrust.com *.visualwebsiteoptimizer.com *.vwo.com;                     frame-ancestors 'self';                     form-action *;                     object-src 'none';                     base-uri 'none';                     style-src * 'unsafe-inline';                     script-src * 'unsafe-inline' 'unsafe-eval';                     img-src * 'unsafe-inline' 'unsafe-eval' data: blob:;                     connect-src *;                     worker-src * blob:;                     frame-src *;                     font-src * data:;                     media-src *; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net *;  img-src 'self' data: *;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *;  font-src 'self' 'unsafe-inline' https://fonts.gstatic.com *;  upgrade-insecure-requests;  block-all-mixed-content; 5
frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com *.austrian.com; script-src *.slgnt.eu *.exactag.com *.quantummetric.com *.monetate.net *.doubleclick.net *.googleadservices.com *.tiqcdn.com *.tealiumiq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.usabilla.com *.artefact.com *.skyscanner.net *.skyscanner.net *.facebook.com *.facebook.net *.kayak.com *.amadeus.com *.lufthansa-group.com *.austrian.com *.lufthansa.com *.swiss.com *.brusselsairlines.com *.go-mpulse.net *.techlab-cdn.com *.instagram.com *.akamaihd.net *.akstat.io *.cloudfront.net *.cognigy.cloud *.googleapis.com *.gstatic.com *.sheerid.com *.meili.travel bat.bing.com *.dwin1.com lhopa01.custhelp.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; worker-src blob: *.lufthansa.com; 5
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: wss: *.2o7.net *.ac-systems.com *.adobe.com *.adobe.io *.adobedtm.com *.adoberesources.net *.adsymptotic.com *.akamaihd.net *.amazonaws.com *.amelia.com *.arcgis.com *.atdmt.com *.base.be *.bbvms.com *.bluebillywig.com *.bluecoat.com *.clarity.ms *.cloudfront.net *.companymatch.me *.contentsquare.com *.contentsquare.net *.cookielaw.org *.customersaas.com *.day.com *.demdex.net *.doubleclick.net *.driftqa.com *.driftt.com *.everesttech.net *.facebook.com *.facebook.net *.fontawesome.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io *.licdn.com *.linkedin.com *.litix.io *.loadinggif.com *.luckycycle.com *.marketo.net *.mktoresp.com *.mktoutil.com *.mobistar.be *.nettjar.com *.omtrdc.net *.onetrust.com *.oribi.io *.pegacloud.net *.pingvp.com *.pinimg.com *.pinterest.com *.premiumplus.io *.qelpcare.com *.salesforce.com *.salesforceliveagent.com *.sfdcstatic.com *.snapchat.com *.speedtestcustom.com *.telenet-ops.be *.telenet.be *.telenet.be:* *.telenet.be.seg.js *.telenetcampagnes.be *.typekit.net *.typography.com *.unpkg.com *.upc.ch *.usabilla.com *.vimeo.com *.webgains.com *.webgains.io *.wista.com *.wistia.com *.wistia.net *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com *.zentr.cc *.zentrick.com *.zopim.com *.zopim.io *.binkies3d.com https://app.insites.com https://app.prospect.silktide.com https://cookies-data.onetrust.io https://eu.cobrowse.pega.com https://euassets.cobrowse.pega.com https://eur01.safelinks.protection.outlook.com https://euuat.cobrowse.pega.com https://euuatassets.cobrowse.pega.com https://html5-player.libsyn.com https://playlist.megaphone.fm https://sandbox-telenet.24sessions.com https://telenet.24sessions.com https://widget.euw1.chat.pega.digital sc-static.net https://binkiesproductionweu.servicebus.windows.net https://binkiescontentnode.blob.core.windows.net https://binkiesteaserstorage.blob.core.windows.net https://online.publuu.com *.bing.com bytedance.com sslocal.com analytics.tiktok.com;img-src 'self' blob: data: *.telenet.be *.telenet.be:* https: http://loadinggif.com *.doubleclick.net *.loadinggif.com https://binkiescontentnode.blob.core.windows.net https://binkiesdevnode.blob.core.windows.net *.tiktok.com;report-uri https://api.prd.telenet.be/csp-violation-report; 5
frame-ancestors 'self' https://splytech.io https://*.splytech.io 5
default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com surfnl.containers.piwik.pro pretalx.surf.nl 'unsafe-inline' 'unsafe-eval' https://app.vwo.com https://d5phz18u4wuww.cloudfront.net/vis_opt.js https://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com surfnl.containers.piwik.pro  surfnl.piwik.pro https://app.vwo.com https://dev.visualwebsiteoptimizer.com; img-src http: https: surfnl.containers.piwik.pro surfnl.piwik.pro data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com https://surf.apnd.me/OWD23/program https://surf.apnd.me/ACUD23/program https://app.vwo.com; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com https://app.vwo.com; font-src 'self' fonts.gstatic.com surfnl.containers.piwik.pro surfnl.piwik.pro data:; connect-src 'self' surfnl.piwik.pro webstats.surf.nl surfnl.containers.piwik.pro  surfnl.piwik.pro pretalx.surf.nl https://app.vwo.com https://dev.visualwebsiteoptimizer.com; report-uri /report-csp-violation; upgrade-insecure-requests 5
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data:; form-action 'self' *; frame-src 'self' *; 5
frame-ancestors *.motor1.com 5
default-src 'self' https: blob:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://build.cloudbees.com;font-src 'self' https: data:;img-src 'self' https: data:;frame-ancestors 'self' https://*.contentful.com;object-src 'none';upgrade-insecure-requests 5
frame-ancestors 'self' https://*.athenahealth.com/ https://*.athenahealth.com:*/ https://*.athenanet.athenahealth.com/ https://*.athenanet.athenahealth.com:*/ https://*.nimbus.athena.io/ 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com  cdn.cookielaw.org t.contentsquare.net track.gaconnector.com tracker.gaconnector.com app.contentsquare.com ma.zoho.eu maillist-manage.eu pagesense-proxy.eu js.stripe.com scout-cdn.salesloft.com secure.seat6worn.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net player.vimeo.com chat.puzzel.com *.google.com t.gatorleads.co.uk www.gstatic.com snap.licdn.com js.driftt.com js.driftqa.com www.googletagmanager.com static.hotjar.com script.hotjar.com www.google-analytics.com www.googleadservices.com connect.facebook.net pi.pardot.com; default-src 'self' 'unsafe-inline' ma.zoho.eu maillist-manage.eu idx.liadm.com cdn.linkedin.oribi.io ws://127.0.0.1:35729 *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com bat.bing.com scout.salesloft.com js.driftqa.com js.driftt.com chat.puzzel.com www.google-analytics.com script.hotjar.com stats.g.doubleclick.net in.hotjar.com; frame-src 'self' *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com td.doubleclick.net js.stripe.com https://player.vimeo.com https://youtu.be https://www.youtube.com/ *.google.com www.googletagmanager.com js.driftt.com vars.hotjar.com www.facebook.com; style-src-elem 'self' 'unsafe-inline' blob: *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com fonts.googleapis.com; img-src 'self' blob: data: do.oncdn.uk cdn.cookielaw.org *.contentsquare.net i.vimeocdn.com *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com scout.eu1.salesloft.com bat.bing.com chat.puzzel.com *.linkedin.com p.adsymptotic.com popup.communigator.co.uk www.facebook.com www.google-analytics.com www.google.com www.google.co.uk googleads.g.doubleclick.net script.hotjar.com; font-src data: 'self' *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com script.hotjar.com fonts.gstatic.com; child-src blob:; worker-src blob:; connect-src thghosting.local *.thghosting.local gb1-li-thghostinguat-001.io.thehut.local *.gb1-li-thghostinguat-001.io.thehut.local gb4-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local hosting.ing-dev.co.uk *.hosting.ing-dev.co.uk thghosting.com *.thghosting.com ingenuitycloudservices.com *.ingenuitycloudservices.com cdn.cookielaw.org track.gaconnector.com www.google.com *.contentsquare.net ma.zoho.eu cdn.linkedin.oribi.io idx.liadm.com *.google-analytics.com ma.zoho.eu maillist-manage.eu scout.salesloft.com js.stripe.com px.ads.linkedin.com idx.liadm.com; 5
frame-ancestors 'self' https://frida.main.messefrankfurt.com/ 5
default-src 'self' https://feed.pghub.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://snippet.maze.co https://feed.pghub.io https://z.moatads.com/ https://s.swiftypecdn.com/ https://connect.facebook.net/ https://js.adsrvr.org/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.googleadservices.com/ https://maps.googleapis.com https://unpkg.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://script.crazyegg.com https://api.ipify.org https://code.jquery.com/ https://c.lytics.io/ https://cdn.segment.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://pghub.io/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' https://feed.pghub.io https://cdn.cookielaw.org/ https://c.lytics.io/ https://cdnjs.cloudflare.com https://unpkg.com; object-src https://images.ctfassets.net/; base-uri 'self'; connect-src 'self' https://feeds.businesswire.com https://csapi-nonprod.pg.com https://csapi.pg.com https://downloads.ctfassets.net https://cdn.segment.com https://privacytermsprod.azureedge.net https://assets.ctfassets.net/ https://cdn.contentful.com https://mw-ar-recom-prod.pgapi.io/ https://staging-api.fr.pg.com/ https://gpdb-staging.name-coach.com/api/public/v1/pronunciations/phonetics https://gpdb.name-coach.com/api/public/v1/pronunciations/phonetics https://prompts.maze.co https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://api.fr.pg.com https://pg-poc-regulatory-app-test.azurewebsites.net https://s.swiftypecdn.com https://maps.googleapis.com https://script.crazyegg.com https://consent-api.onetrust.com https://api.segment.io/ https://match.adsrvr.org/ https://lj18wdvpyu-3.algolianet.com/ https://lj18wdvpyu-2.algolianet.com/ https://lj18wdvpyu-1.algolianet.com/ https://lj18wdvpyu-dsn.algolia.net/ https://www.google-analytics.com/ https://region1.google-analytics.com https://cdn.cookielaw.org *.doubleclick.net https://stats.g.doubleclick.net; font-src 'self' https://feed.pghub.io; frame-src 'self' https://pgn2020news.q4web.com https://images.ctfassets.net/ https://www.youtube-nocookie.com/ https://feed.pghub.io https://www.facebook.com/ https://d.agkn.com/ https://www.youtube.com https://pandg.tapad.com https://www.google.com/ https://www.googletagmanager.com/; img-src 'self' blob: data: https://mms.businesswire.com/ https://feed.pghub.io https://www.facebook.com/ https://downloads.ctfassets.net/ https://px.moatads.com/ https://googleads.g.doubleclick.net/ https://www.confianzaonline.es *.akamaihd.net https://maps.gstatic.com https://maps.googleapis.com https://t.co https://www.google.com/ https://www.google.hr/ https://analytics.twitter.com https://s.amazon-adsystem.com/ https://c.lytics.io/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://match.adsrvr.org/ https://images.ctfassets.net https://pixel.tapad.com https://www.google-analytics.com https://i.ytimg.com; manifest-src 'self'; frame-ancestors 'self' https://app.contentful.com; media-src 'self' https://feed.pghub.io https://videos.ctfassets.net/; worker-src blob:; 5
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'self' https://play.libsyn.com; base-uri 'none'; form-action 'self' https://duckduckgo.com; frame-ancestors 'none'; 5
base-uri self 5
frame-src *; 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: ; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 5
default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com certificates.webtests.com blob:; style-src 'self' 'unsafe-inline' certificates.webtests.com fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' certificates.webtests.com data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 5
default-src 'self' *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; media-src blob: 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.qualtrics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zuora.com tags.tiqcdn.com *.vergic.com *.brightcove.net *.brightcove.com blob: vjs.zencdn.net d2qrdklrsxowl2.cloudfront.net www.googletagmanager.com connect.facebook.net static.ads-twitter.com *.twitter.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.gstatic.com *.ceros.com *.turtl.co trustspot.io cdn.jsdelivr.net my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com adservice.google.com www.googletagservices.com *.qualtrics.com *.service.force.com c.paypal.com *.doublethedonation.com doublethedonation.com *.adtrafficquality.google *.ep2.adtrafficquality.google d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.turtl.co trustspot.io s3.amazonaws.com my.tealiumiq.com *.my.tealiumiq.com *.ravecapture.com app.ravecapture.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; img-src 'self' data: images.ctfassets.net aicpa.sc.omtrdc.net media.aicpa.org *.rackcdn.com cm.everesttech.net dpm.demdex.net content.psplugin.com *.brightcove.com *.boltdns.net players.brightcove.net static.ads-twitter.com t.co www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.google.co.uk *.facebook.com trustspot.io * c.paypal.com b.stats.paypal.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; font-src 'self' data: fonts.gstatic.com d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.vergic.com content.psplugin.com s3.amazonaws.com trustspot.io d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; connect-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com https://us.aicpa.org/bin/aicpaorg/uca assets.ctfassets.net downloads.ctfassets.net sentry.io app.getsentry.org app.getsentry.com dpm.demdex.net aicpa.demdex.net collect.tealiumiq.com aicpa.sc.omtrdc.net players.brightcove.net *.brightcove.com *.hapyak.com *.boltdns.net *.brightcovecdn.com *.akamaihd.net *.akafms.net *.vergic.com *.facebook.com *.google.com trustspot.io my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com *.qualtrics.com sit.test-aicpa.org *.adtrafficquality.google d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com apisandbox.zuora-cima.dev.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.com api.zuora-cima.securedataplatform.com api.zuora-cima.securedataplatform.co.uk zuora-cima.securedataplatform.com sandbox.na.zuora-cima.uat.securedataplatform.co.uk sandbox.na.zuora-cima.uat.securedataplatform.com na.zuora-cima.securedataplatform.co.uk na.zuora-cima.securedataplatform.com sandbox.na.zuora.com *.aicpa-cima.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com www.facebook.com m.facebook.com html5-player.libsyn.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net vjs.zencdn.net *.podomatic.com podomatic.com *.youtube.com apisandbox.zuora.com aicpa.demdex.net www.zuora.com *.doubleclick.net bid.g.doubleclick.net td.doubleclick.net *.ceros.com *.google.com my.tealiumiq.com *.my.tealiumiq.com *.safeframe.googlesyndication.com tpc.googlesyndication.com *.qualtrics.com *.zuora.com c.paypal.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-ancestors 'self' *.aicpa.org *.cgma.org; manifest-src 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://sentry.io/api/3382497/security/?sentry_key=9aee855e0ce84a1db4b69530c6b45163@sentry.io/3382497 5
frame-ancestors 'self' nielseniq.com *.nielseniq.com; 5
frame-ancestors https://tongji.baidu.com 5
default-src 'self' * data: blob:;font-src 'self' * data:;script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:;style-src 'self' * 'unsafe-inline';media-src 'self' * blob:;frame-ancestors 'self' http://localhost:3000 https://the-gui.testing.nxt.zone https://the-gui.staging.nxt.zone/ https://the-gui.production.nxt.zone/ https://the-gui.cloud 5
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5
font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io *.googleapis.com;, frame-ancestors 'self' data: *.kornferry.com *.kfadvance.com; 5
default-src 'self'; style-src https://*.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval' https://ams.wpml.org; frame-ancestors 'self' https://partner.hornetsecurity.com; img-src 'self' data: https://bat.bing.com https://bat.bing.net https://*.reddit.com https://*.g.doubleclick.net https://www.google.nl https://www.google.ca https://www.google.com https://logo.clearbit.com https://www.google.de https://www.googletagmanager.com https://*.linkedin.com https://www.facebook.com https://cdn-public.borlabs.io https://*.ytimg.com; media-src 'self' https://cdn-public.borlabs.io; frame-src 'self' blob: https://*.doubleclick.net https://*.livechatinc.com https://www.googletagmanager.com https://play.libsyn.com https://www.youtube-nocookie.com https://www.youtube.com https://youtube.de https://*.frcapi.com; connect-src 'self' https://trk.hornetsecurity.com https://api.hsforms.com https://bat.bing.net https://bat.bing.com https://www.redditstatic.com https://*.reddit.com https://analytics.google.com https://www.google.com www.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://www.facebook.com https://*.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://yoast.com https://my.yoast.com https://*.friendlycaptcha.com https://*.friendlycaptcha.eu https://ams.wpml.org https://*.sendmarc.com; script-src-elem 'self' data: 'unsafe-inline' https://trk.hornetsecurity.com https://bat.bing.com https://*.googlesyndication.com https://www.redditstatic.com https://www.googleadservices.com https://*.doubleclick.net https://*.livechatinc.com https://connect.facebook.net https://www.googletagmanager.com https://www.youtube.com https://ams.wpml.org https://yoast.com https://snap.licdn.com https://*.sendmarc.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'; font-src https://*.gstatic.com https://*.lottiefiles.com https://cdnjs.cloudflare.com 'self' data: ; worker-src 'self' blob: ; 5
upgrade-insecure-requests; frame-ancestors 'self' https://*.01net.com 5
default-src 'none'; script-src 'self' 'sha256-WN0hqek1jEauhlhWVVXeQPa5BD3f0rsMdmwSZtw1Cys=' 'sha256-cOUXIsNVwguhsLRkGp9NT9PmvjTuL4AP5HlxssvXg3c=' 'sha256-eIXWvAmxkr251LJZkjniEK5LcPF3NkapbJepohwYRIc=' 'sha256-Jz4XDAN4f076pEj8cOt8mEdISulquB3CBdxFvEpSSyc='; child-src 'self'; frame-src https://*.youtube.com  https://*.vimeo.com; font-src 'self'; img-src http: data: *; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' https://tuta.com https://tuta.com data: * wss://app.tuta.com https://app.tuta.com https://api.github.com https://www.reddit.com https://mail.tutanota.com wss://mail.tutanota.com; 5
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 5
frame-ancestors 'self' https://betterhearing.lightning.force.com https://betterhearing--staging.sandbox.lightning.force.com; 5
default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com js.hs-banner.com js.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk services.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com api.addressy.com *.gbgplc.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com js.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com js.hsforms.net forms.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com npmcdn.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com j.6sc.co tracking.g2crowd.com js.hubspot.com *.customersure.com *.visualwebsiteoptimizer.com www.atmrum.net *.cloudfront.net scout-cdn.salesloft.com https://*.maze.co/ esm.sh secure.imaginative-24.com webeo-web-content.s3-eu-west-1.amazonaws.com www.clarity.ms secure.intelligent-business-7.com secure.agile-company-365.com webeo-web-content.s3-eu-west-1.amazonaws.com ldynamicspublicapi.leadforensics.com secure.leadforensics.com scripts.webeo.com my.g2.com *.sentry-cdn.com cdn.segment.com hm.baidu.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com googletagmanager.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud ifaqs.flexanswer.com *.cloudfront.net unpkg.com https://*.maze.co/ webeo-web-content.s3-eu-west-1.amazonaws.com; img-src 'self' data: blob: 'unsafe-inline' *.gravatar.com gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net googleads.g.doubleclick.net pagead2.googlesyndication.com glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com *.hsforms.com analytics.twitter.com b.6sc.co *.visualwebsiteoptimizer.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net https://*.maze.co/ secure.imaginative-24.com *.clarity.ms webeo-web-content.s3-eu-west-1.amazonaws.com images.g2crowd.com www.g2.com hm.baidu.com; font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud https://*.maze.co/; media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com; worker-src  blob:; child-src blob:; connect-src 'self' *.google-analytics.com api.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net gbg-cms-web-uat-staging.azurewebsites.net gbg-cms-web-dev.azurewebsites.net gbg.local maps.googleapis.com *.execute-api.ap-southeast-2.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com m1.openfpcdn.io *.applicationinsights.azure.com ipv6.6sc.co *.6sc.co content.hotjar.io *.customersure.com gbgplc.com demotiles.maplibre.org api.maptiler.com *.analytics.google.com scout.salesloft.com https://*.maze.co/ *.6sense.com cdn.jsdelivr.net tracking.g2crowd.com secure.adnxs.com *.clarity.ms ldynamicspublicapi.leadforensics.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com my.g2.com www.g2.com api.segment.io cdn.segment.com unpkg.com; frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com *.hs-sites.com codepen.io *.loqate.com *.buzzsprout.com *.umbraco.com www.edisoninvestmentresearch.com *.customersure.com td.doubleclick.net docs.google.com www.g2.com https://www.googletagmanager.com https://td.doubleclick.net; frame-ancestors 'self' *.loqate.com gbgplc.sharepoint.com; 5
frame-ancestors 'self' https://commerceinsights.ibmcloud.com 5
default-src 'none'; media-src 'self' *.scene7.com *.stryker.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.cvent-assets.com *.cvent.com *.doubleclick.net *.facebook.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.licdn.com *.marketo.com *.marketo.net *.mktoweb.com *.recaptcha.net *.serving-sys.com *.smtrk.net *.stackadapt.com *.stryker.com *.tribalfusion.com *.zi-scripts.com *.zoominfo.com assets.adobedtm.com bh.contextweb.com magnetic.t.domdex.com maps.googleapis.com pixel.mathtag.com rules.quantcount.com s.ytimg.com secure.quantserve.com ssl.google-analytics.com stryker-h.assetsadobe.com tags.srv.stackadapt.com www.gstatic.com www.youtube.com blob:; connect-src 'self' https://*; img-src 'self' data: https://*; style-src 'self' 'unsafe-inline' *.cvent-assets.com *.mktoweb.com *.stackadapt.com *.stryker.com fast.fonts.net fonts.googleapis.com www.gstatic.com; font-src 'self' https://*; manifest-src 'self'; frame-src 'self' https://*; frame-ancestors 'self' *.adobecqms.net; block-all-mixed-content; upgrade-insecure-requests; 5
frame-ancestors 'self' https://www.facebook.com/ 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.ads-twitter.com *.adyen.com *.agilone.com *.algolia.net *.algolianet.com *.analytics.google.com *.api.bazaarvoice.com *.bazaarvoice.com *.bing.com *.bounceexchange.com *.bouncex.net *.cdnbasket.net *.cdnwidget.com *.collect.igodigital.com *.contentsquare.net *.criteo.com *.facebook.com *.facebook.net *.fls.doubleclick.net *.g.doubleclick.net *.ggpht.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.igodigital.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.liadm.com *.mag.bazaarvoice.com *.monetate.net *.nextdoor.com *.nr-data.net *.onetrust.com *.pepperjam.com *.pinimg.com *.pinterest.com *.revlifter.io *.rsa3dsauth.co.uk *.scene7.com *.securesuite.co.uk *.smarterhq.io *.snapchat.com *.staging.bigcontent.io *.studentbeans.com *.twitter.com *.ventrica.io *.wknd.ai *.zdassets.com *.zendesk.com *.zopim.com ad.doubleclick.net ade.googlesyndication.com algolia.net algolianet.com analytics.tiktok.com api.addressy.com api.official-coupons.com api.official-deals.co.uk app.contentsquare.com bid.g.doubleclick.net clarks.a.bigcontent.io cdn.c1.amplience.net cdn.cookielaw.org cdn.media.amplience.net cdn.static.amplience.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com clarkscs.zendesk.com cloud.email.clarks.com cookie-cdn.cookiepro.com edgeshoppingstatic.azureedge.net ekr.zdassets.com ekr.zendesk.com fonts.googleapis.com insights.algolia.io int-ds-shared-1.monetate.org js-agent.newrelic.com kargo.clarks.com localhost:2323 marketer.monetate.net pay.google.com pippio.com *.experticity.com *.expertvoice.com private-media-node12.s3.eu-west-1.amazonaws.com res.cloudinary.com sc-static.net static.zdassets.com t.co t.contentsquare.net t.paypal.com t.pepperjamnetwork.com tagmanager.google.com td.doubleclick.net the.sciencebehindcommerce.com tr2.smarterhq.io v2assets.zopim.io zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com wss://clarkscs.zendesk.com www.ascendpartner.com www.awin1.com *.clarity.ms www.dwin1.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com www.upsellit.com www.youtube.com youtube.com *.global-e.com *.bglobale.com https://www.clarks.co.uk/assets/ https://www.clarksusa.com/assets/ https://google.com/pay *.kaptcha.com x.bidswitch.net ib.adnxs.com dis.criteo.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net c1.adform.net cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com ib.adnxs.com dpm.demdex.net gum.criteo.com beacon.krxd.net *.smooch.io metatest.clarks.com metaevents-1p.stitcherads.com kargo.clarks.com metaevents.stitcherads.com prf.hn form.jotform.com/241913106756052 cdn.jotfor.ms/s/umd/latest/for-form-embed-handler.js *.awin1.com *.zenaps.com https://www.dwin1.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com access.myunidays.com images.unidays.world *.myunidays.com *.unidays.world *.prod.unidays.io https://flo.uri.sh/ https://flo.uri.sh/visualisation/* https://public.flourish.studio/resources/* *.attentivemobile.com *.attn.tv https://clarks.attn.tv/* *.klaviyo.com *.gocertify.me *.narvar.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws https://bff.prod.aws.clarks.com/graphql cognito-idp.eu-west-1.amazonaws.com https://www.clarks.com https://preview.clarks.com; worker-src blob:; font-src 'self' data: fonts.gstatic.com *.klarnacdn.net *.unidays.world *.klaviyo.com; frame-ancestors 'self'; upgrade-insecure-requests ; 5
frame-src *; frame-ancestors 'self'; 5
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 5
style-src 'unsafe-inline' https://*.sitecore.com;base-uri 'self';connect-src https://*.6sc.co https://*.6sense.com https://*.adnxs.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.googlesyndication.com https://api.ipify.org https://px.ads.linkedin.com https://*.bing.com wss://*.qualified.com https://*.qualified.com https://*.quantcount.com https://*.salesloft.com https://*.sitecore.com https://*.sitecorecloud.io;default-src data: blob: https://*.sitecore.com https://*.sitecore.net https://*.hhogdev.com https://*.stylelabs.cloud https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://*.bolddns.net;font-src https://*.sitecore.com;frame-src https://*.google.com https://td.doubleclick.net https://*.googletagmanager.com https://capture.navattic.com https://sitecore.navattic.com/ https://app.qualified.com https://*.sitecore.com https://*.sitecorecontenthub.cloud;frame-ancestors 'self' https://*.sitecorecloud.io https://*.sitecore.com;img-src https://*.6sc.co https://www.googletagmanager.com https://*.google.com https://*.google.ca https://*.google.co.uk https://googleads.g.doubleclick.net https://*.google-analytics.com https://px.ads.linkedin.com https://*.bing.com https://*.quantserve.com https://*.sitecore.com https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud https://*.force.com https://wwwsitecorecom.azureedge.net;media-src https://app.qualified.com 'self' https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud data:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sitecore.com http://localhost http://*.6sc.co https://*.googlesyndication.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.recaptcha.net https://*.gstatic.cn https://*.gstatic.com https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.qualified.com https://*.salesloft.com https://d35vb5cccm4xzp.cloudfront.net https://*.bing.com https://*.quantserve.com https://*.quantcount.com;style-src-attr 'unsafe-inline' https://*.sitecore.com; 5
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.anantara.com *.anantara.com.cn *.avanihotels.com *.avanihotels.com.cn *.naladhu.com *.oakshotels.com *.niyama.com world.nh-hotels.com *.naladhu.com.cn *.niyama.com.cn *.nhhotels.com.cn *.telerain.com:* 5
default-src 'self' www.microsoft.com; script-src 'self' www.microsoft.com js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms 'unsafe-inline' snap.licdn.com www.clarity.ms *.google.com www.gstatic.com 204-kzg-685.mktoweb.com bat.bing.com acdn.adnxs.com msamarketing.z22.web.core.windows.net; style-src 'self' www.microsoft.com 'unsafe-inline' 204-kzg-685.mktoweb.com; font-src 'self' c.s-microsoft.com www.microsoft.com data:; img-src 'self' data: img-prod-cms-rt-microsoft-com.akamaized.net googleads.g.doubleclick.net www.facebook.com px.ads.linkedin.com *.google.com *.google.co * dev-about.ads.microsoft.com qa-about.ads.microsoft.com about.ads.microsoft.com blob:; connect-src 'self' js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms px.ads.linkedin.com mscom.demdex.net browser.events.data.microsoft.com d.clarity.ms target.microsoft.com dpm.demdex.net *.clarity.ms/collect bat.bing.com dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com *.adnxs.com consentreceiverfd-prod.azurefd.net msftenterprise.sc.omtrdc.net westus2-2.in.applicationinsights.azure.com bat.bing.net; frame-src 'self' *.google.com * 204-kzg-685.mktoweb.com www.microsoft.com; media-src 'self' blob: dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com; 5
frame-ancestors 'self'; block-all-mixed-content 5
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self' 5
frame-ancestors 'self' *.evergage.com *.evgnet.com *.vimeo.com *.hotjar.com https://fuse-event.com farapulse.stage.apps.bsci.com eligibility.farapulse.com;frame-src 'self' blob: https:;default-src 'self' 'unsafe-inline' blob: https:;font-src 'self' https: data:;script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:;connect-src 'self' wss: data: https: blob:; 5
frame-ancestors 'self' https://*.paperflite.com 5
default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; worker-src 'self' data: blob: beta.career.io *.beta.career.io career.io *.career.io careercenter.intent-usa.com *.careercenter.intent-usa.com careerio.careerminds.com *.careerio.careerminds.com careerio.topresume.com *.careerio.topresume.com cv.dk *.cv.dk cvapp.ar *.cvapp.ar cvapp.bg *.cvapp.bg cvapp.cl *.cvapp.cl cvapp.cz *.cvapp.cz cvapp.de *.cvapp.de cvapp.es *.cvapp.es cvapp.fi *.cvapp.fi cvapp.fr *.cvapp.fr cvapp.gr *.cvapp.gr cvapp.hu *.cvapp.hu cvapp.ie *.cvapp.ie cvapp.it *.cvapp.it cvapp.mx *.cvapp.mx cvapp.no *.cvapp.no cvapp.nz *.cvapp.nz cvapp.ro *.cvapp.ro cvapp.rs *.cvapp.rs cvapp.vn *.cvapp.vn cveasy.pl *.cveasy.pl cvkungen.se *.cvkungen.se cvster.nl *.cvster.nl lebenslaufapp.at *.lebenslaufapp.at lebenslaufapp.ch *.lebenslaufapp.ch onlinecurriculo.com.br *.onlinecurriculo.com.br onlinecurriculo.pt *.onlinecurriculo.pt resume-test.io *.resume-test.io resume.io *.resume.io resume.io *.resume.io resumeapp.co.kr *.resumeapp.co.kr rirekisho.jp *.rirekisho.jp widget.resume.io *.widget.resume.io; frame-src https:; frame-ancestors 'self' vwo.com *.vwo.com 5
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.npodoc.nl *.2doc.nl *.vprogids.nl *.brainwash.nl vpro.matomo.cloud omroephuman.matomo.cloud; 5
frame-ancestors https://sc10cm https://rg-sitecore-website-qa-330340-single.azurewebsites.net https://web-ih-sc-tst-cd-wus2.azurewebsites.net https://web-ih-sc-prd-cm-wus2.azurewebsites.net https://intermountain.dev.local https://intermountainhealth.formstack.com 5
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru 'self' data: self cdn.tbank.ru cfg.tinkoff.ru www.tinkoff.ru acdn.tinkoff.ru www.cdn-tinkoff.ru dolyame.ru adm.tinkoff.ru tmsg.tinkoff.ru chat.dolyame.ru ms-gateway.tinkoff.ru forma.tinkoff.ru shopping.tbank.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: *.dolyame.ru https://www.youtube.com https://rutube.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.dolyame.ru 'self' data:; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.dolyame.ru https://www.youtube.com https://rutube.ru; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data: *.dolyame.ru; report-uri https://www.tinkoff.ru/api/front/pwabnpl/log/csp-error?appName=pwabnpl; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.dolyame.ru 5
frame-ancestors 'self' https://lojaonline.nos.pt 5
object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 5
default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: * ; child-src blob: ; 5
frame-ancestors 'self' https://*.ezlynx.com/ https://*.appliedsystems.com/ https://*.ivans.com/ https://*.agentinsure.com/ https://*.uatezlynx.com/ https://*.vtpezlynx.com/  https://*.devezlynx.com/ https://appliedsystems--devprob.sandbox.my.site.com/ https://appliedsystems--devproa.sandbox.my.site.com/  https://appliedsystems--uat.sandbox.my.site.com/ https://appliedsystems--uat.sandbox.my.site.com/AppliedClientCommunity/s/ 5
connect-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.12go.com 12go.com *.onetwogo.com onetwogo.com mc.yandex.ru *.google-analytics.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.mapbox.com *.ipqualityscore.com ipqualityscore.com *.googlesyndication.com *.getsitecontrol.com trainbusferry.com *.trainbusferry.com api.alternativepayments.com *.logs.datadoghq.com api-js.datadome.co cdn.ampproject.org; default-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.12go.com 12go.com *.onetwogo.com onetwogo.com fonts.gstatic.com maxcdn.bootstrapcdn.com blob:; font-src 'self' * data: *.onetwogo.com maxcdn.bootstrapcdn.com *.apiairasia.com; frame-ancestors 'self'; frame-src 'self' * *.12go.co 12go.co *.12go.com 12go.com *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.md *.youtube.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.google.com *.stripe.com paymentpage.ecommpay.com s2.mailorsoon.net *.googletagmanager.com apiairasia.com *.apiairasia.com; img-src * blob: * data:; media-src *; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.12go.co 12go.co *.12go.com 12go.com *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.bing.com mc.yandex.ru *.ads-twitter.com analytics.twitter.com connect.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.omise.co *.paypalobjects.com *.paypal.com ipqualityscore.com *.getsitecontrol.com *.googleapis.com pagead2.googlesyndication.com googletagservices.com *.stripe.com trainbusferry.com *.trainbusferry.com paymentpage.ecommpay.com s7.addthis.com cdn.ampproject.org www.datadoghq-browser-agent.com js.datadome.co blob:; style-src 'self' * 'unsafe-inline' *.12go.co 12go.co *.12go.asia 12go.asia *.12go.com 12go.com *.onetwogo.com onetwogo.com *.googleapis.com paymentpage.ecommpay.com maxcdn.bootstrapcdn.com; 5
manifest-src 'self'; 5
default-src *; 		child-src 'self' blob:; 		connect-src * blob: ws: wss:; 		frame-src 'self' www.googletagmanager.com api.foxentry.cz www.databreakers.com cdn.msgok.net 			www.mall.tv mall.fameplay.tv fameplay.tv www.google.com 			www.youtube.com creativecdn.com sketchfab.com 			socialplugin.facebook.net www.kdukvh.com tcp.googlesyndication.com 			www.zbozi.cz 			cj.dotomi.com 			payu.com secure.payu.com merch-prod.snd.payu.com 			cpx.smind.hr cpx.smind.si 			data:; 		script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mall.cz *.mall.sk *.mall.hr *.mall.hu *.mall.pl *.mimovrste.com 			*.google-analytics.com ajax.googleapis.com mallgroup-api.exponea.com supine.io *.clarity.ms www.googleadservices.com 			download.databreakers.com connect.facebook.net api.mapy.cz *.cdn.nrholding.net 			c.seznam.cz tpc.googlesyndication.com www.zbozi.cz cdn.msgok.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 			code.jquery.com translate.google.com cdn.jsdelivr.net cloudflare.hcaptcha.com static.cloudflareinsights.com 			www.googletagmanager.com *.foxentry.cz im9.cz/js/ bat.bing.com *.adform.net static.criteo.net sslwidget.criteo.com 			*.doubleclick.net *.mallgroup.com yottlyscript.com login.dognet.sk etargetnet.com secure.smartform.cz 4w.smartform.cz 			ssl.heureka.cz ssl.heureka.sk http://localhost:* *.cs.mall.local *.cs.mall.test www.arukereso.hu 			tracking.channelsight.com ngastatic.com/s4c/tracker.js sk.search.etargetnet.com/j/ 			*.mczbf.com *.cj.com *.payu.com 			*.smind.hr *.smind.si; 		style-src * 'unsafe-inline'; 		img-src * data:; 		object-src 'none' 5
default-src 'self' blob: *;base-uri 'self';font-src 'self' data: https://tv4play.humany.net/ https://apps.mypurecloud.com/ https://chat.kindlycdn.com/;form-action 'self' *;frame-ancestors 'self' *;img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;script-src-attr 'none';style-src 'self' 'unsafe-inline' * 5
default-src 'self' https: data:; frame-src 'self' ockto: https:; frame-ancestors 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src 'self' data: https:; font-src *; 5
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 5
data: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 5
default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; style-src * 'unsafe-inline'; object-src 'self' *.youtube.com youtube.com; img-src * data:; frame-src * blob:; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; frame-ancestors 'self' *.eq5trck.com *.pulsepoint.com; 5
default-src 'self'; script-src 'self' 'nonce-46280c75-51b7-4e9a-9bc5-0a9a6c20bedc' dnstest2.ficora.fi dnstest.traficom.fi stat.traficom.fi analytiikka.ahtp.fi; img-src 'self' data: *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; style-src 'self' 'nonce-46280c75-51b7-4e9a-9bc5-0a9a6c20bedc' dnstest2.ficora.fi dnstest.traficom.fi; font-src 'self'; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; connect-src 'self' https://stat.traficom.fi analytiikka.ahtp.fi; form-action 'self' 5
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none'; 5
connect-src 'self' wss://streamer.finance.yahoo.com/ https://*.3lift.com https://*.adsrvr.org https://*.adtrafficquality.google https://*.casalemedia.com https://*.cdn.yimg.com https://*.clean.gg https://*.criteo.com https://securepubads.g.doubleclick.net/* https://*.indexww.com/ https://*.liadm.com https://*.lijit.com/ https://*.media.net https://*.oath.com https://*.openx.net https://*.pubmatic.com https://*.rubiconproject.com https://*.seedtag.com https://*.sharethrough.com https://*.taboola.com https://*.yahoo.com https://*.yahoo.net https://*.yieldmo.com https://ad.doubleclick.net https://api.alyavista.com https://api.privacy-center.org https://bam.nr-data.net/ https://csi.gstatic.com https://dpm.demdex.net/ https://googleads.g.doubleclick.net/td/auctionwinner https://guce.yahoofinance.com https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://pagead2.googlesyndication.com https://s.yimg.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://securepubads.g.doubleclick.net https://smetrics.att.com/ https://static.criteo.net/js/ld/publishertag.prebid.144.js; default-src 'self'; font-src 'self' data: https://cdn.taboola.com https://finance.yahoo.com https://fonts.gstatic.com https://s.yimg.com; frame-src 'self' https://*.3lift.com https://*.a-mo.net https://*.abcnews.go.com https://*.adsrvr.org https://*.adtrafficquality.google https://*.advertising.com https://*.amazon-adsystem.com https://*.bbc.co.uk https://*.casalemedia.com https://*.chartbeat.com https://*.clicktivatedvideoplayer.com https://*.criteo.com https://*.deezer.com https://*.delivery.vidible.tv https://*.dailymotion.com/embed/video https://*.emxdgt.com https://*.etonline.com https://*.facebook.com https://*.google.com https://*.gumgum.com https://*.hulu.com https://*.indexww.com https://*.instagram.com https://*.jac.yahoosandbox.com https://*.lijit.com https://*.livestream.com https://*.media.net https://*.mtvnservices.com https://*.myfinance.com https://*.nbc.com https://*.nytimes.com https://*.oath.com https://*.openx.net https://*.pubmatic.com https://*.reuters.com https://*.rubiconproject.com https://*.safeframe.googlesyndication.com https://*.scribd.com https://*.seedtag.com https://*.sharethrough.com https://*.smartasset.com https://*.soundcloud.com https://*.spotify.com https://*.taboola.com https://*.ted.com https://*.theguardian.com https://*.tpc.googlesyndication.com https://*.trustedstack.com https://*.tumblr.com https://*.turner.com https://*.usatoday.com https://*.vimeo.com https://*.washingtonpost.com https://*.wsj.com https://*.yahoo.com https://*.yahoo.net https://*.yieldmo.com https://abcnews.go.com https://att.demdex.net/ https://bbc.co.uk https://cdn.yahoofinance.com/ https://chartbeat.com https://compass.pressekompass.net https://console.googletagservices.com https://delivery.vidible.tv https://embed.acast.com https://embed.music.apple.com https://embed.podcasts.apple.com https://embedder.wirewax.com https://flo.uri.sh/ https://flourish.studio https://www.googletagmanager.com https://guce.yahoofinance.com https://interactives.ap.org https://livestream.com https://openweb.jac.yahoosandbox.com/ https://platform.twitter.com https://s.yimg.com https://securepubads.g.doubleclick.net https://service.force.com/ https://smartasset.com https://tpc.googlesyndication.com https://tsdtocl.com/ https://view.ceros.com https://vimeo.com https://vplayer.nbcolympics.com https://widget-yahoo.ofx.com https://www.bankrate.com https://www.credible.com https://www.dailymotion.com/embed/video/ https://www.myfinance.com https://www.surveymonkey.com https://www.youtube.com https://yahoo.crunchbaseembed.com https://yahoo.real-estate.hk; img-src 'self' data: blob: about: https://www.google.com/ads/measurement/l https://*.1rx.io https://*.3lift.com https://*.adnxs.com https://*.adsafeprotected.com/ https://*.adsrvr.org https://*.adtrafficquality.google https://*.amazon-adsystem.com https://*.casalemedia.com https://*.cloudfront.net/pixel.gif https://*.criteo.com https://*.dotomi.com https://*.doubleclick.net https://*.everesttech.net https://*.googlesyndication.com https://*.indexww.com/ https://*.kueezrtb.com https://*.liadm.com https://*.lijit.com/ https://*.media.net https://*.mediago.io https://*.openx.net https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.disqus.com https://*.sonobi.com https://*.taboola.com https://*.wc.yahoodns.net https://*.yahoo.com https://*.yahoo.net https://*.yieldmo.com https://*.yimg.com https://crb.kargo.com https://googleads.g.doubleclick.net/pagead/interaction/ https://media.zenfs.com https://o.aolcdn.com/images/dims https://pbs.twimg.com https://ping.chartbeat.net https://platform.twitter.com https://pong.chartbeat.net https://public.flourish.studio/resources/ https://res.cloudinary.com/yfc-nonprod/ https://res.cloudinary.com/yfc-production/ https://s2.coinmarketcap.com/static/img/coins/ https://sb.scorecardresearch.com https://securepubads.g.doubleclick.net/pagead/adview https://smetrics.att.com/b/ss/attnetprod/ https://static2.chartbeat.com https://syndication.twitter.com https://vop-yahoo.akamaized.net/pixel.gif https://www.facebook.com https://yahoovod.hs.llnwd.net/pixel.gif; manifest-src 'self' https://s.yimg.com; media-src 'self' blob: https://finance.yahoo.com https://s.yimg.com https://res.cloudinary.com/yfc-nonprod/ https://res.cloudinary.com/yfc-production/; object-src 'none'; report-to csp-endpoint; report-uri https://csp.yahoo.com/beacon/csp?src=yahoofinance; sandbox allow-downloads allow-forms allow-modals allow-popups-to-escape-sandbox allow-popups allow-presentation allow-same-origin allow-scripts allow-top-navigation-by-user-activation; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://launcher.spot.im https://*.adtrafficquality.google https://*.oath.com https://*.salesforceliveagent.com/ https://*.taboola.com https://*.yahoo.com https://*.yahoo.net https://adservice.google.com/adsid/integrator.js https://cdn.ampproject.org/rtv/ https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/dcodeIO/protobuf.js/ https://console.googletagservices.com/pubconsole/loader.js https://ec.yimg.com/didomi/ https://gum.criteo.com/ https://jac.yahoosandbox.com/2.0.0/jac.js https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://openweb.jac.yahoosandbox.com/1.5.0/jac.js https://pagead2.googlesyndication.com https://platform.twitter.com https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://s.yimg.com https://securepubads.g.doubleclick.net https://service.force.com/embeddedservice/5.0/ https://static.criteo.net/js/ld/publishertag.prebid.144.js https://static.lightning.force.com/ https://static2.chartbeat.com https://tpc.googlesyndication.com/pagead/js/ https://tpc.googlesyndication.com/sodar/sodar2.js https://wnsrvbjmeprtfrnfx.ay.delivery https://www.googletagservices.com/activeview/js; style-src 'self' 'unsafe-inline' https://cdn.taboola.com https://finance.yahoo.com https://oathmembershipsupport.my.salesforce-sites.com/ https://platform.twitter.com https://s.yimg.com https://service.force.com/; worker-src 'self' blob: https://finance.yahoo.com 5
connect-src 'self' *.edenred.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com http://*.xiti.com; font-src 'self' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' *.edenred.com https://cdn.cookielaw.org data: https://api.mapbox.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com; media-src 'self' *.edenred.com; object-src 'self' *.edenred.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://connect.facebook.net cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://connect.facebook.net cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://tagmanager.google.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' *.edenred.com; report-uri https://www.edenred.com/fr/system/reporting/csp; report-to csp 5
frame-ancestors 'self' *.youtube.com *.vimeo.com; 5
default-src 'self'; img-src 'self' pages.worldline.com *.reddit.com wss://*.caas4prd.worldline-solutions.com *.bing.com *.seadform.net *.caas4prd.worldline-solutions.com bit.ly *.blob.core.windows.net callexcellcdn.blob.core.windows.net *.googletagmanager.com *.tiktok.com *.googletagmanager *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.google.com *.g.doubleclick.net *.vimeocdn.com *.vimeo.com dpm.demdex.net dev.day.com cm.everesttech.net worldline.sc.omtrdc.net worldlinesa.tt.omtrdc.net cdn.cookielaw.org www.gstatic.com *.linkedin.com *.adsymptotic.com *.scene7.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' wss://*.caas4prd.worldline-solutions.com *.caas4prd.worldline-solutions.com *.zdassets.com *.blob.core.windows.net *.callexcellcdn.blob.core.windows.net *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.zendesk.com cdnjs.cloudflare.com https://google.com *.doubleclick.net *.facebook.com *.g.doubleclick.net track.adform.net *.facebook.net assets.adobedtm.com cdn.cookielaw.org snap.licdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.cloudflare.com cdn.jsdelivr.net www.youtube.com ssl.p.jwpcdn.com assets-jpcust.jwpsrv.com *.cloudflare.com cdn.cookielaw.org files.cdn.leadfamly.com *.ytimg.com *.youtube.com *.jwpsrv.com *.jwpcdn.com *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.doubleclick.net *.pardot.com *.hotjar.io *.hotjar.com *.gstatic.com *.google.com *.worldline.com ajax.googleapis.com maps.googleapis.com maxcdn.bootstrapcdn.com *.scene7.com; style-src 'self' 'unsafe-inline' *.worldline.com wss://*.caas4prd.worldline-solutions.com *.beanstream.com *.caas4prd.worldline-solutions.com *.worldline-solutions.com *.blob.core.windows.net *.fontawesome.com *.lytics.io https://google.com *.fontawesome.com fonts.google.com optimize.google.com play.google.com *.cloudflare.com ssl.p.jwpcdn.com *.googleapis.com *.caas4noprd.worldline-solutions.com *.cloudflare.com *.jwpcdn.com worldline.com maxcdn.bootstrapcdn.com *.scene7.com; connect-src 'self' 'unsafe-inline' data: blob: ws.zoominfo.com js.zi-scripts.com *.reddit.com *.redditstatic.com wss://*.caas4prd.worldline-solutions.com *.friendlycaptcha.com *.mktoresp.com *.caas4prd.worldline-solutions.com callexcellcdn.blob.core.windows.net *.linkedin.com worldlinesa.tt.omtrdc.net *.zendesk.com wss://*.zopim.com *.hubspot.com *.hubapi.com *.zdassets.com *.cognigy.ai wss://*.cognigy.ai *.zendesk.com https://google.com *.tiktok.com *.googlesyndication.com *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.net *.googleadservices.com *.google.com *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.g.doubleclick.net six.enterprisebot.co *.fontawesome *.hotjar.io *.spotify.com *.apple.com wss://*.caas4noprd.worldline-solutions.com *.worldline-solutions.com *.scene7.com worldlinesa.demdex.net dpm.demdex.net cdn.cookielaw.org privacyportal-eu.onetrust.com *.tt.omtrdc.net *.omtrdc.net wss://*.hotjar.com wss://ws4.hotjar.com geolocation.onetrust.com maps.googleapis.com *.blob.core.windows.net optanon.blob.core.windows.net cookies-data.onetrust.io vc.hotjar.io maps.googleapis.com ws21.hotjar.com *.doubleclick.net *.hotjar.com cdn.linkedin.oribi.io; base-uri 'self'; frame-src 'self' 'unsafe-inline' https://vimeo.com/ *.adform.net *.mktoresp.com *.beanstream.com *.zendesk.com *.zdassets.com www.actito.be *.doubleclick.net *.g.doubleclick.net *.spotify.com *.apple.com anchor.fm *.typeform.com *.doubleclick.net business.ingenico.com form.typeform.com files.cdn.leadfamly.com worldline.leadfamly.com *.brighttalk.com *.youtube.com *.hotjar.com *.worldline.com *.equensworldline.com *.google.com worldlinesa.demdex.net https://recaptcha.google.com/recaptcha/; object-src 'none'; font-src *; script-src-elem 'unsafe-inline' *; media-src 'self' data: blob: *.zdassets.com *.scene7.com; worker-src blob:; child-src blob:; frame-ancestors 'self' https://frontend-v2.ocularium.be; 5
default-src 'self' https:; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src https:; worker-src 'self' https://cdn.devicevalidation.io https://cs.deviceatlas-cdn.com blob: 5
default-src 'self'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; connect-src * ws:; font-src *; frame-src *; media-src * 5
base-uri 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.magnolia-platform.com dashboard.trustprofile.com *.unzer.com *.mouseflow.com *.inpost.pl; form-action 'self'; frame-ancestors 'self' *.magnolia-platform.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt view.publitas.com app.cux.io; img-src 'self' data: *.usercentrics.eu *.luigisbox.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.magnolia-platform.com *.wt-eu02.net bat.bing.com *.google.com *.google.de *.google.at *.google.pl google.com google.de google.at google.pl static.phrase.com *.trustedshops.com *.gstatic.com *.myracloud.com dashboard.trustprofile.com commission.europa.eu *.heidelpay.com *.unzer.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com *.online-metrix.net *.trbo.com api.iconify.design *.mouseflow.com *.inpost.pl; object-src 'self' blob:; style-src 'self' *.luigisbox.com 'unsafe-inline' *.magnolia-platform.com d2bgdldl6xit7z.cloudfront.net *.googletagmanager.com tagmanager.google.com fonts.googleapis.com trck.linkster.co *.visualwebsiteoptimizer.com app.vwo.com *.unzer.com sandbox-easy-geowidget-sdk.easypack24.net *.inpost.pl; script-src 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com paypalobjects.com *.trustedshops.com blob: *.googleadservices.com googleads.g.doubleclick.net google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl 'self' *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com *.unzer.com *.trbo.com dc.cux.io *.mouseflow.com *.inpost.pl; upgrade-insecure-requests; default-src 'self' blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com paypalobjects.com *.magnolia-platform.com bat.bing.com googleads.g.doubleclick.net *.trustedshops.com blob: d2bgdldl6xit7z.cloudfront.net *.smarketer.de trck.linkster.co google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl dashboard.trustprofile.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com *.unzer.com *.online-metrix.net *.trbo.com dc.cux.io *.mouseflow.com sandbox-easy-geowidget-sdk.easypack24.net *.inpost.pl; connect-src 'self' *.luigisbox.com *.usercentrics.eu *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net api.phrase.com d2bgdldl6xit7z.cloudfront.net blob: *.magnolia-platform.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.trustedshops.com *.etrusted.com *.trustbadge.com *.analytics.google.com bat.bing.com trck.linkster.co *.smarketer.de google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com *.heidelpay.com *.unzer.com *.online-metrix.net *.trbo.com wss://n-77265177-0-20953900-1700486303-655b5c9f332a0.track.cux.io wss://o-77265177-0-20953900-1700486303-655b5c9f332a0.track.cux.io *.mouseflow.com *.inpost.pl; child-src *.trustedshops.com *.mouseflow.com; frame-src 'self' *.usercentrics.eu dashboard.trustprofile.com *.doubleclick.net parcelshop.dhl.pl *.googletagmanager.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.visualwebsiteoptimizer.com app.vwo.com view.publitas.com *.heidelpay.com *.unzer.com *.online-metrix.net *.trbo.com *.mouseflow.com sandbox-easy-geowidget.easypack24.net *.inpost.pl; manifest-src 'self'; media-src 'self' *.magnolia-platform.com; worker-src 'self' blob:; 5
font-src fonts.gstatic.com use.typekit.net https://fonts.cdnfonts.com/s/85546/Satoshi-BlackItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Black.woff https://fonts.cdnfonts.com/s/85546/Satoshi-BoldItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Bold.woff https://fonts.cdnfonts.com/s/85546/Satoshi-MediumItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Medium.woff https://fonts.cdnfonts.com/s/85546/Satoshi-LightItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Light.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Italic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Regular.woff https://s3.amazonaws.com/trustspot-pr-widget/ https://trustspot-app-assets.s3.amazonaws.com https://www.gstatic.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com https://*.klaviyo.com https://*.zmags.com https://*.getfastr.com https://cdn.reamaze.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com geostag.cardinalcommerce.com geo.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com geostag.cardinalcommerce.com geo.cardinalcommerce.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.xtento.com https://*.adsrvr.org https://ct.pinterest.com https://*.knocdn.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * https://www.google.com *.yotpo.com https://*.fls.doubleclick.net https://td.doubleclick.net https://*.wistia.net https://moultrie.locally.com https://cnc-api.zmags.com https://app.viralsweep.com https://ebsco.widen.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png https://*.bing.com https://tracking.avantlink.com https://*.adsrvr.org https://*.knocdn.com https://www.facebook.com store.paradoxlabs.com media.sezzle.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com https://app.ravecapture.com https://ravecapture-app-assets.s3.amazonaws.com https://trustspot-product-photos.imgix.net https://trustspot-experience-photos.imgix.net *.yotpo.com https://*.locally.com https://*.zmags.com https://*.getfastr.com https://arttrk.com https://*.clarity.ms https://*.doubleclick.net https://www.moultriefeeders.com https://www.moultrieproducts.com https://www.pradcocommerce.com https://www.summitstands.com https://embed.widencdn.net https://d3k81ch9hvuctc.cloudfront.net https://analytics.tiktok.com https://*.google.ca https://*.google.co.za https://*.google.fr https://*.google.co.uk https://*.google.co.in https://*.google.com.au https://maps.googleapis.com https://*.googleusercontent.com https://*.shgcdn.com https://phosphor.utils.elfsightcdn.com https://storemapper-herokuapp-com.global.ssl.fastly.net https://i.imgur.com/5axkorT.jpg dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://services.nofraud.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.adsrvr.org https://*.avmws.com https://*.experticity.com https://*.bing.com https://*.byspotify.com https://ct.pinterest.com https://s.pinimg.com https://*.knocdn.com https://connect.facebook.net checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com https://cdn.getblueshift.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://widget.sezzle.com maps.googleapis.com https://app.ravecapture.com https://trustspot.io https://www.google.com https://www.gstatic.com *.yotpo.com https://*.zmags.com https://cas.zma.gs https://*.addthis.com https://mpsnare.iesnare.com https://assets.armanet.us https://*.clarity.ms https://analytics.tiktok.com https://*.wistia.net https://*.hotjar.com https://*.newrelic.com https://form.jotform.com https://*.locally.com https://*.viralsweep.com https://*.getshogun.com https://*.shgcdn2.com https://static.elfsight.com https://www.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://cdn.reamaze.com https://push.reamaze.com/assets/reamaze-push.js https://cdnjs.cloudflare.com/ajax/libs/pusher/7.0.1/pusher.min.js dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com https://fonts.cdnfonts.com/css/satoshi https://app.ravecapture.com https://s3.amazonaws.com/trustspot-pr-widget/ *.yotpo.com *.googleapis.com https://cas.zma.gs https://*.zmags.com https://static-tracking.klaviyo.com https://*.getshogun.com https://*.shgcdn2.com https://cdn.reamaze.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src https://www.youtube.com 'self' 'unsafe-inline'; media-src *.adobe.com https://mpsnare.iesnare.com data: https://cdn.reamaze.com https://*.shgcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sharethis.com thm.visa.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com geostag.cardinalcommerce.com geo.cardinalcommerce.com https://services.nofraud.com https://*.mmapiws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.spotify.com https://*.experticity.com https://*.bing.com https://*.knocdn.com https://*.knocommerce.com https://www.facebook.com gateway.sezzle.com sandbox.gateway.sezzle.com https://api.getblueshift.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://media.sezzle.com https://widget.sezzle.com maps.googleapis.com https://app.ravecapture.com https://trustspot.io *.yotpo.com https://www.locally.com https://*.google.com https://google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://cas.zma.gs https://c.zmags.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com https://analytics.tiktok.com https://srv.armanet.us https://*.clarity.ms https://ct.pinterest.com https://bam.nr-data.net https://*.hotjar.io wss://ws.hotjar.com https://api-js.datadome.co https://*.elfsight.com https://www.storemapper.co https://api.keen.io/3.0/projects/510989052975163052000002/events/queries https://cdn.reamaze.com wss://ws.reamaze.com/app/ https://whisker-seeker-tackle.reamaze.io/ dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://whisker-seeker-tackle.reamaze.io/ 'self' 'unsafe-inline'; report-uri https://c2377b7a62d7a797512c7707793b335c.report-uri.com/r/t/csp/enforce; report-to report-endpoint; 5
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://assets-ctb.pernod-ricard.io https://api.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://zfm2j5365u-dsn.algolia.net https://d8ejoa1fys2rk.cloudfront.net https://brandcloud.pernod-ricard.com https://optoutapi.evidon.com *.evidon.com *.betrad.com https://us-central1-pantheon-psapps.cloudfunctions.net https://insight.pravp.com/analytics *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css agegate.pr-globalcms.com 4q87csmwes-dsn.algolia.net https://www.googletagmanager.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://app-avp.pravp.com https://assets-ctb.pernod-ricard.io https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://static.addtoany.com https://emperia.gallery https://my.matterport.com https://www.google.com; img-src 'self' https: data:; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://avp.pravp.com https://www.google-analytics.com https://c.evidon.com https://assets-ctb.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://www.youtube.com https://player.vimeo.com *.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://snap.licdn.com https://www.google.com https://www.gstatic.com https://static.cloudflareinsights.com agegate.pr-globalcms.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://vuejs.org; style-src 'self' 'unsafe-inline' https://assets-ctb.pernod-ricard.io data: https://live-pernod-ricard-global-cms.pantheonsite.io cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; base-uri 'self'; form-action 'self' https://login.microsoftonline.com https://device.login.microsoftonline.com; frame-ancestors 'self' 5
frame-ancestors 'self' http://dezshira.in/ https://www.china-briefing.com https://www.india-briefing.com https://www.vietnam-briefing.com https://www.aseanbriefing.com https://www.middleeastbriefing.com/ 5
default-src 'self' https://css.page-source.com https://www.google-analytics.com https://analytics.google.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline'; script-src-elem 'self' https://fonts.googleapis.com https://analytics.google.com https://www.gstatic.com https://ajax.googleapis.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src-elem 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline'; 5
frame-ancestors 'self' https://cdn-pre.tngdigital.com.my https://cdn.tngdigital.com.my 5
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' https:; font-src 'self' https:; connect-src 'self' https: wss:; frame-ancestors 'self' 5
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; font-src 'self' * http://* data: https://*; object-src 'self' blob: 5
default-src 'none'; script-src 'self' 'sha256-LhgjEUDTB5uVcQPxB7ClpuZyNmHM6EsxG6GFSRQyGrM='; img-src 'self' https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.se https://9848475f-428b-4380-8d26-dfe74eb251f7.at.rivsec.eu; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.demdex.net https://cm.everesttech.net https://feed.jobylon.com https://publish.ne.cision.com https://handelsbanken-marknadsinformation.se https://assets.adobedtm.com https://*.handelsbanken.se https://*.handelsbanken.no https://*.handelsbanken.nl https://*.handelsbanken.com https://*.handelsbanken.co.uk https://*.qbrick.com:443 synpunkter-1788b.firebaseio.com; style-src 'self' 'unsafe-inline'; frame-src https://assets.adobedtm.com https://handelsbanken-marknadsinformation.se *.demdex.net *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com handelsbanken.fondlista.se secure.msse.se www.efn.se borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com cphspk01.shbmain.shb.biz irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com go.beanstream.com; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 5
connect-src   maps.nextbike.net *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/ wtb.maptiles.arcgis.com *.arcgisonline.com *.arcgis.com chatbot.wlb.at onlim-chatbot-production.s3.amazonaws.com *.onlim.com wss://cs.onlim.com wss://app.onlim.com/ wss://api.onlim.com/ *.vimeo.com vimeo.com *.addthis.com www.google-analytics.com routenplaner.verkehrsauskunft.at *.wienit.at *.api.wienenergie.at api.wienenergie.at service.wienerstadtwerke.at *.service.wienernetze.at service.wienernetze.at api.wstw.at int-api.wstw.at test-api.wstw.at styles.wienerstadtwerke.at 'self' https://info.wienerlinien.at/api/form/v1/8896c.21k0oa6/null https://www.facebook.com/tr/ *.googleapis.com https://eu-api.friendlycaptcha.eu bestattungwien.piwik.pro jobs.wienerstadtwerke.at www.google.com wienerstadtwerke.piwik.pro wienerstadtwerke.containers.piwik.pro digitalesgrab.friedhoefewien.at rns.matelso.de *.wienmobil.at bestattungwien.containers.piwik.pro log.wien; style-src   https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-feedbacklet-d69f3b461dc32d40f77b744a4b3eb522.css *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.onlim.com fonts.googleapis.com 'unsafe-inline' styles.wienerstadtwerke.at 'self' bestattungwien.containers.piwik.pro wienerstadtwerke.containers.piwik.pro newsletter.wienit.at static.dvinci-easy.com; base-uri   'self' *.onlim.com; script-src   https://googleads.g.doubleclick.net/ *.usabilla.com/ *.onlim.com *.onlim.com/ *.googletagmanager.com/ connect.facebook.net/ *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net walls.io *.virtualq.io polyfill.io openstreetmap.org *.openstreetmap.org chatbot.wlb.at app.onlim.com/ *.vimeocdn.com ajax.googleapis.com maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com assets.adobedtm.com *.ytimg.com *.youtube.com styles.wienerstadtwerke.at 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com/ *.adform.net wienerstadtwerke.piwik.pro https://siteimproveanalytics.com static.dvinci-easy.com wienerstadtwerke.containers.piwik.pro newsletter.wienit.at rns.matelso.de bestattungwien.containers.piwik.pro bestattungwien.piwik.pro https://app.onlim.com/chat-app/js/host.js *.googleadservices.com; worker-src   blob: https://www.wienernetze.at https://www.wienerlinien.at/ https://www.wipark.at/ https://www.friedhoefewien.at/ https://www.immoh.at/ https://digitalesgrab.friedhoefewien.at/ https://www.wstw-immo.at/ https://www.eposa.at/ https://www.wlb.at/ https://partner.wienernetze.at/ https://www.gwsg.at/ https://www.bestattungwien.at/; frame-src   https://langenacht.orf.at *.wienernetze.at/ lehrlingstest-wienerstadtwerke.azurewebsites.net video.eko.com ubscal.seeyou.at *.issuu.com issuu.com *.walls.io walls.io *.virtualq.io app.onlim.com www.whatchado.com *.vimeo.com vimeo.com *.youtube.com www.google.com www.bestattungwien.at *.friedhoefewien.at mailto: service.wienerstadtwerke.at 'self' *.facebook.com youtu.be https://terminreservierung.staging.reinisch.tech/ *.youtu.be *.wienit.at/ https://www.servicetreff.at/reservierungstool-app/#/termindaten https://www.googletagmanager.com/ *.riddle.com www.riddle.com https://sketchfab.com/ td.doubleclick.net embeds.whatchado.com https://terminreservierung.reinisch.tech/; media-src   'self' data: *.onlim.com; img-src   wienitedv.d3.sc.omtrdc.net *.wienernetze.at/ facebook.com/tr/ rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.wien.gv.at *.fluidtime.com *.arcgisonline.com onlim-chatbot-production.s3.eu-central-1.amazonaws.com onlim-base.s3.eu-central-1.amazonaws.com dacodi-production.s3.amazonaws.com *.onlim.com *.openstreetmap.org *.vimeocdn.com *.omtrdc.net *.2o7.net maps.googleapis.com maps.gstatic.com *.ytimg.com csi.gstatic.com chatbot.wlb.at *.wienit.at *.upstream-mobility.at blob: data: styles.wienerstadtwerke.at 'self' wienerstadtwerke.containers.piwik.pro wienerstadtwerke.piwik.pro bestattungwien.containers.piwik.pro https://googleads.g.doubleclick.net *.facebook.com *.siteimproveanalytics.io https://siteimproveanalytics.com https://stwlciptstruct828prod.blob.core.windows.net/ bestattungwien.piwik.pro https://www.google.at/pagead/ https://www.google.com/pagead/; default-src   'self'; font-src   bestattungwien.containers.piwik.pro *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net data: styles.wienerstadtwerke.at chatbot.wlb.at *.onlim.com fonts.gstatic.com 'self' https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-font-file-url-de462eaa4f394073e3723d639af661c0.woff wienerstadtwerke.containers.piwik.pro; 5
frame-ancestors https://*.builder.io https://builder.io http://localhost:3000 https://*.bodi.com https://*.vercel.app 5
default-src 'none';base-uri 'self';script-src  'self'  'unsafe-inline'  blob:  https://api.search.gov.sg  https://www.search.gov.sg  https://*.wogaa.sg  https://www.google-analytics.com  https://www.googletagmanager.com  https://connect.facebook.net  https://graph.facebook.com  https://*.licdn.com  https://www.youtube.com  https://webchat.vica.gov.sg  ;style-src  'self'  'unsafe-inline'  https://assets.wogaa.sg  https://www.search.gov.sg  https://webchat.vica.gov.sg  ;object-src  'none'  ;connect-src  'self'  https://isomer-user-content.by.gov.sg  https://browser-intake-datadoghq.com  https://api.search.gov.sg  https://*.wogaa.sg  https://api-chat-fe-flag.vica.gov.sg  https://chat.vica.gov.sg  wss://chat.vica.gov.sg  https://www.google-analytics.com  https://www.google.com  https://analytics.google.com  https://stats.g.doubleclick.net  https://px.ads.linkedin.com  ;font-src  'self'  data:  https://fonts.gstatic.com  https://www.search.gov.sg  https://assets.wogaa.sg  ;frame-src  'self'  https://www.search.gov.sg  https://www.google.com  https://www.googletagmanager.com  https://td.doubleclick.net  https://www.onemap.gov.sg  https://www.youtube-nocookie.com  https://player.vimeo.com  https://www.facebook.com  https://docs.google.com  https://form.gov.sg  ;img-src  'self'  https:  ;manifest-src  'self'  ;media-src  'self'  ;worker-src  'none'  ;frame-ancestors  'self'  ; 5
default-src 'self' 'unsafe-inline' repay.wpengine.com https: data:; font-src 'self' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com data: repay.wpengine.com data: https: *.hotjar.com; style-src 'self' 'unsafe-inline' *.fontawesome.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com repay.wpengine.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn-cookieyes.com *.cdn-cookieyes.com *.googletagmanager.com repay.wpengine.com https: *.hotjar.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hsforms.com *.incontact.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; connect-src 'self' *.fontawesome.com cdn-cookieyes.com *.cdn-cookieyes.com *.cookieyes.com *.googletagmanager.com *.google-analytics.com repay.wpengine.com https: *.hotjar.com wss://*.hotjar.com wss://*.niceincontact.com *.hotjar.io *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; img-src 'self' data: https: *.gravatar.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com *.repay.com *.businesswire.com repay.wpengine.com *.hotjar.com *.hubspot.com *.hubspot.net *.hsforms.com *.linkedin.com *.licdn.com; frame-src https: *.incontact.com *.doubleclick.net vars.hotjar.com *.vimeo.com *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; form-action https: 'self' javascript: *.hsforms.com *.hubspot.com 5
base-uri 'self';  form-action 'self';  frame-ancestors 'none'; 5
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; img-src https: data: 5
frame-ancestors 'self' https://app.contentstack.com 5
default-src 'self'; child-src https://notificacion.incibe-cert.es/; connect-src 'self' https://*.googleusercontent.com https://maps.googleapis.com https://*.flickr.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:; frame-src 'self' https://*.incibe.es https://*.osi.es https://antibotnet.osi.es/ https://www.youtube.com https://www.vimeo.com https://*.vimeo.com https://www.google.com https://platform.twitter.com https://www.facebook.com https://syndication.twitter.com https://www.youtube-nocookie.com https://notificacion.incibe-cert.es/ https://player.flipsnack.com/; img-src 'self' https://i.ytimg.com/ https://www.facebook.com https://cdn.syndication.twimg.com https://*.twimg.com https://platform.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://developers.google.com https://*.global.siteimproveanalytics.io https://live.staticflickr.com https://*.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.twitter.com https://twitter.com https://*.flickr.com https://www.google-analytics.com https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.twitter.com https://twitter.com https://*.flickr.com https://www.google-analytics.com https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://platform.twitter.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://*.twimg.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' https://*.incibe.es/ https://proxy.sni-des-publica.sni.dev.incibe.es/ 5
nosniff 5
frame-ancestors 'none'; report-uri csp-reports; report-to csp-endpoint; 5
base-uri 'none'; font-src 'self' https: data:; frame-ancestors 'self'; object-src 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; 5
default-src ‘self’; 5
frame-ancestors 'self' wss://*.zopim.com wss://*.hotjar.com *.api.friendlycaptcha.com *.jobsplice.com  *.eu-api.friendlycaptcha.eu  secure-ds.serving-sys.com *.goldenbees.fr *.botrecruiter.com *.evergage.com *.youtube-nocookie.com  *.evgnet.com  secure.adnxs.com  *.criteo.net *.addthisedge.com *.ads-twitter.com  *.infogram.com *.adnxs.com *.optimalworkshop.com   *.audioboom.com   *.acsbapp.com  acsbap.com *.appcast.io *.bizographics.com *.bootstrapcdn.com *.browser-update.org *.cloudflare.com *.cloudfront.net *.cloudinary.com *.criteo.com *.eggplant.cloud *.fontawesome.com *.google.co.uk *.google.ie *.googleadservices.com *.indeed.com *.ionicframework.com *.jquery.com *.jsdelivr.net *.moatads.com *.npmcdn.com *.plyr.io *.recaptcha.net *.scorecardresearch.com *.serving-sys.com *.sndcdn.com *.unpkg.com *.vimeocdn.com *.ytimg.com *.zencdn.net *.zendesk.com *.hays.ie *.d3fw5vlhllyvee.cloudfront.net vc.hotjar.io *.addthis.com *.outbrain.com *.licdn.com *.doubleclick.net acsbapp.com *.accesstrade.net consent-or.trustarc.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com secure.imaginative-trade7.com  *.yahooapis.com  *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com prefmgr-cookie.truste-svc.net hm.baidu.com  data: 5
frame-src 'self' 5
default-src ‘self’; 5
default-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self' ; img-src 'self' data: https:;  font-src 'self' data: * https://fonts.gstatic.com; connect-src 'self' *; media-src * data: https:; base-uri 'self'; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob: ws:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 5
frame-ancestors 'self' apac.marketing.adobe.com 5
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 5
https://miclarocorp.z01.azurefd.net https://fonts.googleapis.com 5
manifest-src 'self'  5
upgrade-insecure-requests;block-all-mixed-content 5
img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; upgrade-insecure-requests; frame-ancestors 'self'; 5
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.bootstrapcdn.com data: *.gstatic.com 'self' data: *.moosend.com script.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.dnky.co amc.demdex.net www.google.com youtube.com *.vnforapps.com h.online-metrix.net *.loginextsolutions.com widget.botlers.io somosngr.com.pe td.doubleclick.net PJCLAIM http://r1.dotdigital-pages.com http https email.papajohns.com.pe r1.ddlnk.net/signup.ashx  cdn-images-pj-admin-prod.s3.amazonaws.com *.getblue.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.designer-images.net maps.gstatic.com maps.googleapis.com accounts.google.com 'self' data: cdn.cookielaw.org google.com c.clarity.ms www.google.com.ar c.bing.com *.t.co *.twitter.com *.google.com.pe fonts.gstatic.com https://ad.soicos.com/ *.afilio.com.br *.getblue.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stat-track.com polyfill.io *.moosend.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com https://www.google.com *.gstatic.com https://maps.googleapis.com cdn.cookielaw.org cdn.onesignal.com *.hotjar.com widget.botlers.io onesignal.com *.vnforapps.com h.online-metrix.net *.cdn.stat-track.com https://www.clarity.ms/ *.tiktok.com *.ads-twitter.com http://r1.dotdigital-pages.com http://email.papajohns.com.pe email.papajohns.com.pe *.web.app *.afilio.com.br *.getblue.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.moosend.com *.bootstrapcdn.com cdn.dnky.co *.googleapis.com *.gstatic.com *.googletagmanager.com *.cookielaw.org widget.botlers.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.tt.omtrdc.net *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stat-track.com *.m-pages.com *.m-operations.com maps.googleapis.com api.comapi.com bam.nr-data.net *.google-analytics.com *.cookielaw.org *.moosend.com region1.analytics.google.com *.hotjar.io oldenterprise.botlers.io vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.clarity.ms cors-anywhere.herokuapp.com www.google.com.ar geolocation.onetrust.com privacyportal.onetrust.com *.tiktok.com www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src 'self' blob: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net *.prod.boltdns.net *.cookielaw.org cdn.cookielaw.org *.analytics.google.com *.google.com *.google-analytics.com *.googletagmanager.com googleapis.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com www.google-analytics.com fonts.googleapis.com fonts.gstatic.com arg.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com stats.g.doubleclick.net vjs.zencdn.net sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com; img-src 'self' 'unsafe-inline' * data: www.w3.org manifest.prod.boltdns.net players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com arg.tools.investis.com snap.licdn.com staticcontents.investisdigital.com staticcontents.investis.com; frame-src 'self' www.googletagmanager.com atkinsrealis.com http://www.atkinsrealis.com/ *.atkinsrealis.com ir.connectidfeed.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.flockler.com *.doubleclick.net *.doubleclick.net players.brightcove.net www.google.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com bcove.video cloud.3dissue.com lavalab-montreal.netlify.app; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticzone.idigitalcontents.com flockler.com *.investisdigital.com *.flockler.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com staticcontents.investisdigital.com staticcontents.investis.com; font-src 'self' 'unsafe-inline' * data: vjs.zencdn.net fonts.googleapis.com fonts.gstatic.com; script-src 'self' atkinsrealis.cm.invdcloud-is.co.uk 'unsafe-inline' 'unsafe-eval' static.trackedweb.net static.cloudflareinsights.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com preview-experiences.brightcove.net connect.facebook.net staticzone.idigitalcontents.com manifest.prod.boltdns.net blob: *.investisdigital.com *.jquery.com flockler.com *.flockler.com arg.investisdigital.net www.google.com www.gstatic.com maps.google.com maps.googleapis.com googleapis.com *.googleapis.com *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com arg.investis.com arg.tools.investis.com snap.licdn.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com vjs.zencdn.net secure.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com; connect-src 'self' *.linkedin.com region1.google-analytics.com atkinsrealis.cd.invdcloud-is.co.uk staticzone.idigitalcontents.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com r1.trackedweb.net *.hs.llnwd.net *.google.com cdn.linkedin.oribi.io *.analytics.google.com *.google-analytics.com *.google.com *.investisdigital.com *.investis.com *.linkedin.oribi.io arg.tools.investis.com manifest.prod.boltdns.net maps.google.com gallery-metrics.api.brightcove.com flockler.com *.flockler.com privacyportal-de.onetrust.com *.cookielaw.org cdn.cookielaw.org www.googleadservices.com www.google-analytics.com maps.googleapis.com googleapis.com *.googleapis.com players.brightcove.net edge.api.brightcove.com f1.media.brightcove.com stats.g.doubleclick.net secure.brightcove.com f1.cf.brightcove.com *.execute-api.eu-west-1.amazonaws.com manifest.prod.boltdns.net geolocation.onetrust.com *.onetrust.com; base-uri 'self'; form-action 'self'; script-src-elem 'self' atkinsrealis.cm.invdcloud-is.co.uk 'unsafe-inline' 'unsafe-eval' static.trackedweb.net static.cloudflareinsights.com communications.atkinsrealis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com preview-experiences.brightcove.net connect.facebook.net staticzone.idigitalcontents.com manifest.prod.boltdns.net blob: *.investisdigital.com *.jquery.com flockler.com *.flockler.com arg.investisdigital.net www.google.com www.gstatic.com maps.google.com maps.googleapis.com googleapis.com *.googleapis.com *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com arg.investis.com arg.tools.investis.com snap.licdn.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com vjs.zencdn.net secure.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com; 5
frame-ancestors  'self' *.geant.org geant.org *.geant.net geant.net; frame-src 'self' *.geant.org geant.org *.geant.net geant.net https://mstdn.social https://youtube.com https://*.youtube.com https://*.google.com https://*.google.co.uk https://*.nordu.net https://*.vimeo.com submerse.eu *.submerse.eu https://js.stripe.com https://www.youtube-nocookie.com https://*.revolugo.com https://*.canva.com https://platform.twitter.com https://anchor.fm https://airtable.com https://*.spotify.com https://checkout.freemius.com/ https://chatbot.psnc.pl; 5
media-src blob: 'self' 5
upgrade-insecure-requests; report-to endpoint; report-uri https://report.api.jtl-software.com/csp/; default-src 'self';base-uri 'self';form-action 'self' www.facebook.com/tr/ kundencenter.jtl-software.de checkout.jtl-software.com;frame-ancestors 'self';connect-src 'self' www.paypal.com api.personio.de/recruiting/applicant px.ads.linkedin.com/wa/ px.ads.linkedin.com/attribution_trigger googleads.g.doubleclick.net adservice.google.com/pagead *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz *.google.com.pk *.google.gr *.google.ru *.google.ba *.google.hu *.google.se *.google.com.cy *.google.com.eg *.google.bg *.google.ro *.google.lt *.google.co.jp *.google.rs *.google.co.id *.google.com.au *.google.hr analytics.google.com/g/collect www.google-analytics.com region1.analytics.google.com region1.google-analytics.com/g/collect stats.g.doubleclick.net/g/collect stats.g.doubleclick.net/j/collect region1.analytics.google.com/g/collect maps.googleapis.com www.facebook.com/tr/ *.clarity.ms/collect bat.bing.net/actionp/0 stats.jtl-software.de/matomo.php crm.jtl-software.de consent.jtl-software.de;font-src 'self' cdn.jtl-software.com fonts.gstatic.com/s/roboto/v30/ data:;frame-src 'self' www.paypal.com www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.googletagmanager.com/ www.facebook.com/tr/ consent.jtl-software.de;child-src 'self' www.paypal.com www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.googletagmanager.com/ www.facebook.com/tr/ consent.jtl-software.de;img-src 'self' cdn.jtl-software.com t.paypal.com www.paypalobjects.com img.youtube.com i.ytimg.com px.ads.linkedin.com googleads.g.doubleclick.net/pagead/ *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz *.google.com.pk *.google.gr *.google.ru *.google.ba *.google.hu *.google.se *.google.com.cy *.google.com.eg *.google.bg *.google.ro *.google.lt *.google.co.jp *.google.rs *.google.co.id *.google.com.au *.google.hr www.google-analytics.com stats.g.doubleclick.net/g/collect www.googletagmanager.com maps.googleapis.com/maps/ maps.gstatic.com/mapfiles/ www.facebook.com/tr/ www.facebook.com/privacy_sandbox/pixel/register/trigger/ c.clarity.ms/c.gif c.bing.com/c.gif bat.bing.net/action/0 bat.bing.com/action/0 bilder.jtl-software.de data:;object-src 'none';script-src 'self' cdn.jtl-software.com www.paypal.com www.paypalobjects.com www.youtube.com/iframe_api www.youtube.com/s/player/ snap.licdn.com/li.lms-analytics/ www.googleadservices.com/ googleads.g.doubleclick.net/pagead/ www.google.com/pagead/ www.recaptcha.net/recaptcha/api.js www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.googletagmanager.com/gtm.js www.googletagmanager.com/ maps.googleapis.com/maps/ maps.googleapis.com/maps-api-v3/api/js/ connect.facebook.net/en_US/fbevents.js connect.facebook.net/signals/config/ www.clarity.ms/tag/kmqrcg56hz www.clarity.ms/s/ bat.bing.com/bat.js bat.bing.net/bat.js bat.bing.com/p/action/ stats.jtl-software.de/matomo.js crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.js 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' cdn.jtl-software.com www.googletagmanager.com/debug/ fonts.googleapis.com/css crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.css 'unsafe-inline';worker-src 'self' www.google.com/recaptcha/api2/webworker.js www.googletagmanager.com/ blob:; 5
default-src 'self'; img-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://trc.taboola.com https://www4.celibest.com https://www.celibest.com https://www.celibnord.com https://www.celibouest.com https://www.celibparis.com https://www.celiblyon.com https://www.celibrhonealpes.com https://www.celibsud.com https://www.celibsudouest.com https://toodate-rekognition.s3.eu-west-1.amazonaws.com data:; script-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://code.createjs.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://systempay.cyberpluspaiement.com https://www.paypal.com; media-src 'self'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src 'self'; frame-ancestors 'self'; child-src 'self'; object-src 'none'; 5
script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com *.ibb.co.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com fonts.googleapis.com *.tawk.to *.jsdelivr.net;font-src 'self' data: nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 5
frame-ancestors https:; 5
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-ancestors 'self' https://*.peta.org https://*.peta2.com https://*.petalatino.com https://*.animalrahat.com 5
default-src https: 'unsafe-eval' 'unsafe-inline' 5
default-src 'self' *.sprinklr.com; script-src 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net; script-src-elem 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net 5
frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 5
default-src 'self';frame-src 'self' *.youtube.com youtu.be *.smartertools.com docs.google.com;script-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data: blob:;style-src * 'unsafe-inline';media-src *;frame-ancestors 'self';connect-src *; 5
frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 5
default-src  'self'; img-src  'self'; script-src  'self'; object-src  'self'; style-src  'self' 'unsafe-inline'; 5
frame-ancestors 'self' *.gestionradioqc.com *.cogecolive.com;upgrade-insecure-requests 5
img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschaftermarket.com *.dxtservice.com *.bosch.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.nr-data.net *.youtube.com *.translate.google.com; object-src 5
frame-ancestors 'self' https://moderncampus.lookbookhq.com https://moderncampus.pathfactory.com https://resources.moderncampus.com http://moderncampus.lookbookhq.com http://moderncampus.pathfactory.com http://resources.moderncampus.com http://*.paperflite.com https://*.paperflite.com http://*.cleverstory.io https://*.cleverstory.io; 5
frame-ancestors https://suite34.emarsys.net; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubfef39b54e4afa416599740644771d1c2&dd-evp-origin=content-security-policy&ddsource=csp-report 5
frame-ancestors 'self'; upgrade-insecure-requests; frame-src 'self' insight.adsrvr.org *.demdex.net consent.cookiebot.com consentcdn.cookiebot.com *.youtube.com *.infrontfinance.com *.doubleclick.net *.googletagmanager.com; connect-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com cdn.linkedin.oribi.io 633-ybp-923.mktoresp.com analytics.funnelfuel.io *.linkedin.com static1.r66net.com *.demdex.net cm.everesttech.net assets.adobedtm.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.salesloft.com *.clarity.ms *.tt.omtrdc.net bat.bing.net; img-src 'self' *.doubleclick.net *.linkedin.com *.b26net.com *.clarity.ms *.bing.com *.bing.net *.google.com  s.videostep.com dev.day.com secure.adnxs.com *.invibes.com *.demdex.net cm.everesttech.net assets.adobedtm.com *.cookiebot.com *.2o7.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; script-src *.infrontfinance.com *.googleadservices.com *.infront.co munchkin.marketo.net static.r66net.com static.r66net.net *.doubleclick.net k.r66net.com u.videostep.com *.licdn.com analytics.funnelfuel.io bat.bing.com js.adsrvr.org *.adobeaemcloud.com documentcloud.adobe.com *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.google-analytics.com dqm.crownpeak.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net *.salesloft.com *.clarity.ms 'self' 'unsafe-eval' 'unsafe-inline'; 5
default-src 'self' *.wistia.com *.hotjar.com www.google.com www.google.co.in pages.wcgclinical.com www.google-analytics.com *.doubleclick.net *.centerwatch.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.cookielaw.org www.googletagmanager.com *.marketo.com *.marker.io pages.wcgclinical.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.hotjar.com unpkg.com *.unpkg.com *.marketo.net *.cloudfront.net *.mktoresp.com www.google.com *.cdntwrk.com snap.licdn.com *.wistia.com *.wistia.net wcgclinical.staging.wpengine.com widget.yeps.io www.buzzsprout.com gstatic.com *.gstatic.com pki.goog *.pki.goog *.google.com googleapis.com *.googleapis.com js.zi-scripts.com *.centerwatch.com *.sentry-cdn.com *.mktoweb.com; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com pages.wcgclinical.com *.cdntwrk.com *.wcgclinical.com *.marketo.com *.centerwatch.com *.mktoweb.com; object-src 'self' *.wcgclinical.com *.wcgirb.com *.centerwatch.com; base-uri 'self'; connect-src 'self' *.amazonaws.com *.googlesyndication.com *.cookielaw.org *.google-analytics.com *.linkedin.oribi.io *.onetrust.com *.doubleclick.net *.marker.io *.hotjar.io *.hotjar.com *.mktoresp.com *.hotjar.io *.wistia.com *.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.yeps.io embedwistia-a.akamaihd.net js.zi-scripts.com *.centerwatch.com *.google.com; font-src 'self' fast.wistia.com fonts.gstatic.com *.centerwatch.com data:; frame-src 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.marker.io *.doubleclick.net *.hotjar.com *.google.com *.wistia.net *.wistia.com *.powerbi.com *.youtube.com *.vimeo.com wcgclinical.outgrow.us *.five9.com *.marketo.com www.buzzsprout.com *.centerwatch.com www.googletagmanager.com *.mktoweb.com data:; img-src 'self' www.wcgclinical.com www.wcgirb.com *.gravatar.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.in *.cdntwrk.co *.cdntwrk.com *.wistia.net *.wistia.com *.fdanews.com via.placeholder.com wcgclinical.staging.wpengine.com embedwistia-a.akamaihd.net wcgclinical.wpengine.com px.ads.linkedin.com *.cookielaw.org *.centerwatch.com *.mktoweb.com data:; media-src 'self' *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com *.centerwatch.com data: blob:; worker-src 'self' blob:; 5
default-src * 'self' 'unsafe-inline'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://acsbapp.com/ https://*.googleapis.com/ https://bat.bing.com/ https://*.quantummetric.com/ https://*.osano.com/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com https://js.stripe.com/ blob: 'unsafe-inline' 'unsafe-eval' 'self'; frame-ancestors 'self'; form-action *; font-src https://fonts.gstatic.com/ https://cdn.acsbapp.com 'self' data:; img-src www.googletagmanager.com https://*.acsbapp.com https://www.facebook.com https://*.bing.com https://*.google.com https://*.doubleclick.net https://bat.bing.com https://*.google-analytics.com https://www.google.co.in https://www.google.com 'self' data: blob:; connect-src 'self' data: https://www.google.com https://analytics.google.com https://stats.g.doubleclick.net https://*.googlesyndication.com  https://*.bing.com ; 5
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' data: https://cdn.livechatinc.com/tracking.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://api.livechatinc.com/ https://ipapi.co/ https://connect.facebook.net/ https://www.facebook.com/ https://region1.google-analytics.com/ https://www.youtube.com/ https://region1.analytics.google.com/ https://ajax.cloudflare.com/ https://api.ipify.org/ https://ipapi.co/ https://privacy-proxy.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://googleads.g.doubleclick.net/ https://uct.service.usercentrics.eu/ https://consent-api.service.consent.usercentrics.eu/ https://app.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://region1.analytics.google.com/ https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/ https://static.elfsight.com/platform/platform.js https://universe-static.elfsightcdn.com/ ; style-src 'unsafe-inline' 'report-sample' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' data: https://www.facebook.com/ https://connect.facebook.net/ https://aggregator.service.usercentrics.eu/ https://px.ads.linkedin.com/ https://region1.google-analytics.com/ https://ipapi.co/ https://googleads.g.doubleclick.net/ https://region1.analytics.google.com/ https://core.service.elfsight.com/ https://ipapi.co/ https://ipapi.co/49.43.97.126/json/ https://api.ipify.org/ https://ipapi.co/49.43.97.0/json/ https://graphql.usercentrics.eu/graphql https://privacy-proxy.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://app.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://api.usercentrics.eu/ https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/; font-src 'self' data: https://fonts.gstatic.com https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js; frame-src 'self' data: https://www.meinauftrag.rib.de/ https://www.rib-software.com/* https://go.pardot.com/* https://go.pardot.com/ https://api.ipify.org/ https://secure.livechatinc.com/ https://td.doubleclick.net/ https://www.byggeweb.dk/ https://app.usercentrics.eu/ https://posimyththemes.com/ https://region1.analytics.google.com/ https://go.rib-software.com/ https://tragwerksplanung.rib-software.com/ https://www.rib-tragwerksplanung.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com https://www.youtube.com https://go.dach.data.rib-software.com/ https://go.esam.uki.rib-software.com/; img-src 'self' data: https://www.facebook.com/ https://connect.facebook.net/ https://analytics.google.com/ https://i.ytimg.com/ https://px4.ads.linkedin.com/ https://www.google.de/ads/ga-audiences https://secure.gravatar.com/ https://region1.analytics.google.com/ https://googleads.g.doubleclick.net/ https://uct.service.usercentrics.eu/ https://www.google.co.in/ads/ga-audiences https://app.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://api.iconify.design/ https://googleads.g.doubleclick.net/ https://i.vimeocdn.com/ https://www.linkedin.com/ https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; report-uri https://65f14453bc57ae1120bf6fd9.endpoint.csper.io/?v=1; 5
upgrade-insecure-requests ; 5
default-src 'self';media-src 'self' cdn.conversationalsdevelopment.nl/eneco/client/v2/sounds/beep.mp3;script-src 'self' 'unsafe-inline' 'unsafe-eval' script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js acdn.adnxs.com/dmp/up/pixie.js mktdplp102cdn.azureedge.net bat.bing.com www.clarity.ms cdn-dxp.enecogroup.com cdn.conversationalsdevelopment.nl api.seamly-app.com *.g.doubleclick.net svc.dynamics.com connect.facebook.net www.google-analytics.com www.googleadservices.com www.google.nl pagead2.googlesyndication.com www.google.com/recaptcha/api.js www.gstatic.com *.googletagmanager.com *.hotjar.com pixels.lemonpi.io snap.licdn.com/li.lms-analytics/insight.min.js snap.licdn.com/li.lms-analytics/insight.beta.min.js snap.licdn.com/li.lms-analytics/insight.old.min.js s.pinimg.com ct.pinterest.com www.reddit.com ads.reddit.com www.redditstatic.com api.salesfeed.com *.segmentstream.com static.ads-twitter.com w.usabilla.com api.usabilla.com d6tizftlrpuof.cloudfront.net;connect-src 'self' wss: api.adcalls.nl *.in.applicationinsights.azure.com js.monitor.azure.com/scripts/b/ai.config.1.cfg.json ib.adnxs.com bat.bing.com api.seamly-app.com api-digital.enecogroup.com ad.doubleclick.net stats.g.doubleclick.net bf53370xjr.bf.dynatrace.com *.google-analytics.com *.analytics.google.com pagead2.googlesyndication.com www.google.com adservice.google.com googleads.g.doubleclick.net www.googleadservices.com stm.eneco.nl www.googletagmanager.com *.hotjar.com vc.hotjar.io content.hotjar.io d.lemonpi.io cdn.linkedin.oribi.io/partner/533658/domain/acc.eneco.nl/token cdn.linkedin.oribi.io/partner/533658/domain/eneco.nl/token px.ads.linkedin.com ct.pinterest.com www.reddit.com www.redditstatic.com conversions-config.reddit.com pixel-config.reddit.com analytics.twitter.com t.co ads-twitter.com ads-api.twitter.com api.usabilla.com;img-src 'self' data: ib.adnxs.com bat.bing.com cdn-dxp.enecogroup.com *.frontify.com lt45.net www.lt45.net www.rkn3.net rkn3.net ds1.nl www.ds1.nl *.fls.doubleclick.net ad.doubleclick.net *.g.doubleclick.net https://static.duurzaamwonen.eneco.nl https://edw-test.ams3.digitaloceanspaces.com www.facebook.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net www.google.com www.google.nl ade.googlesyndication.com adservice.google.com *.googleadservices.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.hotjar.com d.lemonpi.io px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com ct.pinterest.com www.reddit.com ads.reddit.com alb.reddit.com analytics.twitter.com t.co ads-twitter.com ads-api.twitter.com w.usabilla.com d6tizftlrpuof.cloudfront.net img.youtube.com;font-src 'self' cdn-dxp.enecogroup.com fonts.gstatic.com *.hotjar.com d6tizftlrpuof.cloudfront.net;style-src 'self' 'unsafe-inline' *.hotjar.com d6tizftlrpuof.cloudfront.net;frame-src 'self' *.fls.doubleclick.net bid.g.doubleclick.net td.doubleclick.net *.facebook.com connect.facebook.net www.google.com vars.hotjar.com ct.pinterest.com d6tizftlrpuof.cloudfront.net *.youtube.com;child-src 'self' blob:;object-src 'none' 5
default-src 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://download-video.akamaized.net https://vod-progressive.akamaized.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://www.talkable.com https://pm.w55c.net https://*.marketingcloudapis.com https://*.smartgiftit.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://player.vimeo.com https://download-video-ak.vimeocdn.com https://*.vimeocdn.com https://*.cloudfront.net https://*.adyen.com https://*.cquotient.com https://cdn.builder.io https://*.yottaa.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://dev.movado.com https://id5-sync.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn.cookielaw.org https://cdn-swell-assets.yotpo.com; connect-src 'self' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://pixels.spotify.com https://evnt.byspotify.com https://*.lt02.net https://*.tangiblee.com https://analytics.pangle-ads.com https://evt-eu.klarnaservices.com wss://*.inside-graph.com https://mvmt.7eer.net https://test.adyen.com/hpp/skipDetails wss://input.noibu.com https://www.facebook.com https://pubsub.googleapis.com https://*.noibu.com https://*.adyen.com https://www.talkable.com https://js.klarna.com https://api.cooladata.com https://*.inside-graph.com https://media.istockphoto.com https://*.appspot.com https://*.google.com.pk https://movado-item.smartgift-uat.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.fedex.com https://*.pulseidconnect.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://google.com https://cdn.acsbapp.com https://*.riskified.com https://*.onetrust.com https://api.honeybadger.io https://*.joinclyde.com https://*.equalweb.com https://*.criteo.com https://*.eum-appdynamics.com https://*.luckyorange.com wss://visitors.live wss://*.visitors.live https://*.amazonaws.com https://trail.grin.co https://static-na.payments-amazon.com https://maps.googleapis.com https://*.amazon.com https://*.doubleclick.net https://*.pinterest.com https://*.yotpo.com https://*.taboola.com https://*.quantcount.com https://s.yimg.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.snapchat.com https://*.bing.com https://*.cloudfront.net https://*.google-analytics.com https://d1lu3pmaz2ilpx.cloudfront.net https://www.cloudflare.com https://cdn.cookielaw.org https://*.luckyorange.net https://*.cquotient.com https://*.builder.io https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.affirm.com https://*.yottaa.net https://*.listrakbi.com https://bl.listrakbi.com https://*.google.com https://google.com/pay https://evt-na.klarnaservices.com; img-src 'self' 'unsafe-inline' data: blob: https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.facebook.com https://cfvod.kaltura.com https://beta.pulseidconnect.com https://dsp.adfarm1.adition.com https://movado.pulseidconnect.com https://c1.adform.net https://image8.pubmatic.com https://connect.facebook.net https://pixel.tapad.com https://sync.srv.stackadapt.com https://cdn-assets.affirm.com https://rtb.openx.net https://saas2.pulseidconnect.com https://id5-sync.com https://www.google.nl https://matching.ivitrack.com https://*.thebrighttag.com https://*.yieldlab.net https://cm.adform.net https://www.google.co.uk https://www.google.co.in https://prregcroab.icu https://tpcs.payu.in https://pixel-sync.sitescout.com https://prreqcroab.icu https://www.ojrq.net https://www.fossil.com https://sync-tm.everesttech.net https://ad.turn.com https://ws.rqtrk.eu https://live.rezync.com https://x.dlx.addthis.com https://adgen.socdm.com https://media.istockphoto.com https://sync.ipredictive.com https://api.brandbassador.com https://www.google.com.pk https://pm.w55c.net https://jelly.mdhv.io https://adx.dable.io https://www.talkable.com https://cdn.aralego.net https://bh.contextweb.com https://cs.adingo.jp https://idsync.rlcdn.com https://sync.aralego.com https://beacon.krxd.net https://*.ibytedtos.com https://*.amazonaws.com https://*.beamimpact.com https://*.smartgiftit.com https://match.prod.bidr.io https://public-prod-dspcookiematching.dmxleo.com https://www.googleadservices.com https://*.cooladata.com https://i6.liadm.com https://aa.agkn.com https://p.rfihub.com https://b1sync.zemanta.com https://sync.crwdcntrl.net https://d.turn.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://hb.yahoo.net https://tags.bluekai.com https://1f2e7.v.fwmrm.net https://match.adsrvr.org https://dpm.demdex.net https://secure.adnxs.com https://ib.adnxs.com https://s.ad.smaato.net https://match.sharethrough.com https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://jadserve.postrelease.com https://exchange.mediavine.com https://i.liadm.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://*.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://*.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://*.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://contextual.media.net https://partner.mediawallahscript.com https://x.bidswitch.net https://*.googleapis.com https://track.linksynergy.com https://*.cloudfront.net https://*.pinterest.com https://*.twitter.com https://t.co https://*.riskified.com https://*.gstatic.com https://*.payments-amazon.com https://m.media-amazon.com https://pixel.quantserve.com https://www.google-analytics.com https://*.tiktok.com https://www.facebook.com https://*.quantcount.com https://www.google.com https://*.bing.com https://listen.audiohook.com https://cdn.cookielaw.org https://mediacdn.espssl.com https://logs-01.loggly.com https://www.googletagmanager.com https://*.cquotient.com https://*.yotpo.com https://cdn.builder.io https://*.shopify.com https://*.doubleclick.net https://*.listrakbi.com https://bl.listrakbi.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://pay.google.com https://id5-sync.com https://*.pointmediatracker.com https://*.inside-graph.com https://*.bidr.io https://*.imrworldwide.com; style-src 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.beamimpact.com https://*.tiktok.com https://*.inside-graph.com https://*.listrakbi.com https://prreqcroab.icu https://*.googleapis.com https://*.cloudfront.net https://*.smartgiftit.com https://*.riskified.com https://*.typeform.com https://www.talkable.com https://code.jquery.com https://mediacdn.espssl.com https://*.bootstrapcdn.com https://*.klarnacdn.net https://*.yotpo.com https://cdnjs.cloudflare.com https://*.typekit.net https://www.google.com https://*.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cquotient.com https://us-sandbox-live.inside-graph.com; base-uri 'self'; form-action 'self' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://e.issuu.com/ https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.lt02.net https://www.facebook.com https://*.adyen.com https://*.amazon.com https://*.paypal.com/; font-src 'self' data: https://cdn.builder.io https://x.klarnacdn.net https://*.espssl.com https://*.shopify.com https://*.yotpo.com https://cdn2.smartgiftit.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://cdnjs.cloudflare.com; frame-src 'self' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://e.issuu.com/ https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://www.talkable.com https://tsdtocl.com https://*.self-veri.com https://*.eshopworld.com https://*.api.commercecloud.salesforce.com https://*.inside-graph.com https://*.typeform.com https://*.affirm.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://aa.agkn.com https://live.rezync.com https://sync.crwdcntrl.net https://*.yahoo.net https://tags.bluekai.com https://*.criteo.net https://*.joinclyde.com https://*.criteo.com https://*.appdynamics.com https://www.facebook.com https://www.surveymonkey.com https://*.pinterest.com https://platform.twitter.com https://*.snapchat.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.google.com https://*.doubleclick.net https://*.linksynergy.com https://*.listrak.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://pixels.spotify.com https://pixel.byspotify.com https://*.lt02.net https://*.tangiblee.com https://js.klarna.com https://*.equalweb.com https://www.googleadservices.com https://*.igodigital.com https://secure.quantserve.com https://s.pinimg.com https://api.sb.joinclyde.com https://api.joinclyde.com https://dynamic.criteo.com https://*.cloudfront.net https://widget.us.criteo.com https://www.google.nl/pagead https://www.google.nl https://sslwidget.criteo.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://cdn.noibu.com https://*.tiktok.com https://cdn.appdynamics.com https://beacon.riskified.com https://ajax.googleapis.com https://cdn.cookielaw.org/scripttemplates https://www.google-analytics.com https://init.blackcrow.ai https://*.synchronycredit.com https://www.talkable.com https://pay.google.com https://*.appdynamics.com https://www.recaptcha.net https://*.affirm.com https://*.paypalobjects.com https://*.paypal.cn https://*.paypal.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://*.inside-graph.com https://embed.typeform.com https://*.yotpo.com https://d.impactradius-event.com https://*.listrakbi.com https://www.gstatic.com https://*.cquotient.com https://*.usablenet.com https://static-na.payments-amazon.com https://*.googleapis.com https://*.klarnaservices.com https://*.cloudflare.com https://www.google.com https://*.yottaa.com https://www.googleoptimize.com https://*.cookielaw.org https://*.movado.com https://*.googletagmanager.com https://*.oliviaburton.com https://*.concord.com https://*.concord.ch https://*.movadocompanystore.com https://*.collect.igodigital.com https://*.adyen.com https://*.mvmt.com https://*.klarna.com https://*.tangiblee.com; script-src-elem 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://cdnapisec.kaltura.com https://*.equalweb.com https://*.ibytedtos.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://conoret.com https://www.talkable.com https://static.ads-twitter.com https://*.googletagmanager.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://account.demandware.com https://acsbapp.com https://*.riskified.com https://*.klarnaservices.com https://*.cooladata.com https://oliviaburton.usablenet.com https://*.inside-graph.com https://*.typeform.com https://*.criteo.com https://*.igodigital.com https://init.blackcrow.ai https://cdn.noibu.com https://*.usedrop.io https://widget.surveymonkey.com https://www.googleadservices.com https://*.adyen.com https://www.google-analytics.com https://*.quantcount.com https://*.snapchat.com https://*.taboola.com https://api.ipify.org https://*.twitter.com https://bat.bing.com https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://s.yimg.com https://cdn.pdst.fm https://googleads.g.doubleclick.net https://secure.quantserve.com https://code.jquery.com https://api.sb.joinclyde.com https://api.joinclyde.com https://*.appdynamics.com https://movado.usablenet.com https://*.builder.io https://d.impactradius-event.com https://*.cloudfront.net https://*.rakuten.com https://*.affirm.com https://*.yotpo.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://www.gstatic.com https://cdn.cookielaw.org https://www.googleoptimize.com https://cdn.yottaa.com https://*.google.com https://*.googleapis.com https://static-na.payments-amazon.com https://mvmtwatches.usablenet.com https://*.cquotient.com https://*.listrakbi.com https://bl.listrakbi.com https://*.listrak.com https://*.typekit.net https://*.linksynergy.com https://*.klarna.com https://*.tangiblee.com; style-src-elem 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.inside-graph.com https://*.equalweb.com https://x.klarnacdn.net https://*.beamimpact.com https://*.riskified.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://embed.typeform.com https://www.talkable.com https://*.cloudfront.net https://us-sandbox-live.inside-graph.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://mediacdn.espssl.com https://code.jquery.com https://fonts.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://*.linksynergy.com https://*.cloudflare.com https://*.listrakbi.com https://bl.listrakbi.com https://*.smartgiftit.com https://*.tangiblee.com; report-uri https://test.adyen.com/hpp/skipDetails https://cdn.cookielaw.org/scripttemplates https://*.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn-swell-assets.yotpo.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-modals allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' https://test.adyen.com/hpp/skipDetails https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cookielaw.org https://*.googleapis.com https://*.yotpo.com; worker-src blob: 'self' https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch; 5
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 5
frame-ancestors https://r1132100004725-eu1-ifwe.3dexperience.3ds.com https://r1132100257819-eu1-ifwe.3dexperience.3ds.com https://dsext001-eu1-215dsi0708-ifwe.3dexperience.3ds.com https://r1132100381839-eu1-academia-ifwe.3dexperience.3ds.com https://dspart004-eu1-partners-ifwe.3dexperience.3ds.com https://dspart011-eu1-partners-ifwe.3dexperience.3ds.com https://my.3dexperience.3ds.com; base-uri 'self' 5
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 5
frame-ancestors 'self' https://www.totbarcelona.cat https://totbarcelona.cat https://vadevi.elmon.cat https://vadegust.cat https://www.vadegust.cat https://monesport.cat https://www.monesport.cat https://balearsvadegust.cat https://www.balearsvadegust.cat https://monterrassa.cat https://monplaneta.cat https://www.la-clau.net https://www.tornaveu.cat https://tornaveu.cat https://www.elmon.cat https://mundus.cat https://vermuts.es https://vinari.cat https://totbarcelona.elmon.cat https://la-clau.net https://diarilaveu.cat https://www.diarilaveu.cat https://diarilaveu.com https://www.diarilaveu.com https://laveupv.com https://www.laveupv.com https://balearsvadevi.cat https://www.balearsvadevi.cat https://elsingular.cat https://www.elsingular.cat https://mon.cat https://www.mon.cat https://www.lasemaineduroussillon.com https://lasemaineduroussillon.com; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss://* https://*; 5
default-src *; script-src * 'unsafe-eval' 'unsafe-inline' data: 'self'; style-src * 'unsafe-inline' 'self'; img-src * data:; font-src * data:; connect-src *; object-src *; frame-ancestors 'self' https://*.crawford.com https://crawford.com https://*.crawco.com https://crawco.com https://*.crawfordandcompany.com https://crawfordandcompany.com https://*.onelink-translations.com; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; report-uri https://bc18f182517eba201a0bfbb26a2a463a.report-uri.com/r/d/csp/wizard 5
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 5
default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/ blob:; style-src 'self' 'unsafe-inline' https:; img-src https: data: blob: 'self'; media-src https: 'self'; object-src 'self'; font-src *.gstatic.com *.googleapis.com data: 'self' https:; frame-ancestors https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 'self'; frame-src https:; connect-src https: ws: wss: https://app.wotnot.io 'self' wss://ws.hotjar.com; worker-src blob:; child-src blob: 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com; 5
default-src *.cloudflare.com *.youtube.com *.powerfulreveal.com *.semoelectric.coop *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 5
font-src https: data:; img-src https: data:; 5
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 5
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://newcms.webcentral.au; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com  https://googleads.g.doubleclick.net; upgrade-insecure-requests; worker-src blob:; 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://players.brightcove.net/ https://www.recaptcha.net https://www.gstatic.com https://js-agent.newrelic.com https://pi.pardot.com https://www.youtube.com https://in2.taskanalytics.com https://bam.nr-data.net https://snap.licdn.com https://googleads.g.doubleclick.net https://info.weareplanet.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://tag.demandbase.com https://j.6sc.co https://tracking.g2crowd.com https://connect.facebook.net https://tpc.googlesyndication.com https://cdn.weglot.com/weglot.min.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com maps.googleapis.com; frame-ancestors 'self'; report-uri https://www.weareplanet.com/report-uri/enforce 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 5
frame-ancestors app.storyblok.com 5
block-all-mixed-content; frame-ancestors 'self' https://bots.getskitickets.com; 5
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' * 5
connect-src *.doubleclick.net *.linkedin.com *.google.com *.motork.io *.getwarmly.com *.iubenda.com *.google-analytics.com; default-src 'self'; font-src 'self' *.typekit.net; frame-src *.youtube.com *.google.com *.motork.io *.facebook.com; img-src 'self' *.drata.com *.lfeeder.com *.linkedin.com t.co *.twitter.com *.google.com *.google.it *.facebook.com *.googletagmanager.com; script-src 'unsafe-inline' 'self'; script-src-elem 'unsafe-inline' 'self' *.typekit.net *.iubenda.com *.motork.io *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.hotjar.com *.licdn.com *.ads-twitter.com *.facebook.net *.lfeeder.com *.head3high.com *.getwarmly.com *.doubleclick.net; style-src 'unsafe-inline' 'self'; style-src-elem 'unsafe-inline' 'self' *.typekit.net *.motork.io; worker-src 'self' blob:; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.kaltura.com https://twitter.com https://platform.twitter.com  https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://hosting.img.dk https://siteimproveanalytics.com https://*.global.siteimproveanalytics.io https://alarmeringsapp.like.st; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://*.google.com https://www.dmi.dk https://surveys.enalyzer.com https://white-meadow-0e5747a03.3.azurestaticapps.net 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.clarity.ms *.bing.com *.smooch.io smooch.io https://*.mobinterier.com https://googleapis.com https://*.googleapis.com https://googletagmanager.com https://*.googletagmanager.com https://biano.sk https://*.biano.sk https://biano.cz https://*.biano.cz https://biano.hu https://*.biano.hu https://biano.ro https://*.biano.ro https://biano.hr https://*.biano.hr https://prefixbox.com https://*.prefixbox.com https://gstatic.com https://*.gstatic.com https://novynabytok.sk https://*.novynabytok.sk https://hezkynabytek.cz https://*.hezkynabytek.cz https://zondo.hu https://*.zondo.hu https://zondo.ro https://*.zondo.ro https://zondo.hr https://*.zondo.hr https://*.zdassets.com https://*.zopim.com https://prefixbox.com https://*.prefixbox.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io https://google-analytics.com https://*.google-analytics.com https://clarity.ms https://*.clarity.ms https://*.doubleclick.net https://*.imedia.cz https://*.seznam.cz https://chimpstatic.com https://google.com https://*.google.com https://google.sk https://*.google.sk https://google.cz https://*.google.cz https://google.hu https://*.google.hu https://google.ro https://*.google.ro https://google.hr https://*.google.hr https://googleadservices.com https://*.googleadservices.com https://*.zopim.io https://meblemirjan.pl https://*.meblemirjan.pl https://youtube.com https://*.youtube.com https://creativecdn.com https://*.creativecdn.com https://zendesk.com https://*.zendesk.com https://sentry.io https://*.sentry.io https://*.amio.io *.getsitecontrol.com https://*.facebook.net https://www.facebook.com/ https://*.mailchimp.com https://*.list-manage.com https://*.cloudfront.net https://*.amazonaws.com https://*.ecomailapp.cz https://scaleflex.cloudimg.io; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: cdn.intersport.serv.si www.intersport.si www.intersport.hr www.intersport.ba www.intersport.rs www.intersport.me intersport.si preview.ssgtm.intersport.si ssgtm.intersport.si appleid.cdn-apple.com/appleauth/ applepay.cdn-apple.com apple-pay-gateway.apple.com *.cookiebot.com cdnjs.cloudflare.com ajax.googleapis.com fcm.googleapis.com fonts.googleapis.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.googleoptimize.com maps.googleapis.com maps.gstatic.com fonts.gstatic.com www.gstatic.com *.google.com google.com www.google.si www.google.de googleads.g.doubleclick.net stats.g.doubleclick.net omara.cdn-cnj.si img.cdn-cnj.si cpx.smind.si cpx.smind.hr cpx.smind.rs chimpstatic.com connect.facebook.net stats.g.doubleclick.net www.facebook.com *.creativecdn.com creativecdn.com *.paypal.com www.paypal.com www.paypalobjects.com platform.linkedin.com *.twitter.com *.pinterest.com www.youtube.com *.mercator.si maxcdn.bootstrapcdn.com secure.gravatar.com dts.cld.bz edge.fullstory.com fullstory.com rs.fullstory.com www.pimcore.org yoast.com *.braintreegateway.com *.braintree-api.com *.segmentify.com cdn.sgmntfy.com api.instacloud.io *.fna.fbcdn.net *.vimeo.com i.vimeocdn.com my.matterport.com my.mpskin.com graph.instagram.com *.cdninstagram.com cdn.crobox.io api.crobox.com pagead2.googlesyndication.com region1.google-analytics.com td.doubleclick.net cm.g.doubleclick.net firebaseinstallations.googleapis.com rt.udmserve.net; frame-ancestors 'self' blob: https://vr.intersport.si https://vr.intersport.hr https://vr.intersport.rs https://vr.intersport.ba https://vr.intersport.me; 5
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: wss: https: 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.iconnode.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.securitastechnology.com *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.segment.com *.segment.io *.fontawesome.com *.wistia.net *.windows.net www.stanleysecuritysolutions.com *.adroll.mgr.consensu.org *.subscribers.com *.6sc.co *.adroll.com *.omappapi.com *.callrail.com *.police.uk *.stanleysecurity.com *.stanleycss.com *.pardot.com *.wistia.com *.google.com *.google.fr *.google.be *.google.nl *.google-analytics.com *.googleapis.com *.formstack.com *.jsdelivr.net *.addtoany.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.bing.com *.go-mpulse.net *.akamaihd.com *.akamaihd.net *.janraincapture.com *.rpxnow.com *.nr-data.net *.newrelic.com *.marketo.net *.marketo.com *.youtube.com *.ytimg.com *.onetrust.com *.cookielaw.org *.drift.com *.driftt.com *.reevoo.com *.pricespider.com *.cloudfront.net *.mapbox.com *.hotjar.com *.doubleclick.net *.linkedin.com *.licdn.com *.ads.linkedin.com *.facebook.net *.facebook.com rpxnow.com *.googleoptimize.com resource://pdf.js app-ab06.marketo.com resources.securitastechnology.com content.securitastechnology.com cdn.jsdelivr.net cdnjs.cloudflare.com d8ejoa1fys2rk.cloudfront.net maps.googleapis.com polyfill.io unpkg.com www.google.com *.googleapis.com *.adnxs.com *.mktoweb.com *.visualwebsiteoptimizer.com *.iconnode.com  *.demandbase.com *.feathery.io; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.nl *.google.fr *.police.uk *.google.be *.cloudflare.com *.formstack.com *.jsdelivr.net *.marketo.net *.marketo.com resources.securitastechnology.com content.securitastechnology.com  *.google-analytics.com *.googleapis.com *.reevoo.com *.pricespider.com *.cloudfront.net in.hotjar.com *.mapbox.com *.typekit.net p.typekit.net *.googletagmanager.com *.mktoweb.com *.feathery.io *.securitastechnology.com; img-src 'self' data: blob: *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.ae *.police.uk *.adroll.com *.subscribers.com *.6sc.co *.wistia.com *.cookielaw.org *.google.nl *.google.be *.google.fr *.jsdelivr.net s3.amazonaws.com *.formstack.com *.googleusercontent.com *.google.com.ua *.facebook.com *.facebook.net *.ads.linkedin.com *.adsymptotic.com *.google-analytics.com *.linkedin.com *.googleapis.com *.google.co.in *.googletagmanager.com *.gstatic.com *.ggpht.com *.akamaihd.net *.google.by *.ytimg.com *.reevoo.com *.pricespider.com *.cloudfront.net *.doubleclick.net *.bing.com *.hotjar.com *.marketo.com resources.securitastechnology.com content.securitastechnology.com  *.google.am *.google.co.uk *.google.ca *.securitastechnology.com *.mktoweb.com *.nr-data.net *.visualwebsiteoptimizer.com *.stanleysecurity.com id.rlcdn.com *.company-target.com *.demandbase.com *.feathery.io; media-src 'self' data: blob: *.fontawesome.com *.wistia.net *.windows.net *.driftqa.com *.driftt.com *.googletagmanager.com *.wistia.com *.stanleysecurity.com *.feathery.io; frame-src 'self' *.google.com *.stanleysecurity.co.uk stanleyblackanddecker.ent.box.com *.police.uk *.twitter.com *.stanleysecurity.com *.stanleycss.com www.google.nl www.google.fr www.google.be *.marketo.net *.stanleyhealthcare.com *.stanleyaccess.com *.wistia.com *.wistia.net *.marketo.com resources.securitastechnology.com content.securitastechnology.com  *.doubleclick.net *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.janraincapture.com *.youtube.com *.drift.com *.driftt.com *.drift.click *.reevoo.com *.pricespider.com *.reachmee.com *.stanleysecurity.fr *.mktoweb.com *.securitastechnology.com *.company-target.com *.visualwebsiteoptimizer.com *.feathery.io; frame-ancestors 'self' *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.ae *.police.uk *.adroll.com *.subscribers.com *.6sc.co *.wistia.com *.cookielaw.org *.google.nl *.google.be *.google.fr *.jsdelivr.net s3.amazonaws.com *.formstack.com *.googleusercontent.com *.google.com.ua *.facebook.com *.facebook.net *.ads.linkedin.com *.adsymptotic.com *.google-analytics.com *.linkedin.com *.googleapis.com *.google.co.in *.googletagmanager.com *.gstatic.com *.ggpht.com *.akamaihd.net *.google.by *.ytimg.com *.reevoo.com *.pricespider.com *.cloudfront.net *.bing.com *.hotjar.com *.stanleysecurity.com *.stanleycss.com *.securitastechnology.com securitastechnology.com *.feathery.io; child-src 'self' *.fontawesome.com *.wistia.net *.windows.net *.pardot.com *.stanleycss.com *.googletagmanager.com; worker-src 'self' data: blob: *.securitastechnology.com; font-src 'self' data: *.fontawesome.com *.wistia.net *.windows.net *.cloudflare.com *.formstack.com *.jsdelivr.net *.googleapis.com *.googleusercontent.com *.gstatic.com *.typekit.net *.hotjar.com d8ejoa1fys2rk.cloudfront.net/5.0.5/includes/fonts/ *.googletagmanager.com *.wistia.com *.feathery.io *.cloudfront.net; connect-src 'self' *.akamaihd.net *.segmentapis.com *.clarity.ms *.segment.io *.segment.com *.fontawesome.com *.wistia.net *.windows.net *.doubleclick.net *.6sense.com *.litix.io *.police.uk *.ip-api.com *.6sc.co *.adnxs.com *.subscribers.com *.wistia.com *.callrail.com *.google.com www.google.nl www.google.fr www.google.be *.facebook.com *.facebook.net wss://*.hotjar.com *.driftcdn.com *.googleapis.com *.google-analytics.com *.mktoresp.com *.bing.com *.googlevideo.com *.hotjar.com *.hotjar.io *.nr-data.net *.onetrust.com *.cookielaw.org wss://*.driftt.com *.reevoo.com *.mapbox.com d8ejoa1fys2rk.cloudfront.net/5.0.5/modules/compactview/i18n/en.json *.bynder.cloud p11.techlab-cdn.com cdn.linkedin.oribi.io *.googletagmanager.com *.oribi.io *.securitas.com *.mktoutil.com *.securitastechnology.com *.googleadservices.com googleadservices.com *.googlesyndication.com *.visualwebsiteoptimizer.com *.iconnode.com *.company-target.com *.demandbase.com *.linkedin.com *.feathery.io https://p.ksrndkehqnwntyxlhgto.com; report-uri /report-csp-violation; upgrade-insecure-requests 5
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com data: *.fontawesome.com *.survicate.com/ *.accessibly.app/ *.oct8ne.com/ *.hotjar.com/ *.modo.com.ar/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.despegar.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.despegar.com/ *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app cm.everesttech.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.despegar.com/ *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.mookie1.com/ *.adnxs.com/ *.google.com/ *.bing.com/ *.doubleclick.net/ *.google.com.ar/ *.carocuore.com.ar/ https://mcprod.carocuore.com/ *.groovinads.com/ *.accessibly.app/ *.qrserver.com/ *.oct8ne.com/ *.e-planning.net/ *.facebook.net/ https://www.em.rapsodia.com/ https://www.em.babycottons.com/ *.carocuore.com/ *.clarity.ms/ *.herolens.com/ *.rapsodia.com.ar/ *.rapsodia.cl/ *.rapsodia.com.co/ *.carocuore.com.uy/ *.babycottons.com.ar/ *.babycottons.com/ *.babycottons.com.pe/ *.rapsodia.com.uy/ *.babycottons.mx/ *.modo.com.ar/ *.cloudfront.net/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.magento-datasolutions.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.despegar.com/ *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://maps.googleapis.com *.hotjar.com/ *.adnxs.com/ *.tiktok.com/ *.getblue.io/ *.inspectlet.com/ *.bing.com/ *.clarity.ms/ *.naiz.fit/ *.survicate.com/ *.crazyegg.com/ *.embluemail.com/ *.icommarketing.com/ *.accessibly.app/ *.pinimg.com/ *.pinterest.com/ *.cloudfront.net/ *.oct8ne.com/ *.modo.com.ar/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.cash.app cdn.dnky.co *.fontawesome.com assets.braintreegateway.com *.survicate.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://mcprod.carocuore.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com maps.googleapis.com api.comapi.com bam.nr-data.net *.despegar.com/ *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.tiktok.com/ *.clarity.ms/ *.naiz.fit/ *.run.app/ *.bing.com/ *.doubleclick.net *.accessiblyapp.com/ *.pinterest.com/ https://track-icommkt.com/ https://notifications-icommkt.com/ *.accessibly.app *.inspectlet.com/ *.oct8ne.com/ wss://ws.hotjar.com/ *.hotjar.io/ https://server-side-tagging-f3nc3owz5a-uc.a.run.app/ *.facebook.com/ *.playdigital.com.ar/ *.amplitude.com/ *.modo.com.ar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src *; img-src * blob: data:; style-src 'unsafe-inline' *; script-src 'unsafe-inline' 'unsafe-eval' *; font-src * data:; frame-src 'self' *.cxf-public-multisite.prod-mul-ncus-cxf.michelin.fr *.youtube.com *.google.com *.hcaptcha.com www.googletagmanager.com *.doubleclick.net *.pixlee.com *.pixlee.co empower.my.salesforce.com *.qualtrics.com 5
frame-src 'self' *.youtube.com static.addtoany.com td.doubleclick.net static.addtoany.com www.google.com sidebar.bugherd.com 18.134.245.132 *.issuu.com app.hubspot.com youtube.com *.hsforms.com issuu.com *.typeform.com *.googletagmanager.com; object-src 'none';base-uri 'self' 5
script-src * 'self' 'unsafe-inline' 'unsafe-eval' 5
report-uri https://8200068e1bbb5c22d2e57dd38c2ddbcf.report-uri.com/r/t/csp/reportOnly; 5
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; frame-ancestors 'self' https://app.optimizely.com; 5
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' data: https:; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; upgrade-insecure-requests; default-src 'self'; frame-src 'self' https:; worker-src 'self' blob: https:; connect-src 'self' https: wss:; media-src 'self' https:; 5
frame-ancestors 'self' *.alineops.com; 5
frame-ancestors accounts.shopbase.com:443 legacy-templates.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 templates-test.shopbase.com:443 new-templates.shopbase.com:443 themes.shopbase.com:443 *.onshopbase.com:443 *.shopbase.net.cn:443  5
script-src https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self'; style-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' 'unsafe-inline'; img-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data:; connect-src https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self'; default-src 'self'; media-src 'self' 5
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; 5
worker-src 'http://test.datalex.org' 'http://www.lawnet.sg'; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval'; 5
frame-ancestors https://*.tbank-online.com https://*.t-bank-app.ru https://*.tbank.ru https://*.tinkoff.ru 5
frame-ancestors 'self' equinux.com *.equinux.com equinux.net *.equinux.net tizi.tv *.tizi.tv maildesigner365.com *.maildesigner365.com vpntracker.com *.vpntracker.com tvproapp.de *.tvproapp.de; 5
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data:;  5
base-uri 'none'; default-src: 'none'; block-all-mixed-content 5
default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 5
base-uri 'self';                 font-src 'self' https: data:;                 frame-src 'self' https://feed.pghub.io https://www.youtube.com https://www.youtube-nocookie.com https://consumersupport.pg.com                 https://*.google.com  www.google-analytics.com https://*.pricespider.com ;                 img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com                 images.ctfassets.net pixel.tapad.com www.googletagmanager.com  www.google-analytics.com                 https://*.pricespider.com https://www.mapbox.com;                 object-src 'none';                 style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com;                 script-src 'self' 'unsafe-eval' 'unsafe-inline'                 https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com                 https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net                 https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com                 https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org                 https://code.jquery.com https://www.googletagmanager.com https://cdnjs.cloudflare.com                 https://www.youtube.com https://www.google-analytics.com https://*.google.com                 https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com                 https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com                 https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com                 https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com                 https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net                 https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com                 https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com                 https://ct.pinterest.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk                 https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com                 https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com                 https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com;                 upgrade-insecure-requests;                 worker-src 'self' blob:; 5
default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 5
default-src   'self'; script-src   'self'  'unsafe-eval' 'sha256-gAoLN6KJ0A9OafcVJMjzxNdkYgp5k6N6TAeX0LWP/FI=' 'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k=' 'sha256-h0q/wc9bqEqBhdFWnKDHIxeXP11Ajil7n/hsjm6/dqM='   'sha256-C5rDgRHg+vqKO7WuW9xWaUgdVJbqlhnjKIbfvsKF0xE='   'sha256-JExGmEvC7ZiVWk+GdIt3rVoPWN4W8NCmOfUKXbey7ig='   'sha256-xVILJh0lK70lVi3RoL4ILRgU+KTxxEWHvZDNRTV6JrA='   'sha256-Xi0aUTero+2HCGXxqbCOJfZM32R2yQ2vJ1qfEx5uB2M='   'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU='   'sha256-/JfUu6Zem/6hYsbOAALYRBMS6NOtpUCjDi0RlTS/qb8='   'sha256-2+sA5gLjooF7uql+LE1YEJtYO9VyaPgYBt1rWu41zm0='   'sha256-0D4HtGLdTewYCOXEfwwNl9/8Dl+VhGM1tNJGkLTdgE4='   'sha256-S9ZGnLkZ7P/9E037KPJ434vL+yLVOncfSKLiJjet2bE='   'sha256-6fQwbrnXjDFfyddlQVIIWnIbDc2fp+SIiOI+WBxcjr4='   'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE='   'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k='   'sha256-A0/707MQdpfr/tR18VnYSk7JMJoUQSBURZEJa8wF6po='   'sha256-kvqasyXMdm/oaFYV13Vo7H+iWofPfqO92EjT+TP30wQ=' 'sha256-3ajBc/dcb/EhkUUCWwgas0KdZImxjGdF3bpG8w8YRPY='   'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE='   maps.googleapis.com   px.ads.linkedin.com   p.adsymptotic.com   snap.licdn.com   www.google-analytics.com   player.vimeo.com   extend.vimeocdn.com   *.archgroup.com   www.googletagmanager.com   www.clarity.ms; script-src-elem  'self'  'unsafe-inline'  maps.googleapis.com  px.ads.linkedin.com  p.adsymptotic.com  snap.licdn.com  www.google-analytics.com  player.vimeo.com  extend.vimeocdn.com  www.archgroup.com  www.googletagmanager.com  platform.twitter.com   www.clarity.ms   c.clarity.ms   e.clarity.ms; style-src   'self'   'unsafe-inline'   use.fontawesome.com   fonts.googleapis.com   *.googletagmanager.com   fonts.gstatic.com; frame-src   *.archgroup.com   www.podbean.com   www.youtube.com   www.google.com   *.icims.com   player.vimeo.com  *.twitter.com; img-src   'self'   data:   www.archgroup.com   archgroup.com   ps.w.org   p.adsymptotic.com   wpengine.com   dify.wpengine.com   maps.gstatic.com   *.googleapis.com   *.ggpht.com   secure.gravatar.com   *.linkedin.com   *.google-analytics.com   *.analytics.google.com   *.twitter.com   c.clarity.ms   c.bing.com; font-src   'self'   data:   *.fontawesome.com   fonts.googleapis.com   fonts.gstatic.com; connect-src   'self'   www.archgroup.com   insurance.archgroup.com   mortgage.archgroup.com   reinsurance.archgroup.com   *.google-analytics.com   analytics.google.com   *.analytics.google.com   archcapital2020tf.q4web.com   *.licdn.com   stats.g.doubleclick.net   my.wpengine.com   yoast.com   api.redirect.li   px.ads.linkedin.com   cdn.linkedin.oribi.io   e.clarity.ms; media-src   *.archgroup.com   extend.vimeocdn.com; form-action   'self'; base-uri   'self'; frame-ancestors   'self' www.slipcase.com  marketplace.marsh.com; upgrade-insecure-requests ; object-src   'self'; child-src   'self';  worker-src   'self'   blob; 5
media-src 'self'; 5
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https:; img-src 'self' blob: data: https:; style-src 'self' https: 'unsafe-inline'; base-uri 'self'; form-action 'self' https:; worker-src 'self' blob: https:; frame-src 'self' https:; child-src 'self' blob: 5
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; object-src 'self' *; frame-src 'self' *; worker-src 'self' *; connect-src 'self' * 5
frame-ancestors 'self' https://familywatchdog.us https://*.familywatchdog.us ; 5
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 5
default-src 'self' https:; img-src 'self' https: data:; media-src 'self' https: data: blob; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://cdn.asf-prod.vwapps.run/feature-apps https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 https: 'unsafe-eval'; connect-src 'self' https: wss://websocket-visitors.smartsupp.com; script-src-elem 'self' https: 'unsafe-inline'; frame-ancestors https://volkswagen-admin.porsche-holding.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https:; 5
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.value-domain.com www.xrea.com www2.xrea.com www.coreserver.jp www2.coreserver.jp www.value-server.com www2.value-server.com www.google-analytics.com *.googlesyndication.com *.doubleclick.net www.google.com;img-src *; 5
frame-ancestors 'self' *.volusion.com 5
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 5
img-src data: 'self' https: blob: https://www.facebook.com https://images.prismic.io https://content-eu-central-1.knowunity.com https://content-eu-central-1.knowunity.dev https://px.ads.linkedin.com/collect; font-src 'self'; connect-src *; object-src data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://connect.facebook.net https://apis.google.com https://www.google.com https://appleid.cdn-apple.com https://js.hcaptcha.com https://analytics.tiktok.com https://sc-static.net https://js.stripe.com https://cdnjs.cloudflare.com https://apps.elfsight.com https://static.elfsight.com https://accounts.google.com/gsi/client https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.clarity.ms https://tr.snapchat.com https://www.paypal.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://assets.calendly.com/assets/external/widget.js; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; style-src-elem 'self' https://accounts.google.com/gsi/style 'unsafe-inline'; script-src-elem * 'unsafe-inline' blob: 'self'; media-src https: 'self'; default-src 'self'; worker-src blob:; frame-ancestors 'self'; frame-src https://www.youtube.com https://accounts.google.com https://newassets.hcaptcha.com https://appleid.apple.com https://js.stripe.com https://www.facebook.com https://drive.google.com/ https://tr.snapchat.com https://js.stripe.com https://hooks.stripe.com https://cloudflarestream.com https://customer-8ik8x9s31pwtfi7p.cloudflarestream.com https://accounts.google.com/gsi/ https://calendly.com https://www.sandbox.paypal.com https://www.paypal.com https://www.googletagmanager.com/ https://embed.podcasts.apple.com/; 5
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' *.webvisor.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr 5
default-src 'self' mailto: tel:; font-src https: data: blob:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; frame-ancestors 'self'; frame-src https: mailto: tel:; connect-src https: blob:; media-src https: mediastream: blob: 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co ajax.cloudflare.com chimeratool.com *.chimeratool.com *.elfsight.com data.chimeratool.com *.flutterwave.com *.stripe.com *.atfawry.com *.google.com  *.facebook.net  wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com  *.google.com *.dhru.com *.paypal.com *.paypalobjects.com *.googletagmanager.com t.me *.t.me wa.me *.wa.me ; img-src * data:; font-src * data: 5
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 5
default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net *.amondo.com tagmanager.google.com platform.twitter.com use.fontawesome.com rsms.me;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com *.analytics.google.com *.google-analytics.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com cdn.cookielaw.org insight.adsrvr.org match.adsrvr.org fxctag.com googlesync.permutive.com t.co tr.snapchat.com b97.yahoo.co.jp appboy-images.com braze-images.com cdn.braze.eu media.amondo.com static.amondo.com secure.adnxs.com match.adsrvr.org cm.g.doubleclick.net dpm.demdex.net image2.pubmatic.com d.turn.com sync.go.sonobi.com token.rubiconproject.com match.prod.bidr.io ad.360yield.com sync.smartadserver.com sync.1rx.io u.openx.net pixel.tapad.com sync.colossusssp.com ssum-sec.casalemedia.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.lytics.io *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com *.amondo.com *.ad.gt geolocation.onetrust.com cdn.cookielaw.org cdn.ampproject.org ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com js.adsrvr.org fxctag.com sc-static.net tag.lexer.io www.googleadservices.com s.yimg.jp b92.yahoo.co.jp js.appboycdn.com tag.durationmedia.net be.durationmedia.net stage-be.durationmedia.net stage-tag.durationmedia.net tpc.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net pagead2.googlesyndication.com safeframe.googlesyndication.com cdn.confiant-integrations.net rumcdn.geoedge.be tr.snapchat.com id.hadron.ad.gt ad.gt cdn.hadronid.net;connect-src 'self' *.be.durationmedia.net *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.permutive.com *.tmol.co *.tmol.io *.prmutv.co *.analytics.google.com *.google-analytics.com *.amondo.com *.ad.gt be.durationmedia.net geolocation.onetrust.com cdn.cookielaw.org privacyportal.onetrust.com csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.googletagmanager.com track.celtra.com analytics.google.com analytics.tiktok.com ib.adnxs.com www.google.com sdk.iad-05.braze.com durationmedia-d.openx.net rtb.openx.net u.openx.net js-sec.indexww.com dsum.casalemedia.com htlb.casalemedia.com ssp.theadx.com bid.contextweb.com bh.contextweb.com t.pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com image8.pubmatic.com ads.servenobid.com public.servenobid.com sync.1rx.io ap.lijit.com sync.adkernel.com id.hadron.ad.gt ad.gt cdn.hadronid.net adservice.google.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de tr.snapchat.com;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu use.fontawesome.com rsms.me static.amondo.com s3-res.amondo.com;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.jebbit.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.bilibili.com *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be cookies.onetrust.mgr.consensu.org music.163.com player.vimeo.com secureframe.doubleclick.net terriverhoeven.wufoo.com universe.queue-it.net v.qq.com www.google.com www.universe.com insight.adsrvr.org tr.snapchat.com static.amondo.com rsms.me td.doubleclick.net;media-src www.lntvglobal.com *.livenationinternational.com *.amondo.com;worker-src 'self' blob: 5
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; 5
policy-definition 5
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 5
frame-ancestors 'self' https://app.socialscreen.com 5
font-src data: https: 'self';connect-src data: https: wss: blob:;default-src 'unsafe-eval' 'unsafe-inline' data: https:;form-action https:;img-src 'self' data: https: blob:;media-src 'self';object-src 'none';script-src data: https: blob: 'unsafe-inline' 'unsafe-eval' id3.expertus.com.ua;style-src data: https: 'self' 'unsafe-inline' 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.youtube.com https://*.gstatic.com https://www.google.com/recaptcha/api.js https://*.tiktok.com https://*.cookiebot.com https://*.talention.com https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.jameda-elements.de https://snap.licdn.com https://empfehlungen.aerzte.de/app.js; style-src 'self' 'unsafe-inline' 'report-sample' https://*.talention.com https://fonts.googleapis.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com https://*.cookiebot.com https://*.doubleclick.net https://www.googletagmanager.com; report-uri https://csp.ew72.net?site=osg 5
base-uri 'self'; object-src 'self'; frame-ancestors 'self' 5
frame-ancestors https://ole777-indo.com 5
frame-ancestors 'self' https://jupiter.kk.lan/ 5
img-src 'self' * blob: data:;script-src 'self' https://static.line-scdn.net;default-src 'self' https://api.line.me;frame-src 'self' *;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 5
'self' https://ajax.googleapis.com 5
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.googleapis.com *.gstatic.com *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.twitter.com *.googleapis.com *.reginox.nl sibautomation.com *.hotjar.com *.squeezely.tech *.youtu.be youtu.be *.youtu.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.alothemes.com *.magepow.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.reginox.nl *.bing.com *.google.com *.google.nl *.squeezely.tech *.facebook.com *.zdassets.com *.adscience.nl *.optinadserving.com *.googletagmanager.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.google.ie *.wiqhit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com jquery.sellxed.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.chimpstatic.com chimpstatic.com *.hotjar.com *.bing.com sibautomation.com *.opmnstr.com *.feedbackcompany.com *.doubleclick.net squeezely.tech *.facebook.net *.facebook.com *.zdassets.com *.adscience.nl *.optinadserving.com *.zopim.com *.googletagmanager.com *.youtu.be youtu.be *.youtu.com *.youtube.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.alothemes.com *.magepow.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.omappapi.com *.bootstrapcdn.com *.squeezely.tech *.googletagmanager.com *.houseofadsperiment.nl *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com *.facebook.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.wiqhit.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.omappapi.com *.doubleclick.net *.feedbackcompany.com *.sendinblue.com *.hotjar.com wss://*.hotjar.com *.squeezely.tech *.bootstrapcdn.com *.facebook.net *.zdassets.com *.zendesk.com *.adscience.nl *.zopim.com wss://*.zopim.com *.googleapis.com *.googletagmanager.com squeezely.tech *.youtu.be youtu.be *.youtu.com *.youtube.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.google-analytics.com *.wiqhit.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src 'self' https:; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; 5
frame-ancestors 'self' *.intuit.com 4
frame-ancestors *.mi.com; 4
default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com https://www.paypal.com https://www.paypalobjects.com https://widget.thegivingblock.com https://*.shift4.com ; img-src 'self' data: blob: https://www.google-analytics.com https://*.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ https://www.paypal.com https://outreach.abetterinternet.org https://app.netlify.com https://widget.thegivingblock.com/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com https://www.paypal.com https://www.google-analytics.com ; 4
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 4
frame-ancestors 'self'; report-uri https://reuters.report-uri.com/r/t/csp/enforce; report-to report-uri 4
default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.poe.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://d3div1mtym39ic.cloudfront.net https://*.jwplatform.com https://*.googlesyndication.com https://*.adtrafficquality.google https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googletagservices.com https://*.ampproject.org https://*.amazon-adsystem.com https://*.rubiconproject.com https://*.lijit.com https://*.openx.net https://*.criteo.com https://*.3lift.com https://*.aaxads.com https://btloader.com https://*.btloader.com https://*.ads-twitter.com https://*.awin1.com https://*.dwin1.com https://*.zenaps.com https://*.the.sciencebehindecommerce.com https://*.marketo.net https://*.licdn.com https://*.linkedin.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://sc-static.net https://static.bytedance.com https://*.iteratehq.com https://cdn.embedly.com https://qinternal.quora.net https://*.sprig.com https://*.userleap.com https://*.doubleverify.com https://*.adsafeprotected.com https://*.flashtalking.com https://*.samplicio.us https://*.activemetering.com https://*.imrworldwide.com https://*.moatads.com https://*.sng.link https://*.apple.com https://cdn.cookielaw.org https://*.onetrust.com https://*.paypal.com https://*.giphy.com https://*.outbrain.com https://*.outbrainimg.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com https://*.poe.com https://quora.okta.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.intercom.io wss://*.intercom.io https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.googlesyndication.com https://*.adtrafficquality.google https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net blob: https://*.mktoresp.com https://*.doubleclick.net https://accounts.google.com https://*.amazon-adsystem.com https://*.3lift.com https://*.aaxads.com https://btloader.com https://*.btloader.com https://*.rubiconproject.com https://*.casalemedia.com https://*.adnxs.com https://*.pubmatic.com https://*.openx.net https://*.criteo.com https://*.sharethrough.com https://*.snigelweb.com https://*.trustedstack.com https://*.iteratehq.com https://iteratehq.com https://*.sprig.com https://*.userleap.com https://app.adjust.com https://app.appsflyer.com https://*.onelink.me https://branchster.app.link https://control.kochava.com https://c.singular.net https://*.sng.link https://*.apple.com https://*.doubleverify.com https://*.adsafeprotected.com https://*.flashtalking.com https://*.samplicio.us https://*.activemetering.com https://*.imrworldwide.com https://*.moatads.com https://cdn.cookielaw.org https://*.onetrust.com https://*.paypal.com https://*.linkedin.com https://*.giphy.com https://*.outbrain.com https://*.outbrainimg.com https://d3div1mtym39ic.cloudfront.net ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 4
frame-ancestors 'self' https://www.onetrust.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.6sc.co *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.onetrust.ninja *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com *.bizibly.com *.scene7.com *.cvent.com *.turtl.co *.mktoutil.com pactsafe.io *.pactsafe.io *.cloudfront.net; media-src * blob:; worker-src * blob:; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 4
frame-ancestors 'self' https://onlinexperiences.com https://next.brella.io https://pheedloop.com https://gather.town https://datadog.docebosaas.com/ 4
frame-ancestors 'self' media.rakr.net rackspace.pathfactory.com docs.google.com; report-uri https://www.rackspace.com/report-uri/enforce 4
default-src * 'self' blob: data: 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; report-uri /report-csp-violation 4
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self'; frame-ancestors https://*.lenovo.com 4
connect-src * 'self' *.garmin.com *.sentry.io https://static.garmincdn.com https://*.cloudinary.com https://www.gstatic.com https://*.doubleclick.net https://*.criteo.com https://*.linksynergy.com https://*.bing.com https://*.pinterest.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.googlesyndication.com https://*.googlesyndication.com https://akamai.tiqcdn.com https://*.akamaihd.net;script-src 'unsafe-inline' 'unsafe-eval' https://*.garmin.cn https://cdn.jsdelivr.net 'self' *.garmin.com *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.realytics.io https://klear.com https://px.adentifi.com https://cdn-eu.realytics.net https://secure.adnxs.com https://p.teads.tv https://js.adsrvr.org https://tag.rmp.rakuten.com https://*.google-analytics.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://optimize.google.com https://members.cj.com http://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com;img-src https://secure.adnxs.com https://www.facebook.com https://*.garmin.cn 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://res.garmin.com https://*.criteo.com https://*.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://rtb.adentifi.com https://*.teads.tv https://www.googletagmanager.com https://bat.bing.com https://*.yahoo.com https://sync.outbrain.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com *.akamaihd.net https://*.tealiumiq.com https://deploytealium.com https://pixel.mediaiqdigital.com;frame-src https://my.tealiumiq.com https://www.youtube-nocookie.com https://player.youku.com https://player.bilibili.com https://gum.criteo.com https://static.criteo.net *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://prefmgr-cookie.truste-svc.net https://*.googletagmanager.com https://*.doubleclick.net https://*.criteo.com https://insight.adsrvr.org;frame-ancestors;default-src 'self' *.garmin.com https://static.garmincdn.com;style-src 'self' 'unsafe-inline' *.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com;font-src 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com;object-src 'none';upgrade-insecure-requests;base-uri 'self';form-action 'self';script-src-attr 'none' 4
frame-ancestors 'self' https://*.group.gca http://localhost:4200 4
frame-ancestors 'self' https://*.facebook.com https://*.google.com 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation allow-storage-access-by-user-activation; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://*.adaptv.advertising.com https://trk.vidible.tv https://beap.gemini.yahoo.com https://api.cloudinary.com https://*.amazon-adsystem.com; object-src https://*.engadget.com https://s.yimg.com https://api.cloudinary.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net; connect-src 'self' https://*.engadget.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://assets.video.yahoo.net https://cdn-ssl.vidible.tv/prod https://*.doubleclick.net https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://s.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://ads.adaptv.advertising.com https://video.adaptv.advertising.com https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://*.pictela.net https://api.cloudinary.com https://*.media.net https://*.clean.gg https://*.liadm.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://icu.newsroom.bi/ingest.php https://tlx.3lift.com https://ads.yieldmo.com https://api.assertcom.de https://*.google-analytics.com https://api.alyavista.com https://*.seedtag.com https://events.newsroom.bi https://flowcards.mrf.io https://compassdata.mrf.io https://sdk.mrf.io; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; 4
frame-ancestors https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org 4
frame-ancestors 'self' *.bazaarvoice.com 4
frame-ancestors *.gallupatwork.com *.gallupatwork.au *.gallupatwork.sg *.gallupatwork.uk *.gallup.com 4
frame-ancestors https://www.airship.com/ https://app.mutinyhq.com/; upgrade-insecure-requests; 4
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go2.grafana.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://x.clearbitjs.com https://app.clearbit.com https://munchkin.marketo.net https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com/ https://px.ads.linkedin.com https://www.linkedin.com https://fresnel.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://api.twitter.com https://twitter.com https://static.hotjar.com https://in.hotjar.com https://script.hotjar.com https://www.googletagmanager.com/gtag/ *.googleadservices.com https://googleads.g.doubleclick.net/pagead/ https://static.doubleclick.net https://www.youtube.com https://www.eventbrite.com http://rsdk.grafana.com http://rsdk2.grafana.com https://heypal.chat https://www.heypal.chat https://pal-api-production.up.railway.app https://faro-collector-prod-us-central-0.grafana.net https://*.fullstory.com https://rsi.grafana.com https://cdn.mouseflow.com https://widget.intercom.io https://js.intercomcdn.com https://*.qualtrics.com https://js.zi-scripts.com https://tags.clickagy.com https://widget.kapa.ai https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://grafana.chilipiper.com https://static.zuddl.com https://js.stripe.com 4
frame-ancestors https://*.ti.com https://*.ti.com.cn https://*.tij.co.jp; 4
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; 4
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 4
frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz https://nzme.coral.coralproject.net/; 4
frame-ancestors na.amzheimdall.com delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 4
frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; media-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; object-src 'none'; block-all-mixed-content; 4
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://vwo.com https://*.vwo.com https://googletagmanager.com https://fast.wistia.net https://fast.wistia.com https://static.licdn.com https://www.googletagmanager.com https://research.landingpageanalyzer.io https://www.google.com https://cdnjs.cloudflare.com https://cse.google.com https://static.getclicky.com https://stats.g.doubleclick.net https://code.jquery.com https://cdn.cookielaw.org https://platform.twitter.com https://js.sentry-cdn.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://www.google-analytics.com https://munchkin.marketo.net https://platform.linkedin.com https://widget.intercom.io https://js.intercomcdn.com https://snap.licdn.com https://pagead2.googlesyndication.com https://*.visualwebsiteoptimizer.com https://www.linkedin.com https://unpkg.com https://connect.facebook.net https://www.redditstatic.com https://bat.bing.com https://s.adroll.com https://js.partnerstack.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://d.adroll.com https://cdn.pushcrew.com https://cdn.segment.com https://www.gstatic.com https://vwo-stats-blog.disqus.com https://c.disquscdn.com https://apis.google.com https://glitter.services.disqus.com https://referrer.disqus.com; style-src 'self' 'unsafe-inline' https://*.vwo.com https://static.licdn.com https://s3.amazonaws.com https://*.visualwebsiteoptimizer.com https://cdn.pushcrew.com https://cdn.cookielaw.org https://research.landingpageanalyzer.io https://app.vwo.com https://fast.wistia.com https://www.gstatic.com https://c.disquscdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net; frame-src 'self' blob: https://fast.wistia.net https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://research.landingpageanalyzer.io https://spreadsheets.google.com https://www.linkedin.com https://platform.twitter.com https://www.slideshare.net https://es.slideshare.net https://player.vimeo.com https://docs.google.com https://open.spotify.com https://pca.st https://www.youtube.com https://td.doubleclick.net https://x.adroll.com https://app.vwo.com https://disqus.com https://pippio.com https://live.rezync.com https://accounts.google.com https://www.facebook.com https://www.google.com; worker-src 'self' blob:; report-uri https://o10907.ingest.us.sentry.io/api/4508420150788096/security/?sentry_key=8554c521f7daece1fb5ae0ba9ce98b2b; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 4
default-src 'none'; form-action 'self' https://madmimi.com https://www.facebook.com; frame-ancestors 'self' https://*.matomo.cloud https://*.innocraft.cloud http://localhost; base-uri 'self' https://demo-web.matomo.org https://web.innocraft.cloud; connect-src 'self' https://matomo.org  https://web.innocraft.cloud https://www.userlike.com https://cdn.plyr.io https://demo-web.matomo.org https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://chat.userlike.com wss://umd.userlike.com https://api.userlike.com https://video.matomo.org https://api.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://v1.api.service.cmp.usercentrics.eu; script-src 'self' https://snap.licdn.com  https://userlike-cdn-umm.b-cdn.net https://web.innocraft.cloud https://cdn.matomo.cloud https://embed.clickmeeting.com https://madmimi.com https://cdn.shortpixel.ai https://cdnjs.cloudflare.com https://www.youtube.com api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://static.matomo.org https://demo-web.matomo.org https://m-img.org 'unsafe-eval' 'unsafe-inline' https://app.usercentrics.eu https://api.usercentrics.eu https://web.cmp.usercentrics.eu https://privacy-proxy.usercentrics.eu; style-src 'self' 'unsafe-inline' https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org https://app.usercentrics.eu; img-src 'self'   https://demo-web.matomo.org https://web.innocraft.cloud https://plugins.matomo.org https://qrcode.kaywa.com https://raw.githubusercontent.com https://user-images.githubusercontent.com https://m-img.org https://piwik.org https://matomo.org https://static.matomo.org https://video.matomo.org https://app.usercentrics.eu https://uct.service.usercentrics.eu api.userlike.com https://userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com data:; media-src 'self' https://video.matomo.org https://www.matomo.org https://matomo.org blob:; font-src 'self' https://userlike-cdn-umm.b-cdn.net https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org data:  https://github.com https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://www.facebook.com https://play.quickchannel.com https://matomo.clickmeeting.com https://embed.clickmeeting.com https://www.youtube-nocookie.com https://demo.matomo.cloud https://demo-web.matomo.org https://demo2.piwik.org https://demo2.matomo.org https://app.usercentrics.eu https://web.cmp.usercentrics.eu; 4
default-src 'self' *.brightcove.com *.browser-intake-datadoghq.com *.coveo.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.teads.tv *.pinterest.com *.hotjar.com *.iesnare.com *.infogram.com *.liadm.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com apps.rokt.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com https://sc-static.net *.snapchat.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com *.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com *.mczbf.com *.sjwoe.com analytics.tiktok.com cdn.pdst.fm *.trustpilot.com trkn.us us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm *.qualtrics.com analytics.google.com *.nextdoor.com *.google.com *.yoast.com yoast.com *.datadoghq-browser-agent.com *.datadoghq.com *.yieldmo.com pix.pub *.biocatch.com *.we-stats.com activitymap.adobe.com *.branch.io app.link *.app.link s.pinimg.com unpkg.com *.inmobicdn.net analytics-sm.com browser-intake-datadoghq.com google.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; font-src * data:; frame-ancestors 'self' 4
default-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.cloudflare.com www.yola.com unpkg.com       *.yolacdn.net cdn.ravenjs.com *.googleapis.com *.sharethis.com www.googleoptimize.com www.googletagmanager.com *.googleusercontent.com       *.gstatic.com secure.gravatar.com www.facebook.com www.google-analytics.com *.google.com *.yola.net *.yola.com *.yolaqa.com       stats.g.doubleclick.net *.fullstory.com s.w.org *.sitewit.com *.wikimedia.org www.youtube.com wp-themes.com *.sitebuilderhostqa.net       data: blob:;frame-ancestors 'self'; form-action 'self'; 4
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' documentservices.adobe.com *.dickssportinggoods.com *.akamaihd.net *.scene7.com app.link *.bazaarvoice.com *.radar.com *.googleapis.com *.certona.net *.certona.com res-x.com *.res-x.com maxcdn.bootstrapcdn.com c.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com *.branch.io qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com utt.impactcdn.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net dsg.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com *.nextdoor.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com static.ads-twitter.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com *.criteo.com cdn.hlserve.com b.hlserve.com www.google.com *.g.doubleclick.net *.doubleclick.net *.googlesyndication.com adservice.google.com c.riskified.com ws.sessioncam.com www.googleadservices.com cdn.brandingbrand.com dsg2m.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net www.paypal.com *.paypalobjects.com *.braintreegateway.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.afterpay.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.zoovu.com *.curalate.com assets-barracuda-runner.azureedge.net *.liveperson.net *.lpsnmedia.net *.adoberesources.net *.adobedc.net *.attn.tv analytics.tiktok.com *.quantummetric.com *.contentsquare.net *.contentsquare.com *.fullstory.com *.yottaa.com *.yottaa.net *.bambuser.com *.mycustomizer.com *.flippenterprise.net *.collectivevoice.com ln-rules.rewardstyle.com accounts.google.com *.rokt.com *.tvpixel.com *.monetate.net blob: apps.byondxr.com acrobatservices.adobe.com ep2.adtrafficquality.google fundingchoicesmessages.google.com; worker-src blob:; frame-ancestors *.dickssportinggoods.com; child-src *.monetate.net acrobatservices.adobe.com documentservices.adobe.com *.attn.tv dcsg.jotform.com *.dickssportinggoods.com *.quantummetric.com *.adyen.com *.afterpay.com *.paypal.com *.paypalobjects.com *.liveperson.net *.lpsnmedia.net dickssportinggoods.demdex.net *.criteo.com *.criteo.net maps.google.com accounts.google.com hosted.where2getit.com mobile.where2getit.com fit.dksxchange.com www.thinglink.com dicks-cti.gvcommerce.com www.youtube.com *.truefitcorp.com *.affirm.com *.doubleclick.net *.g.doubleclick.net *.pinterest.com *.googleapis.com tr.snapchat.com resources.digital-cloud.medallia.com *.hlserve.com *.facebook.com static.ads-twitter.com *.tagdelivery.com *.fls.doubleclick.net prod.accdab.net www.cdn-net.com *.googlesyndication.com *.safeframe.googlesyndication.com www.google.com *.anyroad.com *.mycustomizer.com *.collectivevoice.com ln-rules.rewardstyle.com display.ugc.bazaarvoice.com api.bazaarvoice.com *.bazaarvoice.com *.bambuser.com *.radar.com *.recaptcha.net *.rokt.com sketchfab.com blob: www.googletagmanager.com ep2.adtrafficquality.google; 4
frame-ancestors https://library.mulesoft.com https://resources.mulesoft.com 'self' 4
frame-ancestors 'self' https://c360.cricketwireless.com; 4
frame-ancestors 'self' https://mobile.southwest.com https://www.southwest.com https://www.swabiz.com; 4
frame-ancestors 'self' https://cyon.ch https://www.cyon.ch https://blog.cyon.ch; 4
connect-src * data: 4
SAMEORIGIN 4
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.clearpay.com *.googleapis.com public.fbot.me static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com *.cookielaw.org *.bizible.com hbiq.net cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net munchkin.marketo.net www.googleadservices.com cdn.dashhudson.com djnf6e5yyirys.cloudfront.net cdn.builder.io t.contentsquare.net www.google-analytics.com googleads.g.doubleclick.net app.link v5tufwer.micpn.com pi.pardot.com tag.clearbitscripts.com/v1/pk_ba428737ee82fd942f13030da0c2629b/tags.js tag.rmp.rakuten.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/tracking.min.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/destinations.min.js analytics.tiktok.com bat.bing.com/bat.js bat.bing.com/p/action/137009782.js afterpay-business-site.vercel.app afterpay-consumer-content-hub.vercel.app cdn.amplitude.com *.adsrvr.org *.pinimg.com *.snapchat.com j.6sc.co tag.demandbase.com www.workwithsquare.com; img-src * data:; object-src 'none'; base-uri 'none'; 4
frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 4
frame-ancestors http://*.seagate.com https://*.seagate.com http://*.seagate.cn https://*.seagate.cn http://seagate.saleshood.com https://seagate.saleshood.com; 4
default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' 4
default-src 'self'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.clickcease.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mouseflow.com *.cdn.linkedin.oribi.io *.oribi.io app.clearbit.com *.visualwebsiteoptimizer.com *.ads.linkedin.com cdn.dreamdata.cloud tracking.g2crowd.com fclog.baidu.com tracking-api.g2.com; font-src 'self' data: *.kinstacdn.com *.slidesharecdn.com *.wistia.com *.wistia.net; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self' *.covideo.com; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.marketo.com *.marketo.net html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com *.emarsys.com *.vidmails.com *.covideo.com *.g2.com *.hotjar.com *.clearbitjs.com *.marketimpacttools.com *.doubleclick.net open.spotify.com *.adobe.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com *.px.ads.linkedin.com googleads.g.doubleclick.net *.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org *.hotjar.com *.clearbitjs.com *.visualwebsiteoptimizer.com cdn.filestackcontent.com; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.driftqa.com *.driftt.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.on24.com *.clickcease.com *.hotjar.com *.clearbitjs.com tag.clearbitscripts.com *.mouseflow.com *.visualwebsiteoptimizer.com marketo.clearbit.com cdn.dreamdata.cloud reveal.clearbit.com *.adobe.com fxgate.baidu.com js.sentry-cdn.com browser.sentry-cdn.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.marketo.com *.marketo.net  *.adobe.com; worker-src 'self' blob:; 4
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca https://sdk.privacy-center.org https://api.privacy-center.org; 4
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 4
default-src 'self' * data: https: blob:; object-src 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src * 'self' blob:; img-src * 'self' data: https: blob:; style-src * 'self' 'unsafe-inline'; font-src * data:; frame-src * 'self' 4
frame-ancestors 'self' https://adobemc.com https://nfcu.experiencecloud.adobe.com https://experience.adobe.com 4
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://bat.bing.net  https://*.cliplister.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.criteo.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.lidlplus.com  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://*.scon.schwarz  wss://endpoint-prod.scon.schwarz  intent:  wss://127.0.0.1:*  https://*.8select.io  https://*.adyen.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.semtrack.de  https://*.simplesurance.de  https://*.sit.sys.odj.cloud  https://*.solutenetwork.com  https://analytics.google.com  https://analytics.tiktok.com  https://balancechecks.tx-gate.com  https://cloud.mail.lidl.de  https://dmp.theadex.com  https://facebook.com  https://fonts.gstatic.com  https://h.online-metrix.net  https://tracking.s24.com  https://www.google-analytics.com  https://www.lacmp.net  https://www.moebel.de  https://*.tailortool.de  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cliplister.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.criteo.com  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  https://manuals.sit-connect.com  intent:  https://*.adyen.com  https://*.bizrate.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.ftrace.com  https://*.lidl-info.com  https://*.mynetfair.com  https://*.paypal.com  https://*.sit.az.odj.cloud  https://*.sit.sys.odj.cloud  https://*.vrxs.de  https://api.theadex.com  https://ar.lidl.com  https://balancechecks.tx-gate.com  https://facebook.com  https://h.online-metrix.net  https://lidl-giftcard.eu  https://review.apps.01.cf.eu01.stackit.cloud  https://www.edge-cdn.net  https://www.lidl-gewinnspiel.de  https://www.lidl-giftcard.eu; img-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cliplister.com  https://*.cookiebot.com  https://*.criteo.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.lidlplus.com  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://content.odj.cloud  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://sync.targeting.unrulymedia.com  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://sync.1rx.io  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  https://*.upe.schwarz  moz-extension:  https://*.adition.com  https://*.adscale.de  https://*.advertising.com  https://*.adyen.com  https://*.bizrate.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.pubmatic.com  https://*.semtrack.de  https://*.simplesurance.de  https://*.sit.sys.odj.cloud  https://*.solutenetwork.com  https://*.stickyadstv.com  https://*.taboola.com  https://*.twiago.com  https://*.yahoo.com  https://*.yieldlab.net  https://analytics.google.com  https://analytics.tiktok.com  https://balancechecks.tx-gate.com  https://contextual.media.net  https://dmp.theadex.com  https://facebook.com  https://h.online-metrix.net  https://lh3.googleusercontent.com  https://match.adsrvr.org  https://match.sharethrough.com  https://pubsaf.global.ssl.fastly.net  https://prodeastusmappscreative.azureedge.net  https://sync.outbrain.com  https://translate.google.com  https://via.placeholder.com  https://visitor.omnitagjs.com  https://www.econda-monitor.de  https://www.google-analytics.com  https://www.ladenzeile.de  https://www.lead-alliance.net  https://*.tailortool.de  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.criteo.com  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://manuals.sit-connect.com  https://*.lidl-info.com  https://*.online-metrix.net  https://facebook.com  https://h.online-metrix.net; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.criteo.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  https://*.8select.io  https://*.adyen.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.semtrack.de  https://*.simplesurance.de  https://adservice.google.de  https://ajax.googleapis.com  https://analytics.tiktok.com  https://api.theadex.com  https://balancechecks.tx-gate.com  https://cdn.ravenjs.com  https://cloud.mail.lidl.de  https://cm.g.doubleclick.net  https://code.etracker.com  https://dmp.theadex.com  https://dsp.adfarm1.adition.com  https://facebook.com  https://h.online-metrix.net  https://s.ytimg.com  https://tracking.s24.com  https://www.dwin1.com  https://www.etracker.de  https://www.google-analytics.com  https://www.lacmp.net  https://www.ladenzeile.de  https://www.moebel.de  https://*.tailortool.de; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.criteo.com  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.parcellab.com  https://*.sit.sys.odj.cloud  https://facebook.com; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io  https://beeem.co; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net  https://*.sit.az.odj.cloud; 4
frame-ancestors bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.virginplus.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca; script-src https://*.go-mpulse.net https://*.luckymobile.ca https://*.ujet.co https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://cdnjs.cloudflare.com https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.youtube.com https://bat.bing.com https://tr.snapchat.com https://s.ytimg.com https://*.micpn.com https://*.clarity.ms https://*.telebec.com https://*.northerntel.ca https://*.analytics-egain.com https://*.branch.io https://app.link https://*.gbqofs.com https://*.visualwebsiteoptimizer.com cdn.cookielaw.org 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: ; object-src https://refer.bell.ca 4
require-trusted-types-for 'script';report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.pstatic.net https://bat.bing.com https://bat.bing.net https://cta-service-cms2.hubspot.com https://api.fraud0.com https://wcs.naver.net https://cdn.segment.com https://js.hubspot.com https://monitor.tapper.ai https://link.edgepilot.com https://www.onelink-edge.com https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://region1.analytics.google.com https://*.mktoutil.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://*.criteo.com https://public.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com/launcher.js https://bat.bing.com https://www.youtube.com https://www.clarity.ms https://cdnjs.cloudflare.com https://test.salesforce.com https://webto.salesforce.com https://tracker.adreadyclick.com https://code.jquery.com https://kit.fontawesome.com https://survey.alchemer.com https://www.surveygizmo.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://*.go-mpulse.net https://*.rfihub.net https://cdn.boomtrain.com https://secure.adnxs.com https://acdn.adnxs.com https://*.kaltura.com https://live.rezync.com https://www.googleadservices.com https://analytics.tiktok.com https://bs.serving-sys.com https://secure-ds.serving-sys.com  https://sc-static.net https://snap.licdn.com https://*.optimix.cn https://munchkin.marketo.net https://cdn.resonate.com https://libjs.s4mdsp.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://google.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://www.googletagmanager.com https://*.ets.org https://assets.adobedtm.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://888-oul-143.mktoweb.com https://js.hsforms.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://www.surveygizmo.com https://fonts.googleapis.com https://*.ets.org https://maxcdn.bootstrapcdn.com https://assets.adobedtm.com https://ka-f.fontawesome.com https://888-oul-143.mktoweb.com; font-src 'self' data: https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://ka-p.fontawesome.com https://google.com https://googleads.g.doubleclick.net https://www.surveygizmo.com https://*.kaltura.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://ka-f.fontawesome.com https://*.kaltura.com; connect-src 'self' https://wcs.naver.com https://cdn.segment.com https://api.segment.io https://protect.tapper.ai https://cta-service-cms2.hubspot.com https://www.onelink-edge.com https://region1.google-analytics.com https://region1.analytics.google.com https://api.fraud0.com https://bat.bing.com https://*.tt.omtrdc.net https://www.gstatic.com https://www.google.com https://pagead2.googlesyndication.com https://*.google-analytics.com https://*.mktoutil.com https://ib.adnxs.com https://google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://tr.snapchat.com https://kit.fontawesome.com https://test.salesforce.com https://webto.salesforce.com https://www.livelook.com/cobrowse/auth https://www.livelook.com https://*.clarity.ms/ https://ka-p.fontawesome.com https://pixelconnector.adready.com https://*.kaltura.com https://*.akamaihd.net https://*.rfihub.net https://*.akstat.io https://*.go-mpulse.net https://people.api.boomtrain.com https://events.api.boomtrain.com https://www.facebook.com https://analytics.tiktok.com https://lm.serving-sys.com https://secure-ds.serving-sys.com https://tr-shadow.snapchat.com https://cdn.linkedin.oribi.io https://analytics.google.com https://stats.g.doubleclick.net https://709-zco-379.mktoresp.com https://www.google-analytics.com https://ssl.google-analytics.com https://ds.reson8.com https://forms.hscollectedforms.net https://*.ets.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://ka-f.fontawesome.com https://cdn.cookielaw.org https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms-na1.hubspot.com wss://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; frame-ancestors https://toeflibt.ets.org https://toeflibt-dev.ets.org https://toeflibt-test.ets.org https://toeflibt-stg.ets.org https://v2-dev.ereg.ets.org https://v2-tst.ereg.ets.org https://v2-uat.ereg.ets.org https://v2.ereg.ets.org; frame-src 'self' https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.livelook.com/ https://td.doubleclick.net/ https://static.criteo.net https://*.criteo.com https://www.googletagmanager.com https://public.cobrowse.oraclecloud.com https://s.amazon-adsystem.com https://*.kaltura.com https://*.fls.doubleclick.net https://*.rfihub.com https://www.facebook.com https://*.snapchat.com https://e03.optimix.cn https://www.google-analytics.com https://ssl.google-analytics.com https://888-oul-143.mktoweb.com https://www.youtube.com https://*.ets.org https://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com https://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com https://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com https://forms.hsforms.com; media-src 'self' blob: data: https://*.ets.org https://*.kaltura.com https://public.cobrowse.oraclecloud.com https://google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com ; img-src 'self' data: https: https://www.surveygizmo.com https://i.ytimg.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://aax-eu.amazon-adsystem.com https://bx01.optimix.cn https://cm.g.doubleclick.net https://e03.optimix.cn https://forms.hsforms.com https://track.hubspot.com https://google.com https://googleads.g.doubleclick.net https://www.facebook.com https://px.ads.linkedin.com https://cfvod.kaltura.com https://maps.gstatic.com https://cdn.cookielaw.org https://objectstorage.us-ashburn-1.oraclecloud.com https://*.akstat.io; worker-src blob: https:; 4
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 4
child-src 'self' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.hotjar.com https://*.hsforms.com https://*.sitescout.com https://www.databank.com; connect-src 'self' https://*.akamaihd.net https://*.amazonaws.com https://*.company-target.com https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.hs-sites.com https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hubspot.com https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.mktoutil.com https://*.omappapi.com https://*.optimizely.com https://*.parsely.com https://*.salesloft.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wp.com https://*.youtube.com https://bat.bing.com https://maps.googleapis.com https://tagmanager.google.com https://www.databank.com https://www.googletagmanager.com wss://*.hotjar.com; default-src 'self' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://www.databank.com; font-src 'self' data: https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.gstatic.com https://*.wp.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.databank.com; frame-src 'self' https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.hs-sites.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.instagram.com https://*.issuu.com https://*.marketo.com https://*.sitescout.com https://*.vimeo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com/ https://*.wordpress.com https://*.wp.com https://*.youtube.com https://s-static.ak.facebook.com https://tagmanager.google.com https://www.databank.com https://www.googletagmanager.com; img-src 'self' data: https://*.adentifi.com https://*.adnxs.com https://*.adroll.com https://*.adsymptotic.com https://*.agkn.com https://*.akamaihd.net https://*.bidr.io https://*.bidswitch.net https://*.bing.com https://*.cardlytics.com https://*.company-target.com https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.hubspotusercontent-na1.net https://*.instagram.com https://*.linkedin.com https://*.openx.net https://*.owneriq.net https://*.parsely.com https://*.predictiveresponse.net https://*.reson8.com https://*.rlcdn.com https://*.sitescout.com https://*.usbrowserspeed.co https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wordpress.com https://*.wp.com https://*.yahoo.com https://*.youtube.com https://amps-production.imgix.net https://googleads.g.doubleclick.net https://img.youtube.com https://maps.googleapis.com https://storage.pardot.com https://www.databank.com https://www.googletagmanager.com; media-src 'self' blob: data: file: https://*.akamaihd.net https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.wistia.com/ https://www.databank.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adnxs.com/ https://*.adroll.com https://*.ads-twitter.com https://*.bing.com https://*.convertiv.com https://*.cookiebot.com https://*.crazyegg.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.demandbase.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.hsleadflows.net https://*.hubapi.com https://*.hubspot.com https://*.hubspot.net https://*.hubspotfeedback.com https://*.instagram.com https://*.jsdelivr.net https://*.licdn.com https://*.marketo.com https://*.marketo.net https://*.ml314.com https://*.optmnstr.com https://*.pardot.com https://*.parsely.com https://*.pixel.ad https://*.predictiveresponse.net https://*.remarketstats.com https://*.salesloft.com https://*.scriptintel.io https://*.twitter.com https://*.usbrowserspeed.com https://*.vimeo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wp.com https://connect.facebook.net https://ml314.com https://tagmanager.google.com https://unpkg.com https://wistia.com https://www.clickcease.com https://www.databank.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.googleapis.com https://*.gravatar.com https://*.jsdelivr.net https://*.marketo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wp.com https://tagmanager.google.com https://www.databank.com; worker-src 'self' blob: data: file: filesystem: https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://www.databank.com 4
frame-ancestors 'self' *.gov.on.ca *.ontario.ca *.ontariogovernment.ca; 4
frame-ancestors 'self' https://app.contentful.com https://retail-ipad-apps.netlify.app https://retail-ipad-apps.vercel.app; 4
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com wss://*.hunqz.com *.planetromeo.com *.romeo.com offline-page.pages.dev *.facebook.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net https://challenges.cloudflare.com *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.blufm.de blufm.de *.firebaseio.com *.youtube.com *.facebook.com *.twitter.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com https://challenges.cloudflare.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.twitter.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 4
frame-ancestors 'self' *.americangreetings.com *.bluemountain.com *.jacquielawson.com *.justwink.com *.agpre.net *.imgag.com carltoncards.ca *.papyrusonline.com *.facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com *.contentstack.com papyrus-develop.go-vip.net papyrus-preprod.go-vip.net papyrus.go-vip.net homeiswherethemanais.webflow.io holidayhouse.teremana.com 4
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://*.motorola.com;media-src https: blob: data 4
default-src 'self'; base-uri 'self'; media-src 'self'; object-src 'none'; manifest-src 'self' dmjgpsfuea8g9.cloudfront.net; style-src 'self' 'unsafe-inline' dmjgpsfuea8g9.cloudfront.net d9er92kyodqy7.cloudfront.net fonts.googleapis.com *.psplugin.com static.telenor.se; font-src 'self' *.psplugin.com data: static.telenor.se fonts.gstatic.com *.mouseflow.com; img-src 'self' blob: data: *.telenorcdn.net *.adyen.com www.gstatic.com sstats.telenor.se bat.bing.com cdn.cookielaw.org *.psplugin.com *.qualtrics.com images.ctfassets.net static.telenor.se www.facebook.com www.google.com www.google.se www.googletagmanager.com mb.cision.com *.doubleclick.net *.scene7.com *.mouseflow.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.tt.omtrdc.net activitymap.adobe.com pay.google.com *.checkout.visa.com *.mastercard.com sstats.telenor.se www.googleadservices.com *.doubleclick.net content.vergic.com bat.bing.com account.psplugin.com assets.adobedtm.com cdn.adt348.net cdn.cookielaw.org *.mouseflow.com connect.facebook.net dmjgpsfuea8g9.cloudfront.net d9er92kyodqy7.cloudfront.net sc-static.net *.psplugin.com siteintercept.qualtrics.com sstats.telenor.se static.telenor.se *.snapchat.com www.googletagmanager.com www.youtube.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ *.siteintercept.qualtrics.com client.rum.us-east-1.amazonaws.com *.mouseflow.com; frame-src 'self' activitymap.adobe.com pay.google.com www.googletagmanager.com *.adyen.com *.doubleclick.net *.snapchat.com www.google.com *.qualtrics.com *.mouseflow.com; connect-src 'self' telenorsverigeab.tt.omtrdc.net aff.telenor.se *.adyen.com *.doubleclick.net google.com *.google.com log.adtraction.fail *.mouseflow.com bat.bing.com cdn.cookielaw.org sstats.telenor.se dpm.demdex.net *.onetrust.com *.qualtrics.com telenor.psplugin.com *.snapchat.com tsab.tt.omtrdc.net wss://telenor.psplugin.com *.google-analytics.com *.amazonaws.com *.mouseflow.com; frame-ancestors 'self' app.contentful.com *.psplugin.com; form-action *.adyen.com telenorse.eu.qualtrics.com; child-src *.mouseflow.com; worker-src blob:; 4
frame-ancestors 'self' https://reown.sanity.studio https://*.walletconnect.com https://*.walletconnect.org https://*.reown.com https://widget.solflare.com/ 4
report-uri https://gcp.api.snapchat.com/web-reporting/report;report-to main-endpoint 4
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com; upgrade-insecure-requests 4
frame-ancestors 'self' amadeus.com outpayce.com www.amadeus.com amadeus.seismic.com seismic.com liveshareeu1.seismic.com  www.outpayce.com  jobs.amadeus.com corporate.amadeus.com t3ch.amadeus.com digital-guidelines.internal.amadeus.com sales-playbook.internal.amadeus.com startups.amadeus.com hotels.amadeus.com opportunities.jobs.amadeus.com brand-marketing-center.internal.amadeus.com brandcenter.amadeus.com contentsourcing.amadeus.com partners.amadeus.com vdp.amadeus.com brand-guidelines.internal.amadeus.com cytric.amadeus.com 4
default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://*.google.com https://*.youtube.com https://*.gstatic.com https://*.gstatic.cn https://*.ul.com https://player.vimeo.com https://www.recaptcha.net *.salesforce-sites.com data: blob:; connect-src 'self' https://*.wistia.com http://*.wistia.com *.wistia.cdn.com https://*.ul.com https://www.google-analytics.com https://*.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com http://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://*.nr-data.net https://sheets-proxy.knightlab.com wss://*.hotjar.com https://csp.withgoogle.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://*.qualtrics.com https://en.wikipedia.org/ *.my.salesforce-sites.com https://api.company-target.com https://acsbapp.com https://cdn.acsbapp.com https://*.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://uliodev.azure-api.net/informatica-email-phone/Global_Email_Phone_Validation https://io.ul.com/informatica-email-phone/Global_Email_Phone_Validation https://na1.ai.dm-us.informaticacloud.com/active-bpel/public/rt/cTHkDDQ8MOqgFALFbuPY0C/Global_Email_Phone_Validation_test https://ulenterpriseorg--devservice.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--intdev.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--sit.sandbox.my.salesforce-scrt.com *.my.salesforce-scrt.com *.adobe.io wss://*.adobe.io https://adobeid-na1.services.adobe.com https://*.adobelogin.com https://auth.services.adobe.com https://delegated.identity.adobe.com; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.gstatic.com https://*.gstatic.cn https://script.hotjar.com https://*.ul.com https://fast.wistia.com/ https://acsbapp.com https://consent.trustarc.com https://cdnjs.cloudflare.com https://*.typekit.net data:; frame-src 'self' https://*.marketo.com https://*.google.com https://player.vimeo.com https://*.youtube.com https://fast.wistia.com https://vars.hotjar.com https://www.facebook.com http://*.ul.com https://*.ul.com https://www.recaptcha.net https://*.addtoany.com https://*.doubleclick.net https://airtable.com https://ulsolutions.qualtrics.com *.salesforce.com *.salesforce-sites.com http://consent-pref.trustarc.com company-target.com *.company-target.com https://documentcloud.adobe.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com experience.adobe.com js.stripe.com www.googletagmanager.com; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.ul.com https://s.ml-attr.com https://*.adnxs.com https://attr.ml-api.io https://pixel.mathtag.com https://*.amazonaws.com https://*.acsbapp.com https://*.qualtrics.com *.trustarc.com https://live-shimadzu.pantheonsite.io https://live-wwwul.pantheonsite.io https://live-latamul.pantheonsite.io https://live-emergo1.pantheonsite.io https://live-aunzul.pantheonsite.io https://live-vietnam-ul.pantheonsite.io https://test-shimadzu.pantheonsite.io https://test-wwwul.pantheonsite.io https://test-latamul.pantheonsite.io https://test-emergo1.pantheonsite.io https://test-aunzul.pantheonsite.io https://dev-shimadzu.pantheonsite.io https://dev-wwwul.pantheonsite.io https://dev-latamul.pantheonsite.io https://dev-emergo1.pantheonsite.io https://dev-aunzul.pantheonsite.io https://develop-shimadzu.pantheonsite.io https://develop-wwwul.pantheonsite.io https://develop-latamul.pantheonsite.io https://develop-emergo1.pantheonsite.io https://develop-aunzul.pantheonsite.io https://aunz.pasapp.dev https://emergo.psapp.dev https://latam.psapp.dev https://shimadzu.psapp.dev https://ul.psapp.dev https://ul.com https://id.rlcdn.com https://segments.company-target.com/validateCookie https://assets.adoberesources.net https://lh3.googleusercontent.com data: *.adobeaemcloud.com; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com *.wistia.cdn.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com http://*.wistia.net https://*.wistia.net https://*.youtube.com http://*.youtube.com https://*.vimeo.com https://connect.facebook.net https://*.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://googleads.g.doubleclick.net https://*.ul.com https://*.ul-renewables.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.c212.net https://c212.net https://pixel.mathtag.com *.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.marketo.com https://browser-update.org http://browser-update.org https://acsbapp.com https://cdn.acsbapp.com https://*.qualtrics.com https://en.wikipedia.org https://tag.demandbase.com http://munchkin.marketo.net http://consent.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://assets.adoberesources.net https://documentcloud.adobe.com https://service.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.lightning.force.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com blob: consent.trustarc.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://commons.ul.com https://experience.adobe.com https://fast.wistia.com https://js.stripe.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://static.addtoany.com https://*.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.typekit.net *.salesforce.com *.salesforce-sites.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com cdnjs.cloudflare.com https://cdn.knightlab.com; frame-ancestors 'self' *.salesforce-sites.com *.force.com 4
add_header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'" always; 4
frame-ancestors 'self' https://admarket.no https://admarket.schibsted.se https://frontpage-wayback-machine.sls.schibsted.tech/ https://front-video-tool.aftenposten.no/ https://*.pr.sls.schibsted.tech; upgrade-insecure-requests 4
default-src 'self' data: https://*.commerce.gov https://www.eda.gov https://eda.gov https://*.eda.gov https://unpkg.com https://*.basemaps.cartocdn.com https://*.vimeo.com https://*.googletagmanager.com https://polyfill.io https://www.googletagmanager.com https://*.mbda.gov https://*.d.commerce.gov https://content.govdelivery.com https://www.google-analytics.com https://use.fontawesome.com https://dap.digitalgov.gov https://*.twitter.com https://*.twimg.com https://*.youtube.com https://livestream.com https://*.livestream.com https://api.new.livestream.com https://emenuapps.ita.doc.gov https://rev-vbrick.uspto.gov https://*.facebook.com https://*.mapbox.com https://*.cloudflare.com https://*.tile.openstreetmap.org https://git.commerce.gov https://cdn.siteimprove.net https://youtube-nocookie.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://app.powerbigov.us https://*.googleapis.com https://www.youtube-nocookie.com https://api.data.gov https://*.uspto.gov 'unsafe-inline' 'unsafe-eval' ;upgrade-insecure-requests; 4
default-src 'self' consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: analytics.ahrefs.com obs.forroundprince.com ob.forroundprince.com *.stackadapt.com app.vwo.com munchkin.marketo.net  *.mktoweb.com challenges.cloudflare.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com  bluebeam2--shareddev.sandbox.my.site.com *.vidyard.com *.bluebeam.com *.wpengine.com *.pardot.com www.google-analytics.com fonts.gstatic.com *.cookiebot.com www.googletagmanager.com *.visualwebsiteoptimizer.com connect.facebook.net googleads.g.doubleclick.net *.hotjar.net *.hotjar.com snap.licdn.com bat.bing.com s.yimg.com snap.licdn.com *.google.com bat.bing.com sp.analytics.yahoo.com px.ads.linkedin.com stats.g.doubleclick.net www.facebook.com p.adsymptotic.com cdn.linkedin.oribi.io www.youtube.com; connect-src 'self' refer.bluebeam.com *.sheerid.net *.sheerid.com analytics.ahrefs.com obs.forroundprince.com tsvc.bluebeam.de *.stackadapt.com *.mktoresp.com *.execute-api.us-east-1.amazonaws.com *.execute-api.eu-west-2.amazonaws.com *.execute-api.ap-southeast-2.amazonaws.com *.execute-api.eu-central-1.amazonaws.com *.execute-api.eu-north-1.amazonaws.com region1.analytics.google.com *.analytics.google.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com content.hotjar.io wss://ws.hotjar.com px.ads.linkedin.com pagead2.googlesyndication.com www.google-analytics.com stats.g.doubleclick.net vc.hotjar.io s.yimg.com *.hotjar.com *.cookiebot.com analytics.google.com *.visualwebsiteoptimizer.com yoast.com www.google.com cdn.linkedin.oribi.io googleads.g.doubleclick.net gw.linkedin.oribi.io ad.doubleclick.net www.facebook.com bat.bing.com www.googleapis.com; img-src 'self' data: obs.forroundprince.com ade.googlesyndication.com arttrk.com imgsct.cookiebot.com www.google.co.uk www.google.nl www.google.no www.google.fr www.google.es www.google.dk www.google.se www.google.co.jp www.google.co.kr www.google.it www.google.fi www.google.be www.google.com.au *.vidyard.com *.visualwebsiteoptimizer.com sp.analytics.yahoo.com *.bing.com www.facebook.com px.ads.linkedin.com www.google.com p.adsymptotic.com secure.gravatar.com www.linkedin.com www.google-analytics.com gw.linkedin.oribi.io www.googletagmanager.com ad.doubleclick.net ps.w.org; style-src 'self' 'unsafe-inline' *.stackadapt.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.bluebeam.com *.wpengine.com fonts.googleapis.com; base-uri 'self'; form-action 'self' *.bluebeam.com www.facebook.com *.my.salesforce.com *.salesforce.com; object-src data: 'unsafe-eval'; font-src 'self' *.bluebeam.com *.wpengine.com fonts.googleapis.com fonts.gstatic.com data: 'unsafe-eval'; media-src 'self' *.bluebeam.com *.wpengine.com *.cookiebot.com; frame-src 'self' www.googletagmanager.com challenges.cloudflare.com *.vidyard.com *.bluebeam.com *.cookiebot.com *.hotjar.com www.facebook.com www.youtube.com td.doubleclick.net 9747788.fls.doubleclick.net roicalbucket.s3-website-us-east-1.amazonaws.com roical.bluebeam-dev.com roical.bluebeam.com go.pardot.com; 4
frame-ancestors 'self' https://*.postimees.ee https://*.pmo.ee https://*.tvnet.lv https://*.apollo.lv http://localhost:* 4
default-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch data: https://www.metanet.ch; base-uri 'none'; connect-src 'self' https://region1.google-analytics.com/ https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net https://notifications.wisepops.com https://sst.metanet.ch https://pagesense-collect.zoho.eu https://salesiq.zohopublic.eu wss://vts.zohopublic.eu https://vts.zohopublic.eu https://pagead2.googlesyndication.com; font-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.gstatic.com https://css.zohocdn.com https://pagead2.googlesyndication.com; frame-ancestors 'self'; frame-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net https://notifications.wisepops.com https://wisepops.net https://pagead2.googlesyndication.com; img-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://*.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://static.metanet.ch https://www.gstatic.com https://ssl.gstatic.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net https://pagesense-collect.zoho.eu https://pagead2.googlesyndication.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net https://sst.metanet.ch https://cdn-eu.pagesense.io https://salesiq.zohopublic.eu https://js.zohocdn.com https://js.zohostatic.eu https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.googleapis.com https://css.zohocdn.com https://css.zohostatic.eu https://pagead2.googlesyndication.com 4
frame-ancestors 'self'; report-uri https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce 4
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: ; img-src * data: ; connect-src * ; worker-src blob: ; frame-ancestors 'none'; 4
frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com https://servicenow.highspot.com https://partnerportalalphadev.service-now.com https://hidevidc.service-now.com 4
frame-ancestors 'self' https://comscore.sharepoint.com https://*.skilljar.com https://*.basis.net; 4
frame-ancestors 'self' https://metrika.yandex.ru 4
connect-src: *.mutinyhq.com, *.mutinyhq.io, *.mutinycdn.com; img-src: *.mutinycdn.com; script-src: *.mutinycdn.com; frame-ancestors: https://app.mutinyhq.com 4
frame-ancestors 'self' centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com *.bazaarvoice.com mpsnare.iesnare.com *.googleapis.com *.paypal.com tracking.channelsight.com gateway.foresee.com sc-static.net qoe-1.yottaa.net cdn.yottaa.com ecwportal.vertexsmb.com j.6sc.co s.yjtag.jp yjtag.yahoo.co.jp s.yimg.jp tag.demandbase.com paapi8935.d41.co cdn-0.d41.co id.rlcdn.com ecf.d41.co *.googlesyndication.com *.zinrelo.com wd-en.widget.custhelp.com script.mfilterit.net  wafs.mfilterit.net  'unsafe-eval' 'unsafe-inline'; 4
default-src https:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' active24.cz *.active24.cz active24.com *.active24.com active24.eu *.active24.eu *.iubenda.com tracker.metricool.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com trustpilot.com *.trustpilot.com googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net analytics.tiktok.com connect.facebook.net snap.licdn.com bat.bing.com *.ads-twitter.com c.seznam.cz *.ladesk.com; style-src 'self' 'report-sample' 'unsafe-inline' active24.cz *.active24.cz active24.eu *.active24.eu; object-src 'none'; base-uri 'self'; connect-src 'self' 'report-sample' data: ws://localhost:12387 active24.cz *.active24.cz active24.eu *.active24.eu googleapis.com *.googleapis.com *.google.com pagead2.googlesyndication.com px.ads.linkedin.com analytics.tiktok.com bat.bing.com *.google-analytics.com websupport.sk *.websupport.sk; font-src 'self' 'report-sample' 'unsafe-inline' data: active24.eu *.active24.eu gstatic.com *.gstatic.com; frame-ancestors 'self'; frame-src 'self' 'report-sample' blob: ladesk.com *.ladesk.com cookiebot.com *.cookiebot.com youtube.com *.youtube.com *.googletagmanager.com *.doubleclick.net *.facebook.com public.infinario.com; img-src 'self' 'report-sample' data: cookiebot.com *.cookiebot.com gravatar.com *.gravatar.com *.google.com *.google.cz *.google.sk *.facebook.com *.googletagmanager.com *.g.doubleclick.net px.ads.linkedin.com t.co analytics.twitter.com bat.bing.com c.seznam.cz active24.cz *.active24.cz active24.eu *.active24.eu; manifest-src 'self'; media-src 'self'; worker-src 'self'; 4
frame-ancestors www.red-gate.com; object-src 'none'; 4
frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu *.providence.org provcustomerservicedev.crm.dynamics.com provcustomerserviceuat.crm.dynamics.com provcustomerservice.crm.dynamics.com ; 4
frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu; report-uri https://www.gdatasoftware.com/__cspreporting__ 4
default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; font-src *; img-src * data: 4
default-src https: *.crazyegg.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com js.zi-scripts.com ws-assets.zoominfo.com; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob *.crazyegg.com; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss: *.crazyegg.com; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ https://dialpad.allbound.com/ https://app.contentful.com 4
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com www.drupal.org new.drupal.org; report-uri /report-csp-violation 4
frame-ancestors 'self' http://api.securedvisit.com http://track.securedvisit.com http://content.securedvisit.com http://images.securedvisit.com http://track.sv.rkdms.com *.loudcrowd.com *.lookaside.fbsbx.com 4
frame-ancestors self https://*.chaosgroup.com https://*.chaos.com https://secure.avangate.com https://secure.2checkout.com 4
frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 4
frame-ancestors https://blog.sherwin-williams.com https://www.sherwin-williams.com https://*.sherwin-williams.com 4
frame-ancestors 'self';default-src 'self' blob: 'unsafe-inline' *.mutinycdn.com data.hockeystack.com *.mutinyhq.io  tracking.g2crowd.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com   wss://ws.qualified.com perf-na1.hsforms.com app.qualified.com td.doubleclick.net pagead2.googlesyndication.com ws.qualified.com d3cy9zhslanhfa.cloudfront.net ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com youtube.com cdn.linkedin.oribi.io rs.fullstory.com forms-na1.hsforms.com cdn.contentful.com phenompeople.na.chilipiper.com js.chilipiper.com api.na.chilipiper.com api.chilipiper.com tracking.chilipiper.com ipv6.6sc.co cdn.cookielaw.org images.ctfassets.net assets.ctfassets.net videos.ctfassets.net app.clearbit.com api.hubapi.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com *.clearbitscripts.com *.litix.io alb.reddit.com *.clarity.ms secure.adnxs.com *.g2.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com *.google.com *.google.co.in stats.g.doubleclick.net p.adsymptotic.com privacy-policy.truste.com *.linkedin.com api.sharedcount.com n2.mouseflow.com c.6sc.co epsilon.6sense.com www.facebook.com *.hubspot.com fonts.gstatic.com *.phenom.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com cdn.cookielaw.org optanon.blob.core.windows.net c.bing.com geolocation.onetrust.com youtu.be abm2.listenloop.com notify.bugsnag.com pt37ad6f6a.execute-api.us-east-1.amazonaws.com data slideshare.net:;script-src 'self' 'unsafe-inline' 'unsafe-eval' home.integrate.com *.mutinycdn.com data.hockeystack.com *.mutinyhq.io  tracking.g2crowd.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com  code.jquery.com ajax.googleapis.com images.ctfassets.net www.googleadservices.com videos.ctfassets.net *.phenom.com c.bing.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net *.clarity.ms j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com fast.wistia.net www.g2.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com www.redditstatic.com js.usemessages.com alb.reddit.com cdn.cookielaw.org static.ads-twitter.com *.clearbitscripts.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com js.chilipiper.com js.usemessages.com js.hsadspixel.net js.na.chilipiper.com snap.licdn.com www.google.com images.ctfassets.net videos.ctfassets.net js.driftt.com googleads.g.doubleclick.net stats.g.doubleclick.neti edge.fullstory.com secure.adnxs.com cb3034c4ce68477bb69489e3e49e4588.js.ubembed.com assets.ubembed.com js.zi-scripts.com ws-assets.zoominfo.com js.qualified.com js.hubspot.com v2.listenloop.com 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.101datacenter.net https://*.101domain.com https://chat.livecustomer.com https://my.101domain.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com https://secure.campaigner.com https://connect.facebook.net https://*.kissmetrics.com https://*.googleapis.com https://*.facebook.com https://*.llnwd.net https://*.doubleclick.net https://*.infusionsoft.com https://*.google.bg https://d3pkntwtp2ukl5.cloudfront.net https://*.livechatinc.com https://*.googleusercontent.com https://*.gstatic.com https://*.linkedin.com https://*.bing.com https://*.infusionsoft.app https://*.adsymptotic.com https://*.truste.com https://*.comodo.com https://*.trust-provider.com https://*.101d.dev https://*.101s.dev https://*.ytimg.com https://*.clarity.ms https://*.videodelivery.net https://*.devicevalidation.io https://cdn.livechat-files.com https://cdn.linkedin.oribi.io https://*.licdn.com https://*.cloudflareinsights.com https://code.createjs.com data: 4
frame-ancestors 'self' https://thetitanawards.com 4
frame-ancestors https://*.publons.com:* http://*.publons.com:* https://publons.com:* https://cortellis.com:* https://*.cortellis.com:* http://*.cortellis.com:* https://cortellis.cn:* https://*.cortellis.cn:* http://*.cortellis.cn:* https://*.clarivate.com:* http://*.clarivate.com:* https://*.dev-wos.com:* http://*.dev-wos.com:* https://*.endnote.com:* http://*.endnote.com:* https://*.myendnoteweb.com:* http://*.myendnoteweb.com:* https://myendnoteweb.com:* https://*.dev-cortellis.com:* http://*.dev-cortellis.com:* https://*.ezproxy.auckland.ac.nz:* http://*.ezproxy.auckland.ac.nz:* http://*.dev.oneplatform.build:* https://*.dev.oneplatform.build:* https://*.cptest.idm.oclc.org:* https://*.idm.oclc.org:* https://*.libproxy.albany.edu:* https://*.twu.edu:* http://*.dev-cortellis.cn:* https://*.dev-cortellis.cn:* http://webofscience.com:* https://webofscience.com:* http://*.webofscience.com:* https://*.webofscience.com:* https://*.proxy.lnu.se:* https://*.ub.oru.se:* https://*.griffith.edu.au:* https://*.uexternado.edu.co:* http://*.s3-website-us-west-2.amazonaws.com:* https://*.s3-website-us-west-2.amazonaws.com:* https://*.msu.edu:* https://*.library.nova.edu:* https://*.dev-scholarone.com:* https://*.clarivate.cn:* https://*.dev-incites.com:* https://*.targetsafety.info:* https://*.gethealthbase.com:* https://*.clarivate.net:* http://*.library.vanderbilt.edu:* https://*.library.vanderbilt.edu:* https://*.dev-innovation.com:* https://*.derwentinnovation.com:*; sandbox allow-top-navigation allow-same-origin allow-scripts allow-popups allow-forms allow-modals 4
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 4
upgrade-insecure-requests; default-src 'self' *.leuchtfeuer.com; frame-src 'self' *.consentmanager.net *.youtube.com *.youtube-nocookie.com *.altrulabs.com *.smartrecruiters.com *.equitystory.com *.conti-apps.de *.continental.com *.wowza.com livestream.com *.nc3-cdn.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.continental.com *.facebook.net *.googleapis.com *.googletagmanager.com *.bing.com *.virtualearth.net www.cdn.botfriendsx.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.flockler.com *.flockler.systems *.continental.com *.google.com *.googleapis.com *.googletagmanager.com *.mouseflow.com *.bing.com *.virtualearth.net *.admiralcloud.com *.altrulabs.com *.smartrecruiters.com *.linkedin.com *.licdn.com *.analytics.google.com *.google-analytics.com *.trkkn.com unpkg.com *.consentmanager.net *.equitystory.com www.cdn.botfriendsx.com api.eu-1.smooch.io blob:; font-src 'self' www.cdn.botfriendsx.com data: *.continental.com *.bing.com *.admiralcloud.com *.altrulabs.com *.gstatic.com; connect-src 'self' *.facebook.net *.linkedin.com *.flockler.com *.flockler.app *.continental.com *.leuchtfeuer.com *.admiralcloud.com *.bing.com *.virtualearth.net *.altrulabs.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.mouseflow.com *.consentmanager.net *.trkkn.com cdn.linkedin.oribi.io www.cdn.botfriendsx.com *.config.eu-1.smooch.io api.eu-1.smooch.io wss://api.eu-1.smooch.io; img-src * data: *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.virtualearth.net; media-src * blob:; report-uri https://sentry.leuchtfeuer.com/api/13/security/?sentry_key=66362f3cb1034383abbd3702c8d1a340 4
default-src 'self';font-src fonts.gstatic.com; base-uri 'self'; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src mailto: *; connect-src *; 4
default-src'self'; 4
frame-ancestors 'self' https://kisanuat.bankofbaroda.co.in https://kisan.bankofbaroda.com https://ams.techmahindra.com;upgrade-insecure-requests; block-all-mixed-content; 4
frame-ancestors https://*.bw-infra.de https://*.baden-wuerttemberg.de; 4
default-src 'self' play.vidyard.com *.forsta.com *.rioseo.com *.g2crowd.com t.co js.zi-scripts.com/zi-tag.js; script-src 'self' go.forsta.com ws-assets.zoominfo.com cdn.bizible.com cdn.linkedin.oribi.io cdn.b0e8.com google-analytics.com play.vidyard.com assets.vidyard.com unpkg.com js-agent.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com forsta.bamboohr.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co cdn.cookielaw.org bam.nr-data.net geolocation.onetrust.com www.google.com www.google-analytics.com www.googletagmanager.com tpc.googlesyndication.com maps.googleapis.com digitalfeedback.us.confirmit.com www.gstatic.com *.smartrecruiters.com *.bc0a.com g10102301085.co *.castos.com optimize.google.com jobpal-sm.s3.amazonaws.com api.smooch.io forsta1--forstaful.sandbox.my.salesforce-sites.com *.forsta.com *.rioseo.com *.g2crowd.com t.co js.zi-scripts.com ws.zoominfo.com tags.clickagy.com js.zi-scripts.com/zi-tag.js fast.wistia.com cdn-app.pathfactory.com blob: translate.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.googletagmanager.com go.forsta.com 972-oec-621.mktoweb.com fonts.googleapis.com legal.forsta.com static.smartrecruiters.com *.bc0a.com optimize.google.com jobpal-sm.s3.amazonaws.com *.forsta.com *.rioseo.com t.co js.zi-scripts.com/zi-tag.js cdn-app.pathfactory.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' http://library.forsta.com https://library.forsta.com https://resources.rioseo.com http://resources.rioseo.com https://www.rioseo.com http://www.rioseo.com js.zi-scripts.com/zi-tag.js www.googletagmanager.com ; frame-src www.googletagmanager.com go.forsta.com play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com www.google.com survey.us.confirmit.com subscriptions.smartrecruiters.com *.bc0a.com 6352b8cc15f5f7-88529694.castos.com optimize.google.com *.forsta.com *.rioseo.com t.co td.doubleclick.net hemsync.clickagy.com js.zi-scripts.com/zi-tag.js fast.wistia.com; object-src 'none'; base-uri 'self'; form-action 'self' www.googletagmanager.com webto.salesforce.com *.forsta.com *.rioseo.com js.zi-scripts.com/zi-tag.js ; connect-src 'self' jobpal-sm.s3.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com go.forsta.com play.vidyard.com google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com forsta.bamboohr.com *.6sense.com *.google.com google.com adservice.google.com maps.googleapis.com translate.googleapis.com www.googleapis.com googleapis.com maps.googleapis.com *.analytics.google.com *.google-analytics.com analytics.google.com www.google-analytics.com www.googletagmanager.com *.g.doubleclick.net pagead2.googlesyndication.com *.6sc.co digitalfeedback.us.confirmit.com *.hotjar.io *.hotjar.com wss://*.hotjar.com ws.zoominfo.com *.bc0a.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io api.smooch.io wss://api.smooch.io *.pathfactory.com *.forsta.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn ww.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.g2crowd.com t.co js.zi-scripts.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com/zi-tag.js pipedream.wistia.com www.googleadservices.com tracking-api.production.g2.com tracking-api.g2.com; font-src 'self' data: fonts.gstatic.com www.googletagmanager.com legal.forsta.com jobpal-sm.s3.amazonaws.com *.forsta.com *.rioseo.com t.co js.zi-scripts.com/zi-tag.js *.pathfactory.com; media-src *.bc0a.com *.forsta.com *.rioseo.com *.castos.com *.b0e8.com t.co jobpal-sm.s3.amazonaws.com js.zi-scripts.com/zi-tag.js www.googletagmanager.com; img-src https: data:; report-uri https://forsta.report-uri.com/r/t/csp/enforce 4
default-src 'none'; connect-src *; font-src * data: about:; frame-src *; img-src * data: about:; media-src 'self' www.l3harris.com; script-src 'self' 'strict-dynamic' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'nonce-v0m-z7kLBfjg0cmhYw4CGg'; script-src-elem 'self' 'strict-dynamic' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'nonce-v0m-z7kLBfjg0cmhYw4CGg'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.wescam.info www.googletagmanager.com cdn.userway.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; form-action 'self' www.facebook.com; frame-ancestors 'self'; report-uri https://www.l3harris.com/system/reporting/csp; report-to csp 4
frame-ancestors 'self' https://*.procaresoftware.com; 4
frame-ancestors 'self' commander.weatherops.com 4
frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn https://icp.renesas.com http://icp.renesas.com https://icp.renesas.cn http://icp.renesas.cn http://www3.renesas.cn https://www3.renesas.cn 4
upgrade-insecure-requests;frame-ancestors 'self' ; 4
frame-ancestors depositfiles.com *.depositfiles.com depositfiles.org *.depositfiles.org dfiles.eu *.dfiles.eu dfiles.com *.dfiles.com 4
frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 4
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ *.s3.amazonaws.com *.optimizely.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://*.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com https://gba4ya26.micpn.com/p/js/ https://tr.snapchat.com/config/ https://www.google.com/pagead/ https://bat.bing.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://analytics.tiktok.com https://m5srpdpi.micpn.com https://tags.crwdcntrl.net https://ynnpkxoz.micpn.com https://tag.demandbase.com https://mi.chamberlain.edu https://static.hotjar.com https://s.adroll.com https://script.hotjar.com https://d.adroll.com https://marvel-b2-cdn.bc0a.com https://geoip-js.com *.avaamo.com https://munchkin.marketo.net https://ict.infinity-tracking.net https://js.adsrvr.org https://s.yimg.com https://waldenuniversity.referralrock.com https://cdn.mouseflow.com https://tag.mtrcs.samba.tv https://pixel.mathtag.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://pixel.admedia.com *.googlesyndication.com *.storelocatorwidgets.com https://ajax.googleapis.com https://home-c20.incontact.com https://gateway.on24.com https://www.riddle.com/ *.b0e8.com https://embedr.flickr.com https://widgets.flickr.com *.infinity-tracking.com https://c.hrzn-nxt.com https://public.flourish.studio https://www.redditstatic.com t.contentsquare.net app.contentsquare.com https://www.esyoh.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co *.mnixdata.com https://optimizely-hrd.appspot.com https://aa.trkn.us *.bttrack.com https://bttrack.com https://assets-pcor-dev.adtalem.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.googleapis.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://api.wire.spbx.app; object-src 'none'; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com *.salesforceliveagent.com https://rossu.secure.force.com https://auc--fullsanbox.sandbox.my.salesforce.com https://test.salesforce.com https://login.salesforce.com https://rossu.my.salesforce.com/ *.my.salesforce.com *.my.site.com/ *.force.com/; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/ https://hello.myfonts.net/ https://fast.fonts.net/ https://cdnjs.cloudflare.com/ https://optimize.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdn.storelocatorwidgets.com *.googletagmanager.com https://*.crazyegg.com  *.my.salesforce.com *.my.site.com/ *.force.com/ https://unpkg.com; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com/ https://www.adtalem.com/ https://*.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://www.google-analytics.com https://optimize.google.com https://webtracking.medical.rossu.edu https://analytics.tiktok.com https://rossu.secure.force.com https://webtrackingvet.rossu.edu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://ipv4.d.adroll.com https://pt.ispot.tv *.amazonaws.com https://sp.analytics.yahoo.com https://webtracking.chamberlain.edu https://pixel.mtrcs.samba.tv https://cu.secure.force.com https://bidagent.xad.com https://data.adxcel-ec2.com https://pixel.mathtag.com https://cdnjs.cloudflare.com https://img.storelocatorwidgets.com https://www.googleadservices.com https://arttrk.com ads-api.twitter.com analytics.twitter.com  ads-twitter.com https://bam.nr-data.net *.cookielaw.org *.b0e8.com *.salesforce-sites.com https://trkn.us *.contentsquare.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://live.staticflickr.com https://d.adroll.com https://ad.doubleclick.net https://public.flourish.studio https://l.hrzn-nxt.com https://alb.reddit.com https://analytics.pangle-ads.com *.force.com/ https://px0.pbbl.co https://aa.agkn.com *.t.eloqua.com/ *.my.site.com/ *.adnxs.com/ *.tapad.com/ *.adsrvr.org/ *.bttrack.com/ https://storage.googleapis.com/ https://di.rlcdn.com/ https://assets-pcor-dev.adtalem.com https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.gstatic.com https://maps.googleapis.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://api.wire.spbx.app; media-src 'self' *.avaamo.com; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com https://vr.showmecaribbean.com/ https://e.issuu.com/ https://optimize.google.com *.cdn.optimizely.com https://waldenuniversity.referralrock.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://match.adsrvr.org https://pixel.mathtag.com https://cdn.hypemarks.com https://widget.spreaker.com https://app.calconic.com https://www.google.com *.avaamo.com https://home-c20.incontact.com https://www.riddle.com https://gateway.on24.com https://cdn.yoshki.com https://massinteract.com https://www.flickr.com https://*.siteimprove.com https://public.flourish.studio https://flo.uri.sh https://www.massinteract.com https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co https://unibuddy.co https://events.waldenu.edu https://investors.adtalem.com https://aa.trkn.us *.bttrack.com https://bttrack.com https://www.googletagmanager.com https://app.tintup.com/; frame-ancestors 'self'; child-src 'self' *.youtube.com blob:; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net https://fonts.gstatic.com *.avaamo.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://cdn.mouseflow.com ; connect-src 'self' wss://wsp43.hotjar.com https://gtm.waldenu.edu https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://*.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/ https://analytics.google.com https://bam.nr-data.net https://ipinfo.io https://www.facebook.com/tr/ https://analytics.tiktok.com https://cdn.linkedin.oribi.io *.optimizely.com https://api.company-target.com https://vc.hotjar.io https://wsp43.hotjar.com https://s.yimg.com *.mktoresp.com https://ict.infinity-tracking.net https://nas.lon.infinity-tracking.net https://pixel.mtrcs.samba.tv https://in.hotjar.com https://segments.company-target.com https://geoip-js.com *.mouseflow.com https://api.tintup.com *.amazonaws.com https://ad.doubleclick.net https://pixel.admedia.com *.mapbox.com *.storelocatorwidgets.com ads-api.twitter.com ads-twitter.com analytics.twitter.com https://917-jig-558.mktoutil.com *.infinity-tracking.com *.contentsquare.net *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://embedr.flickr.com https://bat.bing.com https://discover.waldenu.edu https://www.esyoh.com https://gtm.chamberlain.edu https://gtm.aucmed.edu https://gtm.veterinary.rossu.edu https://gtm.medical.rossu.edu https://analytics.pangle-ads.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://px.ads.linkedin.com/ https://tr6.snapchat.com/ *.mnixdata.com https://integrations.optimizely-edge.com https://www.redditstatic.com https://conversions-config.reddit.com https://www.redditstatic.com *.reddit.com *.bttrack.com https://bttrack.com https://assets-pcor-dev.adtalem.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.googleapis.com https://pcor-dev.adtalem.com https://pcor-qa.adtalem.com https://pcor.adtalem.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://dev-atge-outage.adtalem.com https://qa-atge-outage.adtalem.com https://atge-outage.adtalem.com; report-uri /report-csp-violation 4
default-src blob: 'unsafe-eval' 'unsafe-inline' https: wss://lo2.msg.liveperson.net; img-src data: https:; font-src data: https:;https://*.liveperson.net;https://cdn.lpsnmedia.net 4
frame-ancestors 'self' zendesk.com training.finalsite.com www.taistn.com www.tri-association.org www.swaes.org www.qais.qc.ca www.partnersinmission.com www.paispa.org www.nysais.org www.nwais.org www.njais.org www.nesacenter.org www.mn-ais.org www.maisschools.com www.mais-web.org www.lmais.org isasw.finalsite.com www.theibsc.org www.fobisia.org www.fcis.org www.cristoreynetwork.org www.cobis.org.uk www.cisontario.ca www.cois.org www.capss.org www.cais.ca www.cabe.org aisne.finalsite.com www.aims-mi.org www.acaap.net www.aassa.com www.aaie.org https://www.finalsite.co.uk www.finalsite.co.uk *.pendo.io pendo-io-static.storage.googleapis.com www.boarding.org.au app.getguru.com; 4
frame-ancestors *; report-uri /_/commcsp?disposition=enforce 4
object-src 'none'; frame-ancestors 'self'; 4
default-src 'self' *.bim.com.tr *.bim.ma *.bim.eg *.bimcell.com.tr *.file.com.tr *.google.com  *.google.com.tr *.cloudflare.com *.gstatic.com *.doubleclick.net *.bootstrapcdn.com *.googletagmanager.com  *.google-analytics.com *.googleapis.com *.jquery.com *.facebook.net *.youtube.com *.youtube-nocookie.com *.hr-link.net hr-link.net 'unsafe-inline' 'unsafe-eval' data:; 4
default-src 'self'  *.doubleclick.net www.google.com www.ferrero.com acsbapp.com www.google-analytics.com cdn.acsbapp.com region1.google-analytics.com fonts.gstatic.com analytics.ferrero.com privacyportal-eu.onetrust.com static.addtoany.com vod.ferrero.com cdn.cookielaw.org; script-src 'self'  'unsafe-eval'; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' privacyportal-eu-cdn.onetrust.com eu-ma.sam4m.com tracker.marinsm.com www.youtube.com www.gstatic.com www.google.com www.google-analytics.com acsbapp.com analytics.ferrero.com cdn.cookielaw.org www.googletagmanager.com static.addtoany.com; img-src 'self' www.googletagmanager.com *.doubleclick.net cdn.cookielaw.org privacy-policy.truste.com data: ; style-src 'self' 'unsafe-inline' *.onetrust.com www.googletagmanager.com fonts.googleapis.com; object-src 'none'; frame-src www.facebook.com *.doubleclick.net www.youtube.com www.youtube-nocookie.com static.addtoany.com www.google.com; 4
frame-ancestors 'self' *.download.com.vn download.com.vn *.download.vn download.vn *.softvn.com softvn.com *.quantrimang.com quantrimang.com *.meta.vn meta.vn *.vndoc.com vndoc.com *.gamevui.vn gamevui.vn *.hoatieu.vn hoatieu.vn 4
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.wistia.com *.wistia.net http://js.hsforms.net/ https://forms.hsforms.com/ https://js.hs-banner.com https://js.hsleadflows.net *.hubspot.com https://js.hscollectedforms.net cdn.kendostatic.com https://az416426.vo.msecnd.net/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com *.demandbase.com https://rec.smartlook.com https://snap.licdn.com https://www.redditstatic.com https://tracking-cdn.figpii.com *.inspectlet.com https://statics-cdn.figpii.com slideslive.com/embed_presentation.js *.zoominfo.com tags.clickagy.com https://cdnjs.cloudflare.com *.outbrain.com *.doubleclick.net *.hawksearch.net *.g2crowd.com *.sentry-cdn.com/ *.google.com *.vimeo.com https://*.usercentrics.eu 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.wistia.com https://www.googletagmanager.com *.hawksearch.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.altair.com *.google-analytics.com *.linkedin.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.hsleadflows.net *.hsforms.com *.usercentrics.eu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com *.google.com/ https://px.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com *.hubspot.com *.hsappstatic.net https://alb.reddit.com https://tr.outbrain.com https://hn.inspectlet.com https://connect.facebook.net https://px.adentifi.com https://rtb.adentifi.com https://cm.g.doubleclick.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.m *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.g2crowd.com *.hawksearch.net *.hawksearch.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.wistia.com https://www.altair.com/include-header-footer/fonts/; frame-src *.hubspot.com *.hsforms.com *.hs-sites.com *.usercentrics.eu *.google.com *.youtube.com https://player.vimeo.com https://mkt.panopticon.altair.com *.facebook.com *.slideslive.com *.wistia.com *.wistia.net hemsync.clickagy.com *.company-target.com https://slideslive.com *.doubleclick.net *.googletagmanager.com 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com https://api.hubapi.com https://forms.hubspot.com *.usercentrics.eu https://dc.services.visualstudio.com *.company-target.com https://manager.eu.smartlook.cloud https://www.facebook.com/tr https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://sessions.bugsnag.com *.figpii.com wss://tdw.figpii.com *.inspectlet.com wss://ws.inspectlet.com https://slideslive.com https://web-writer.us.smartlook.cloud https://*.googlesyndication.com cdn.linkedin.oribi.io *.zoominfo.com *.clickagy.com *.demandbase.com *.outbrain.com *.doubleclick.net *.linkedin.com *.hawksearch.net *.hawksearch.com *.redditstatic.com *.reddit.com *.g2crowd.com *.wistia.net *.g2.com *.google.com https://google.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.wistia.net *.wistia.com https://embedwistia-a.akamaihd.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 4
default-src 'self' www.app5.unisys.com js.qualified.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net data: ws: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.monitor.azure.com bugcrowd.com cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com js.adsrvr.org *.intentsify.io acdn.adnxs.com *.techtarget.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com js.qualified.com www.googleadservices.com *.optimizely.com *.twitter.com *.gartner.com cdn.pdst.fm www.gstatic.com *.6sc.co *.contentsquare.net app.contentsquare.com *.google.com *.cloudfront.net *.createjs.com *.facebook.net *.eloqua.com *.statcounter.com *.youtube.com *.vimeocdn.com *.en25.com *.demandbase.com *.hotjar.com *.licdn.com *.adroll.com https://www.google-analytics.com *.googletagmanager.com https://js.ipredictive.com *.google-analytics.com *.trustarc.com https://www.googletagmanager.com https://vimeo.com *.vimeo.com https://js.hs-banner.com https://js.hs-scripts.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hs-analytics.net https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://s7.addthis.com https://v1.addthisedge.com https://m.addthis.com/ https://z.moatads.com https://maxcdn.bootstrapcdn.com https://www.facebook.com *.episerver.net *.bing.com *.virtualearth.net *.unisys.com https://api.company-target.com *.sharethis.com https://unpkg.com *.consensu.org https://ajax.googleapis.com https://cdnjs.cloudflare.com https://t.contentsquare.net/ https://static.ads-twitter.com/ *.newscred.com *.rezync.com; style-src 'self' 'unsafe-inline' cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com *.googletagmanager.com *.gartner.com https://fonts.googleapis.com *.episerver.net *.bing.com https://maxcdn.bootstrapcdn.com https://unpkg.com *.sharethis.com https://*.unisys.com; img-src 'self' blob: data: http: https: *.ipredictive.com www.googletagmanager.com *.contentsquare.net https://cdn.optimizely.com; font-src 'self' *.gartner.com data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.unisys.com; connect-src 'self' *.intentsify.io *.onetrust.com *.cookielaw.org *.qualified.com *.ads.linkedin.com https://logx.optimizely.com *.techtarget.com *.demandbase.com https://*.optimizely.com https://us-central1-adaptive-growth.cloudfunctions.net *.optimizely.com *.6sc.co *.adnxs.com cdn.linkedin.oribi.io *.trustarc.com *.hotjar.io *.hotjar.com *.doubleclick.net *.google.com *.googletagmanager.com *.google-analytics.com https://forms.hubspot.com https://api.hubspot.com https://m.addthis.com https://dc.services.visualstudio.com https://vimeo.com ws: wss: *.bing.com *.episerver.net *.virtualearth.net https://api.company-target.com https://c.statcounter.com *.contentsquare.net; child-src blob: 'self' cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com *.trustarc.com https://api.hubspot.com https://app.hubspot.com https://vimeo.com *.vimeo.com https://www.youtube.com https://s7.addthis.com; media-src 'self' www.app5.unisys.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net https://*.unisys.com; frame-src * csxd.unisys.com; worker-src 'self' blob: data: 4
frame-ancestors 'self' https://*.ensineme.com.br https://*.estacio.br https://*.yduqs.com.br https://*.wyden.com.br https://*.ibmec.br https://*.idomed.com.br https://*.damasio.com.br 4
frame-ancestors 'self' *.virginmoney.com; 4
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 4
frame-ancestors https://*.postbank.de 4
frame-ancestors 'self' http://tutorialcorreo.xsi.es http://correo.natural.es http://correo.mundored.com http://mundored.com https://correo.nuevecomanueve.es 4
frame-ancestors 'self' https://*.fashionjobs.com https://*.fashionnetwork.com https://*.fashiongroup.com https://*.fashionmag.biz https://fashionmag.biz https://fashionnetworkevents.com https://*.fashionnetworkevents.com 4
default-src 'none'; script-src acdn.adnxs.com cdn.admo.tv cstatic.weborama.fr dc.ads.linkedin.com developers.atinternet-solutions.com *.dom101.mapres *.dom101.intres *.dom101.prdres *.doubleclick.net d.turn.com *.evermaps.net *.facebook.net facebook.com *.gbpce.net *.googletagmanager.com *.googleadservices.com *.hcaptcha.com *.inbenta.io *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io marketing.adobe.com my.tealiumiq.com publicidees.com px.ads.linkedin.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.tiqcdn.com 'unsafe-inline' 'unsafe-eval' *.1bis.com *.myfeelback.com cdn.trustindex.io analytics.tiktok.com s2.adform.net track.adform.net *.adform.net *.bing.com *.teads.tv *.criteo.com *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.linkeo.com *.banquepopulaire.fr; connect-src *.dom101.mapres *.dom101.intres *.dom101.prdres *.inbenta.io *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.k-app.io *.omtrdc.net 'self' *.tealiumiq.com *.2o7.net *.hcaptcha.com cdn.linkedin.oribi.io adservice.google.com www.facebook.com *.prod.mycloud.intrabpce.fr google.com *.google.com analytics.tiktok.com px.ads.linkedin.com pagead2.googlesyndication.com gen-chat.i-bp.banquepopulaire.dev:8888 gen-widgets.hom.mycloud.intrabpce.fr gen-widgets.prod.mycloud.intrabpce.fr wss://www.banquepopulaire.fr/genesys/genesys/cometd *.teads.tv *.bing.com *.criteo.com *.linkeo.com *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.banquepopulaire.fr; img-src data: cdn.admo.tv *.cloudimg.io cstatic.weborama.fr developers.atinternet-solutions.com *.doubleclick.net d.turn.com www.facebook.com www.google.fr www.google.com *.googletagmanager.com *.inbenta.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io *.omtrdc.net ib.adnxs.com publicidees.com *.hcaptcha.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.myfeelback.com *.kxcdn.com www.linkedin.com dc.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com cdn.trustindex.io my.tealiumiq.com action.metaffiliation.com *.bing.com *.teads.tv *.criteo.com *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.linkeo.com *.banquepopulaire.fr; style-src fonts.googleapis.com *.inbenta.io 'self' *.hcaptcha.com 'unsafe-inline' *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io cdn.trustindex.io *.linkeo.com *.banquepopulaire.fr; font-src data: fonts.gstatic.com *.inbenta.io 'self'; frame-ancestors *.dom101.mapres *.dom101.intres *.dom101.prdres 'self' *.banquepopulaire.fr; frame-src https: *; worker-src 'self' blob:; report-uri https://www.csp.bpce.fr/v1/record; 4
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net *.google-analytics.com *.analytics.google.com 4
default-src 'self' *.greenhouse.io *.sharethis.com *.rhombusads.com *.google-analytics.com *.doubleclick.net *.fullstory.com *.mktoresp.com *.hscollectedforms.net *.hsforms.com veradigm-com-cache.s3.amazonaws.com *.cookiebot.com *.analytics.google.com *.ads.linkedin.com *.acsbapp.com *.google.com acsbapp.com ws.zoominfo.com *.hubspot.com *.driftt.com *.crazyegg.com blob: *.googleapis.com *.gstatic.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src *.greenhouse.io *.doubleclick.net *.marketo.com *.sitescout.com *.krxd.net *.youtube.com *.sharethis.com *.consensu.org *.cookiebot.com *.hsforms.com issuu.com *.google.com *.drift.com *.driftt.com *.adroll.com *.crazyegg.com *.google.com; img-src 'self' data: *.zoominfo.com *.google-analytics.com *.marketo.com *.linkedin.com *.lfeeder.com *.sitescout.com *.adsymptotic.com *.krxd.net *.youtube.com *.sharethis.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.doubleclick.net *.google.com *.fullstory.com *.hubspot.com *.analytics.google.com *.hsforms.com *.geniusmonkey.com *.cookiebot.com *.capterra.com *.adroll.com *.bidswitch.net *.openx.net *.adnxs.com *.analytics.yahoo.com *.rlcdn.com *.googlesyndication.com *.rubiconproject.com *.casalemedia.com *.pubmatic.com *.outbrain.com *.taboola.com *.3lift.com *.company-target.com *.facebook.com *.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.greenhouse.io *.zoominfo.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.marketo.com *.marketo.net *.licdn.com *.pixel.ad *.krxd.net *.lfeeder.com *.sharethis.com *.google.com *.googleadservices.com *.doubleclick.net *.youtube.com *.fullstory.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsforms.com *.hsforms.net *.hscollectedforms.net *.cookiebot.com *.geniusmonkey.com *.adroll.com *.ads.linkedin.com acsbapp.com *.acsbapp.com *.gstatic.com *.drift.com *.driftt.com *.crazyegg.com *.contextweb.com *.hubspot.com connect.facebook.net blob: 'unsafe-eval' *.googletagmanager.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.marketo.com *.google.com *.crazyegg.com; 4
frame-ancestors 'self' *.ncmec.org *.missingkids.org *.adobecqms.net *.ncmecad.net *.articulate.com articulateusercontent.com ncmec.docebosaas.com learn.secondcity.com *.dcbstatic.com; 4
connect-src wss: https:; upgrade-insecure-requests; object-src blob: 'self'; frame-ancestors 'self' *.dev.wdr.io https://content.tuni.fi; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 4
default-src * data: 'unsafe-eval' 'unsafe-inline'; 4
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; frame-ancestors 'self' https://verizonconnect.getambassador.com/; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; object-src 'none'; 4
upgrade-insecure-requests; frame-ancestors 'self' *.reforma.com *.elnorte.com *.mural.com.mx *.gruporeforma.com *.agenciareforma.com *.avisosdeocasion.com *.elviernesnocuesta.com aristeguinoticias.com *.ezproxy.iteso.mx creative-preview-an.com ib.adnxs-simple.com mediation.adnxs.com adsdk.microsoft.com *.safeframe.googlesyndication.com *.grupo.reforma.com; 4
upgrade-insecure-requests; object-src 'none'; 4
frame-ancestors intapp.seismic.com intapp.com www.intapp.com seismic.com www.seismic.com intapp.wpengine.com intapp.gcs-web.com investors.intapp.com; 4
default-src 'self'; script-src 'report-sample' 'self' https://www.googleadservices.com https://www.googletagmanager.com https://www.googletagmanager.com/debug/bootstrap https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.recaptcha.net/recaptcha/api.js www.gstatic.com; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' careem.com https://analytics.google.com https://remittance-service.pvt-cx.gw.staging.teamdisplayed.com https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://td.doubleclick.net/ https://www.googletagmanager.com https://www.recaptcha.net https://www.youtube.com; img-src 'self' https://www.google.com/pagead https://googleads.g.doubleclick.net https://www.google.com.pk https://careem-public-web-media.imgix.net https://upload-cdn.careem.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://upload-cdn.careem.com https://careem-public-web-media.imgix.net; report-uri https://646c74d0974ac544f93aad6a.endpoint.csper.io/?v=3; worker-src 'none'; form-action 'self'; 4
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 4
frame-ancestors 'self' http://renaissance.lookbookhq.com https://renaissance.lookbookhq.com http://renaissance.pathfactory.com https://renaissance.pathfactory.com http://content.renaissance.com https://content.renaissance.com 4
base-uri 'self'; child-src 'self'; connect-src 'self' https://*.meo.pt https://*.botschool.ai https://api.botschool.ai wss://api.botschool.ai wss://api.ng.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud wss://*.engagement.coremedia.cloud https://*.byside.com wss://*.byside.com https://cdn-api-weglot.com https://cloudflarestream.com https://*.evergage.com https://www.facebook.com https://*.google-analytics.com https://adservice.google.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://*.googleapis.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.hcaptcha.com https://in.hotjar.com https://*.inmobi.com https://*.inside-graph.com wss://*.inside-graph.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://*.clarity.ms https://*.doubleclick.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://*.quantcast.mgr.consensu.org https://*.userway.org https://www.google.pt https://services.sapo.pt https://signet-spot.telecom.pt; default-src 'self'; font-src 'self' data: https://*.meo.pt https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://eu-cdn.inside-graph.com https://connect.facebook.net https://fast.fonts.net https://gateway.zscaler.net; form-action 'self' https://*.meo.pt https://*.engagement.coremedia.cloud https://*.byside.com https://www.facebook.com https://connect.facebook.net https://gateway.zscaler.net; frame-ancestors 'self' https://en.meo.pt https://gateway.zscaler.net https://cinema.sapo.pt https://mag.sapo.pt; frame-src 'self' https://*.meo.pt https://*.engagement.coremedia.cloud https://stags.bluekai.com https://*.byside.com https://www.facebook.com https://*.figma.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://*.hcaptcha.com https://vars.hotjar.com https://*.inside-graph.com https://meo.speedtestcustom.com https://meoteste.speedtestcustom.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.youtube.com https://*.smark.io https://*.meo.velocidi.io https://*.doubleclick.net https://gateway.zscaler.net https://*.userway.org https://signet-spot.telecom.pt; img-src 'self' data: https:; media-src 'self' data: https://*.meo.pt https://gateway.zscaler.net; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/pkX84pGsGX/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud https://tags.bkrtx.com https://*.byside.com https://cdnjs.cloudflare.com https://cdn.evgnet.com https://*.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://*.hcaptcha.com https://*.hotjar.com https://*.inmobi.com https://*.inside-graph.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.serving-sys.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://p.smrk.io https://*.meo.velocidi.io https://u.heatmap.it https://www.clarity.ms https://mstat.acestream.net https://*.doubleclick.net https://connect.facebook.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://*.userway.org https://selo.confio.pt; style-src 'self' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud https://s3.amazonaws.com https://*.byside.com https://use.fontawesome.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://*.inside-graph.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://cdn.weglot.com https://fast.fonts.net https://gateway.zscaler.net https://*.userway.org https://selo.confio.pt; worker-src 'self' blob:; object-src 'none' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: * 4
default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://www.googletagmanager.com https://addsearch.com https://www.google-analytics.com https://www.googleanalytics.com https://*.outbrain.com https://snap.licdn.com https://assets.apollo.io https://www.redditstatic.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://analytics.tiktok.com https://connect.facebook.net https://j.6sc.co https://amplify.outbrain.com https://tr.outbrain.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hubspot.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://s8.searchcdn.com https://grid.is https://edge.fullstory.com https://www.comeet.co https://player.vimeo.com https://www.youtube.com https://apollo.io https://cdn.ampproject.org https://bugcrowd.com https://assets.bugcrowdusercontent.com https://www.google.com https://optimize.google.com https://www.googleoptimize.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://js.hscta.net https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://cta-service-cms2.hubspot.com https://tagmanager.google.com https://www.gstatic.com https://bat.bing.com https://*.omappapi.com https://widget.manychat.com https://app.calculatorstudio.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://app.addsearch.com https://*.cloudfront.net https://optimize.google.com https://www.comeet.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleoptimize.com https://*.omappapi.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; img-src 'self' https: data: blob:; connect-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://aplo-evnt.com https://api.ipstack.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://analytics.google.com https://www.google-analytics.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://ipv6.6sc.co https://analytics.tiktok.com https://dashboard.rapyd.net https://api.hubapi.com https://*.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.linkedin.oribi.io https://c.6sc.co https://edge.fullstory.com https://rs.fullstory.com https://secure.adnxs.com https://*.visualwebsiteoptimizer.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.omappapi.com https://app.vwo.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self' https://www.google.com https://grid.is https://www.rapyd.is; frame-src https://www.rapyd.net https://*.outbrain.com https://td.doubleclick.net https://aax-eu.amazon-adsystem.com https://www.facebook.com https://optimize.google.com https://www.google.com https://forms.hsforms.com https://grid.is https://www.rapyd.is https://www.comeet.co https://player.vimeo.com https://bugcrowd.com https://www.googleoptimize.com https://www.youtube.com https://apollo.io https://s-eu1.hscta.net https://no-cache.hubspot.com https://*.hs-sites-eu1.com https://*.hs-sites.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.googletagmanager.com https://app.calculatorstudio.co 4
frame-ancestors 'self' https://app.unbouncepreview.com https://app.unbounce.com https://learn.salfinc.com https://learn.self.inc; 4
default-src 'self' *.joinsmarty.com *.google.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.googlesyndication.com *.stripe.com *.trustpilot.com *.facebook.net *.facebook.com *.pinimg.com *.bing.com *.pinterest.com *.stripe.network *.clarity.ms cdn.ywxi.net *.gstatic.com *.trustedsite.com *.transactiongateway.com cdn.sitesasset.com smrty.s3.us-west-1.amazonaws.com smrty.s3.us-west-2.amazonaws.com smrty-qa.s3.us-west-1.amazonaws.com smrty-qa.s3.us-west-2.amazonaws.com smrty.s3-us-west-1.amazonaws.com smrty.s3-us-west-2.amazonaws.com smrty-qa.s3-us-west-1.amazonaws.com smrty-qa.s3-us-west-2.amazonaws.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.ladesk.com *.doubleclick.net *.shareasale.com *.shopify.com assets-global.website-files.com *.impact.com *.cloudfront.net *.awin.net *.awin.com *.bravodeal.com *.bravo-savings-network.com *.jquery.com *.digitaloceanspaces.com data: blob: 'unsafe-inline' 'unsafe-eval' *.amazon.com *.barcodelookup.com *.cookiepro.com *.here.com *.hereapi.com *.google.co.in *.ssl-images-amazon.com *.onetrust.com media.pepperjamnetwork.com *.sentry.io *.shipmentsfree.com www.googletagmanager.com ad.doubleclick.net www.advconversion.com *.taboola.com post.adgatemedia.com bat.bing.com conversions.clickmeter.com liquidpch.go2cloud.org s.yimg.com servetrack.go2cloud.org trends.revcontent.com e9lak.endtrk.com klaymedia.servecvr.com events.pushtrack.co www.groovast.com trk.shophermedia.net go.shetrack.com amplify.outbrain.com rtb.mfadsrvr.com tracking.lifestylejournal.com www.googleadservices.com *.playgamesnow.org www.drcvr.com *.mediago.io s.pinimg.com secco.servecvr.com tracking.propelmedia.com appfocus.go2cloud.org wsdk.rokt.com r.financebuzz.com static.ads-twitter.com pubads.g.doubleclick.net pushpros.go2cloud.org *.liadm.com www.steadyhop.com securetracking.adsprotection.com www.tp88trk.com f.cstpersl.com t1.anytrack.io imtrk.go2cloud.org ad.propellerads.com www.imcounting.com serve.popads.net www.pbterra.com www.chant3rm1.com eng.trkcnv.com *.dergoodting.com *.cvrdomain.com traktum.com cdn1.decide.dev restersu.info *.zeeto.io *.pixelitooo.com *.conversionpx.com f.fluadv.com track.adspostx.com *.free-shipments.com *.freeshipments.com *.getsmartrx.com *.getsmartyapp.com *.getsmartyoffers.com *.getsmartyplus.com *.getsmartysavings.com *.joinfreedelivery.com *.joinsmartyplus.com *.lapost.com *.nocostshipping.com *.savewithsmarty.com *.savingsforthesavvy.com *.shipmentfree.com *.shipmentprotection.com *.smartyaffiliates.com *.smartycashback.com *.smartycoins.com *.smartyestsavings.com *.smartymoneysavings.com *.smartyplus.net *.smartypremium.com *.try-smarty.com cdn.joinsmarty.com 4
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.convertexperiments.com https://cdn.attn.tv https://www.dropbox.com https://edge.fullstory.com https://rs.fullstory.com/rec/integrations https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.clarity.ms https://*.hotjar.com https://*.hotjar.io https://www.paypal.com/sdk/js https://www.paypalobjects.com https://*.newrelic.com https://*.nr-data.net https://www.paypal.com/tagmanager/pptm.js https://connect.facebook.net https://cdnjs.cloudflare.com/ajax/libs/lite-youtube-embed/0.3.2/lite-yt-embed.js; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdnjs.cloudflare.com/ajax/libs/lite-youtube-embed/0.3.2/lite-yt-embed.css; img-src * data:; font-src 'self' https://*.typekit.net https://*.hotjar.com; connect-src 'self' https://*.drivethrurpg.com https://api.drivethrurpg.com https://*.attn.tv https://events.attentivemobile.com https://www.dropbox.com/s/ https://*.dl.dropboxusercontent.com/ https://logs.convertexperiments.com/log https://*.metrics.convertexperiments.com https://api.dropboxapi.com https://edge.fullstory.com https://rs.fullstory.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.clarity.ms/collect https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.paypal.com/sdk/js https://*.paypal.com/xoplatform/logger/api/logger https://*.cloudfront.net https://*.nr-data.net https://*.newrelic.com https://*.vimeo.com https://*.vimeocdn.com https://*.tiktok.com https://*.tiktokcdn.com; media-src *; object-src 'none'; child-src 'self' https://*.drivethrurpg.com https://*.attn.tv https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://vars.hotjar.com https://*.cloudfront.net https://www.dropbox.com https://*.dl.dropboxusercontent.com/ https://*.youtube.com https://assets.braintreegateway.com https://*.paypal.com https://www.paypalobjects.com https://*.vimeo.com https://*.vimeocdn.com https://*.tiktok.com https://*.tiktokcdn.com https://www.youtube-nocookie.com; frame-ancestors 'self' https://*.drivethrurpg.com; report-uri https://api.drivethrurpg.com/rpc/vBeta/feedback/csp_report; report-to csp-reports-endpoint 4
default-src 'none'; child-src 'self' *.kaltura.com *.surveygizmo.com cdn.calconic.com insuranceservicesofficeinc.demdex.net; connect-src 'self' data: *.albacross.com *.brightcove.com *.commoninja.com *.crazyegg.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.kaltura.com *.kampyle.com *.linkedin.com *.optimizely.com *.srv.stackadapt.com *.xactware.com app.calconic.com bcbolt446c5271-a.akamaihd.net cdn-app.continual.ly cdn.calconic.com cdn.cookielaw.org dc.services.visualstudio.com dl.episerver.net dpm.demdex.net geolocation.onetrust.com google.co.in http://ad.doubleclick.net https://1752680588.rsc.cdn77.org https://adservice.google.com https://api.adblocking247.com https://api.aituria.com https://api.awesomeblocker.com https://app.continual.ly/ https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://s.yimg.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://wss-pr.continual.ly:6001 https://www.google.com.pr hubspot-forms-static-embed.s3.amazonaws.com manifest.prod.boltdns.net opreq.observepoint.com privacyportal.onetrust.com secure.adnxs.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net ws.hotjar.com; font-src 'self' data: *.cloudfront.net *.googleapis.com *.gstatic.com *.kaltura.com cdnjs.cloudflare.com dl.episerver.net vjs.zencdn.net; frame-src 'self' *.acast.com *.brightcove.net *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google.com *.gstatic.com *.kaltura.com *.kampyle.com *.maplecroft.com *.optimizely.com *.pardot.com *.readymag.com *.surveygizmo.com *.twitter.com *.youtube.com activitymap.adobe.com app.powerbi.com bloomberg.com capture.navattic.com cdn-app.continual.ly cdn.calconic.com datawrapper.dwcdn.net dl.episerver.net flo.uri.sh https://app.continual.ly/ https://open.spotify.com https://view.ceros.com insuranceservicesofficeinc.demdex.net lifedemo.shinyapps.io optimize.google.com player.vimeo.com public.tableau.com survey.alchemer.com td.doubleclick.net verisk.postclickmarketing.com www.buzzsprout.com www.google.com www.insurancejournal.tv www.youtube-nocookie.com; img-src 'self' data: *.air-worldwide.com *.albacross.com *.brightcove.com *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.linkedin.com *.maplecroft.com *.optimizely.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com *.youtube.com 6016449.global.siteimproveanalytics.io api.mapbox.com assets.adobedtm.com cdn.cookielaw.org cf-images.us-east-1.prod.boltdns.net cm.everesttech.net dl.episerver.net dpm.demdex.net https://sp.analytics.yahoo.com i.ytimg.com jumbe.zaius.com maps.gstatic.com optimize.google.com p.adsymptotic.com public.tableau.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net w3.poweradvocate.com www.google.co.uk www.google.com www.greatplacetowork.com www.gstatic.com; media-src 'self' blob: *.air-worldwide.com *.gstatic.com *.kaltura.com *.srv.stackadapt.com bcbolt446c5271-a.akamaihd.net dl.episerver.net manifest.prod.boltdns.net; script-src-elem 'self' 'unsafe-inline' *.albacross.com *.cave9tape.com *.cloudfront.net *.cookielaw.org *.facebook.com *.facebook.net *.g.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.licdn.com *.oktopost.com *.salesforceliveagent.com *.srv.stackadapt.com *.twitter.com *.xactware.com assets.adobedtm.com cdn-app.continual.ly cdn.calconic.com cdn.datatables.net cdnjs.cloudflare.com code.jquery.com dl.episerver.net https://cdn.optimizely.com https://okt.to https://s.yimg.com https://script.hotjar.com https://static.hotjar.com https://view.ceros.com img.en25.com js.monitor.azure.com maxcdn.bootstrapcdn.com siteimproveanalytics.com static.oktopost.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.albacross.com *.cave9tape.com *.cloudflare.com *.cloudfront.net *.commoninja.com *.cookielaw.org *.facebook.net *.fraudblocker.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.herbgreencolumn.com *.hsforms.com *.kaltura.com *.licdn.com *.linkedin.com *.maplecroft.com *.oktopost.com *.optimizely.com *.pardot.com *.readymag.com *.salesforceliveagent.com *.twimg.com *.twitter.com *.xactware.com *.youtube.com activitymap.adobe.com api-ssl.bitly.com az416426.vo.msecnd.net cdn-app.continual.ly cdn-assets-prod.s3.amazonaws.com cdn.calconic.com cdn.mouseflow.com cdnjs.cloudflare.com code.jquery.com dl.episerver.net geolocation.onetrust.com https://js.monitor.azure.com img.en25.com ionfiles.scribblecdn.ne js.hsforms.net js.monitor.azure.com maxcdn.bootstrapcdn.com optimize.google.com player.vimeo.com players.brightcove.net public.flourish.studio public.tableau.com s1065293013.t.eloqua.com script.crazyegg.com secure.leadforensics.com siteimproveanalytics.com unpkg.com vjs.zencdn.net www.buzzsprout.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com cdn-app.continual.ly cdn.jsdelivr.net dl.episerver.net https://app.continual.ly/css/gekr8k83y6vw/custom.css; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com cdn-app.continual.ly cdn.jsdelivr.net cdnjs.cloudflare.com dl.episerver.net optimize.google.com unpkg.com; script-src-attr 'unsafe-inline' *.srv.stackadapt.com *.xactware.com; report-to stott-security-endpoint;report-uri https://www.verisk.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 4
default-src 'none'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; webrtc 'block'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; require-trusted-types-for 'script'; trusted-types 'none' 4
frame-ancestors 'self' https://builder.io; 4
frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl http://*.ben.nl https://*.ben.nl https://app.storyblok.com https://internet.odido.nl http://*.odido.nl https://*.odido.nl 4
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.xilo.net/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 4
default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src www.linkedin.com disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com static.cloudflareinsights.com ajax.cloudflare.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 4
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com *.firestonecompleteautocare.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.firestonecompleteautocare.com *.tiktok.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.io *.hotjar.com *.bing.com *.beamery.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.adroll.com *.sprinklr.com; img-src * data: blob: ; connect-src *; frame-src *;  media-src 'self' *.sprinklr.com blob:;  font-src 'self' fonts.bridgestoneresources.com data: 4
frame-ancestors 'self' www.cv.ee cv.ee www.cv.lv cv.lv www.prakse.lv prakse.lv https://www.fritz-henkel.com https://fritz-henkel.com dm.henkel-dam.com; 4
connect-src 'self' https://segment-api.ethoslife.com https://api.stage.ethoslife.com https://www.ethoslife.com https://api.ethoslife.com https://browser-intake-datadoghq.com https://io.ethoslife.com https://*.ethoslife.com wss://io.ethoslife.com https://www.getethos.com https://api.getethos.com https://io.getethos.com wss://io.getethos.com https://*.ar1d.net https://*.segment.io https://*.bing.com https://*.fullstory.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://google.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://boards-api.greenhouse.io https://api.stripe.com https://*.launchdarkly.com https://*.adroll.com https://*.pinterest.com https://*.katch.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://d2m2wsoho8qq12.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.ar1d.net https://*.optimizely.com https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://*.ethos.com wss://*.ethos.com https://rum-http-intake.logs.datadoghq.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com/ https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://*.userway.org https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://hello.staticstuff.net https://win.staticstuff.net https://*.transcend.io https://late-glade-2372.tines.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://gum.criteo.com; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.userway.org blob: https://*.transcend.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stage.ethoslife.com https://acdn.adnxs.com https://*.ethoslife.com https://*.getethos.com https://*.netlify.com https://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://*.segment.com https://*.bing.com https://*.fullstory.com https://fullstory.com https://*.taboola.com https://*.linkedin.com https://*.licdn.com https://js.stripe.com https://*.quora.com https://*.adroll.com https://*.pinimg.com https://aa.agkn.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://*.cloudfront.net https://*.katch.com https://js.driftt.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.optimizely.com https://assets.customer.io http://tagmanager.google.com/debug http://www.googletagmanager.com https://optimizely.s3.amazonaws.com/ https://*.hotjar.com https://www.datadoghq-browser-agent.com/datadog-rum-us.js https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://vt.myvisualiq.net https://px.airpr.com/airpr.js https://cdn.pbbl.co https://*.userway.org https://amplify.outbrain.com https://tr.outbrain.com https://*.segment.com https://*.segment.io https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://hello.staticstuff.net https://win.staticstuff.net https://cdn.riskid.security https://*.transcend.io/ https://www.youtube-nocookie.com/ https://unpkg.com/netlify-cms@%5E2.0.0/dist/netlify-cms.js https://media-library.cloudinary.com https://websitevisitorleads.com https://*.pinterest.com https://*.ethos.com https://dynamic.criteo.com; object-src 'self'; frame-src 'self' https://www.googletagmanager.com https://stage.ethoslife.com https://agents.stage.ethoslife.com https://agents.ethoslife.com https://quote-widget.ethoslife.com https://quote-widget.getethos.com https://*.facebook.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com/ https://js.stripe.com https://d2m2wsoho8qq12.cloudfront.net/ https://hooks.stripe.com https://ethslf.com https://player.vimeo.com https://fast.wistia.net https://www.quotelab.com https://t1.webbconnected.com https://www.emjcd.com https://cj.dotomi.com https://www.mailtrck.com https://www.trcknow.com https://pranwtr.com https://gztkr.mobi https://prformc.com https://www.authoritytrcker.com https://315track.com https://js.driftt.com https://share.intercom.io https://*.optimizely.com https://vars.hotjar.com https://cdn.pbbl.co https://cloudinary.com/ https://console.cloudinary.com/ https://*.userway.org https://www.xol82trk.com https://hackerone.com https://*.transcend.io https://ct.pinterest.com/ https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net; font-src 'self' data: https://*.gstatic.com https://js.intercomcdn.com https://script.hotjar.com https://*.userway.org; img-src 'self' data: http://www.google-analytics.com http://bat.bing.com https://res.cloudinary.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.ca https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.bing.com https://*.yahoo.com https://*.googletagmanager.com https://*.taboola.com https://*.linkedin.com https://create.leadid.com https://data.adxcel-ec2.com https://*.pinterest.com https://*.adroll.com https://*.twitter.com https://*.reddit.com https://*.quora.com https://click.clktraker.com https://pinterest.adsymptotic.com https://*.bluekai.com https://*.rlcdn.com https://*.adnxs.com https://*.nextinsure.com https://*.digitru.st https://*.sharethrough.com https://*.quotelab.com https://*.shmktpl.com https://*.bizographics.com https://*.openx.net https://*.bidswitch.net https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.outbrain.com https://eb2.3lift.com https://fcmatch.youtube.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://track.customer.io/ https://*.segment.io https://*.hotjar.com https://t.myvisualiq.net https://tapestry.tapad.com https://loadus.exelator.com https://dpm.demdex.net https://dpx.airpr.com https://pixel.pointmediatracker.com/ https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://*.userway.org https://tr.outbrain.com https://pixel.videohub.tv https://rp.liadm.com https://analytics.tiktok.com https://data.adxcel-ec2.com https://i.ytimg.com/; media-src 'self' https://js.intercomcdn.com https://*.userway.org https://res.cloudinary.com; default-src 'self'; worker-src 'self' https://www.datadoghq-browser-agent.com/datadog-rum-v4.js; frame-ancestors https://agents.ethoslife.com; 4
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sentry-cdn.com *.callrail.com *.calltrk.com fast.wistia.com googleads.g.doubleclick.net *.marketo.net *.nitroscripts.com nitroscripts.com *.linkedin.com *.licdn.com *.ads-twitter.com *.cloudflareinsights.com *.googletagmanager.com *.gstatic.com *.google.com *.youtube.com *.wellsky.com; 4
base-uri 'none'; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://dpm.demdex.net https://kbc.symex.be https://uat.serversidegraphics.com https://uk.personalcard.net https://www.facebook.com https://*.contentsquare.net https://admp-tc-mediahuis.adtlgc.com https://es6-elasticapm.kbc.be https://es6-elasticapm-a.kbc.be https://*.contentsquare.net https://onesignal.com https://*.googleapis.com https://www.google.com https://adservice.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.adobe.com https://viewlicense.adobe.io https://*.adobedc.net https://adobedc.demdex.net; child-src 'self' blob: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/ https://*.adobedc.net; default-src 'self'; font-src 'self' data: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbcgroup.com https://*.kbc-group.com https://*.kbcgroup.eu https://*.adobe.com; frame-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/ https://documentservices.adobe.com/; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.contentsquare.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://*.adobemc.com https://action.metaffiliation.com https://*.instagram.com https://scontent.cdninstagram.com https://cbc.azureedge.net https://cm.everesttech.net https://csi.gstatic.com https://*.linkedin.com https://dpm.demdex.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://*.googleapis.com https://maps.gstatic.com https://mba.azureedge.net https://mbj.azureedge.net https://pixel.everesttech.net https://scomcluster.cxense.com https://secure.adnxs.com https://t.co https://touch.azureedge.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.be https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://img.youtube.com https://*.truste.com https://*.trustarc.com https://cdn.publish.macrobond.net https://*.cxense.com https://*.contentsquare.net https://refini.tv https://product.datastream.com; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cbc.azureedge.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://touch.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kbc-group.com https://*.24plus.be https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://*.instagram.com https://scontent.cdninstagram.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://*.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://snap.licdn.com https://static.ads-twitter.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.google.com/pagead/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://t.contentsquare.net https://contentsquare.com https://code3.adtlgc.com https://*.trustarc.com https://*.truste.com https://*.cxense.com https://shared.mediahuis.be https://t.contentsquare.net https://contentsquare.com https://*.contentsquare.com https://player.hihaho.com/ https://documentservices.adobe.com/ https://uk.personalcard.net; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://cdn.tt.omtrdc.net https://*.googleapis.com https://uk.personalcard.net; manifest-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cdn.tt.omtrdc.net https://*.googleapis.com; worker-src 'self' blob:;  4
frame-ancestors 'self' *.backushospital.org  *.charlottehungerford.org  *.ctorthoinstitute.org  *.ctorthomidstate.org  *.ctorthostvincents.org  *.hartfordhealthcare.org  *.hartfordhealthcare.org  *.hartfordhealthcareathome.org  *.hartfordhealthcaremedicalgroup.org  *.hartfordhealthcarerehabnetwork.org  *.hartfordhospital.org  *.hartfordhospital.org  *.hhcandme.com  *.hhcbehavioralhealth.org  *.hhcconnect.com  *.hhcconnect.net  *.hhcconnect.org  *.hhchealth.com  *.hhchealth.net  *.hhchealth.org  *.hhcseniorservices.org  *.hhcsystem.org  *.instituteofliving.org  *.integratedcarepartners.org  *.midstatemedical.org  mychartplus.org *.mychartplus.org  *.natchaug.org  *.rushford.org  *.stvincents.org  *.thocc.org 4
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:  blob:; 4
base-uri 'self';manifest-src 'self' https://myownconference.com https://cdn.myownconference.com;default-src 'self';connect-src 'self' https://cdn.myownconference.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.myownconference.com https://client.crisp.chat;img-src 'self' data: https://cdn.myownconference.com https://image.crisp.chat;style-src 'self' 'unsafe-inline' https://cdn.myownconference.com https://client.crisp.chat;font-src 'self' data: https://cdn.myownconference.com https://client.crisp.chat;object-src 'self';frame-src 'self' https://support.myownconference.com;frame-ancestors 'self';form-action 'self';upgrade-insecure-requests 4
frame-ancestors self; 4
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 4
frame-ancestors 'self' https://*.sdcounty.ca.gov:*; 4
frame-ancestors 'self' https://uad.sonera.fi/ https://*.f-secure.com; 4
default-src 'self' data: https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net https://consentcdn.cookiebot.com https://consent.cookiebot.com http://localhost:* ws://localhost:*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://as.stock3.com https://track.adform.net https://s1.adform.net https://s2.adform.net https://code.createjs.com https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://feed.goldencross.de https://cdn.adspirit.de https://kerlundcie.adspirit.de https://ad.doubleclick.net https://s0.2mdn.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.googletagservices.com; connect-src https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net http://localhost:* ws://localhost:* https://track.adform.net https://googleads4.g.doubleclick.net https://pagead2.googlesyndication.com https://ade.googlesyndication.com; style-src 'unsafe-inline' 'self' https://is.stock3.com https://data.boerse-go.de https://api.stock3.com https://s1.adform.net https://s2.adform.net https://fonts.googleapis.com; frame-src https://account.stock3.com 'self' https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://modules.wikifolio.com https://tradematch.sgmarkets.com https://open.spotify.com https://embed.podcasts.apple.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://c1.adform.net https://cdn.adspirit.de https://s0.2mdn.net https://tpc.googlesyndication.com https://c.bannerflow.net; img-src 'self' https: data: *.googleusercontent.com http://localhost:* ws://localhost:*; font-src 'self' https://fonts.gstatic.com 4
default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data:; worker-src * blob:; frame-ancestors 'self' https://a.cms.omniupdate.com; 4
script-src 'self'; 4
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://recaptcha-staging.corp.google.com/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/allowlist;base-uri www.google.com 4
upgrade-insecure-requests;         default-src 'self'             https://*.canadalife.com;         connect-src 'self'             https://*.canadalife.com             https://*.greatwestlife.com             https://www.google-analytics.com             https://pdx-col.eum-appdynamics.com             https://greatwestlife.sc.omtrdc.net             https://dpm.demdex.net             https://maps.googleapis.com             https://greatwestlife.tt.omtrdc.net             https://*.fls.doubleclick.net             https://stats.g.doubleclick.net             https://*.qualtrics.com             https://*.tt.omtrdc.net             https://analytics.google.com              https://ct.pinterest.com             https://*.force.com             https://*.salesforce-sites.com             https://*.salesforce.com             https://*.salesforceliveagent.com             https://*.mouseflow.com             https://edge.adobedc.net             https://analytics.tiktok.com             https://*.onetrust.com             https://cdn.cookielaw.org             https://pagead2.googlesyndication.com;         script-src 'self' 'unsafe-eval';        script-src-attr 'unsafe-hashes'             'sha256-s03MppK+yldqebQIUHl/a3rnlThCtQkSXSmmZOF3+F4='             'sha256-8lDeP0UDwCO6/RhblgeH/ctdBzjVpJxrXizsnIk3cEQ=';         script-src-elem 'self'             'sha256-rxbB0dwoVgxFLovO+2QdlowWXjNRQqQ2N+l1eql3idk='             'sha256-FBNK2rdRWFlHdRsYGZZBmuYu5+CkAl+Wn1JoYWqrksM='             'sha256-F4BYc9lsI/Vrx9C9i80ixfUTjvillF19Ozmb78mybec='             'sha256-AQOwIQfwXmjGkJa3okk527EAh1ebFJRpTTZl+5jRXbY='             'sha256-g2Pta/3ikSvMxquiOYn0GW46rWdTYOpxkQZQy4WkDmg='             'sha256-KoHyQmm+D9hBDaBTR6+gxOIONQBIayKMbpsmhIC1btA='             'sha256-aPmuEA+YTJeUe5vchynnoiv3QTQuOLlWWoFTWMZ0g1g='             'sha256-qLzKpw2YpqphcZ2dUfDq+nZ5lHCEZFVVMQAG3QzDYFs='             'sha256-mpui/uSvBk50FoZaT31+E4TDh6X31gDoxHjIJDzRJZg='             'sha256-77v6+Y2oUkIbs8c4pNz/22z+7s+raZVjnYoWAy3n340='             'sha256-E7YCGQ5MRgDfOE83WCZrO5WMF47b8DMQrCCUsSG4BZA='             'sha256-7sAcIrWL0oWh2ze3yV6tqz1RbnGmqhIx1Qus9jRracQ='             'sha256-M+nrL1i0jyqg3asaQwtMrGR3HewAhiK/bpVvlDbxPVA='             'sha256-2w2VuPWkQ3e1VTwZBpAMJr/J8SGDI2TAq/lDdYX5rCM='             'sha256-QmTlplZrwxtcIjf0Qw5pH3wwugda+oguLrKTkvZcEZg='             'sha256-c/UuTsNI4PzkW3h2TEBTba6cHzrxCGLRLm7e7JFOMTA='             'sha256-iyqTc3hqwkLOBdzXfypaUKkfBjoe6ISFWFJymJlkhi0='             'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg='             'sha256-6vmJe+REQ2uvXdOcmOA0gV2Ghe2w9VIMFQMDJ6mfiIY='             'sha256-djABxqtTxWmFtje0qzMk5v6m47EuSHXoA7G6ISvWRcM='             'sha256-IkjtHJi30pQL4HJunVbbOb0eddxKbzQS73A/uLX1dxc='             'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg='             'sha256-sjwHEvEEd6LOECfafoaXLp4pSwGYpxKixkV7uzUd1mI='             'sha256-hUAVVCKUCsvj/NRR8gA7De+28k1VzMT2WZInYuEgow4='             'sha256-Hts4iOCYzEeuX6rdSp2aiZrU4RwBn9aQiN5om8ue+WU='             'sha256-myEuPW+nKtNfz374HWMHz0UGYwyue8KuWk8jIG/3GeQ='             'sha256-47hygcsCeuaz/wFDcfGceDzFRbsMCTKLzIipw5aiGI4='             'sha256-y4f9W+6dx+NJrSoXaIp4Z68xghYiTAOTKAc+aAakarg='             'sha256-Nj9ZkTPsRdNRP79R2LmmJ6tqxvZLVGv/R2HV0/4hAuM='             'sha256-VSXobtrxfF6D1p+BtC9xltlwQmAVWcyRIJuSFJqFdSQ='             'sha256-UslN52emMX/WzG5xOZW4SSmhTC38p8AM6nfHugezhSI='             https://*.canadalife.com             https://assets.adobedtm.com             https://cdn.appdynamics.com             https://www.google-analytics.com/analytics.js             https://connect.facebook.net/en_US/fbevents.js             https://connect.facebook.net/signals/             https://*.qualtrics.com             https://dpm.demdex.net             https://ad.doubleclick.net             https://*.fls.doubleclick.net             https://snap.licdn.com             https://static.ads-twitter.com             https://analytics.twitter.com             https://px.ads.linkedin.com             https://secure.adnxs.com             https://maps.googleapis.com/maps/             https://maps.googleapis.com/maps-api-v3/             https://play.vidyard.com             https://p.adsymptotic.com             https://www.googletagmanager.com/gtag/             https://mboxedge35.tt.omtrdc.net             https://s.pinimg.com/ct/             https://ct.pinterest.com             https://googleads.g.doubleclick.net             https://bat.bing.com/bat.js             https://bat.bing.com/p/action/11042675.js             https://bat.bing.com/p/insights/t/11042675             https://www.googleadservices.com             https://analytics.google.com             https://*.force.com             https://*.salesforce.com             https://*.salesforce-sites.com             https://*.salesforceliveagent.com             https://*.mouseflow.com             https://www.gstatic.com             https://www.google.com/recaptcha/enterprise.js             https://www.redditstatic.com/ads/pixel.js             https://analytics.tiktok.com             https://cdn.cookielaw.org             https://embed.myadvocado.com             https://canada-life.gitlab.io;         style-src 'self' blob: 'unsafe-inline'             https://*.canadalife.com             https://*.vidyard.com             https://*.qualtrics.com             https://*.force.com             https://*.salesforce-sites.com             https://fonts.googleapis.com;         img-src 'self' data:             https://*.canadalife.com             https://*.ggpht.com             https://*.googleapis.com/             https://greatwestlife.sc.omtrdc.net             https://greatwestlife.tt.omtrdc.net             https://www.facebook.com             https://*.qualtrics.com             https://cm.everesttech.net             https://*.fls.doubleclick.net             https://maps.googleapis.com             https://px.ads.linkedin.com             https://www.linkedin.com             https://ad.doubleclick.net             https://secure.adnxs.com             https://analytics.twitter.com             https://p.adsymptotic.com             https://adservice.google.com/ddm/             https://adservice.google.ca/ddm/             https://dpm.demdex.net             https://maps.gstatic.com             https://*.vidyard.com             https://*.qualtrics.com             https://www.google.ca/ads/             https://www.google.com/ads/             https://www.google-analytics.com             https://www.google.com/pagead/             https://www.google.ca/pagead/             https://www.googletagmanager.com             https://t.co             https://s.pinimg.com/ct/             https://ct.pinterest.com             https://bat.bing.com             https://*.force.com             https://*.salesforce-sites.com             https://ca-gmtdmp.mookie1.com             https://cdn.cookielaw.org             https://alb.reddit.com             https://www.redditstatic.com;         font-src 'self' data:             https://*.canadalife.com             https://fonts.googleapis.com             https://fonts.gstatic.com             https://*.qualtrics.com             https://*.vidyard.com;         frame-src 'self'             https://play.vidyard.com             https://*.qualtrics.com             https://www.youtube.com             https://www.pinterest.com             https://gwl.demdex.net             https://*.force.com             https://www.google.com             https://td.doubleclick.net             https://ct.pinterest.com             https://embed.myadvocado.com;         child-src             https://*.canadalife.com             https://*.qualtrics.com             https://greatwestlife.sc.omtrdc.net             https://greatwestlife.tt.omtrdc.net;         object-src 'none';         base-uri 'none'; 4
upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com https://eu-dg.knowmax.ai; 4
default-src 'self' *.crazyegg.com *.survale.com; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self' https://www.youtube.com https://www.youtube.com/iframe_api https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.recaptcha.net/ *.crazyegg.com https://static.survale.com/ext/survey.js https://www.google.com/recaptcha/ https://polyfill.io/v3/ https://www.clarity.ms/  https://www.googleadservices.com/ https://api.ipify.org/ https://www.recaptcha.net/ https://play.vidyard.com/ http://www.gstatic.cn https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://cdn.syndication.twimg.com/ https://www.marvell.com/ https://script.crazyegg.com/ https://connect.facebook.net/ https://static.addtoany.com/ https://blogs.marvell.com/ https://s.go-mpulse.net/ https://cdn.cookielaw.org/ https://platform.twitter.com/ https://www.google-analytics.com/ https://scripts.demandbase.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.cookielaw.org/scripttemplates/6.1.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.youtube.com https://px.ads.linkedin.com https://maxcdn.bootstrapcdn.com assets.adobedtm.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ *.googleapis.com https://ajax.googleapis.com https://code.jquery.com https://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js  https://ajax.googleapis.com/ajax/libs/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://cdnjs.cloudflare.com/ajax/libs/  *.modern.min.js; connect-src 'self' data: https://geolocation.onetrust.com/ https://app.survale.com/v0/site-settings/1713989634000 https://play.vidyard.com/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location *.clarity.ms/collect *.crazyegg.com *.marvell.com *.akamaihd.net/ *.akstat.io/ https://tracking.crazyegg.com/ https://c.go-mpulse.net/ https://px.ads.linkedin.com https://analytics.google.com/ https://script.crazyegg.com/ https://ajax.googleapis.com/ajax/libs/ https://marvell.wd1.myworkdayjobs.com  https://segments.company-target.com *.js.erb https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.google-analytics.com *.omtrdc.net *.demdex.net; img-src 'self' data: *.clarity.ms/ *.crazyegg.com https://thumbs.bfldr.com/ https://www.facebook.com/ https://static.survale.com/survale-logo-black.png https://static.survale.com/ext/assets/graphics/outlines/drop-shadow.png https://static.survale.com/ext/assets/graphics/zoomout.cur https://static.survale.com/ext/assets/graphics/loader.white.gif https://static.survale.com/ext/assets/feedback-buttons/feedback-button-red.png https://static.survale.com/image-uploads/ *.survale.com https://play.vidyard.com/ https://cdn.vidyard.com/ https://i.ytimg.com/ https://marvellsemiconductorprod.112.2o7.net/ *.marvellsemiconductoroneportal.112.2o7.net/ https://blogs.marvell.com/ https://static.addtoany.com/ https://marvell-uat-65.adobecqms.net/ https://syndication.twitter.com/  https://cdn.cookielaw.org/ https://ton.twimg.com/tfw/css/ https://i.vimeocdn.com/  https://pbs.twimg.com/ https://marvellsemiconductorstage.112.2o7.net/ https://platform.twitter.com/css/ https://pbs.twimg.com/card_img/ https://cdn.brandfolder.io https://p.adsymptotic.com https://www.linkedin.com https://img.youtube.com https://match.prod.bidr.io/cookie-sync/demandbase https://id.rlcdn.com/464526.gif https://segments.company-target.com/ https://px.ads.linkedin.com/ https://match.prod.bidr.io https://www.google.com https://www.google.co.in https://www.google-analytics.com *.everesttech.net *.demdex.net *.omtrdc.net; style-src 'self' 'unsafe-inline' https://blogs.marvell.com/ https://ton.twimg.com/tfw/css/ https://platform.twitter.com/css/ https://platform.twitter.com/css/ https://static.survale.com/ext/assets/survale.min.css https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com  https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css; font-src 'self' https://blogs.marvell.com/ https://www.marvell.com/ https://player.vimeo.com/ https://cdnjs.cloudflare.com/ajax/ https://cdnjs.cloudflare.com/* data:; frame-src 'self' https://player.vimeo.com/ https://www.facebook.com/ https://platform.twitter.com/ *.demdex.net *; 4
default-src  'self'; img-src  'self'; script-src  'self' 'unsafe-inline'; object-src  'self'; style-src  'self' 'unsafe-inline'; 4
default-src https://prod.author.ncssg-prod.magnolia-platform.io https://prod.public.ncssg-prod.magnolia-platform.io https://prod.public-0.ncssg-prod.magnolia-platform.io https://prod.public-1.ncssg-prod.magnolia-platform.io https://olivia.paradox.ai https://ncs.co https://ncs.com.cn https://ncs.com.sg https://www.ncs.co http://newprd1.ncs.com.cn http://newprd2.ncs.com.cn https://stg.paradox.ai; style-src https://static.smartrecruiters.com https://fonts.googleapis.com 'self' 'unsafe-inline';script-src 'nonce-MTc1NzU2OTA5NGVu' 'strict-dynamic'; img-src 'self' https://rmkcdn.successfactors.com https://ncs.co http://www.ncs.co https://loadus.exelator.com https://ib.adnxs.com https://i.ytimg.com https://dpm.demdex.net https://sync-tm.everesttech.net https://www.googletagmanager.com https://sync.crwdcntrl.net https://match.adsrvr.org https://cm.g.doubleclick.net https://ps.eyeota.net https://www.linkedin.com https://track.hubspot.com https://forms.hsforms.com https://ml314.com https://dokumfe7mps0i.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com.vn https://syndication.twitter.com 'self' data:; connect-src 'self' https://www.google.com  https://www.googleadservices.com https://adservice.google.com https://js.hs-banner.com https://forms.hscollectedforms.net wss://ws.paradox.ai https://dokumfe7mps0i.cloudfront.net https://stats.g.doubleclick.net https://analytics.google.com https://analytics.tiktok.com https://px.ads.linkedin.com https://www.google-analytics.com https://olivia.paradox.ai https://stg.paradox.ai;frame-src https://cloud.e.au.ncs.co https://www.youtube-nocookie.com https://open.spotify.com https://www.google.com https://insight.adsrvr.org 'self' https://td.doubleclick.net https://www.youtube.com https://youtube.com/ https://platform.twitter.com https://www.facebook.com https://web.facebook.com;frame-ancestors 'self';font-src 'self' https://dokumfe7mps0i.cloudfront.net https://fonts.gstatic.com data:;report-to https://prod.author.ncssg-prod.magnolia-platform.io/;script-src-elem 'nonce-MTc1NzU2OTA5NGVu' 'strict-dynamic' 'self' https://www.ncs.co; 4
object-src 'none'; base-uri 'self'; frame-ancestors 'self' 4
default-src 'none'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; connect-src 'self' https:; media-src *.kaltura.com blob: data:; worker-src blob: 4
frame-ancestors *.acuitybrandslighting.net *.acuitybrands.com *.acuitybrands.ca *.acuitybrands.com.mx *.acuitybrandstoronto.com *.besalfund.org *.dglogik.com *.distech-controls.com *.eldoled.com *.iotaengineering.com *.ke2therm.com *.luminis.com *.mcclungfoundation.org; 4
frame-src 'self' yandex.ru *.yandex.ru cdn.flipsnack.com *.bilimwave.kz *.bilimal.kz *.pscloud.io *.vimeo.com *.object.pscloud.io *.officeapps.live.com *.mycollege.kz *.citorleu.kz *.cit-orleu.kz *.youtube.com *.google.com *.e-daryn.kz *.elumiti.kz *.fpp.kz *.2gis.com portal.kundelik.kz; frame-ancestors http: https: ionic: ; script-src 'unsafe-inline' 'unsafe-eval' * blob:; worker-src 'self' blob:; object-src 'self' cdn.flipsnack.com *.bilimal.kz *.pscloud.io *.object.pscloud.io *.officeapps.live.com *.mycollege.kz *.citorleu.kz *.cit-orleu.kz *.youtube.com *.google.com *.e-daryn.kz *.elumiti.kz *.fpp.kz portal.kundelik.kz *.vimeo.com; default-src * data: 'unsafe-eval' 'unsafe-inline'; 4
default-src https:  wss://*.hotjar.com wss://*.qualified.com; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self' *.experityhealth.com; frame-src data: https:; media-src blob: data: https:; object-src 'self' blob:; worker-src blob: 'self'; child-src blob:; upgrade-insecure-requests; 4
font-src 'self' themes.googleusercontent.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 4
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: tel:; frame-ancestors 'self' https://*.glgresearch.com; frame-src 'self' *.buzzsprout.com https://*.marketo.com https://*.mktoresp.com https://*.google.com https://*.doubleclick.net https://*.zoominfo.com https://www.googletagmanager.com https://player.vimeo.com *.youtube-nocookie.com *.youtube.com *.greenhouse.io; report-uri https://external-webhooks.glgresearch.com/content-security-policy-logs/; 4
frame-ancestors 'self' *.umcchurches.org https://trinityoran.org https://enfieldum.org https://canaanum.org https://umclowell.org http://wesleychapelumcreidsville.org https://thearisenetwork.net https://indioumc.org https://sshpumc.org https://www.graceumcmesa.org https://everettumc.org https://unitedchurchofthetford.org https://zionumchurch.com 4
default-src 'self' http://*.jwpcdn.com; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://*.jwpcdn.com http://*.googleapis.com http://*.googletagservices.com; style-src 'self' 'unsafe-inlin