Values for content-security-policy: upgrade-insecure-requests 16,868 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 13,205 frame-ancestors 'self' 7,626 upgrade-insecure-requests; 6,783 block-all-mixed-content 3,179 frame-ancestors 'self'; 2,732 block-all-mixed-content; 1,576 frame-ancestors 'none' 1,157 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 1,062 report-to network-errors 743 frame-ancestors 'none'; 734 frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data: blob:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 674 frame-ancestors 'self' ; 447 default-src https: data: 'unsafe-inline' 'unsafe-eval' 381 frame-ancestors 'self' https://*.ally.ac; 366 311 report-uri /report-csp-violation 296 object-src 'none' 237 frame-ancestors 'self' godaddy.com *.godaddy.com 228 default-src * data: 'unsafe-eval' 'unsafe-inline' 207 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 154 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 150 frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 135 frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com 132 default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 125 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 118 frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 103 frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 98 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob: wss://realtimeeventfeeds.viafoura.co wss://sub.viafoura.co; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 96 upgrade-insecure-requests; frame-ancestors 'self' 96 frame-ancestors * 94 default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 91 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 90 default-src 'none' 85 report-uri /report-csp-violation; upgrade-insecure-requests 82 frame-ancestors 'self'; upgrade-insecure-requests 81 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 80 frame-ancestors 'self' https://explore.oracle.com https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com 78 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 77 self 70 script-src 'self' 69 default-src 'self' http: https: data: blob: 'unsafe-inline' 66 * 65 img-src 'self' *.twimg.com *.twitter.com img.youtube.com *.s3waas.gov.in secure.gravatar.com maps.gstatic.com maps.googleapis.com data:;connect-src 'self' *.s3waas.gov.in maps.googleapis.com www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 64 frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 63 img-src https: data:; upgrade-insecure-requests 63 ; 62 frame-ancestors about: 'self' 60 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 59 default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 54 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 53 default-src 'self' 'unsafe-inline' 51 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 50 frame-ancestors 'self' https://cms.scrippsdigital.com 50 default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://api.mapbox.com https://*.tiles.mapbox.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 49 default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 49 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 48 frame-ancestors 'self' cambuilder.com *.cambuilder.com sexroulettelive.net *.sexroulettelive.net cambb.xxx *.cambb.xxx camdevils.com *.camdevils.com camutik.com *.camutik.com camjab.com *.camjab.com; report-uri /api/csp-report; 48 default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://*.actions.githubusercontent.com github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 48 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 48 default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 47 frame-ancestors 'self' cloudlogin.co *.cloudlogin.co; 45 default-src 'self'; connect-src *.g.doubleclick.net 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com; font-src 'self' https://fonts.gstatic.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com; media-src 'none'; object-src 'none'; script-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com optimize.google.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 44 default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 44 frame-ancestors 'self' https://webvisor.com https://mc.yandex.ru https://yastatic.net 44 base-uri 'self';default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';form-action * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';report-uri /post_report/;report-to default; 43 frame-ancestors 'self' http://webvisor.com 42 frame-ancestors 'self' *.google.com *.googleusercontent.com 41 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 40 base-uri 'self' 40 child-src * blob: 38 sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 37 default-src 'self' 37 default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 37 upgrade-insecure-requests; block-all-mixed-content 36 block-all-mixed-content; upgrade-insecure-requests; 36 default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 36 default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 36 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 35 frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 35 base-uri 'self'; 35 default-src 'self' 'unsafe-inline' https://park.101datacenter.net https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 35 default-src * 'unsafe-inline' 'unsafe-eval' https: http: data: blob: 35 frame-ancestors 'self' *.plentymarkets-cloud-de.com 35 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org *.nk-img.com *.exoclick.com *.exosrv.com *.realsrv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com cdn.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.gtflixtv.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net; 34 frame-ancestors 'self' azeu.marketing.adobe.com 34 frame-ancestors 'self' https://*.sitewrench.com https://*.speakcreative.com 34 default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 33 upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self' 33 frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com https://tools.jll.com https://journeys.jll.com https://qa-journeys.jll.com; 32 upgrade-insecure-requests; block-all-mixed-content; 31 frame-ancestors 'self' asia.espn.com:* asia.espnqa.com:* *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com https://*.espn.com:* 30 default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 30 frame-ancestors 'self' https://*.adobe.com https://*.navisperformance.com 30 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 29 frame-ancestors 'self' www.bookends.info *.bookends.info 28 script-src 'unsafe-inline' 'unsafe-eval' http: https: 28 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com accounts.google.com widget.helpcrunch.com connect.facebook.net stats.pusher.com secure.payu.com script.hotjar.com static.hotjar.com chat.dropped.net.pl js.pusher.com;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com accounts.google.com chat.dropped.net.pl; 28 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 28 default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net storage.googleapis.com scribit-pro-hosting.storage.googleapis.com scribit-pro.storage.googleapis.com app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; 28 default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.teststagram.com *.instagram.com static.cdninstagram.com *.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com *.teststagram.com static.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self' *.teststagram.com wss://edge-chat.instagram.com connect.facebook.net;font-src *.facebook.com data: fonts.gstatic.com *.fbcdn.net *.instagram.com *.teststagram.com static.cdninstagram.com *.intern.facebook.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com www.gstatic.com *.fbsbx.com android-webview-video-poster: *.giphy.com *.teststagram.com *.igsonar.com *.google-analytics.com *.whatsapp.net;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com *.giphy.com cdn.fbsbx.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;block-all-mixed-content;upgrade-insecure-requests; 26 script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist 26 upgrade-insecure-requests;connect-src * 26 default-src 'self'; 26 report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.hsadspixel.net *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com *.stripe.com *.artfut.com cookies.onetrust.com geolocation.onetrust.com cdn.cookielaw.org optanon.blob.core *.youtube-nocookie.com *.fospha.com *.shorthand.com *.shorthandstories.com *.clarity.ms *.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net *.pardot.com sc-static.net *.tiktok.com *.snapchat.com *.ibytedtos.com *.arabclicks.com js.hsadspixel.net *.usemessages.com *.go-mpulse.net t1.daumcdn.net bc.ad.daum.net wcs.naver.net www.googleoptimize.com assets.app.smart-tribune.com www.teachingenglish.org.uk/ snap.licdn.com/li.lms-analytics/insight.min.js https://bccdn.azureedge.net/product-finder/pf-bundle.js region1.google-analytics.com region1.analytics.google.com *.hs-analytics.net *.hs-banner.com https://js-eu1.hsleadflows.net/leadflows.js hsforms.net *.hsforms.net; 26 upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ 25 img-src * data:; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 25 frame-ancestors 'self' https://*.brightsites.co.uk; 25 upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 25 default-src 'self'; script-src 'self' 'unsafe-inline' 25 frame-ancestors 'self' https://medium.com 24 frame-ancestors 'self' *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com https://salespro.hpe.com https://hpe.seismic.com; 24 default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 24 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sanity.io www.youtube.com www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com fonts.gstatic.com www.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk static.hotjar.com static.ads-twitter.co mwww.facebook.com dc.ads.linkedin.com t.co vars.hotjar.com in.hotjar.com p.adsymptotic.com analytics.twitter.com cdn.jsdelivr.net d1a1ax4tcp3m3j.cloudfront.net dqm.crownpeak.com geolocation.onetrust.com cdn.baycloud.com static.ads-twitter.com connect.facebook.net snap.licdn.com staticcontents.investisdigital.com script.hotjar.com maps.googleapis.com sc.lfeeder.com netlify-cdp-loader.netlify.app cd-prod.wdesk.com www.googleadservices.com assets.adobedtm.com unilever.d3.sc.omtrdc.net acdn.adnxs.com js-agent.newrelic.com bam.nr-data.net insight.adsrvr.org cdn.cookielaw.org *.demdex.net cm.everesttech.net c.evidon.com 24 default-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: data: 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.us.coca-cola.com; frame-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline' 'self' maps.google.com maps.googleapis.com www.google.com; 24 frame-src * 24 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 24 frame-ancestors 24 script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 24 default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php 23 default-src * 'self' blob:; script-src * 'self' blob: 'unsafe-inline'; style-src * 'self' blob: 'unsafe-inline'; img-src * 'self' blob: data:; font-src * 'self' blob: data:; media-src * 'self' blob: 23 frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; script-src 'sha256-7/fy7EjXUskn9MLHbin/b0A7LQ32mACPQ2SdNj/O/vA=' 'unsafe-inline'; require-trusted-types-for 'script'; 23 default-src 'self'; frame-ancestors 'self' flex.cybersource.com; worker-src blob: ; frame-src * ; media-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com static.hotjar.com launch-9151dc1e0eb6-development mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.parquesreunidos.es assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com static.zdassets.com *.optimonk.com sdks.shopifycdn.com ajax.googleapis.com webchat.masvoz.es static.b-ite.com cs-assets.b-ite.com pixel.mathtag.com bat.bing.com cdn.jsdelivr.net farm.plista.com j01l4h3n.com diffuser-cdn.app-us1.com www.rvty.net *.clarity.ms 5mcl.fr *.adnxs.com static.tacdn.com prism.app-us1.com trackcmp.net www.jscache.com cdn.scratcher.io s2.adform.net cdn.leadfamly.com www.tripadvisor.com www.tripadvisor.fr cpi.mirabilandia.it www.opinator.com pe-iw.store.idlewild.com js.adsrvr.org tracker.marinsm.com pe-dw.store.dutchwonderland.com static.zuora.com pe-waw.store.emeraldpointe.com pe-rwsc.store.rwsac.com pe-mn.store.malibunorcross.com *.quantummetric.com t.contentsquare.net pe-bps.store.boomerspalmsprings.com cdn.smooch.io adventurelandresort.secure-cdn.na.accessoticketing.com pe-bv.store.boomersvista.com pe-rwsj.store.rwsplash.com pe-lc.store.lakecompounce.com pe-mm.store.mountasiamarietta.com app.mews.com apps.mews.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com pay.google.com easyway-webchat.s3.eu-north-1.amazonaws.com *.smooch.io sc-static.net tr.snapchat.com *.sprinklr.com; style-src * 'unsafe-inline' blob:; font-src * data:; connect-src * 23 frame-ancestors 'self'; object-src 'self' 23 default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: blob:; frame-src 'self' 'unsafe-inline' https: data:; 23 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 22 frame-ancestors 'self'; upgrade-insecure-requests; 22 frame-ancestors 'self' https://aboutyou.content.aboutyou.cloud https://aboutyou.content.staging.aboutyou.cloud 22 frame-ancestors 'self' https://webvisor.com http://webvisor.com; 22 default-src 'self' ws: wss: http: https: data: blob: 'unsafe-inline' 22 frame-ancestors 'none'; upgrade-insecure-requests 21 frame-ancestors self 21 frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 21 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 21 frame-ancestors 'self'; img-src 'self' i.notino.com cdn.notinoimg.com blob: data: *; 21 default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 20 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; base-uri 'self' 20 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 20 upgrade-insecure-requests; frame-ancestors 'none' 20 frame-ancestors 'self' https://*.kayak.com https://www.kayak.com.ar https://www.kayak.com.au https://www.kayak.bo https://www.kayak.com.br https://www.kayak.cat https://www.kayak.cl https://www.cn.kayak.com https://www.kayak.com.co https://www.kayak.co.cr https://www.kayak.dk https://www.kayak.com.do https://www.kayak.com.ec https://www.kayak.com.sv https://www.kayak.fr https://www.kayak.de https://www.kayak.com.gt https://www.kayak.com.hn https://www.kayak.com.hk https://www.kayak.co.in https://www.kayak.co.id https://www.kayak.ie https://www.kayak.it https://www.kayak.co.jp https://www.kayak.com.my https://www.kayak.com.mx https://www.kayak.nl https://www.kayak.com.ni https://www.kayak.no https://www.kayak.com.pa https://www.kayak.com.py https://www.kayak.com.pe https://www.kayak.com.ph https://www.kayak.pl https://www.kayak.pt https://www.kayak.com.pr https://www.en.kayak.sa https://www.kayak.sg https://www.kayak.co.kr https://www.kayak.es https://www.kayak.se https://www.kayak.ch https://www.kayak.co.th https://www.kayak.com.tr https://www.kayak.ae https://www.kayak.co.uk https://www.kayak.com.uy https://www.kayak.co.ve 20 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 20 frame-ancestors none; 20 frame-ancestors 'self' ; base-uri 'self'; 20 prefetch-src *.metart.com *.metartnetwork.com *.hustler.com *.metartmoney.com *.google-analytics.com *.googletagmanager.com;default-src 'self' blob: *.metart.com *.metartnetwork.com *.hustler.com;connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.hustler.com *.metart.com *.metartnetwork.com *.metart.network *.google.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com *.metartmoney.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.sentry.io *.adtng.com *.atsptp.com;style-src 'self' blob: 'unsafe-inline' *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.hustler.com *.metart.com *.metartnetwork.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com;font-src 'self' data: *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.hustler.com *.metart.com *.metartnetwork.com *.vwo.com;script-src 'self' 'unsafe-inline' *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.hustler.com *.metart.com *.metartnetwork.com *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com;frame-src 'self' *.twitter.com *.hustler.com *.metart.com *.metartnetwork.com *.youtube.com *.vimeo.com *.atlassian.net *.metartmoney.com *.visualwebsiteoptimizer.com *.vwo.com;img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.hustler.com *.metart.com *.metartnetwork.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.hustlerlive.com *.barelylegallive.com *.vscdns.com;media-src 'self' data: blob: *.nsimg.net *.metart.com *.hustler.com *.metartnetwork.com *.zdassets.com *.visualwebsiteoptimizer.com *.vwo.com;worker-src 'self' data: blob: wss:;object-src 'none' 20 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 20 script-src 'self' https://static.cloudflareinsights.com https://stage-rotators-cdn.griffona.app https://cdnboost.net *.google-analytics.com; connect-src * 20 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' ; object-src 'none' ; frame-ancestors 'self' ; base-uri 'self' ; prefetch-src 'self' ; img-src https: data: ; 19 block-all-mixed-content; frame-ancestors 'self' 19 ; frame-ancestors 'self' 19 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 19 frame-ancestors https://web.telegram.org 19 default-src 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: http: https:; font-src 'self' http: https:; connect-src 'self' http: https:; frame-src 'self' http: https: 19 frame-ancestors zyro.com *.zyro.com *.zyro.space *.dp.zyro.space *.hostinger.com *.hostinger.io 19 report-uri https://99designs.report-uri.com/r/d/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 18 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 18 frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 18 frame-ancestors 'self' https://testbaba.virtualcms.it 18 frame-ancestors 'self' *.facebook.com *.vk.com https://webvisor.com http://webvisor.com 18 frame-ancestors devcue.diks.fi cue.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:*; 18 frame-ancestors 'self' *.hotmart.com *.buildstaging.com sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br http://aporasal.net https://aporasal.net http://adf.ly https://adf.ly; 18 frame-ancestors 'self' https://omnidoctor.ru/ 18 default-src 'self'; img-src 'self';script-src 'self';plugin-types 'none';form-action:'none';frame-src:'none' 18 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net *.newsbreak.com *.newsbreakapp.com *.upday-content.com; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 17 frame-ancestors 'self' https://*.vmware.com; 17 upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com; report-uri https://content-api.canon-europe.com/cspreport/webapp/ 17 object-src 'self' https://www.youtube.com/ https://www.3cx.com/;frame-src 'self' mailto: tel: https://3cx.com https://vars.hotjar.com https://www.google.com https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://static.ads-twitter.com/ https://bid.g.doubleclick.net https://www.youtube.com https://www.loom.com/ https://www.youtube-nocookie.com/ https://www.googletagmanager.com https://player.vimeo.com; frame-ancestors 'self' 17 default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 17 frame-ancestors none 17 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 17 frame-ancestors https://*.poki.io http://localhost:1234 17 default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net *.amondo.com tagmanager.google.com platform.twitter.com use.fontawesome.com rsms.me;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com *.analytics.google.com *.google-analytics.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com cdn.cookielaw.org insight.adsrvr.org match.adsrvr.org fxctag.com googlesync.permutive.com t.co tr.snapchat.com b97.yahoo.co.jp appboy-images.com braze-images.com cdn.braze.eu media.amondo.com static.amondo.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.lytics.io *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com *.amondo.com geolocation.onetrust.com cdn.cookielaw.org cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com js.adsrvr.org fxctag.com sc-static.net tag.lexer.io www.googleadservices.com s.yimg.jp b92.yahoo.co.jp js.appboycdn.com tag.durationmedia.net;connect-src 'self' *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.permutive.com *.tmol.co *.tmol.io *.prmutv.co *.analytics.google.com *.google-analytics.com *.amondo.com geolocation.onetrust.com cdn.cookielaw.org privacyportal.onetrust.com csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.googletagmanager.com track.celtra.com analytics.google.com analytics.tiktok.com ib.adnxs.com www.google.com sdk.iad-05.braze.com adservice.google.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de tr.snapchat.com;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu use.fontawesome.com rsms.me static.amondo.com s3-res.amondo.com;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.bilibili.com *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be cookies.onetrust.mgr.consensu.org music.163.com player.vimeo.com secureframe.doubleclick.net terriverhoeven.wufoo.com universe.queue-it.net v.qq.com www.google.com www.universe.com insight.adsrvr.org tr.snapchat.com static.amondo.com rsms.me;media-src www.lntvglobal.com *.livenationinternational.com video.amondo.com;worker-src 'self' blob: 17 default-src 'self'; img-src 'self' data: 17 default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 17 default-src 'self' data: http: https: ws: wss:; script-src 'unsafe-inline' 'unsafe-eval' http: https: ; style-src 'unsafe-inline' 'unsafe-eval' http: https:; 17 frame-ancestors 'self' *.deloitte.com; 17 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 17 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 16 frame-ancestors 'self' http://hybris.com https://hybris.com https://discovery-center.cloud.sap https://www.discovery-center.cloud.sap http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com *.omtrdc.net;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.cloud.sap *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.cloud.sap *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 16 default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 16 default-src https: data: 'unsafe-eval' 'unsafe-inline' blob: 16 connect-src http://ip-api.com/ 'self' https: data: 16 default-src='self' 16 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 16 default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com https://maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net https://maxcdn.bootstrapcdn.com 16 frame-ancestors 'self' https://citylightcloud.com https://geocentric.com 16 default-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.oribi.io http://cscmarketing-cscdbs-prod-container.azurewebsites.net/blog/wp-json/; script-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.zscalertwo.net 'sha256-uEVZG2aKtvTnCiyd6KE5c0iP+naoyXFMNU6NZqWfTzk=' 'sha256-FTZUkywTeCare2C/3qESeGwIijE/FJIJzHs4QajBqVU=' 'sha256-6EYFRGyxum0IwH2kLdixEkMnfVbkqBt14VQFi8BCJRA=' 'sha256-NEJOYgS3wIia+ss6EnB/d2Kk/XqlS6ES36GronXzmbs='; style-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com 'sha256-vjxxAYUdywsK87GaPvyVeWhYSMhFdM2Fr1xz1U5DscE=' 'sha256-NEJOYgS3wIia+ss6EnB/d2Kk/XqlS6ES36GronXzmbs=' 'sha256-JyCJ6ZZTV5uYG6rFk9V5g2xnONEgHcTb0bykLClbiZs=' 'sha256-plVhpVOMfjx7nLvRgCifxh75OuP2j2Ty9Z7PSqdj/gY=' 'sha256-VqrnF4B4J9Y4bPMr7eFvVwQZZUT48w5WJm29LDfS7Dk=' 'sha256-Kk2IPzwqctiHpBF81I3R83TdLhDx5hOZ3wR4grZrQys=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-gBwKH4F9+mwuZ6NyZ7qoWFBEl9Cr3xvh+4o5MHmLxpI=' 'unsafe-hashes'; img-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net; font-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.hsforms.com; object-src 'none' 15 frame-ancestors 'self' https://*.evergage.com https://cdn.evgnet.com; upgrade-insecure-requests; block-all-mixed-content 15 object-src 'none'; 15 frame-ancestors 'self' *.affino.com; 15 default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests 15 script-src * 'unsafe-inline' 'unsafe-eval' 15 policy-definition 15 form-action 'self' 15 default-src * data: 'unsafe-inline' 'unsafe-eval' 15 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.googleapis.com *.cdnnetworks.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net; worker-src 'self' blob:; report-uri https://csp.trackit.tk/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa 15 frame-ancestors 'self' https://*.enamad.ir 15 default-src 'self' 'unsafe-inline' *.azureedge.net;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://embed.tawk.to https://shopapi.dunkermotoren.de https://dwebshoptest.plan-software.de https://aff-im.cdn.bcebos.com *.azureedge.net *.cookielaw.org *.onetrust.com *.phantomcamera.de *.phantomcamera.es *.phantomcameras.cn *.phantomcamera.fr wistia.com wistia.net *.wistia.com *.wistia.net *.ametekesp.com *.powervar.com *.precitech.com *.precitech.com.de *.ametek.com *.ametekweb.com *.sunpowerinc.com *.ameteksi.com *.ortec-online.com *.baidu.com *.boltdns.net *.bootstrapcdn.com *.brightcove.com *.brightcove.net *.brightinfo.com *.cloudflare.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.usemessages.com *.hsadspixel.net *.hubspot.com *.jquery.com *.list-manage.com *.mailchimp.com *.maxcdn.com *.pardot.com *.pingdom.net *.sharethis.com *.site24x7rum.com *.ametek-land.com *.omappapi.com *.spectro.com *.thomasnet.com *.twimg.com *.twitter.com *.vimeo.com *.webtraxs.com *.youku.com *.youtube.com *.zencdn.net *.zopim.com *.vresp.com *.techmfg.com *.techmfg.cn *.techmfg.de *.techmfg.jp *.techmfg.es *.zdassets.com *.marketingautomation.services *.leadforensics.com *.constantcontact.com *.icontact.com *.leadfeeder.com https://chimpstatic.com *.zygo.com *.linkedin.com *.hootsuite.com *.3dpublisher.net *.amazonaws.com https://js.hscta.net https://js.hs-banner.com https://js.hsleadflows.net *.force.com https://analytics-eu.clickdimensions.com https://widgets.wp.com *.clickdimensions.com *.zoominfo.com https://snap.licdn.com *.salesforceliveagent.com https://bat.bing.com *.salesforce.com *.salesforceliveagent.com *.salesforce.com *.visualforce.com *.lightning.com *.visualforce.com *.adobedtm.com *.rumiview.com *.simpli.fi *.googletagmanager.com *.kickfire.com *.doubleclick.net *.lightning.com *.adroll.com *.ytimg.com *.loopanalytics.com *.surveymonkey.com https://www.qlzn6i1l.com https://secure.neck6bake.com https://go.universalanalyzers.com https://go.store.universalanalyzers.com https://go.pardot.com https://go.obcorp.com https://go.csiheat.com https://go.cardinaluhp.com https://go.barbenanalytical.com https://optinmonster.com https://cdn.datatables.net http://s7.addthis.com https://v1.addthisedge.com 'unsafe-eval';style-src * 'unsafe-inline' *.azureedge.net;font-src * 'unsafe-inline' *.azureedge.net data:;img-src * 'unsafe-inline' *.azureedge.net data:;frame-src * 'unsafe-inline' *.azureedge.net;connect-src * 'unsafe-inline' *.azureedge.net;worker-src 'self' *.azureedge.net blob:;media-src 'self' *.boltdns.net *.akamaihd.net *.azureedge.net blob:;object-src 'unsafe-inline' *.azureedge.net 'self' 15 default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.jimdo.com jimdo.com; worker-src blob: 15 frame-ancestors 'self' https://app.storyblok.com 14 frame-ancestors *.ivanti.com https://dash.cloudflare.com 14 object-src 'none'; report-uri /report-csp-violation 14 frame-ancestors 'self' app.storyblok.com 14 default-src http:; img-src * data:; script-src https:* http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline'; 14 img-src *; 14 default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 14 default-src https: 'unsafe-inline' 'unsafe-eval' 14 default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 14 upgrade-insecure-requests; base-uri 'self' 14 frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv 14 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com wss://*.hotjar.com wss://*.qualified.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com https://*.microsoft365.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 13 frame-ancestors 'self' *.jivosite.com *.jivosite.com/ bam.nr-data.net/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.1c-bitrix.ru *.jivo.ru *.jivosite.com *.jivosite.com/ *.timeweb.net *.timeweb.ru timeweb.eu vds-static.timeweb.com cloud.timeweb.com timeweb.cloud public-api.timeweb.com content.timeweb.com api.craftum.com *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net myreviews.dev https://myreviews.dev webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ wss://*.jivosite.com https://www.googleoptimize.com/ blob: timeweb.com 13 frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 13 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 13 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarivate.com https://*.clarivate.com https://clarivate.com https://*.nr-data.net https://static.lightning.force.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://code.jquery.com https://connect.facebook.net https://derwent.com https://dev.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://tag.demandbase.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com https://cdn.jsdelivr.net https://app.vwo.com https://*.googlesyndication.com https://*.zoominfo.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 13 default-src 'self' https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://optimize.google.com https://www.googleadservices.com https://www.google.com https://*.g.doubleclick.net https://connect.facebook.net www.snapengage.com https://storage.googleapis.com/code.snapengage.com/js/ https://prod-nplayer.dacast.com/lib/theoplayer/ https://analytics.webgains.io/ https://analytics-wg.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com/ https://wcs.naver.net/ https://bat.bing.com/ https://*.clarity.ms/ https://boards.greenhouse.io/ https://analytics.tiktok.com/ https://www.youtube.com/ https://*.pcdn.co/ https://*.typeform.com/ https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://*.pcdn.co/ https://*.typeform.com/; img-src 'self' https: data:; media-src 'self' https://ftr.imgix.net https://www.snapengage.com https://*.pcdn.co/ https://*.typeform.com/; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://view.vzaar.com https://iframe.dacast.com https://www.facebook.com https://*.fls.doubleclick.net https://*.g.doubleclick.net https://optimize.google.com www.snapengage.com https://boards.greenhouse.io/ https://*.pcdn.co/ https://*.typeform.com/ https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/ https://www.canva.com/; font-src 'self' https://fonts.gstatic.com data: https://*.pcdn.co/ https://*.typeform.com/; connect-src 'self' https://*.amazonaws.com https://google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net/ https://analytics.google.com https://*.analytics.google.com https://www.facebook.com/tr/ https://www.snapengage.com https://api.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com https://wcs.naver.com/ https://analytics.tiktok.com/ https://bat.bing.com/ https://*.clarity.ms/ https://*.pcdn.co/ https://*.typeform.com/; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 13 upgrade-insecure-requests; object-src 'none' 13 frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 13 frame-ancestors 'self' https://studio.first.sandbox.ua.coremedia.cloud https://public-studio.first.sandbox.ua.coremedia.cloud https://preview.uat.ua.coremedia.cloud https://studio.uat.ua.coremedia.cloud https://first.sandbox.ua.coremedia.cloud https://studio.production.ua.coremedia.cloud https://preview.production.ua.coremedia.cloud 13 frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com 'unsafe-eval' 'unsafe-inline'; object-src 'self'; 13 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 13 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com http://addshoppers.s3.amazonaws.com http://connect.facebook.net https://www.gstatic.com http://www.rtb123.com http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com mpsnare.iesnare.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com *.rtb123.com *.s3.amazonaws.com https://tt.mbww.com/ https://shop.pe https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://optimizely-hrd.appspot.com/ https://*.trustarc.com/ https://consent.trustarc.com/ http://consent.trustarc.com/ https://consent.truste.com/ *.queue-it.net *.taboola.com/ secfld.vmmpxl.com https://isz.app.sparkinfluence.net/ https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://ajax.cloudflare.com https://cdn1.affirm.com/ https://www.affirm.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://sts.eccmp.com/ https://s7.addthis.com seaworld.com https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://spot.demostellar.com/1.3.0/spot.js *.tvpixel.com https://dfp.bouncex.net/ https://consent-pref.trustarc.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com https://static.cloudflareinsights.com/ code.jquery.com maxcdn.bootstrapcdn.com *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com https://capi.spire.horizonmedia.com/events https://seaworld-capi.spire.horizonmedia.com/events https://apps.rokt.com https://schema.milestoneinternet.com/ https://ads.nextdoor.com https://analytics.tiktok.com https://tr.snapchat.com https://zn5pdsc7m1gdceq7c-seaworldcx.siteintercept.qualtrics.com/SIE/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com maxcdn.bootstrapcdn.com tagmanager.google.com *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com https://assets.bounceexchange.com https://cdn1.affirm.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ code.jquery.com *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com ;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe *.scdn2.secure.raxcdn.com https://*.buschgardens.com https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com https://assets.bounceexchange.com https://www.affirm.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com;frame-src 'self' s7.addthis.com https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/ https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://members.cj.com https://survey.seaworldentertainment.com/ https://survey.zohopublic.com/ https://hpc.uat.freedompay.com/ https://hpc.freedompay.com/ https://consent-pref.trustarc.com/ https://*.trustarc.com https://x.m.buschgardens.com/ http://www.youtube.com/ https://cdn1.affirm.com/ https://www.affirm.com/ https://seaworldcx.iad1.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://vars.hotjar.com/ https://match.adsrvr.org/ *.google-analytics.com *.analytics.google.com https://apps.rokt.com ;connect-src 'self' https://staticxx.facebook.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/ https://cdn.quantummetric.com/ https://pixel.mtrcs.samba.tv/v2/tag/edelman/seaworld-all/ https://trc.taboola.com/ https://isz.app.sparkinfluence.net/ https://api-cf.affirm.com/ https://tracker.affirm.com/ https://www.affirm.com/api/v2/cookie_sent/ https://www.affirm.com/ https://*.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com https://*.hotjar.com/ https://in.hotjar.com/ wss://ws13.hotjar.com https://sts.eccmp.com/ https://spot.demostellar.com/1.3.0/spot.js https://api-cust1117.cheetahedp.com/ *.tvpixel.com *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com https://api.talkdeskapp.com/ https://sessions.bugsnag.com wss://tsock.us1.twilio.com/v3/wsconnect https://schema.milestoneinternet.com/ https://capi.spire.horizonmedia.com/events https://seaworld-capi.spire.horizonmedia.com/events https://tr.snapchat.com https://analytics.tiktok.com/api/v2/pixel https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/ *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/ https://stage-media.scdn6.secure.raxcdn.com/ *.google-analytics.com *.analytics.google.com; 13 script-src 'self' 'unsafe-inline' 13 frame-ancestors 'self' https://*.funkedigital.de; 13 frame-ancestors https:; default-src 'self' app.gitbook.com api.gitbook.com integrations.gitbook.com files.gitbook.com *.gitbook.com; connect-src 'self' blob: * app.gitbook.com api.gitbook.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com sentry.io *.sentry.io www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com translate.googleapis.com translate.google.com www.gstatic.com https://*.algolia.net https://*.algolianet.com *.iframe.ly cdnjs.cloudflare.com cdn.jsdelivr.net *.amplitude.com cloudflareinsights.com *.googleapis.com *.cloudfunctions.net *.google.com *.firebaseio.com wss://*.firebaseio.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' integrations.gitbook.com app.gitbook.com https://js.intercomcdn.com https://widget.intercom.io https://app.intercom.io https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://sentry.io https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://translate.googleapis.com https://translate.google.com https://*.algolia.net https://*.algolianet.com https://cdn.iframe.ly https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.polyfill.io https://cdn.amplitude.com https://static.cloudflareinsights.com 'unsafe-inline' *.firebaseio.com *.gstatic.com *.google.com; style-src 'self' 'unsafe-inline' app.gitbook.com translate.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; img-src data: * blob: static.intercomassets.com *.intercomcdn.com *.intercom-mail.com *.intercom.io *.intercomusercontent.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-9.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com translate.google.com translate.googleapis.com www.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; font-src app.gitbook.com * js.intercomcdn.com fonts.intercomcdn.com data: cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; child-src 'self' blob: www.intercom-reporting.com intercom-sheets.com www.youtube.com player.vimeo.com fast.wistia.net www.googletagmanager.com; worker-src 'self' blob:; frame-src www.intercom-reporting.com www.googletagmanager.com *; form-action api-iam.intercom.io intercom.help; media-src *.intercomcdn.com; 13 default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://* data: blob:; frame-src 'self' https://*; frame-ancestors 'self';img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 13 default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 13 object-src 'self' https://www.youtube.com/;frame-src 'self' mailto: tel: https://3cx.com https://player.vimeo.com/ https://vars.hotjar.com/ https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 13 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 13 default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src 'self' data: https:; font-src 'self' data: https: 13 default-src 'self';script-src * 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com;style-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline'; font-src * 'unsafe-inline'; media-src * 'unsafe-inline' 13 default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 12 object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 12 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 12 none 12 upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 12 object-src 'none'; base-uri 'self' 12 default-src 'self' *.miraheze.org *.betaheze.org; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.betaheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com platform.twitter.com wiki-assets.sumin.wiki cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net cdn.syndication.twimg.com scratchblocks.github.io openlayers.org phab.miraheze.wiki www.gstatic.cn hcaptcha.com *.hcaptcha.com; style-src 'self' data: 'unsafe-inline' *.miraheze.org *.betaheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net platform.twitter.com ton.twimg.com phab.miraheze.wiki hcaptcha.com *.hcaptcha.com; img-src blob: 'self' data: *.miraheze.org *.betaheze.org upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org scratchblocks.github.io docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com phab.miraheze.wiki *.fbcdn.net i.ytimg.com *.imgbb.com simgbb.com *.simgbb.com ibb.co *.ibb.co *.postimages.org postimgs.org *.postimgs.org postimg.cc *.postimg.cc; font-src 'self' data: *.miraheze.org *.betaheze.org fonts.gstatic.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com phab.miraheze.wiki upload.wikimedia.org; media-src 'self' blob: *.miraheze.org *.betaheze.org upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com; frame-src 'self' *.miraheze.org *.betaheze.org www.google.com docs.google.com web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com lucid.app scratch.mit.edu hcaptcha.com *.hcaptcha.com; connect-src 'self' *.miraheze.org *.betaheze.org www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com; 12 frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.outsideapi.com outsideapi.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com velopress.com *.velopress.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com nationalparktrips.com *.nationalparktripsmedia.com nationalparktripsmedia.com *.betamtb.com betamtb.com *.mysmokymountainpark.com mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.rollmassif.com rollmassif.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.pinkbike.org pinkbike.org *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com *.gaiagps.com gaiagps.com *.trailforks.com trailforks.com 12 default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 12 default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 12 default-src 'self' *.uat.tenethealth.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://survey.g.doubleclick.net https://tagmanager.google.com *.googleapis.com *.gstatic.com https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://app-sj01.marketo.com https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com https://cdnjs.cloudflare.com https://radiomd.com https://tours.sunnymedia.com https://checkin.arriv.net https://checkin-stg.arriv.net https://checkin-dev.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://healthcheck-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://tbcdn.talentbrew.com https://www.panoskin.com https://lcp360.cachefly.net https://d2ybmd3wevur4k.cloudfront.net *.practicematch.com https://tbcdn.talentbrew.com https://w3.cdn.anvato.net/ https://cdn.perfdrive.com https://cas.avalon.perfdrive.com https://validate.perfdrive.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com *.twimg.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://fonts.googleapis.com https://checkin.arriv.net https://checkin-stg.arriv.net https://ms-prod.arriv.net https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://www.gstatic.com https://ssl.gstatic.com https://optimize.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.google.co.in *.google.com *.googletagmanager.com *.tenethealth.com https://*.youtube.com https://app-sj01.marketo.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://service-prep.tenethealth.com https://68956.global.siteimproveanalytics.io https://i.ytimg.com https://px.marchex.io https://pixel.mathtag.com *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://i.vimeocdn.com https://www.hvsh.org; media-src 'self' data: blob: https://media.tenethealth.com https://i.vimeocdn.com; form-action *.sitefinity.xyz *.facebook.com 'self' https://optimize.google.com https://paypage.epx.com https://www.tenethealthpacificcoast.com https://validate.perfdrive.com https://cdnjs.cloudflare.com; frame-src *.marketo.com *.sitefinity.xyz 'self' *.tenethealth.com *.google.com *.youtube.com *.facebook.com *.facebook.com/tr/ *.doubleclick.net *.doubleclick.com https://givebutter.com https://optimize.google.com https://tenethealth.outgrow.us https://platform.twitter.com https://tenethealthbotprodcontainer01.azurewebsites.net/ https://pixel.mathtag.com/ https://player.vimeo.com/ https://radiomd.com https://tours.sunnymedia.com https://9207741.fls.doubleclick.net https://my2.siteimprove.com https://www.practicematch.com https://my.matterport.com https://viewer.panoskin.com https://www.modbee.com/ https://w3.cdn.anvato.net/ https://cdns.snacktools.net/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.marketo.com *.sitefinity.xyz *.tenethealth.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com https://optimize.google.com https://survey.g.doubleclick.net https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://img.youtube.com https://radiomd.com https://o381876.ingest.sentry.io https://checkin.arriv.net https://checkin-stg.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://ms-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://assets.grammarly.com https://stackpath.bootstrapcdn.com *.practicematch.com https://d2ybmd3wevur4k.cloudfront.net https://lcp360.cachefly.net/panoskin.min.js https://tbcdn.talentbrew.com https://w3.cdn.anvato.net/ https://i.vimeocdn.com https://cdn.perfdrive.com https://cas.avalon.perfdrive.com https://validate.perfdrive.com https://cdnjs.cloudflare.com; 12 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 12 default-src https: 'unsafe-inline' 12 base-uri 'self'; frame-ancestors 'self' 12 default-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * blob: data:; frame-ancestors 'self' https://michelin.clic2buy.com https://*.iadvize.com https://*.blueconic.net; worker-src blob: data: https:; font-src https: data:; script-src-elem 'unsafe-inline' 'unsafe-eval' * blob: 12 frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 12 block-all-mixed-content; upgrade-insecure-requests 12 script-src 'self' 'unsafe-inline' 'unsafe-eval' vimeo.com www.vimeo.com www.youtube.com *.treasuredata.com snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com checkoutshopper-live.adyen.com; object-src 'none' 12 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org wayback-api.archive.org analytics.archive.org pragma.archivelab.org 12 default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 12 policy 12 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com cdn.cookielaw.org cookies-data.onetrust.io geolocation.onetrust.com privacyportal.onetrust.com www.google-analytics.com *.twitter.com www.youtube.com agent.nuance-va.com *.nuance-va.com cocacolaco.tt.omtrdc.net *.doubleclick.net *.coca-colacompany.com www.google.com www.gstatic.com cdn.jsdelivr.net *.pricespider.com cdn.linkedin.oribi.io api.mapbox.com atentochile.s1gateway.com maps.googleapis.com events.mapbox.com *.coke.com *.coca-cola.com *.prod.tccc-nextgen.com *.test.tccc-nextgen.com *.dev.tccc-nextgen.com *.tncid.app *.yimg.com *.ccnag.com *.ads-twitter.com www.googleadservices.com sc-static.net *.sprinklr.com n2.mouseflow.com fanta-gpt-prod.azurewebsites.net *.reciteme.com *.demdex.net *.adobedc.net d1ah6cnxyby52e.cloudfront.net d2v73ohgys1z8q.cloudfront.net fifamx-prod.one-latam.ng.citko.net googleads.g.doubleclick.net unpkg.com; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-social.janrain.com cdn.cookielaw.org ajax.googleapis.com www.cdnjs.cloudflare.com cdnjs.cloudflare.com geolocation.onetrust.com www.googletagmanager.com www.google-analytics.com *.twitter.com www.instagram.com connect.facebook.net snap.licdn.com *.krxd.net *.amazonaws.com www.google.com www.youtube.com rpxnow.com d29usylhdk1xyu.cloudfront.net s.ytimg.com www.gstatic.com unpkg.com atentochile.s1gateway.com stackpath.bootstrapcdn.com cdn.jsdelivr.net *.pricespider.com api.tiles.mapbox.com bugcrowd.com assets.bugcrowdusercontent.com js.tncid.app *.salesforceliveagent.com js.adsrvr.org *.coke.com *.coca-cola.com *.yimg.com *.ads-twitter.com audio4.audima.co cdn.mouseflow.com *.googleadservices.com pixel.mathtag.com sc-static.net *.analytics.yahoo.com *.sprinklr.com *.adobedtm.com www.2bcore.biz 2bcore.biz *.reciteme.com reciteme.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net p.typekit.net *.janrain.com cdn.cookielaw.org stackpath.bootstrapcdn.com *.pricespider.com atentochile.s1gateway.com *.tiles.mapbox.com *.reciteme.com *.sprinklr.com *.coke.com www.2bcore.biz 2bcore.biz unpkg.com; font-src 'self' data: use.typekit.net fonts.gstatic.com atentochile.s1gateway.com 2bcorestoragechatbotprod.blob.core.windows.net *.reciteme.com *.sprinklr.com *.coke.com; frame-src 'self' *; frame-ancestors 'self' bugcrowd.com editor.wallboard.info; manifest-src 'self' data:; worker-src blob:; child-src blob:; 12 default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 12 frame-ancestors 'self' https://preview.citynavigator.nl 12 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org *.nk-img.com *.exoclick.com *.exosrv.com *.realsrv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com cdn.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.gtflixtv.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net; 11 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 11 default-src * 'unsafe-inline' 'unsafe-eval' 11 default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net d1di2lzuh97fh2.cloudfront.net events.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com www.google.de www.google.com.br cdn.inspectlet.com *.clarity.ms *.bing.com c.seznam.cz pagead2.googlesyndication.com s.yimg.jp cdn.euc-freshbots.ai blob: euc-widget.freshworks.com/widgets/101000002785.js euc-widget.freshworks.com/widgetBase/ b98.yahoo.co.jp;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net www.gstatic.com js.stripe.com d11bh4d8fhuq47.cloudfront.net d1di2lzuh97fh2.cloudfront.net use.typekit.net p.typekit.net cdn.euc-freshbots.ai euc-widget.freshworks.com/widgetBase/static/media/;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net d1bz77arbww182.cloudfront.net d1me9yvfki5736.cloudfront.net d6scj24zvfbbo.cloudfront.net *.pbhom-cdnwnd.com *.cbaul-cdnwnd.com *.clvaw-cdnwnd.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com q.quora.com www.google.com www.google.cz www.google.de www.google.com.br www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.clarity.ms *.bing.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi ct.capterra.com d1di2lzuh97fh2.cloudfront.net cdn.euc-freshbots.ai cdn.freshbots.ai fc-euc1-00-pics-bkt-00.s3.eu-central-1.amazonaws.com https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/;frame-ancestors 'self'; 11 frame-ancestors 'self' http://localhost:* https://*.bustle.com https://*.bdg.com 11 frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 11 upgrade-insecure-requests; frame-ancestors 'self'; 11 frame-src 'self' * data: 11 font-src 'self' 11 frame-ancestors 'self' https://*.build.com/ https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ https://*.cybersource.com/ 11 frame-ancestors 'self' *.ci360.sas.com app.contentstack.com 11 frame-ancestors 'self' https://cms.hanleywood.com 11 frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report-block; report-to csp-endpoint-block 11 frame-ancestors 'self'; report-uri /report-csp-violation 11 frame-ancestors 'self' https://mycolorcoach-cpd.e-loreal.com 11 object-src 'self' 11 default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' *; img-src 'self' data: *; connect-src *; frame-src 'self' *; font-src *; media-src *; worker-src 'self' blob: *; 11 frame-ancestors 'none' ; 11 default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 11 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 11 script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist 11 frame-ancestors 'self' https://translate.google.com 11 frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 11 object-src 'none'; form-action 'self' 11 default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; 11 default-src 'self' 'unsafe-inline'; 11 default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline'; 11 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 11 frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com https://*.loja.olx.pt 11 script-src 'self' 'unsafe-eval' blob: open.spotifycdn.com open-review.spotifycdn.com quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com optimize.google.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://www.redditstatic.com/ads/pixel.js cdn.speedcurve.com 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=' 'sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s='; frame-ancestors 'self'; 10 frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com http://webvisor.com 10 default-src 'none' ; connect-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; manifest-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; media-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; script-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; img-src data: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; style-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; form-action https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ; 10 upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com *.pricespider.com *.mapbox.com cdnjs.cloudflare.com https://community.cisco.com/; 10 upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 10 frame-ancestors 'self' https://metrika.yandex.ru/ 10 default-src 'self' vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.googletagmanager.com snap.licdn.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com www.gstatic.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com cdn.sift.com cdn.ampproject.org cdn.koala.live cdn.heapanalytics.com heapanalytics.com cdn.ethyca.com cdn.vercel-insights.com va.vercel-scripts.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com github.com calendly.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com www.google-analytics.com heapanalytics.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' videos.ctfassets.net user-images.githubusercontent.com blob: vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;connect-src data: *;font-src 'self' *.vercel.com *.gstatic.com;worker-src blob: 10 connect-src * 10 upgrade-insecure-requests; frame-ancestors 'self' https://explore.bitdefender.com/; 10 frame-ancestors https://*.marketo.com 10 upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com *.brightspeed.com http://static.virtualroi.com/; 10 upgrade-insecure-requests;frame-ancestors 'self' http://www.medscape.com https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ http://www.staging.medscape.com/ http://www.skipta.com/ https://www.staging.medscape.com/ https://www.skipta.com/ http://staging.medscape.com/ http://skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ http://medscape.com/ https://endocrinologistnation.com https://www.endocrinologistnation.com https://amgenicpsp.lightning.force.com/ 10 default-src 'self' *.posti.fi *.googlesyndication.com; style-src 'unsafe-inline' 'self' *.posti.fi optimize.google.com tagmanager.google.com fonts.googleapis.com *.force.com *.salesforce.com *.euc-freshbots.ai; font-src 'self' data: *.posti.fi *.hotjar.com *.force.com *.sfdcstatic.com tagmanager.google.com fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.posti.fi cdn.ampproject.org *.doubleclick.net https://www.googleoptimize.com/ adservice.google.fi adservice.google.com optimize.google.com *.usemessages.com *.adform.net *.leadoo.com analytics.tiktok.com forms.hsforms.com js.hsforms.net js.hs-banner.com js-agent.newrelic.com bam.eu01.nr-data.net *.hs-scripts.com js.hsleadflows.net js.hs-analytics.net sb.scorecardresearch.com connect.facebook.net www.googletagservices.com *.typeform.com *.krxd.net *.force.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com *.hotjar.com maps.googleapis.com locationservice.posti.com/location *.my.salesforce.com *.salesforceliveagent.com *.declaration.postinext.fi *.lfeeder.com *.euc-freshbots.ai *.declaration.posticloud.fi *.pusher.com *.cookielaw.org *.onetrust.com *.postinext.fi ajax.googleapis.com *.googlesyndication.com www.googleadservices.com cdnjs.cloudflare.com www.google.com *.licdn.com code.jquery.com js.hsadspixel.net api.hubapi.com www.gstatic.com; frame-src optimize.google.com *.adform.net *.typeform.com *.krxd.net app.hubspot.com www.googletagmanager.com www.googletagservices.com forms.hsforms.com *.googlesyndication.com *.hotjar.com *.posti.fi www.facebook.com www.youtube.com *.force.com *.salesforce.com *.onetrust.mgr.consensu.org bot.leadoo.com client.myzef.com www.google.com postidigital.github.io jakelu.posti.fi *.doubleclick.net; child-src 'self' *.hotjar.com; img-src 'self' blob: data: *.posti.fi optimize.google.com *.googlesyndication.com forms.hsforms.com *.krxd.net *.force.com www.facebook.com www.googletagmanager.com sb.scorecardresearch.com *.hubspot.com maps.googleapis.com ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.fi www.google.com www.netposti.fi *.doubleclick.net *.hotjar.com *.ctfassets.net maps.gstatic.com *.lfeeder.com *.freshbots.ai *.euc-freshbots.ai *.cookielaw.org *.onetrust.com code.jquery.com *.postinext.fi *.linkedin.com dmp.adform.net www.googleadservices.com *.adsymptotic.com cdn.posti.fi analytics.tiktok.com; connect-src 'self' *.posti.fi adservice.google.fi adservice.google.com optimize.google.com maps.googleapis.com bam.eu01.nr-data.net *.salesforceliveagent.com vc.hotjar.io api.posti.com *.api.posti.com *.api.posti.fi *.hubspot.com *.hsforms.com *.hubapi.com vbvavibkgkermrl.form.io *.google-analytics.com www.google-analytics.com *.doubleclick.net *.force.com locationservice.posti.com *.leadoo.com analytics.tiktok.com *.hotjar.com wss://*.hotjar.com picc.posti.fi:* picc8.posti.fi:* *.form.io www.facebook.com *.declaration.postinext.fi *.declaration.posticloud.fi *.euc-freshbots.ai *.pusher.com wss://*.pusher.com prd.graphql.posticloud.fi/graphql *.cookielaw.org *.onetrust.com *.postinext.fi *.googlesyndication.com *.execute-api.eu-west-1.amazonaws.com www.google.com forms.hsforms.com; media-src 'self' *.ctfassets.net; frame-ancestors 'self' apps.itella.com salesfra.me *.posti.fi *.posticloud.fi itella.ee; object-src 'none'; 10 default-src *;child-src * blob:;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data: blob: 10 default-src http: data: 'unsafe-inline' 'unsafe-eval' 10 default-src 'self' *.edge-cdn.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.edgekey.net *.bing.com *.ccmp.eu *.cookiebot.com *.edge-cdn.net *.google-analytics.com *.googletagmanager.com *.lidl *.lidl-flyer.com *.lidl.com *.lidl.net *.vdc.lidl *.multichannelacd.de *.secrz.de *.virtualearth.net ads.yahoo.com advdl.ammadv.it *.analytics.google.com assets.zendesk.com c.imedia.cz cm.g.doubleclick.net connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org form.lidl.com googleads.g.doubleclick.net lidl.media01.eu lidlplus-prod-api.azurewebsites.net lidlqform.omax.cz s.adroll.com s.ytimg.com tagmanager.google.com track.adform.net us-u.openx.net www.dwin1.com www.googleadservices.com www.google.com www.youtube.com schwarz.adverity.com *.gstatic.com; img-src 'self' data: *.analytics.google.com *.assets.schwarz *.bing.com *.ccmp.eu *.content.force.com *.doubleclick.net *.edge-cdn.net *.google-analytics.com *.googleusercontent.com *.leaflets.schwarz *.lidl *.lidl-flyer.com *.lidl.com *.lidl.net *.vdc.lidl *.openstreetmap.org *.osm.org *.secrz.de *.virtualearth.net advdl.ammadv.it assets.zendesk.com c.imedia.cz d.adroll.com google.de www.google.de ib.adnxs.com idsync.rlcdn.com lidlplusprod.blob.core.windows.net lidlplusstaticcontentpro.blob.core.windows.net lidlplusstoragestaging.blob.core.windows.net s-static.ak.facebook.com ssl.gstatic.com stats.g.doubleclick.net track.adform.net www.facebook.com www.google.com www.googletagmanager.com www.gstatic.com x.bidswitch.net; style-src 'self' 'unsafe-inline' *.bing.com *.secrz.de assets.zendesk.com fonts.googleapis.com form.lidl.com tagmanager.google.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com form.lidl.com data: themes.googleusercontent.com; frame-src 'self' https: 'unsafe-inline'; connect-src 'self' *.analytics.edgekey.net *.analytics.google.com *.bing.com *.ccmp.eu *.edge-cdn.net *.google-analytics.com *.lidl *.lidl.com *.lidl.net *.vdc.lidl *.multichannelacd.de *.openstreetmap.org *.osm.org *.secrz.de *.test *.video-cdn.net *.virtualearth.net *.lidlplus.com form.lidl.com lidl.media01.eu lidlplus-prod-api.azurewebsites.net lidlplus-uat-api.azurewebsites.net stats.g.doubleclick.net *.cookiebot.com; frame-ancestors 'self' *.analytics.google.com *.bing.com *.ccmp.eu *.google-analytics.com *.googletagmanager.com *.lidl *.lidl.ch *.lidl.com *.lidl.net *.vdc.lidl *.poi-service.de *.secrz.de *.test accounts-qa.lidl.com accounts-stg.lidl.com accounts-uat.lidl.com accounts.lidl.com website-lidl-account-dev.azurewebsites.net *.lidl-shop.pl *.lidl-sklep.pl *.lidl-fatturaelettronica.it lidl-fatturaelettronica.it *.lidl-mazieji-gamintojai.prod.hdd.lt lidl-mazieji-gamintojai.prod.hdd.lt lidl-latuaopinioneconta.it; 10 frame-ancestors http://*.almamedia.net https://*.almamedia.net https://login.leaddesk.com https://login-qed.leaddesk.com https://login-qed-fi1.leaddesk.com https://login-qed-fi2.leaddesk.com 10 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com; object-src 'self'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' data: blob: *; media-src 'self'; frame-src 'self' 'unsafe-inline' *; child-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 10 default-src 'self'; connect-src https: wss:; font-src https:; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 10 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; 10 frame-ancestors 'self' https://*.etracker.com 10 object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 10 frame-ancestors *; 10 frame-ancestors 'self' https://www.thomsonreuters.com 10 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 10 sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 10 script-src https: 'unsafe-inline' 'unsafe-eval' 10 frame-ancestors 'none'; report-uri csp-reports; report-to csp-endpoint; 10 default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; 10 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; child-src blob:; worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 10 font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com use.fontawesome.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com download-video.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors www.paypalobjects.com 'self'; form-action https://enews.dynatrap.com/ https://enews.terro.com/ https://enews.victorpest.com/ https://enews.havahart.com/ https://enews.mosquitomagnet.com/ https://enews.perkypet.com/ https://enews.saferbrand.com/ https://enews.zarebasystems.com/ https://enews.vlink.victorpest.com/ https://enews.woodstreambrands.ca/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; style-src api.tiles.mapbox.com widget.freshworks.com *.usablenet.com *.udev1a.net https://fonts.googleapis.com/ https://*.typekit.net/ *.adobe.com fonts.googleapis.com *.sharethis.com unsafe-inline *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com use.fontawesome.com cdn.listrakbi.com cdn.pricespider.com 'self' 'unsafe-inline'; script-src *.pricespider.com api.tiles.mapbox.com snap.licdn.com widget.freshworks.com *.usablenet.com *.udev1a.net https://www.google.com/ https://www.gstatic.com/ https://commerce.adobedtm.com/ https://app.jazz.co/ *.marketingcloudfx.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.google.com *.gstatic.com js.klevu.com *.ksearchnet.com maps.googleapis.com *.googleapis.com *.maxmind.com services.listrak.com *.listrakbi.com *.tiktok.com *.bing.com *.hotjar.com connect.facebook.net wtbevents.pricespider.com locate.pricespider.com bam.nr-data.net js-agent.newrelic.com cdn.leadmanagerfx.com use.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src bat.bing.com *.google.ca *.pricespider.com px.ads.linkedin.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klevu.com *.ksearchnet.com flagpedia.net maps.gstatic.com www.facebook.com *.google.com *.usablenet.com www.dynatrap.com *.listrakbi.com www.gstatic.com www.zarebasystems.com maps.googleapis.com www.woodstream.com www.woodstreampartnerportal.com www.woodstreampartnerportal.ca www.terro.com www.victorpest.com www.havahart.com www.mosquitomagnet.com www.perkypet.com www.saferbrand.com vlink.victorpest.com www.woodstreambrands.ca storage.googleapis.com mediacdn.espssl.com *.woodstreampartnerportal.com s7d2.scene7.com data: 'self' 'unsafe-inline'; frame-src www.paypalobjects.com s.amazon-adsystem.com https://a40.usablenet.com/ https://ws-nameplate-printer.netlify.app/ services.listrak.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.google.com *.googleapis.com *.google.com *.weltpixel.com *.usablenet.com 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net content.hotjar.io *.hotjar.com bat.bing.com wss://*.hotjar.com/ *.mapbox.com cdn.linkedin.oribi.io widget.freshworks.com vc.hotjar.io woodstream.freshdesk.com https://commerce.adobedc.net/ https://commerce.adobe.io/ https://graph.instagram.com/ 'self' https://prod-29.westus.logic.azure.com/ *.webpagefx.org https://us-central1-ws-m2-dev-migration-map.cloudfunctions.net https://instagramfeed-lvc56rmsca-uc.a.run.app dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobedtm.com commerce.adobedc.net commerce.adobe.io *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com *.googleapis.com *.mmapiws.com *.tiktok.com recs.listrakbi.com google.com *.google.com paypal.com bam.nr-data.net t.leadmanagerfx.com *.marketingcloudfx.com 'self' 'unsafe-inline'; 10 default-src https:;font-src 'unsafe-inline' https: data:;child-src https:;connect-src https:;script-src 'unsafe-eval' 'unsafe-inline' 'self' https:;object-src;base-uri 'none';style-src 'unsafe-inline' https: data:;img-src https: data:; 10 frame-ancestors 'self' *.intuit.com 9 frame-ancestors *; report-uri https://www.rackspace.com/report-uri/enforce 9 frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com; 9 frame-ancestors 'self' *.lycos.com 9 default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 9 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 9 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 9 frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 9 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: about:; frame-src 'self' *; worker-src blob:; object-src https://wnyc-project-prod.s3.amazonaws.com; frame-ancestors 'self' localhost *; media-src 'self' *; 9 default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: ; child-src blob: ; 9 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital; frame-ancestors 'self' http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; 9 frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 9 default-src 'self' atos.net *.atos.net *.pardot.com assets.adobedtm.com *.cloudflare.com *.cloudfront.net *.vimeo.com *.vimeocdn.com *.akamaized.net *.tiny.cloud *.tinymce.com *.bootstrapcdn.com yoast.com *.yoast.com data: 'unsafe-inline' 'unsafe-eval' code.jquery.com *.gravatar.com ps.w.org klasresearch.com *.marketo.net *.mktoresp.com *.mktoweb.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.rlcdn.com *.bidr.io *.accountinsight.cloud *.licdn.com atos.tt.omtrdc.net content.onlinexperiences.com onlinexperiences.com w.soundcloud.com *.aio-events.com *.appspot.com cdn.syndication.twimg.com *.twimg.com *.twitter.com *.microsoft.com *.azureedge.net *.botframework.com *.bizzabo.com updates.themepunch-ext-b.tools updates.themepunch-ext-a.tools updates.themepunch.tools sliderrevolution.com *.sliderrevolution.com *.olympicchannel.com olympics.com *.cookielaw.org *.onetrust.com optanon.blob.core.windows.net *.glassdoor.com indd.adobe.com *.libsyn.com; frame-ancestors 'self' atos.net *.atos.net atosnews.net atos365.sharepoint.com; 9 frame-ancestors "none" 9 upgrade-insecure-requests ; 9 default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; font-src *; img-src * data: 9 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com 9 script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.verbraucherzentrale.de player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com verbraucherzentrale-sachsen.cloud.purpleview.de https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/ https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/ https://unpkg.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.verbraucherzentrale.de ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw https://unpkg.com ; frame-ancestors 'self' *.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de www.fakeshoperkennung.de www.fake-shop-erkennung.de; object-src 'self' *.verbraucherzentrale.de; 9 object-src 'none'; frame-ancestors 'none' 9 default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com https://*.zdassets.com; script-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; connect-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com wss://*.zopim.com https://*.zdassets.com; upgrade-insecure-requests; report-uri /csp.cgi; 9 frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk 9 default-src 'self' wss: https://static.zdassets.com https://ekr.zdassets.com https://*.contentful.com https://*.zendesk.com https://*.kampyle.com https://*.tigocloud.net wss://*.ooklaserver.net; frame-src 'self' https://bid.g.doubleclick.net https://*.tigocloud.net https://*.tigo.com.bo https://*.tigo.com.py https://www.youtube.com https://*.kampyle.com https://khipu.com/ https://www.reportv.com.ar https://*.crwdcntrl.net https://6493920.fls.doubleclick.net https://*.google.com https://*.tigo.com.hn https://*.speedtestcustom.com https://speedtest.cableonda.com https://tigoune.maps.arcgis.com https://www.une.com.co https://*.une.com.co https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.net https://traffic.kickadsit.com https://affperformance.com https://graph.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://www.google.com https://optimize.google.com https://www.google.com.ar https://*.tigocloud.net https://static.zdassets.com https://s.ytimg.com https://www.youtube.com/iframe_api https://widget-mediator.zopim.com https://*.kampyle.com https://js-agent.newrelic.com https://*.nr-data.net https://www.reportv.com.ar https://*.crwdcntrl.net https://tigo.us7.list-manage.com https://web.webpushs.com https://tigo.us18.list-manage.com https://static.ads-twitter.com https://www.gstatic.com https://cdn.epica.ai https://*.inbenta.chat https://*.inbenta.io https://*.googleoptimize.com https://ad.doubleclick.net https://cdn.smooch.io https://tigo.us9.list-manage.com https://www.youtube.com https://*.speedtestcustom.com https://speedtest.cableonda.com https://maps.googleapis.com https://www.rtb123.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googleapis.com https://tigobusiness.us6.list-manage.com https://analytics.twitter.com https://static.ads-twitter.com https://*.licdn.com https://sync.smartadserver.com https://*.cybba.solutions https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.net https://d2rp1k1dldbai6.cloudfront.net/cybba_latest.min.js https://traffic.kickadsit.com https://affperformance.com https://ads.sonataplatform.com https://graph.facebook.com https://sibautomation.com https://criteo.com https://criteo.net https://*.smooch.io https://*.zendesk.com https://facebook.com/signals/iwl.js; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.tigocloud.net https://*.inbenta.io https://*.speedtestcustom.com https://speedtest.cableonda.com https://*.smooch.io https://*.zendesk.com; img-src 'self' data: blob: https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://*.zopim.io https://lh3.googleusercontent.com https://platform-lookaside.fbsbx.com https://*.tigo.com.bo https://ssl.gstatic.com https://www.gstatic.com https://cdn.sendpulse.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://analytics.twitter.com https://svr.mic.edge.com.py http://openweathermap.org https://openweathermap.org https://bcp.crwdcntrl.net https://cx.atdmt.com https://ad.doubleclick.net https://*.inbenta.com https://*.inbenta.io https://*.speedtestcustom.com https://speedtest.cableonda.com https://prs.arkeero.net https://*.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googleapis.com https://*.googleadservices.com https://analytics.twitter.com https://static.ads-twitter.com https://sync.smartadserver.com https://*.cybba.solutions https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.net https://www.facebook.com https://traffic.kickadsit.com https://affperformance.com https://graph.facebook.com https://cdn.smooch.io https://*.gravatar.com https://*.smooch.io https://*.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.kampyle.com https://tagmanager.google.com https://cdn.sendpulse.com https://*.tigocloud.net https://*.inbenta.io https://*.google.com https://*.speedtestcustom.com https://speedtest.cableonda.com https://www.googletagmanager.com/debug/badge.css https://cdn.smooch.io https://*.smooch.io https://*.zendesk.com; connect-src * data:; object-src 'none'; form-action 'none'; base-uri 'self'; frame-ancestors 'self'; 9 frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com 9 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 9 font-src *;img-src * data:; 9 default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 9 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.verbund.com https://snap.licdn.com https://unpkg.com https://webcast.a1.net https://vjs.zencdn.net https://googleadservices.com https://www.gstatic.com https://js.anyline.com https://dev.visualwebsiteoptimizer.com https://verbundblog.disqus.com https://connect.facebook.net https://*.google.com https://*.googleapis.com https://s.ytimg.com https://*.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://platform.linkedin.com https://code.jquery.com https://platform.twitter.com https://c.disquscdn.com https://disqus.com https://*.disqus.com https://apps.verbund.at https://emea3.recruitmentplatform.com https://code.createjs.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://amplify.outbrain.com/cp/obtp.js https://tr.outbrain.com/cachedClickId; font-src 'self' https://netdna.bootstrapcdn.com https://fonts.gstatic.com data:; frame-src 'self' https://consent.verbund.com https://verbund.prosiebensat1puls4.tv/ https://base.streamdiver.com/ https://my.walls.io/ https://uvp-ots.sf.apa.at https://www.google.com https://optimize.google.com https://*.disqus.com https://disqus.com https://www.facebook.com https://connect.facebook.net https://www.googletagmanager.com https://www.youtube.com https://staticxx.facebook.com https://*.doubleclick.net https://*.twitter.com https://accounts.google.com https://irs.tools.investis.com https://apps.verbund.at https://consentcdn.cookiebot.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.verbund.com https://streamer.a1.net; media-src * blob: data:; img-src 'self' https://consent.verbund.com https://content.prescreen.io https://jobdata.prescreen.io https://px.ads.linkedin.com https://webcast.a1.net https://www.pw-footprints.de https://connect.facebook.net https://*.doubleclick.net https://3662592.fls.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.google.at https://www.google.de https://*.gstatic.com https://stats.g.doubleclick.net https://*.googleapis.com https://dev.visualwebsiteoptimizer.com https://*.twitter.com https://www.foto-webcam.eu https://*.it-wms.com data: https://i.ytimg.com https://www.facebook.com https://c.disquscdn.com https://referrer.disqus.com https://maps.google.com https://cx.atdmt.com https://www.verbund.com https://tr.outbrain.com; connect-src 'self' https://cdn.linkedin.oribi.io/partner/4825250/domain/verbund.com/token https://consent.verbund.com https://at-cdn14.streamdiver.com https://metrics.articulate.com/v1/import https://streamer.a1.net https://webcast.a1.net https://*.analytics.google.com https://analytics.google.com https://maps.googleapis.com https://consentcdn.cookiebot.com https://reporting.anyline.com https://js.anyline.com https://anyline-reporting.herokuapp.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleapis.com https://links.services.disqus.com https://dev.visualwebsiteoptimizer.com https://emea3.recruitmentplatform.com https://www.google.com/pagead/landing; style-src 'self' 'unsafe-inline' https://consent.verbund.com https://webcast.a1.net https://optimize.google.com https://c.disquscdn.com https://fonts.googleapis.com https://tagmanager.google.com; worker-src blob: https://www.verbund.com https://*.verbund.com; 9 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cquotient.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.dynamicyield.com https://empme11111.pcapredict.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.dynatrace.com https://*.google-analytics.com https://*.doubleclick.net https://*.dwin1.com https://*.facebook.net https://*.webgains.io https://*.bing.com https://*.criteo.net https://*.stylight.net https://*.linkfire.com https://*.pinimg.com https://*.adsrvr.org https://sc-static.net https://*.tiktok.com https://*.kuponacdn.de https://*.ad-srv.net https://ad4m.at https://*.bounce-commerce.de https://*.usemaxserver.de https://*.soreto.com https://*.gsitrix.com https://*.snapchat.com https://*.clarity.ms https://*.criteo.com https://*.paypal.com https://*.scarabresearch.com https://*.cloudfront.net https://*.fatmedia.io https://*.payments-amazon.com https://hal9000.redintelligence.net https://*.klarnacdn.net https://*.adyen.com https://live.adyen.com https://*.fitanalytics.com https://www.googleadservices.com https://api.sovendus.com https://www.awin1.com https://*.sciencebehindecommerce.com https://*.amazonaws.com https://*.b-cdn.net https://widget.fitanalytics.com https://*.klarnaservices.com https://*.cquotient.com https://*.webgains.link https://www.glami.sk https://www.glami.cz https://creativecdn.com https://dmdi.pl https://emp-merchandising-gmbh.jobbase.io https://emp-merchandising-gmbh.onlyfy.jobs https://cdn.studentbeans.com/third-party/all.js https://amplify.outbrain.com/cp/obtp.js https://ai.trk42.net/ https://pixel.dmdi.pl/s/tr.js https://c.imedia.cz/js/retargeting.js blob:; 9 font-src 'self' * 'unsafe-inline' 'unsafe-eval' *.ascension.org ; 9 frame-ancestors https:; 9 frame-src 'self' https://cflscoreboard.cfl.ca/ http://cflscoreboard.cfl.ca/ https://*.googlesyndication.com https://www.facebook.com/ https://www.google.com/ https://players.brightcove.net/ https://*.doubleclick.net https://player.simplecast.com/ https://*.oseg.ca https://www.youtube.com/ https://*.fevo.com/ https://forums.cfl.ca/ https://*.argonauts.ca/ https://player.vimeo.com/ https://w.soundcloud.com/ https://*.f2p.media.geniussports.com/ https://cdn.flipsnack.com/ https://mlse.formstack.com/ https://issuu.com/ https://gsm-widgets.betstream.betgenius.com/ https://chat.satis.fi/ https://tradablebits.com/ https://embed.waze.com/; 9 default-src * 'unsafe-inline' 'unsafe-eval' data: 9 frame-ancestors 'self' https://test.authorize.net https://accept.authorize.net 9 default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 9 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 9 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 9 frame-ancestors 'self' https://drivmp--fullcopy.lightning.force.com https://drivmp--fullcopy.my.salesforce.com https://drivmp--fullcopy--c.visualforce.com https://drivmp.lightning.force.com https://drivmp.my.salesforce.com https://drivmp--c.visualforce.com https://drivmp--fullcopy.sandbox.lightning.force.com https://drivmp--fullcopy.sandbox.my.salesforce.com https://drivmp--fullcopy--c.sandbox.visualforce.com https://drivmp--fullcopy--c.sandbox.vf.force.com https://drivmp--c.vf.force.com 9 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; 9 default-src 'self' ; script-src 'self' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://www.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com wss://*.zendesk.com wss://*.zopim.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://bucket-vica.vica.gov.sg https://autocomplete.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com ; 9 require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport 9 frame-ancestors 'self' *.facebook.com 9 frame-ancestors 'self'; report-uri csp-reports; report-to csp-endpoint; 9 font-src 'none' 9 script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 9 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 9 frame-ancestors 'self' *.plentymarkets-cloud-ie.com 9 frame-ancestors https://webshop.scannet.dk https://webshop-admin.scannet.dk https://admin.hostedshop.dk https://admin.hostedshop.io https://admin.hostedcms.nu https://admin.hostedcms.io https://webshop.dandomain.dk https://admin.smartweb.io 9 frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 8 upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 8 frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 8 base-uri 'self'; block-all-mixed-content; child-src 'self' blob:; connect-src 'self' *.force.com *.media.brightcove.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.tt.omtrdc.net *.eu.auth0.com *.usercentrics.eu adservice.google.com adservice.google.com api.dc.siemens.com assets.new.siemens.com blob: cdn.cookielaw.org cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com cognito-identity.eu-west-1.amazonaws.com data.cdn.siemens.com dataplane.rum.eu-west-1.amazonaws.com dc.oracleinfinity.io dev.api.dc.siemens.com edge.api.brightcove.com geolocation.onetrust.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net metrics.brightcove.com new.siemens.com www.siemens.com o1.ingest.sentry.siemens-web.com privacyportal-eu.onetrust.com profiles.siemens.com searchapi.new.siemens.com secure.brightcove.com siemens.demdex.net siemens.sc.omtrdc.net siemensdigitalindustries.nanorep.co sts.eu-west-1.amazonaws.com tools.adlytics.net uat.api.dc.siemens.com visitor-services.nanorep.com w3.siemens.com www.facebook.com www.google.com www.google.com *.brapps.siemens.cloud *.brappsqa.siemens.cloud mktdplp102cdn.azureedge.net 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com *.virtualevent.siemens.com go.cuenect.de partnerinfo.siemens.at hitech.at www.siemens.at resource.finnchat.com api-fra.livechatinc.com ue2gfcryae.execute-api.eu-central-1.amazonaws.com sea-api.siemens.cloud sleeknotestaticcontent.sleeknote.com images.sleeknote.com dvt4t9p29wi8.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com www.hqs.sbt.siemens.com www.cdn.botfriendsx.com *.smooch.io wss://*.smooch.io d1p0l0wtisukf7.cloudfront.net author.new.siemens.com cdn.linkedin.oribi.io rs.eu1.fullstory.com cert-portal.siemens.com; default-src 'self' blob:; font-src 'self' cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com data: tools.adlytics.net script.hotjar.com www.cdn.botfriendsx.com; frame-ancestors 'self' contentpath.siemens.com mc.contentpath.siemens.com resources.dc.siemens.com siemensfactoryautomation.pathfactory.com; frame-src 'self' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu bid.g.doubleclick.net td.doubleclick.net cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com jobs.siemens-info.com pages.siemens-info.com playout.3qsdn.com sites.siemens-info.com tpc.googlesyndication.com www.facebook.com 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com secure-fra.livechatinc.com vars.hotjar.com *.c2comms.cloud *.siemens.com; img-src 'self' *.prod.boltdns.net *.siemens.com *.tt.omtrdc.net *.usercentrics.eu 825113843.privacysandbox.googleadservices.com ad.doubleclick.net adservice.google.com adservice.google.com android-webview-video-poster: blob: brightcove04pmdo-a.akamaihd.net cdn.cookielaw.org cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com data: dc.ads.linkedin.com dc.oracleinfinity.io googleads.g.doubleclick.net metrics.brightcove.com px.ads.linkedin.com px4.ads.linkedin.com secure.adnxs.com siemens.mindsphere.io siemens.sc.omtrdc.net stats.adlytics.net t.co tr.outbrain.com trc.taboola.com www.facebook.com www.google.com www.google.com www.googletagmanager.com www.linkedin.com 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com cdn.go.cuenect.net siemenscrm--c.vf.force.com siemenscrm.lightning.force.com siemenscrm.my.salesforce.com partnerinfo.siemens.at hitech.at baudoku.1000eyes.de cdn.livechatinc.com cdn.livechat-files.com analytics.sleeknote.com static.hotjar.com script.hotjar.com botbuilder.siemens.cloud *.smooch.io ib.adnxs.com; manifest-src 'self'; media-src 'self' *.cf.brightcove.com *.media.brightcove.com assets.new.siemens.com blob: data: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net secure.brightcove.com; object-src players.brightcove.net w3.siemens.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.ste.dc.siemens.com *.usercentrics.eu ajax.googleapis.com analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com client.rum.us-east-1.amazonaws.com connect.facebook.net cookies.siemens.com d.oracleinfinity.io data.cdn.siemens.com dataplane.rum.eu-central-1.amazonaws.com geolocation.onetrust.com googleads.g.doubleclick.net img.en25.com jsd-widget.atlassian.com my.nanorep.com new.siemens.com www.siemens.com players.brightcove.net profiles.siemens.com scripts.demandbase.com siemensdigitalindustries.nanorep.co snap.licdn.com static.ads-twitter.com tools.adlytics.net tpc.googlesyndication.com vjs.zencdn.net w3.siemens.com www.automation.siemens.com www.google.com www.google.com www.googleadservices.com www.googletagmanager.com mktdplp102cdn.azureedge.net wwwstage.siemens.com resource.finnchat.com cdn.livechatinc.com api.livechatinc.com api-fra.livechatinc.com secure-fra.livechatinc.com sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com static.hotjar.com script.hotjar.com botbuilder.siemens.cloud www.cdn.botfriendsx.com *.smooch.io 322e30018b7e4846825041773c891f42.svc.dynamics.com www.sfs.siemens.de *.virtualevent.siemens.com *.c2comms.cloud edge.eu1.fullstory.com; style-src 'self' 'unsafe-inline' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu cdn.siemens-web.com cdn.c2comms.cloud cdn.siemens.com assets.new.siemens.com new.siemens.com www.siemens.com profiles.siemens.com tools.adlytics.net w3.siemens.com static.hotjar.com script.hotjar.com botbuilder.siemens.cloud www.cdn.botfriendsx.com www.sfs.siemens.de; upgrade-insecure-requests; worker-src 'self' 'unsafe-inline' blob:; report-uri https://o4504753513824256.ingest.sentry.io/api/4505124930846720/security/?sentry_key=25c01f957d7a4a1887ecbe97323bdba6&sentry_environment=siemenscom-prod&sentry_release=d1eb8ef2; 8 object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 8 frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 8 form-action https: 8 default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 8 frame-ancestors *.euractiv.com euractiv.com *.euractiv.fr euractiv.fr *.euractiv.de euractiv.de *.euractiv.gr euractiv.gr *.euractiv.pl euractiv.pl *.euractiv.sk euractiv.sk *.euraciv.cz euractiv.cz *.euractiv.it euractiv.it *.euractiv.es euractiv.es euractiv.bg api-esp-eu.piano.io; 8 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: legacy.questdiagnostics.com www.questdiagnostics.com *.scene7.com tags.tiqcdn.com www.googletagmanager.com www.youtube.com analytics.js *.google-analytics.com *.qualtrics.com img04.en25.com cdn.cookielaw.org maps.googleapis.com *.questdiagnostics.com tag.demandbase.com; connect-src 'self' *.scene7.com target.questdiagnostics.com *.google-analytics.com stats.g.doubleclick.net *.qualtrics.com cdn.cookielaw.org geolocation.onetrust.com maps.googleapis.com *.questdiagnostics.com dpm.demdex.net wss: directline.botframework.com; frame-ancestors 'self' *.questdiagnostics.com *.qdx.com 8 frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.vfz-services.nl https://*.prod.aws.ziggo.io https://*.acc.aws.ziggo.io https://*.dev.aws.ziggo.io https://*.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl; 8 default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 8 reflected-xss block 8 object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fonts.bunny.net https://js-agent.newrelic.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://static.hotjar.com https://a.optnmstr.com https://www.youtube.com https://script.hotjar.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://files.cdn.leadfamly.com *.leadoo.com https://www.buzzsprout.com https://www.facebook.com https://platform.marksmen.nl *.mouseflow.com https://js-eu1.hs-scripts.com https://js-eu1.hsforms.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hsleadflows.net https://js.hsforms.net https://forms.hsforms.com dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 8 require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport 8 frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com quantserv.com adnxs.com impactradius-event.com dgm-au.com everestjs.net everesttech.net yahoo.com xg4ken.com *.uplift.com cloudfront.net bing.com logx.optimizely.com aacdn.nagich.com www.google-analytics.com *.quantummetric.com *.cdnbasket.net abgnz.wufoo.com *.salecycle.com; 8 frame-ancestors 'self' https://*.emerson.com https://*.emerson.cn https://*.emerson.co.jp https://*.emerson.kr https://*.ariba.com https://*.tradecentric.com https://mypunchoutsite.com https://*.coupahost.com https://*.determine.com https://*.gep.com https://emerson.pathfactory.com 8 frame-ancestors https://*.flexera.com https://*.flexera.de https://*.revenera.com https://*.revenera.de https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com; default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; form-action 'self'; script-src * 'unsafe-eval' 'unsafe-inline' https:; style-src * 'self' 'unsafe-inline' https: 8 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 8 default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://hossa.inwx.com *.zammad.inwx.de ws: wss: *.google-analytics.com stats.g.doubleclick.net *.hossa.inwx.com; 8 frame-ancestors 'self' gather.town; 8 frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 8 default-src *; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://suggestqueries.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://www.googletagmanager.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 8 default-src blob: 'unsafe-eval' 'unsafe-inline' https: wss://lo2.msg.liveperson.net; img-src data: https:; font-src data: https: 8 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https:; frame-src http: https: data:; upgrade-insecure-requests 8 frame-ancestors 'self'; object-src 'none' 8 frame-ancestors 'self'; object-src 'none'; 8 default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none' ; 8 frame-ancestors 'self'; base-uri 'self'; 8 script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 8 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 8 form-action 'self'; 8 frame-ancestors 'self' https://virtual-tours.msccruises.com; 8 frame-ancestors 'self' letmedate.com www.letmedate.com 8 default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 8 object-src 'self'; 8 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 8 default-src https: wss://*.hotjar.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 8 frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 8 default-src 'unsafe-inline' data: about: hcom: blob: callback: chrome-error: *; script-src 'unsafe-eval' 'unsafe-inline' data: about: blob: asset: *; report-uri https://hcom.report-uri.com/r/t/csp/enforce 8 default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 8 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 8 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:; 8 upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 8 frame-ancestors https://cms-prod.brxm.grandvision.io 8 default-src * https: data: blob: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 8 default-src * 'unsafe-inline' 'unsafe-eval' data:; 8 'self' https://ajax.googleapis.com 8 upgrade-insecure-requests;, upgrade-insecure-requests 8 form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 8 child-src 'self' blob: www.cdn-net.com prod.accdab.net https://pay.google.com/gp/p/js/pay.js; connect-src * ws-mt1.pusher.com rts-euc.freshworksapi.com; default-src 'self' assets.travix.com *.cdn-net.com; img-src 'self' * data:; font-src 'self' data: assets.travix.com fonts.googleapis.com fonts.gstatic.com js.skyscnr.com; object-src 'self' www.cdn-net.com prod.accdab.net https://pay.google.com/gp/p/js/pay.js; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: cdn.polyfill.io assets.travix.com www.cdn-net.com prod.accdab.net beacon.riskified.com six.cdn-net.com tagmanager.google.com https://pay.google.com/gp/p/js/pay.js *.criteo.com *.cdn-net.com *.doubleclick.net *.facebook.net *.facebook.com *.googleadservices.com ad.zanox.com ads.travelaudience.com adservice.google.com analytics.skyscanner.net awin1.com bat.bing.com cdn.pushalert.co ck.ncclick.co.kr click.accesstrade.in.th clkuk.tradedoubler.com connect.facebook.net deploy.mopinion.com ds1.nl dwin1.com emjcd.com google-analytics.com googletagmanager.com kayak.com static.ads-twitter.com static.hotjar.com t.cfjump.com t1.daumcdn.net tm.tradetracker.net track.adform.net track.omguk.com tradedoubler.net ts.tradetracker.net wcs.naver.net cars.cartrawler.com cdn.euc-freshbots.ai rts-euc.freshworksapi.co; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com tagmanager.google.com googletagmanager.com cars.cartrawler.com product-router.cartrawler.com d6tizftlrpuof.cloudfront.net cdn.euc-freshbots.ai; prefetch-src 'self' assets.travix.com *.cdn-net.com; frame-src www.booking.com *.bstatic.com *.doubleclick.net *.hotjar.com secure-test.worldpay.com ogone-tpp.prd.travix.com aci-tpp.prd.travix.com centinelapi.cardinalcommerce.com pay.google.com *.cdn-net.com product-router.cartrawler.com https://checkout.paypal.com/ https://www.sandbox.paypal.com/ https://www.paypal.com/ *.cardinalcommerce.com https://www.google.com/maps/ https://www.youtube.com/embed/ 8 frame-ancestors 'self'; base-uri 'self' 8 frame-ancestors 'self' https://secure.safecharge.com; 8 block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 8 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://cdn.territories.bnpparibas; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 8 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 8 frame-ancestors https://app.pendo.io; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io; font-src 'self' https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; frame-src 'self' https://app.pendo.io; worker-src 'self' 8 default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 8 default-src'self' 8 frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 8 frame-ancestors 'self' oricohxr.works ricoh.oricohxr.works; 8 default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 8 frame-ancestors 'self' app.storyblok.com; 7 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 7 frame-ancestors 'self' https://www.fortinet.com 7 frame-ancestors https://*.ringcentral.com https://*.ringcentral.ca https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://support.ringcentral.biz https://outlook.live.com https://outlook.office365.com https://outlook.office.com 7 frame-ancestors 'self' *.psplugin.com 7 default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com; media-src * blob: 7 frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 7 default-src *.acer.com *.acer.com.cn https: 'unsafe-inline' 'unsafe-eval' ; object-src *; script-src *.acer.com *.acer.com.cn https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.acer.com *.acer.com.cn; img-src * 'self' data: https:; font-src * 'self' data: https:; 7 upgrade-insecure-requests;report-uri /csp-violation-report-endpoint/ 7 frame-ancestors 'self' https://nurture.solarwinds.com/ 7 frame-ancestors *.3ds.com *.solidworks.com; base-uri 'self' 7 frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ https://customerportal.solarwinds.com/ https://www.g2.com/ 7 frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com 7 frame-ancestors 'self' *.cybersource.com *.salesforce.com *.force.com ; form-action *.cybersource.com *.salesforce.com *.force.com 'self' 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: https: blob:; connect-src https: wss:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests 7 frame-ancestors 'self' *.multimediabs.com *.orange.com *.orange-business.com *.backoffice.mastermedia.orange-business.com 7 frame-ancestors 'self' https://es.chevrolet.com 7 default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 7 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 7 frame-ancestors 'self' https://webvisor.com https://awards.ratingruneta.ru 7 default-src 'self' fonts.googleapis.com 'unsafe-inline' cdn.cookielaw.org www.googletagmanager.com *.imgix.net f7132108c1tst-store.occa.ocs.oraclecloud.com onlinestore.sgs.com static.cloud.coveo.com www.google-analytics.com www.sgs.com auditedsupplier.sgsgroup.com.cn cdn.jsdelivr.net bot.leadoo.com pagead2.googlesyndication.com res.leadoo.com analytics.cloud.coveo.com jobpal-sm.s3.amazonaws.com analytics-eu.cloud.coveo.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com res.leadoo.com jobpal-sm.s3.amazonaws.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://*.smooch.io https://*.smooch.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org *.googletagmanager.com www.google.com https://www.google.com www.gstatic.com static.cloud.coveo.com www.google-analytics.com https://www.google-analytics.com cdn.jsdelivr.net *.leadoo.com cdn.cookielaw.org pagead2.googlesyndication.com *.en25.com *.eloqua.com www.youtube.com static.hotjar.com script.hotjar.com s.go-mpulse.net jobpal-sm.s3.amazonaws.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://*.smooch.io https://*.smooch.io https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.recaptcha.net https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://static.cloud.coveo.com jobpal-sm.s3.amazonaws.com *.leadoo.com; frame-src 'self' tools.eurolandir.com www.google.com youtu.be www.sgs.com www.youtube.com *.hotjar.com *.sgs.com www.sgs.pl auditedsupplier.sgsgroup.com.cn https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.fls.doubleclick.net http://*.smooch.io https://*.smooch.io bid.g.doubleclick.net www.linkedin.com *.facebook.com connect.facebook.net *.leadoo.com https://www.recaptcha.net https://optimize.google.com; child-src 'self' *.youtube-nocookie.com www.youtube.com v.qq.com www.google.com *.sgs.com *.facebook.com connect.facebook.net; frame-ancestors 'self' www.googletagmanager.com www.sgs.pl; connect-src 'self' f7132108c1tst-store.occa.ocs.oraclecloud.com onlinestore.sgs.com cdn.cookielaw.org *.leadoo.com platform-eu.cloud.coveo.com anl.leadoo.com analytics.cloud.coveo.com pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com www.google.com googleads.g.doubleclick.net privacyportal-de.onetrust.com *.go-mpulse.net jobpal-sm.s3.amazonaws.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://*.smooch.io https://*.smooch.io *.googletagmanager.com *.g.doubleclick.net *.google.com https://www.google-analytics.com *.linkedin.com *.licdn.com *.facebook.com connect.facebook.net analytics-eu.cloud.coveo.com *.akstat.io https://cdn.linkedin.oribi.io https://geolocation.onetrust.com; img-src 'self' data: *.sgs.com *.imgix.net *.leadoo.com sgs.imgix.net *.google-analytics.com *.analytics.google.com *.eloqua.com i.ytimg.com cdn.cookielaw.org *.cdninstagram.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.fls.doubleclick.net http://*.smooch.io https://*.smooch.io https://ssl.gstatic.com https://www.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://www.google-analytics.com https://ade.googlesyndication.com *.linkedin.com *.licdn.com p.adsymptotic.com *.facebook.com *.facebook.net *.fbcdn.net https://optimize.google.com; worker-src 'self' https: blob:; media-src 'self' media.licdn.com; form-action 'self' *.facebook.com connect.facebook.net; 7 frame-ancestors https://*.canalplus.com https://*.canal-plus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 https://*.canalplus.com:3000 http://*.timvision.it https://*.timvision.it http://*.timvision.it:8888 https://*.timvision.it:3000 7 img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 7 default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 7 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 7 frame-ancestors 'self' *.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com *.pricespider.com *.mapbox.com cdnjs.cloudflare.com 7 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; connect-src https: wss: 7 frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com stage.sitekreator.com; 7 frame-ancestors https://oa.sheincorp.cn https://activity-admin.biz.sheincorp.cn https://csp.sheincorp.cn https://sqs-admin.biz.sheincorp.cn https://sqs-admin.biz.sheinbackend.com https://sqs-admin-gray01.biz.sheinbackend.com https://ccc.biz.sheincorp.cn https://ccc-store.biz.sheincorp.cn https://ccc-store.shein.com 7 default-src * data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://www.saseurobonusshop.com/ https://eurobonus.shopping https://saseurobonusmastercard.se/ https://saseurobonusmastercard.no/ https://saseurobonusmastercard.dk/ https://swipp.com https://app.swipp.com https://www.rewardspay.com/ https://upgrade.plusgrade.com https://consumer-prdb.plusgrade.com https://consumer-prd.plusgrade.com https://sas-next-staging.crossroads.se/ https://www.coop.se https://kiosk.coop.se https://www-stg.rewardspay.com 'self' 7 frame-ancestors 'self' *.backushospital.org *.charlottehungerford.org *.ctorthoinstitute.org *.ctorthomidstate.org *.ctorthostvincents.org *.hartfordhealthcare.org *.hartfordhealthcare.org *.hartfordhealthcareathome.org *.hartfordhealthcaremedicalgroup.org *.hartfordhealthcarerehabnetwork.org *.hartfordhospital.org *.hartfordhospital.org *.hhcandme.com *.hhcbehavioralhealth.org *.hhcconnect.com *.hhcconnect.net *.hhcconnect.org *.hhchealth.com *.hhchealth.net *.hhchealth.org *.hhcseniorservices.org *.hhcsystem.org *.instituteofliving.org *.integratedcarepartners.org *.midstatemedical.org mychartplus.org *.mychartplus.org *.natchaug.org *.rushford.org *.stvincents.org *.thocc.org 7 default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; img-src https: data: blob: 'self'; media-src https: 'self'; object-src 'self'; font-src https://fonts.gstatic.com https://fonts.googleapis.com 'self' https:; frame-ancestors https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 'self'; frame-src https:; connect-src https: 'self' 7 frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 7 frame-ancestors 'https://developer.livehelpnow.net/js/socket.js'; 7 default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 7 img-src 'self' *.twimg.com *.twitter.com img.youtube.com *.s3waas.gov.in secure.gravatar.com data: maps.gstatic.com maps.googleapis.com cbpssubscriber.mygov.in;connect-src 'self' *.s3waas.gov.in maps.googleapis.com www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 7 frame-ancestors 'self' *.evergage.com *.evgnet.com *.vimeo.com *.hotjar.com;frame-src 'self' blob: https:;default-src 'self' 'unsafe-inline' blob: https:;font-src 'self' https: data:;script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:;connect-src 'self' wss: https: blob:; 7 frame-ancestors https://shop.commissaries.com; 7 default-src 'self'; font-src 'self' *.kaltura.com cdnjs.cloudflare.com data: fonts.gstatic.com vjs.zencdn.net *.hotjar.com;img-src 'self' data: *.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.twitter.com *.twimg.com *.youtube.com *.kaltura.com *.linkedin.com *.6sc.co *.facebook.com *.eloqua.com *.verisk.com *.albacross.com metrics.brightcove.com *.air-worldwide.com www.google.com verisk.d1.sc.omtrdc.net t.co p.adsymptotic.com cm.everesttech.net dpm.demdex.net cf-images.us-east-1.prod.boltdns.net veriskisonetprod.112.2o7.net i.ytimg.com www.googletagmanager.com www.greatplacetowork.com cdn.cookielaw.org api.mapbox.com f1.media.brightcove.com udc-neb.kampyle.com *.maplecroft.com ajax.googleapis.com public.tableau.com www.google.co.uk nebula-cdn.kampyle.com w3.poweradvocate.com https://optimize.google.com www.gstatic.com https://jumbe.zaius.com https://6016449.global.siteimproveanalytics.io/heat.aspx https://6016449.global.siteimproveanalytics.io/image.aspx https://uploads.commoninja.com *.optimizely.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com www.google-analytics.com *.googleapis.com *.google.com www.gstatic.com *.cookielaw.org *.googletagmanager.com assets.adobedtm.com *.twimg.com kaltura.com *.cloudflare.com dl.episerver.net *.facebook.net fonts.googleapis.com players.brightcove.net az416426.vo.msecnd.net *.xactware.com *.kaltura.com *.licdn.com *.albacross.com *.oktopost.com *.6sc.co *.ads-twitter.com *.cave9tape.com okt.to geolocation.onetrust.com script.crazyegg.com www.googleadservices.com vjs.zencdn.net img.en25.com s1065293013.t.eloqua.com googleads.g.doubleclick.net *.salesforceliveagent.com *.linkedin.com nebula-cdn.kampyle.com unpkg.com cdn.mouseflow.com public.flourish.studio *.hotjar.com pi.pardot.com *.maplecroft.com www.buzzsprout.com public.tableau.com ionfiles.scribblecdn.net readymag.com js.hsforms.net *.hsforms.com *.youtube.com snap.licdn.com player.vimeo.com api-ssl.bitly.com nebula-cdn.kampyle.com screencapture.kampyle.com/screenApi/load/0d9bccf0-07c5-4694-abf9-9f4bcf1d1ec2.js screencapture-cdn.kampyle.com www.googleanalytics.com www.googleoptimize.com https://optimize.google.com https://secure.leadforensics.com/ https://activitymap.adobe.com https://cdn-app.continual.ly/ https://cdn.commoninja.com/sdk/latest/commonninja.js https://cdn.calconic.com *.fraudblocker.com https://d1igp3oop3iho5.cloudfront.net https://siteimproveanalytics.com/js/siteanalyze_6016449.js https://code.jquery.com/jquery-3.3.1.min.js https://cdn.addevent.com/libs/atc/1.6.1/atc.min.js *.cdn.commoninja.com *.commoninja.com *.cdn.commoninja.com/wr/static https://code.jquery.com/jquery-3.6.3.min.js https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css https://cdn.optimizely.com/js/22793102135.js https://cdn-assets-prod.s3.amazonaws.com/js/preview2/22793102135.js *.optimizely.com;style-src 'self' 'unsafe-inline' *.googleapis.com dl.episerver.net *.twitter.com *.twimg.com cdnjs.cloudflare.com *.verisk.com unpkg.com https://optimize.google.com https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css https://app.continual.ly/ https://cdn-app.continual.ly;frame-src 'self' platform.twitter.com www.google.com *.twitter.com *.youtube.com *.surveygizmo.com insuranceservicesofficeinc.demdex.net *.facebook.com bid.g.doubleclick.net *.hotjar.com *.pardot.com www.buzzsprout.com public.tableau.com verisk.postclickmarketing.com *.brightcove.net *.acast.com embed.readymag.com s1120.t.eloqua.com flo.uri.sh go.maplecroft.com player.vimeo.com go.maplecroft.com nebula-cdn.kampyle.com https://optimize.google.com https://cdnapisec.kaltura.com/ https://www.youtube-nocookie.com/ https://www.insurancejournal.tv/ https://www.bloomberg.com/ https://activitymap.adobe.com https://app.powerbi.com https://lifedemo.shinyapps.io/ https://survey.alchemer.com/ https://app.continual.ly/ https://www.commoninja.com/ https://calendar.google.com/ https://accounts.google.com/ https://a22793102135.cdn.optimizely.com/ https://capture.navattic.com/;media-src 'self' *.kaltura.com blob: *.air-worldwide.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net;connect-src 'self' *.kaltura.com www.google-analytics.com *.brightcove.com dc.services.visualstudio.com dpm.demdex.net epsilon.6sense.com cdn.cookielaw.org stats.g.doubleclick.net https://c.6sc.co/ https://secure.adnxs.com/getuidj *.albacross.com http://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.crazyegg.com www.googleapis.com veriskisonetprod.112.2o7.net verisk.d1.sc.omtrdc.net privacyportal.onetrust.com *.hotjar.com vc.hotjar.io ws: *.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com https://otc.xactware.com/XactwareLms/certificationListing.xml nebula-cdn.kampyle.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://opreq.observepoint.com/ https://cdn-app.continual.ly https://app.continual.ly/ https://wss-pr.continual.ly:6001 https://www.commoninja.com https://app.calconic.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://cdn.commoninja.com/api/v1/embed/e594afb2-85be-48ad-9c87-8296dafe748f *.optimizely.com ; child-src 'self' *.kaltura.com blob: *.air-worldwide.com insuranceservicesofficeinc.demdex.net *.surveygizmo.com; 7 default-src 'self' https://* http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; worker-src 'self' https://* blob:; connect-src 'self' https://* http://* wss:; font-src 'self' data: 7 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 7 default-src * blob: data: about:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob:; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' 7 frame-ancestors 'self' https://chat.baidu.com https://fj-chat.baidu.com https://hba-chat.baidu.com https://hbe-chat.baidu.com https://njjs-chat.baidu.com https://nj-chat.baidu.com https://hna-chat.baidu.com https://hnb-chat.baidu.com; 7 frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru 7 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src * blob: ; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 7 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 7 unsafe-inline 7 object-src 'none'; form-action 'self'; frame-ancestors 'none' 7 block-all-mixed-content; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 7 frame-ancestors accounts.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 templates-test.shopbase.com:443 themes.shopbase.com:443 *.onshopbase.com:443 *.shopbase.net.cn:443 'self' 7 img-src * data: blob: 7 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 7 script-src 'self' https: https://* s7.addthis.com tk3d.tk3dapi.com js.braintreegateway.com *.google.com google.com *.google-analytics.com googletagmanager.com platform.twitter.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 7 default-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: unpkg.com cdn.dxpr.com www.googletagmanager.com www.gstatic.com cdn.lightwidget.com cdn.cookielaw.org static.hotjar.com script.hotjar.com geolocation.onetrust.com static.cloudflareinsights.com *.google-analytics.com iframely.shorthand.com analytics.shorthand.com stats.g.doubleclick.net data: cdn.cookielaw.org geolocation.onetrust.com ajax.cloudflare.com cdnjs.cloudflare.com www.youtube.com youtube.com maps.googleapis.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com fonts.googleapis.com cdn.dxpr.com cdn.jsdelivr.net; img-src 'self' reedexhibitions.com www.rxglobal.com rxglobal.com *.google-analytics.com www.google.com www.google.co.uk *.googletagmanager.com data.shorthand.com iframely.shorthand.com maps.googleapis.com cdnjs.cloudflare.com img.youtube.com cdn.dxpr.com cdn.cookielaw.org maps.gstatic.com data: ; frame-src cdn.lightwidget.com vars.hotjar.com youtube.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com iframely.shorthand.com rx.bnurl.com drive.google.com; object-src data: 'unsafe-eval'; connect-src 'self' blob: rxglobal.com rxglobal.at cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com *.google-analytics.com gateway.shorthand.com www.gstatic.com stats.g.doubleclick.net data.shorthand.com in.hotjar.com rx.bnurl.com api.segment.io cdn.dxpr.com maps.googleapis.com; base-uri 'none'; worker-src blob: 7 upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; prefetch-src 'self' 7 default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; 7 upgrade-insecure-requests;script-src * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src * 'unsafe-inline';img-src * data:;font-src *;connect-src *;manifest-src data:;frame-ancestors 'self';form-action *;base-uri 'self';object-src 'none' 7 worker-src 'self'; 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' 7 default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: https://* 7 script-src *; 7 frame-ancestors 'self' *.betssongroupaffiliates.com 7 frame-ancestors 'self' * 7 frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa *.mapfreinsurance.com *.mapfre.com.tr; 7 frame-ancestors 'self' ;upgrade-insecure-requests; 7 default-src wss: https: http: data: blob:; img-src https: data: http:; style-src https: 'unsafe-inline' http:; script-src https: 'unsafe-inline' 'unsafe-eval' http:; form-action https: http:; report-uri /api/v2/csp-violation 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 7 'self'; 7 default-src 'self' https://niccicms.raj.nic.in/ https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' 'unsafe-eval' data:; 7 default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 7 frame-ancestors 'self' http://*.elsevier.es/ 7 upgrade-insecure-requests; default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 7 frame-ancestors 'self' https://www.mapama.gob.es 7 default-src 'self' ; script-src 'self' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://www.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com wss://*.zendesk.com wss://*.zopim.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com ; 7 default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https:; style-src https: 'unsafe-inline'; connect-src https: wss:; frame-src https:; font-src * data:; report-uri /csp-report; report-to csp-report; object-src 'none'; frame-ancestors *.optimizely.com; 7 frame-ancestors 'self'; report-uri /log/csp-violation 7 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 7 frame-ancestors 'self' *.roomlynx.net 7 upgrade-insecure-requests;, upgrade-insecure-requests; 7 frame-ancestors 'self' https://gtranslate.io; 7 default-src 'self'; script-src 'self' stryker.us12.list-manage.com s3.amazonaws.com cdn-images.mailchimp.com connect.facebook.net snap.licdn.com fast.fonts.net www.google-analytics.com *.googleapis.com www.google.com www.gstatic.com *.vimeo.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' s3.amazonaws.com cdn-images.mailchimp.com *.googleapis.com fast.fonts.net; font-src 'self' data: fast.fonts.net *.googleapis.com *.gstatic.com; img-src *; child-src *.vimeo.com *.google.com; connect-src 'self' www.google-analytics.com *.doubleclick.net 7 default-src *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.doubleverify.com *.googlesyndication.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.relap.io *.roxot-panel.com *.serving-sys.com *.serving-sys.ru *.vk.com *.weborama-tech.ru *.weborama.fr adservice.google.com adservice.google.ru an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org cdn.consentmanager.net consentmanager.mgr.consensu.org home.mrgcdn.ru iframe.s3.yandex.net mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru relap.io static.criteo.net static.dzeninfra.ru vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.criteo.com *.doubleverify.com *.dzen.ru *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.relap.io *.roxot-panel.com *.serving-sys.com *.serving-sys.ru *.vk.com *.weborama-tech.ru *.weborama.fr ads.betweendigital.com an.yandex.ru avatars.dzeninfra.ru cdn.consentmanager.mgr.consensu.org cdn.jsdelivr.net consentmanager.mgr.consensu.org csi.gstatic.com dzen.ru home.mrgcdn.ru ib.adnxs.com jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru pagead2.googlesyndication.com pb.adriver.ru prebid-bidder.rutarget.ru prebid-eu.creativecdn.com px.adhigh.net relap.io securepubads.g.doubleclick.net ssp.hybrid.ai ssp.otm-r.com static.criteo.net static.dzeninfra.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net ymetrica1.com; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.vk.com *.yandex.net coub-anubis-a.akamaized.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org home.mrgcdn.ru static.dzeninfra.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru tpc.googlesyndication.com vk.com www.google.com yandex.ru yandexadexchange.net yastat.net yastatic.net; report-uri https://cspreport.mail.ru/home?disposition=enforce&rev=11.07.22; 6 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none'; base-uri https://*.gracenote.com 6 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru; worker-src blob: 'self'; connect-src * wss: blob: data:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report; 6 frame-ancestors 'self' https://premiersupport.intel.com https://c0.avaamo.com *.intel.com; 6 default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: https:; object-src 'none'; connect-src https: wss:; script-src 'unsafe-inline' https: 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; media-src 'self' blob: data: https:; font-src 'self' data: https://use.typekit.net https://cdn.vidible.tv https://cdnjs.cloudflare.com https://fonts.gstatic.com https://s0.wp.com ; 6 frame-ancestors nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.redhat.com *.intercomcdn.com *.intercom.io *.qualtrics.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com s1795.t.eloqua.com script.hotjar.com scripts.demandbase.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com secure.eloqua.com dpm.demdex.net api.demandbase.com autocomplete.demandbase.com tag.demandbase.com platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.redhat.com *.intercomcdn.com *.intercom.io *.qualtrics.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com s1795.t.eloqua.com script.hotjar.com scripts.demandbase.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com secure.eloqua.com dpm.demdex.net api.demandbase.com autocomplete.demandbase.com tag.demandbase.com platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; style-src 'self' 'unsafe-inline' *.redhat.com fonts.googleapis.com js.driftt.com autocomplete.demandbase.com https://static.redhat.com https://www.redhat.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' tracks.redhat.com; report-uri https://o425042.ingest.sentry.io/api/5370002/security/?sentry_key=676ea2c2d4a147c2834066d24c04a9e4&sentry_environment=prod 6 frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com https://servicenow.highspot.com 6 frame-ancestors 'self' www.united-internet-media.de adimg.uimserv.net advideo.uimserv.net 6 block-all-mixed-content;frame-ancestors *.mail.com 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 6 frame-ancestors 'self' https://*.cornerstoneondemand.com;upgrade-insecure-requests;default-src 'self';connect-src *;font-src *;form-action *;frame-src *;img-src * data:;manifest-src * 'unsafe-inline';media-src *;object-src *;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';worker-src * blob: 6 frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 6 frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com; 6 frame-ancestors 'self' https://frida.main.messefrankfurt.com/ 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.calendly.com cdn.segment.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net www.googletagmanager.com www.google-analytics.com *.olark.com js.stripe.com https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.ketchjs.com https://global.ketchcdn.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://ngrok.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io tag.clearbitscripts.com x.clearbitjs.com app.clearbit.com 6 default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/ https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: 24703.online-adventskalender.de *.arbeitsagentur.de *.assono.de *.b-ite.com *.betterplace.org *.bitkomplex.de *.bright-guide.de *.canto.global *.cdn.office.net *.cloudfront.net *.cookiebot.com *.cookiebot.eu *.dvinci-hr.com *.easy-feedback.com *.etracker.com *.etracker.de *.eu-west-1.playback.live-video.net *.exmap.de *.facebook.com *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk-baustellen-portal.de *.ihk.de *.ihk24.de *.jobcluster.de *.lineupr.com *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.multipage.online *.newsletter2go.com *.office.com *.office365.com *.openstreetmap.org *.podigee-cdn.net *.podigee.io *.signalize.com *.spotify.com *.staticflickr.com *.stream24.net *.sweap.io *.thinglink.com *.thinglink.me *.twimg.com *.twitch.tv *.twitter.com *.unikam.de *.usercentrics.eu *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.webstream.eu *.xing-events.com *.youstreamit.de *.youtube.com api-baustellenportal.sylphen.com api.mapbox.com app.cituro.com app.sli.do auskunft.nvv.de baustellennavi.de bc.pressmatrix.com berufsausbildung-aachen-ihk.de bluecard-eu.de cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.podigee.com cdn.podlove.org cdnjs.cloudflare.com chat.gr-apps.de code.createjs.com code.jquery.com/jquery-3.1.1.min.js code.jquery.com/jquery-3.4.1.min.js connect.facebook.net consentcdn.cookiebot.com corona.conterra.de covid19.webtvcampus.de cta.ihk.i40.de datawrapper.dwcdn.net dbaw.specials-bahn.de detmold.ihk-beitragsrechner.de dihk.imageplant.de doo.net e.issuu.com e.video-cdn.net easy-feedback.com easy-feedback.de editor.signavio.com embed.nexx.cloud events-to-impress.activehosted.com expertenpool.automatisierungsregion.de fahrinfo.vbb.de geometro-cockpit.com geometro-cockpit.de geoportal-hamburg.de geoportal.metropolregion.hamburg.de gwatch.events haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net heimatshoppen.ihk-industrie-treffpunkt.de html5-player.libsyn.com iframe.wvd-portfolio.de ihk-ar.ycms.rocks ihk-baustellen-portal.de:5555 ihk-berlin-meetings.webex.com ihk-darmstadt-portal.rexx-recruitment.com ihk-hl.gr-live.de ihk-kassel.perbit-job.de ihk-weiterbildung-oldenburg.de ihk.selbstdenker.com ihk24.omq.de ihknw.pi-asp.de ihkob.wekando.eu imagemarker.com ims-files-cdn.net infographic.statista.com isi.hdb-hamburg.de jobs.ihk-niederrhein.de jsfiddle.net komsis.inecos.de kvg-kassel.widget-generator.de link.webropolsurveys.com live.c3networking.de livestream.kemweb.de livestream.watch/vp/nachhaltigkeitsdialog.html maps2.sylphen.com matomo.rexx-systems.commatomo.js maxcdn.bootstrapcdn.com media.graphassets.com media.graphcms.com media.video.taxi mediathek.ihk-gfi.de mukihk24.z6.web.core.windows.net myjobboard.de n873043.websitebuilder.online pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com rh1.chatmodul.de roundme.com routenplaner.bus-bahn-thueringen.de s2survey.net s3.fraunhofer.de service.tecintelli.de share.ihkzuschwerin.de smart.ihk-berlin.de standortfinder.rlp.de start.video-stream-hosting.de static-exp1.licdn.com static.dvinci-easy.com stats.g.doubleclick.net streaming.sendewerk.berlin tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tuerchen.com umap.openstreetmap.fr userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com vstdbv3 w.soundcloud.com walls.io web.inxmail.com wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.aufstiegs-bafoeg.de www.bahn.de www.berufe.tv www.bso-hessen.de www.econda-monitor.de www.etermin.net www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.giu-kalender.org www.google.analytics.com www.googletagmanager.com www.handelskammer-bremen.de www.hvv.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-berlin.org www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-koblenz.de www.ihk-lehrstellenboerse.de www.ihk-lueneburg.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-praktikumsportal.de www.ihk-rlp.de www.ihk-wiesbaden.de www.ihkac-anwendungen.de www.inno-vet.de www.instagram.com www.iwd.de www.kandidatenmanagement.de www.leg-thueringen.de www.media42day.com www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.terminland.de www.tfaforms.com www.total-lokal.de www.vvs.de www.youtube-nocookie.com ; report-uri /blueprint/servlet/csplogging/logViolation ; 6 default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'self'; block-all-mixed-content 6 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.am-static.com *.automizely.com *.aftership.com *.automizely-analytics.com static.cloudflareinsights.com www.googletagmanager.com ws.zoominfo.com accounts.google.com www.google.com js.hs-scripts.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com snap.licdn.com connect.facebook.net static.ads-twitter.com bat.bing.com www.clarity.ms tracking.g2crowd.com js.hs-banner.com js.hs-analytics.net js.hsforms.net www.gstatic.com www.gstatic.cn widget.freshworks.com client.crisp.chat app.storyblok.com www.recaptcha.net code.jquery.com *.hotjar.com *.addthis.com *.addthisedge.com; object-src 'none' 6 default-src https: data: 'unsafe-inline' 'unsafe-eval' always 6 default-src 'self' multibanner.net *.multibanner.net redclick.ru *.redclick.ru my.pusk.ua adlabs-mobile.ru *.adlabs-mobile.ru clickio.com *.clickio.com adlabs.ru *.adlabs.ru adlabsnetworks.com *.adlabsnetworks.com adlabsnetworks.ru googleapis.com googletagmanager.com gstatic.com *.google-analytics.com clickiocmp.com luxup.ru luxadv.com luxupcdna.com luxupcdnb.com luxupcdnc.com luxupadva.com luxupadvb.com luxupadvc.com luxup2.ru hubspot.com js.hs-scripts.com js.hscollectedforms.net luxcdn.com fonts.gstatic.com *.online.tableau.com *.luxup.ru *.tipalti.com *.googleapis.com www.google.com www.gstatic.com datastudio.google.com *.dev.luxup.ru *.adlabs-retail.ru adlabs-retail.ru www.googleadservices.com 'unsafe-inline' 'unsafe-eval' 6 default-src 'self' teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/; connect-src 'self' cdn.linkedin.oribi.io *.givelively.org *.mktoresp.com *.mktoutil.com region1.analytics.google.com *.google.com analytics.tiktok.com attestation.android.com bcbolt446c5271-a.akamaihd.net csi.gstatic.com edge.api.brightcove.com gtm-w82hjxd-otazy.uc.r.appspot.com *.addthis.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io og2022-api.sports.gracenote.com pagead2.googlesyndication.com pixel.adsafeprotected.com *.teamusa.org rum-collector-2.pingdom.net *.g.doubleclick.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.facebook.com *.google-analytics.com www.trackwrestling.com; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.trackwrestling.com; form-action 'self' analytics.clickdimensions.com bbox.blackbaudhosting.com *.teamusa.org form.usoc.org *.twitter.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net teamusa.us2.list-manage.com usateamhandball.us3.list-manage.com usoc.tfaforms.net usopc.tfaforms.net www.facebook.com; frame-src 'self' *.givelively.org abc11.com *.tourneymachine.com anchor.fm app-ab22.marketo.com bbox.blackbaudhosting.com www.bullseyelocations.com www.buzzsprout.com cdn.flipsnack.com classy.org *.classy.org content.usawmembership.com c.streamhoster.com draftable.com embed.fitrankings.com embed.gettyimages.com free.timeanddate.com gc.com geosnapshot.com indd.adobe.com judoreferee.com kingsumo.com livestream.com online.anyflip.com photos.pixlee.co player.vimeo.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ share.transistor.fm st.chatango.com streaming.enetlive.tv tableau.usoc.org teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ themat.tv universe.queue-it.net uploads.knightlab.com usa.asasoftball.com usaboxing.webpoint.us usadiving.ticketspice.com *.wufoo.com usatt.simplycompete.com usawaterski.org *.sport80.com www.givedirect.org www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.surveymonkey.com www.thorne.com www.universe.com www.usakaratemembership.com www.usaracquetballevents.com www.usawaterski.org www.usawmembership.com *.fls.doubleclick.net *.safeframe.googlesyndication.com *.g.doubleclick.net giphy.com imasdk.googleapis.com *.twitter.com *.teamusa.org players.brightcove.net public.tableau.com snapwidget.com *.addthis.com tpc.googlesyndication.com vplayer.nbcolympics.com vplayer.nbcsports.com *.facebook.com *.google.com www.googletagmanager.com www.instagram.com www.youtube.com; img-src 'self' *.givelively.org *.twimg.com barbend.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net connect.facebook.net content.themat.com data: *.adsafeprotected.com images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport i.ytimg.com *.g.doubleclick.net learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com *.ads.linkedin.com *.googlesyndication.com pixel.quantserve.com reg.usajudo.net s3.amazonaws.com/photos.usacycling.org/ *.twitter.com region1.analytics.google.com *.google-analytics.com *.gstatic.com t.co teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net t.paypal.com tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com widgets.sports.gracenote.com www.facebook.com www.google.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg; media-src 'self' blob: bcbolt446c5271-a.akamaihd.net bcovlive-a.akamaihd.net manifest.prod.boltdns.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.givelively.org adservice.google.com ajax.googleapis.com *.clickdimensions.com analytics.tiktok.com *.twitter.com app-ab22.marketo.com az124611.vo.msecnd.net/web/v10/CDWidget.js bbox.blackbaudhosting.com www.buzzsprout.com *.adsafeprotected.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net countdown.omegawatches.com *.g.doubleclick.net *.teamusa.org *.addthis.com kit.fontawesome.com maxcdn.bootstrapcdn.com munchkin.marketo.net *.googleadservices.com players.brightcove.net public.tableau.com qa-widgets.sports.gracenote.com reg.usajudo.net rules.quantcount.com rum-static.pingdom.net s3.amazonaws.com/downloads.mailchimp.com/ teamusa.us2.list-manage.com sdk.classy.org secure.quantserve.com *.google-analytics.com snap.licdn.com snapwidget.com stackpath.bootstrapcdn.com static.ads-twitter.com *.wufoo.com tableau.usoc.org *.cdc.gov teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net *.googlesyndication.com usoc.tfaforms.net usopc.tfaforms.net v1.addthisedge.com vjs.zencdn.net widgets.flickr.com widgets.sports.gracenote.com widget.surveymonkey.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com *.instagram.com www.olympicchannel.com www.paypal.com www.paypalobjects.com www.trackwrestling.com www.universe.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se; style-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com cdn.fonts.net cdn-images.mailchimp.com cdnjs.cloudflare.com cdn-us.clickdimensions.com code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com reg.usajudo.net static.ctctcdn.com/h/contacts-embedded-signup-assets/1.0.2/css/signup-form.css teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net www.instagram.com *.teamusa.org www.trackwrestling.com; worker-src 'self' blob:; report-uri https://teamusa.report-uri.com/r/d/csp/enforce 6 default-src data: 'unsafe-inline' 'unsafe-eval' https:;style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src https:; connect-src https:; object-src https:; child-src https:; 6 frame-ancestors *.neuweb.biz *.home.neustar fast.wistia.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.adroll.com anchor.fm *.vimeo.com *.moatads.com benchmark.marketshare.com *.rlcdn.com *.company-target.com *.bidr.io *.facebook.com *.linkedin.com *.crazyegg.com *.myworkdayjobs.com *.neustar.biz *.neuweb.biz *.neustarlocaleze.biz *.cdn.neustar cdn.optimizely.com fast.wistia.net images-cdn.welcomesoftware.com *.pimcore.org *.marketo.com *.marketo.net *.mktoresp.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com html5shim.googlecode.com code.jquery.com *.ads-twitter.com *.twitter.com t.co *.twimg.com *.bing.com *.gstatic.com *.agkn.com *.intentsify.io *.zoominfo.com *.visualwebsiteoptimizer.com *.google.com *.doubleclick.net *.truste.com *.quora.com *.adnxs.com *.liveperson.net *.intentsify.io *.newscred.com *.addthis.com *.addthisedge.com *.lpsnmedia.net *.wistia.com *.cloudflare.com *.syndication.twimg.com pixel.mathtag.com *.adentifi.com *.bizographics.com *.formalyzer.com oss.maxcdn.com *.ultradns.com *.webmetrics.com dnn506yrbagrg.cloudfront.net d12ulf131zb0yj.cloudfront.net ace-tag.advertising.com flex.atdmt.com se.monetate.net tag.demandbase.com siteimproveanalytics.com connect.facebook.net snap.licdn.com embedwistia-a.akamaihd.net *.adsymptotic.com fg8vvsvnieiv3ej16jby.litix.io *.discover.neustar *.soundcloud.com activationedge-fabrick-qa-576342464.us-east-1.elb.amazonaws.com blob: data:; 6 frame-ancestors 'self' https://*.ccma.cat http://*.ccma.cat; 6 worker-src blob: https://*.georgeson.com;script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://content-assets.computershare.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.evidon.com https://img03.en25.com https://js.adsrvr.org https://snap.licdn.com https://view.ceros.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://secure.quantserve.com https://*.pub.sfmc-content.com https://rules.quantcount.com https://*.adsrvr.org https://snap.licdn.com https://widget.trustpilot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.crazyegg.com ;connect-src https://www.googletagmanager.com https://www.google-analytics.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://*.evidon.com https://cdn.linkedin.oribi.io https://siteintercept.qualtrics.com https://rules.quantcount.com https://pixel.quantcount.com https://stats.g.doubleclick.net https://*.crazyegg.com;img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://content-images.computershare.com data: https://content-images.computershare.com https://*.evidon.com https://px.ads.linkedin.com https://siteintercept.qualtrics.com https://pixel.quantcount.com https://pixel.quantserve.com https://pixel.rubiconproject.com https://*.adsrvr.org https://*.crazyegg.com; frame-src https://bc-unclaimedassets-uat.computershare.co.uk https://bc-unclaimedassets.computershare.co.uk https://view.ceros.com https://player.vimeo.com https://landing.computershare.com https://www.youtube.com https://www.military.com https://sls.co1.qualtrics.com https://*.pub.sfmc-content.com https://*.adsrvr.org https://widget.trustpilot.com https://*.pub.s6.sfmc-content.com https://8305233.fls.doubleclick.net https://www.canva.com https://*.crazyegg.com; 6 frame-ancestors 'self' https://optimize.google.com/ 6 form-action 'self' https://go.pardot.com https://submit-irm.trustarc.com; 6 default-src 'self' data: blob:; 6 default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 6 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 6 manifest-src 'self'; 6 frame-ancestors 'self' *.dynatrace.org *.dynatrace.com 6 worker-src 'self' 6 default-src https: *.willistowerswatson *.wtwco data: blob: 'unsafe-eval' 'unsafe-inline' 6 default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 6 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 6 default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 6 frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.2doc.nl *.vprogids.nl *.brainwash.nl; 6 frame-ancestors https://app.kontent.ai; base-uri 'self'; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' https:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src ; child-src https: data: blob:; form-action 'self' https:; block-all-mixed-content 6 default-src 'self' *.googleapis.com *.gstatic.com *.cloudflare.com *.bootstrapcdn.com https://www.youtube.com youtube.com https://destinilocators.com destinilocators.com *.typekit.net data:; frame-src 'self' *.amazon-adsystem.com *.pinterest.com *.doubleclick.net *.addtoany.com *.addthis.com *.addthisedge.com *.bazaarvoice.com *.adsrvr.org https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com youtube.com https://destinilocators.com destinilocators.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' www.facebook.com *.gstatic.com *.googleapis.com *.pinterest.com www.google.com www.google.com.mx www.googletagmanager.com *.google-analytics.com www.youtube.com *.typekit.net i.ytimg.com *.bazaarvoice.com *.doubleclick.net data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.google-analytics.com https://www.googleadservices.com *.pinimg.com *.hotjar.com *.amazonaws.com *.addtoany.com *.moatads.com https://connect.facebook.net https://assets.pinterest.com https://rawgit.com https://unpkg.com *.googleapis.com *.addthisedge.com *.addthis.com https://mpsnare.iesnare.com https://code.jquery.com *.adsrvr.org https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com *.typekit.net *.bazaarvoice.com https://destinilocators.com destinilocators.com data:; connect-src 'self' 'unsafe-inline' *.pinterest.com *.hotjar.io *.googleapis.com *.doubleclick.net *.amazonaws.com www.google-analytics.com *.bazaarvoice.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.bootstrapcdn.com *.cloudfare.com *.bazaarvoice.com *.myfonts.net *.googleapis.com; base-uri 'self'; form-action 'self'; 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.wistia.com *.wistia.net http://js.hsforms.net/ https://forms.hsforms.com/ https://js.hs-banner.com https://js.hsleadflows.net *.hubspot.com https://js.hscollectedforms.net cdn.kendostatic.com https://app.usercentrics.eu/ https://az416426.vo.msecnd.net/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.demandbase.com https://rec.smartlook.com https://snap.licdn.com https://www.redditstatic.com https://amplify.outbrain.com https://tracking-cdn.figpii.com *.inspectlet.com https://tr.outbrain.com https://statics-cdn.figpii.com slideslive.com/embed_presentation.js *.zoominfo.com tags.clickagy.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.wistia.com https://www.googletagmanager.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com *.wistia.com netdna.bootstrapcdn.com data: https://www.altair.com/include-header-footer/fonts/; img-src 'self' https://www.altair.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com *.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.hsleadflows.net *.hsforms.com *.usercentrics.eu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com *.google.com https://px.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com *.hubspot.com *.hsappstatic.net https://alb.reddit.com https://tr.outbrain.com https://hn.inspectlet.com https://connect.facebook.net https://px.adentifi.com https://rtb.adentifi.com https://cm.g.doubleclick.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.m *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' data: blob: *.wistia.net *.wistia.com https://embedwistia-a.akamaihd.net; frame-src 'self' *.hubspot.com *.hsforms.com *.hs-sites.com *.usercentrics.eu *.google.com *.youtube.com https://bid.g.doubleclick.net https://player.vimeo.com https://mkt.panopticon.altair.com *.facebook.com *.slideslive.com *.wistia.com *.wistia.net hemsync.clickagy.com *.company-target.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob:; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.google.com *.gstatic.com *.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.hsforms.com https://api.hubapi.com https://forms.hubspot.com *.usercentrics.eu https://dc.services.visualstudio.com *.company-target.com https://manager.eu.smartlook.cloud *.google.com https://googleads.g.doubleclick.net https://www.facebook.com/tr https://stats.g.doubleclick.net https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://sessions.bugsnag.com *.figpii.com wss://tdw.figpii.com *.inspectlet.com wss://ws.inspectlet.com https://slideslive.com *.usercentrics.eu https://web-writer.us.smartlook.cloud https://*.googlesyndication.com cdn.linkedin.oribi.io *.zoominfo.com *.clickagy.com *.demandbase.com; 6 frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks 6 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content 6 object-src 'self'; frame-ancestors 'self' 6 default-src 'self' *.crazyegg.com; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self' https://www.youtube.com https://www.youtube.com/iframe_api https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.recaptcha.net/ *.crazyegg.com https://www.google.com/recaptcha/ https://polyfill.io/v3/ https://www.googleadservices.com/ https://api.ipify.org/ https://www.recaptcha.net/ http://www.gstatic.cn https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://cdn.syndication.twimg.com/ https://www.marvell.com/ https://script.crazyegg.com/ https://connect.facebook.net/ https://static.addtoany.com/ https://blogs.marvell.com/ https://s.go-mpulse.net/ https://cdn.cookielaw.org/ https://platform.twitter.com/ https://www.google-analytics.com/ https://scripts.demandbase.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.cookielaw.org/scripttemplates/6.1.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.youtube.com https://px.ads.linkedin.com https://maxcdn.bootstrapcdn.com assets.adobedtm.com https://www.googletagmanager.com/ *.googleapis.com https://ajax.googleapis.com https://code.jquery.com https://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://cdnjs.cloudflare.com/ajax/libs/ *.modern.min.js; connect-src 'self' data: https://geolocation.onetrust.com/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location *.crazyegg.com *.marvell.com *.akamaihd.net/ *.akstat.io/ https://tracking.crazyegg.com/ https://c.go-mpulse.net/ https://script.crazyegg.com/ https://ajax.googleapis.com/ajax/libs/ https://marvell.wd1.myworkdayjobs.com https://segments.company-target.com *.js.erb https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.google-analytics.com *.omtrdc.net *.demdex.net; img-src 'self' data: *.crazyegg.com https://thumbs.bfldr.com/ https://www.facebook.com/ https://i.ytimg.com/ https://marvellsemiconductorprod.112.2o7.net/ *.marvellsemiconductoroneportal.112.2o7.net/ https://blogs.marvell.com/ https://static.addtoany.com/ https://marvell-uat-65.adobecqms.net/ https://syndication.twitter.com/ https://cdn.cookielaw.org/ https://ton.twimg.com/tfw/css/ https://i.vimeocdn.com/ https://pbs.twimg.com/ https://marvellsemiconductorstage.112.2o7.net/ https://platform.twitter.com/css/ https://pbs.twimg.com/card_img/ https://cdn.brandfolder.io https://p.adsymptotic.com https://www.linkedin.com https://img.youtube.com https://match.prod.bidr.io/cookie-sync/demandbase https://id.rlcdn.com/464526.gif https://segments.company-target.com/ https://px.ads.linkedin.com/ https://match.prod.bidr.io https://www.google.com https://www.google.co.in https://www.google-analytics.com *.everesttech.net *.demdex.net *.omtrdc.net; style-src 'self' 'unsafe-inline' https://blogs.marvell.com/ https://ton.twimg.com/tfw/css/ https://platform.twitter.com/css/ https://platform.twitter.com/css/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css; font-src 'self' https://blogs.marvell.com/ https://www.marvell.com/ https://player.vimeo.com/ https://cdnjs.cloudflare.com/ajax/ https://cdnjs.cloudflare.com/* data:; frame-src 'self' https://player.vimeo.com/ https://www.facebook.com/ https://platform.twitter.com/ *.demdex.net *; 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' 6 upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.naladhu.com *.oakshotels.com *.niyama.com world.nh-hotels.com *.naladhu.com.cn *.niyama.com.cn world.nh-hotels.com.cn *.telerain.com:* 6 frame-ancestors 'self' https://blog.hootsuite.com https://app.contentful.com https://*.ctfcloud.net https://hootsuite.com 6 default-src 'self'; base-uri 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'self'; frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 6 upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' prep2021.elimparcial.com prepsonora2021.elimparcial.com prep2021bc.mx iframe.elimparcial.com *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.facebook.net *.giphy.com giphy.com *.memeate.com *.windy.com iframe.enelradar.com *.taboola.com *.liveleak.com *.pinterest.com *.lkqd.net *.wcnc.com aax.amazon-adsystem.com *.seedtag.com *.criteo.com *.paypal.com *.avantisvideo.com *.aniview.com graphics.reuters.com embed.windy.com www.sunmedia.tv www.relappro.com *.flo.uri.sh flo.uri.sh premiomeritodeportivo.elimparcial.com df.elimparcial.com *.teads.tv; report-uri https://imparcial.report-uri.com/r/d/csp/enforce 6 frame-ancestors 'self' *.swoogo.com 6 default-src 'self' 'unsafe-inline' *.clarity.ms *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.youtube.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.egencia.com.br *.egencia.com.ph *.egencia.mx *.egencia.ro *.marketo.com *.bizible.com *.engagio.com *.googletagmanager.com *.google.com *.cookiebot.com *.google-analytics.com *.cloudfront.net *.googleapis.com *.licdn.com *.bing.com *.facebook.net *.adnxs.com *.googleadservices.com *.doubleclick.net *.joinsherpa.io *.wistia.net *.airpr.com *.marketo.net *.zdassets.com *.zopim.com *.demandbase.com *.zoominfo.com *.expedia.com *.googleoptimize.com *.clarity.ms *.wistia.com *.pathfactory.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.amazonaws.com *.cloudfront.net *.googleapis.com *.google.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.marketo.com *.joinsherpa.io cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.pathfactory.com *.hotjar.com; img-src 'self' 'unsafe-inline' *.amazonaws.com *.cloudfront.net *.googletagmanager.com *.google.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.gstatic.com *.expedia.com *.bizible.com *.google-analytics.com *.linkedin.com *.adsymptotic.com *.bing.com *.doubleclick.net *.facebook.com data: *.joinsherpa.io *.joinsherpa.com *.airpr.com *.bizibly.com *.zopim.io *.zoominfo.com *.clarity.ms *.wistia.com *.wistia.net *.pathfactory.com *.hotjar.com; media-src 'self' *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.com *.egencia.ca *.egencia.ro *.youtube.com *.wistia.com *.vimeo.com *.zdassets.com *.cloudfront.net blob:; frame-src *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.cookiebot.com *.marketo.com *.wistia.com *.doubleclick.net *.tableau.com *.joinsherpa.io *.cs107.force.com *.builder.salesforce-communities.com *.expedia.com *.google.com *.outgrow.us *.youtube.com *.vimeo.com fast.wistia.net *.hotjar.com; frame-ancestors 'self' egencia.lookbookhq.com egencia.pathfactory.com *.egencia.com egencia--sitestudio.eu25.force.com; child-src www.google.com *.gstatic.com *.youtube.com *.egencia.com *.youtube.com *.wistia.com *.vimeo.com blob:; font-src 'self' *.amazonaws.com *.cloudfront.net fonts.gstatic.com fonts.googleapis.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca data: *.joinsherpa.io cdnjs.cloudflare.com *.pathfactory.com *.bootstrapcdn.com *.hotjar.com; connect-src 'self' *.google-analytics.com *.joinsherpa.io *.joinsherpa.com *.mktoresp.com *.zdassets.com *.zopim.com *.company-target.com wss://widget-mediator.zopim.com dpm.demdex.net *.expedia.com wss://*.iot.us-west-2.amazonaws.com *.clarity.ms *.ably.io *.ably-realtime.com *.wistia.com *.wistia.net wss://*.ably.io *.cookiebot.com *.zoominfo.com *.pathfactory.com *.hotjar.com wss://*.hotjar.com *.hotjar.io; upgrade-insecure-requests 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 6 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.crazyegg.com js.hsforms.net js.hs-scripts.com cdn.bizible.com *.wistia.com *.doubleclick.net 6 default-src https: data: wss://*.hotjar.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 6 default-src http: 'unsafe-inline' 'unsafe-eval' 6 frame-ancestors 'self' goqubit.net ; 6 frame-ancestors https://*.mediamarkt.se https://*.teknikproffset.se 'self' 6 default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 6 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 6 upgrade-insecure-requests; block-all-mixed-content; report-uri https://report.api.jtl-software.com/csp/; default-src 'self';base-uri 'self';form-action 'self' www.facebook.com/tr/ kundencenter.jtl-software.de checkout.jtl-software.com;frame-ancestors 'self';connect-src 'self' www.google.com/pagead/landing adservice.google.com/pagead/regclk www.google-analytics.com/j/collect www.google-analytics.com/g/collect stats.g.doubleclick.net/j/collect region1.google-analytics.com region1.google-analytics.com/g/collect www.googletagmanager.com/a maps.googleapis.com/maps/api/mapsjs/ bat.bing.com/action/0 bat.bing.com/actionp/0 www.facebook.com/tr/ api.personio.de/recruiting/applicant stats.jtl-software.de/matomo.php crm.jtl-software.de consent.jtl-software.de;font-src 'self' cdn.jtl-software.com data:;frame-src 'self' tpc.googlesyndication.com www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor bid.g.doubleclick.net www.facebook.com www.youtube.com/embed/ jira.jtl-software.de consent.jtl-software.de;child-src 'self' tpc.googlesyndication.com www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor bid.g.doubleclick.net www.facebook.com www.youtube.com/embed/ jira.jtl-software.de consent.jtl-software.de;img-src 'self' cdn.jtl-software.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ www.google.ae/pagead/ www.google.at/pagead/ www.google.ba/pagead/ www.google.be/pagead/ www.google.br/pagead/ www.google.ca/pagead/ www.google.co.in/pagead/ www.google.co.uk/pagead/ www.google.com/pagead/ www.google.com.au/pagead/ www.google.com.tr/pagead/ www.google.com.ua/pagead/ www.google.com.pk/pagead/ www.google.ch/pagead/ www.google.cz/pagead/ www.google.de/pagead/ www.google.dk/pagead/ www.google.es/pagead/ www.google.fr/pagead/ www.google.ge/pagead/ www.google.hr/pagead/ www.google.hu/pagead/ www.google.ie/pagead/ www.google.it/pagead/ www.google.lu/pagead/ www.google.nl/pagead/ www.google.pl/pagead/ www.google.com.sa/pagead/ www.google.se/pagead/ www.google.sk/pagead/ www.google.co.kr/pagead/ www.google-analytics.com/collect region1.google-analytics.com/g/collect www.googletagmanager.com/a maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage maps.gstatic.com/mapfiles/ maps.googleapis.com/maps/vt lh3.ggpht.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com/maps/api/mapsjs/gen_204 bat.bing.com/action/0 www.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com www.facebook.com img.youtube.com i.ytimg.com bilder.jtl-software.de data:;object-src 'none';script-src 'self' cdn.jtl-software.com www.google.com/pagead/conversion_async.js www.google.com/pagead/1p-conversion/ www.googleadservices.com/pagead/conversion_async.js www.googleadservices.com/pagead/conversion/ tpc.googlesyndication.com/sodar/ googleads.g.doubleclick.net/pagead/viewthroughconversion/ www.recaptcha.net/recaptcha/api.js www.gstatic.com/recaptcha/releases/ www.google.com/recaptcha/api.js ssl.google-analytics.com/ga.js www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.google-analytics.com/plugins/ua/ecommerce.js www.googletagmanager.com/gtm.js www.googletagmanager.com/gtag/js maps.googleapis.com/maps/ maps.googleapis.com/maps-api-v3/api/js/ bat.bing.com/bat.js bat.bing.com/p/action/56224185.js snap.licdn.com/li.lms-analytics/insight.min.js connect.facebook.net/en_US/fbevents.js connect.facebook.net/signals/config/ www.youtube.com/iframe_api www.youtube.com/s/player/ jira.jtl-software.de stats.jtl-software.de/matomo.js crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.js 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' cdn.jtl-software.com jira.jtl-software.de crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.css 'unsafe-inline'; 6 upgrade-insecure-requests; frame-ancestors 'self' https://www.domainsherpa.com; default-src 'self'; object-src 'none'; worker-src 'self'; frame-src 'self' https:; form-action 'self' https://www.paypal.com; font-src 'self' data: https://nameproscdn.com https://fonts.gstatic.com https://use.fontawesome.com; img-src 'self' data: https: blob:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.google-analytics.com https://js.stripe.com https://www.google.com https://www.gstatic.com https://s.imgur.com https://platform.twitter.com https://cdn.syndication.twimg.com; style-src 'report-sample' 'self' 'unsafe-inline' https://nameproscdn.com https://platform.twitter.com; connect-src 'self' https://nameproscdn.com https://www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self' https://nameproscdn.com 6 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 6 default-src https: 'unsafe-eval' 'unsafe-inline' 6 default-src 'self' *.google.com *.addthis.com *.brazenconnect.com *.youtube.com *.vimeo.com *.military.com *.cloudfront.net; img-src 'self' data: *.linkedin.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.storeimaging.com *.ytimg.com *.vimeocdn.com *.click2apply.net *.staticflickr.com *.cloudfront.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.googleapis.com *.fonts.net *.cloudfront.net *.brazenconnect.com; font-src 'self' *.gstatic.com *.fonts.net; script-src-elem 'self' 'unsafe-inline' *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.licdn.com *.brazenconnect.com *.addthis.com *.moatads.com *.addthisedge.com *.military.com *.cloudfront.net; connect-src 'self' *.googleapis.com *.google-analytics.com *.addthis.com *.brazenconnect.com *.linkedin.oribi.io *.luckyorange.com *.luckyorange.net wss://*.live *.doubleclick.net; form-action 'self' *.gdmissionsystems.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 6 same-origin 6 frame-ancestors 'self' https://*.procaresoftware.com; 6 default-src 'self' data: *.mpsnare.iesnare.com https://mpsnare.iesnare.com https://*.extole.io https://*.xtlo.net; object-src 'self'; child-src 'self' ujet.co *.ujet.co blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forter.com https://mpsnare.iesnare.com *.go2bank.com *.go2financial.com *.go2bankonline.com *.fuelcdn.com *.exacttarget.com *.adobe.com *.mpsnare.iesnare.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com websdk.appsflyer.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.extole.io https://*.xtlo.net https://*.decibelinsight.net https://*.decibel.com blob: https://api.cloudsponge.com analytics.tiktok.com https://cdnjs.cloudflare.com; connect-src 'self' *.go2bank.com *.google-analytics.com *.walmartmoneycard.com/events *.appsflyer.com *.go2bank.com *.go2bankonline.com *.go2financial.com wss://mpsnare.iesnare.com/star *.appsflyer.com go2bank.sjv.io kampyle.com *.mpsnare.iesnare.com *.kampyle.com mobileapi.locatorsearch.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.cloudsponge.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://*.extole.io https://*.xtlo.net analytics.tiktok.com; img-src 'self' data: https://arttrk.com i.ytimg.com *.mdhv.io *.go2bank.com *.go2bankonline.com *.go2financial.com *.ojrq.net *.tvsquared.com google-analytics.com *.google-analytics.com i.vimeocdn.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob: https://*.extole.io https://*.xtlo.net data: https://api.cloudsponge.com https://*.walmartmoneycard.com analytics.tiktok.com ; style-src 'self' 'unsafe-inline' *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.go2bankonline.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com use.typekit.net *.typekit.net https://*.extole.io https://*.xtlo.net https://fonts.googleapis.com https://api.cloudsponge.com; font-src 'self' data: kampyle.com *.appsflyer.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.livefyre.com https://*.extole.io https://*.xtlo.net https://fonts.gstatic.com https://api.cloudsponge.com; frame-src 'self' *.pardot.com *.go2bank.com ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com bytedance: sslocal:; frame-ancestors 'self' https://*.greendot.com https://*.go2bank.com https://*.go2financial.com https://*.walmartmoneycard.com https://*.chirpwhitelabel.com;; 6 frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint 6 default-src 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; frame-ancestors 'self' 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; connect-src *; font-src 'self' fonts.gstatic.com data:; frame-src 'self' *; block-all-mixed-content 6 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none'; 6 default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 6 default-src https: http: 'unsafe-inline' data: blob: 'unsafe-eval' 6 connect-src 'self' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com https://accounts.google.com/gsi/ www.google-analytics.com csi.gstatic.com *.googlesyndication.com *.g.doubleclick.net habboo-a.akamaihd.net localhost.sulake.com localhost.sulake.com/* localhost.sulake.com:3000 localhost.sulake.com:3000/*; img-src 'self' data: *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com *.g.doubleclick.net *.googlesyndication.com *.gstatic.com habboo-a.akamaihd.net images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com cdn.rpxnow.com pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.habbo.com https://appleid.cdn-apple.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com connect.facebook.net https://accounts.google.com/gsi/client www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com cdn.ampproject.org adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net; style-src 'self' 'unsafe-inline' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com; prefetch-src 'self' *.habbo.com; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com data:; frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br; form-action 'self' https://login.habbo.com; upgrade-insecure-requests; report-uri /csp/report 6 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'; report-to 'self' 6 frame-ancestors 'self'; object-src https://*.citrix.com https://capture.navattic.com; plugin-types application/x-shockwave-flash application/pdf 6 default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 6 default-src 'self'; base-uri 'self'; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; navigate-to *; connect-src *; 6 frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' segra.com www.segra.com https://*.bc0a.com https://cdn.b0e8.com https://cdn.bc0a.com https://ws.zoominfo.com https://tag.demandbase.com https://go.segra.com https://so.rlcdn.com https://*.d41.co https://*.doubleclick.net https://*.googleadservices.com https://snap.licdn.com https://*.hotjar.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://tagmanager.google.com https://segra.actonservice.com https://unpkg.com; img-src 'self' data: segra.com www.segra.com https://marvel-processor.bc0a.com https://marvel-b1-cdn.bc0a.com https://a1.b0e8.com https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://go.segra.com https://www.linkedin.com https://p.adsymptotic.com https://px.ads.linkedin.com https://segra.actonservice.com https://www.google.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://ssl.gstatic.com https://www.googletagmanager.com/; style-src 'self' 'unsafe-inline' segra.com www.segra.com https://go.segra.com https://segra.actonservice.com https://fonts.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com https://unpkg.com; font-src 'self' segra.com www.segra.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; frame-src 'self' segra.com www.segra.com https://experience.arcgis.com/ https://*.youtube.com https://*.hotjar.com https://www.google.com https://go.pardot.com/ https://segra.actonservice.com/ https://*.maps.arcgis.com/; frame-ancestors 'self' segra.com www.segra.com https://go.pardot.com/ https://segra.actonservice.com/ https://*.maps.arcgis.com/; connect-src 'self' segra.com www.segra.com https://*.amazonaws.com wss://ws4.hotjar.com https://api.brightedge.com https://*.bc0a.com https://*.b0e8.com https://ixfd2-api.bc0a.com https://api.company-target.com https://go.segra.com https://*.d41.co https://stats.g.doubleclick.net https://*.hotjar.io https://*.hotjar.com https://segra.actonservice.com https://www.google-analytics.com/; 6 connect-src 'self' data: *.google.com https://freegeoip.app *.plyr.io https://noembed.com *.googleapis.com *.rdstation.com.br *.ampproject.org *.shoptarget.com.br *.linximpulse.net *.retargeter.com.br *.shopconvert.com.br ckies.net *.shopback.net *.viacep.com.br viacep.com.br *.voxus.tv api.ipify.org *.loggly.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://ampcid.google.com.br https://s.yimg.com https://bat.bing.com https://cdn-prod.securiti.ai https://app.securiti.ai https://notify.bugsnag.com/ https://dashboard.purplemetrics.com.br/ https://boards-api.greenhouse.io/; font-src 'self' data: *.gstatic.com script.hotjar.com https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://unpkg.com *.bizographics.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br *.shoptarget.com.br *.shopback.net *.shopconvert.com.br *.voxus.com.br targeting.voxus.tv *.omguk.com *.hotjar.com snap.licdn.com https://cdn.mouseflow.com https://bat.bing.com https://s.yimg.com https://*.tailtarget.com https://d.tailtarget.com https://cdn-prod.securiti.ai https://dashboard.purplemetrics.com.br https://cdn.jsdelivr.net/gh/davidmz/apng-canvas@v2.0.0/build/apng-canvas.min.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net https://cdn-prod.securiti.ai https://dashboard.purplemetrics.com.br/widget/widget.css https://dashboard.purplemetrics.com.br/widget/styles.css; img-src 'self' data: *.linx.com.br *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com https://www.gstatic.com https://bat.bing.com https://sp.analytics.yahoo.com https://*.tailtarget.com https://qr-code.ithemes.com https://*.purplemetrics.com.br/; default-src https: 6 frame-ancestors whitelabel.camspower.com cams.dnxlive.com 6 default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 6 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.com.sg *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io widgets.tipranks.com site.recognia.com ibkr.paxosclients.com *.ibkrcampus.com ibkrcampus.com *.traderstation-international.com; 6 upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.clarity.ms www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com; report-uri https://content-api.canon-europe.com/cspreport/webapp/ 6 default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 6 connect-src 'self' *.edenred.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com; font-src 'self' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' *.edenred.com https://cdn.cookielaw.org data: https://api.mapbox.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com; media-src 'self' *.edenred.com; object-src 'self' *.edenred.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com cdn.datatables.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com unpkg.com www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://tagmanager.google.com cdn.datatables.net cdnjs.cloudflare.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' *.edenred.com; report-uri http://www.edenred.com/fr/system/reporting/csp; report-to csp 6 frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 6 frame-ancestors 'self';frame-src 'self' data: youtube.com https://www.youtube.com youtu.be https://youtu.be embedsocial.com https://embedsocial.com livechat.messagebird.com https://livechat.messagebird.com/ ocw.messagebird.com/ https://ocw.messagebird.com/; 6 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; object-src 'none'; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 6 default-src 'self' http: https: cdnjs.cloudflare.com use.typekit.net www.google-analytics.com fonts.googleapis.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://fonts.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: polaris.brighterir.com sirius.brighterir.com www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 6 frame-ancestors 'self' apac.marketing.adobe.com 6 default-src https: 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 6 “upgrade-insecure-requests” 6 upgrade-insecure-requests; report-uri 6 connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 6 upgrade-insecure-requests; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 6 frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ 6 upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 6 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; 6 default-src 'self' *.googlesyndication.com; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com *.googlesyndication.com *.googleapis.com securepubads.g.doubleclick.net stats.g.doubleclick.net *.gstatic.com *.google-analytics.com *.bugsnag.com *.braintreegateway.com *.braintree-api.com *.stripe.com *.worldpay.com *.usersnap.com *.yimg.com; frame-ancestors 'self' *.rnqae.com *.rnstg.com *.idine.com; frame-src 'self' secure.rnstg.com secure.rewardsnetwork.com https://*.hotjar.com youtube.com www.youtube.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleapis.com aexp.demdex.net *.aexp.demdex.net *.omtrdc.net *.braintreegateway.com; style-src 'self' https://*.hotjar.com *.googleapis.com cloud.typography.com skymilesdining.com hello.myfonts.net/count/3b4b0c 'unsafe-inline'; font-src 'self' https://*.hotjar.com data: *.zopim.com *.gstatic.com; img-src 'self' https://*.hotjar.com cdn.buttercms.com *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.gstatic.com data: stats.g.doubleclick.net loyaltypartner.122.2o7.net *.omtrdc.net *.ggpht.com seal-chicago.bbb.org *.google.com dbgcbnch6yz43.cloudfront.net *.usersnap.com *.gravatar.com *.wp.com *.yahoo.com *.facebook.com; script-src 'self' https://*.hotjar.com cdn.ampproject.org *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.zopim.com assets.adobedtm.com aexp.demdex.net *.omtrdc.net assets.zendesk.com *.zdassets.com seal-chicago.bbb.org nexus.ensighten.com *.netlify.com *.netlify.app *.stripe.com *.worldpay.com *.usersnap.com *.facebook.net *.yimg.com 'unsafe-inline' 'unsafe-eval'; form-action 'self'; media-src 'self' cdn.buttercms.com; 6 media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 6 font-src 'self'; 6 script-src 'self' 'unsafe-eval' 'unsafe-inline' * 6 default-src https: 'unsafe-inline' 'unsafe-eval' data: 6 default-src: https: 'unsafe-inline' 6 default-src https: wss: blob: data: 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com account.psplugin.com commondatastorage.googleapis.com omni.teleperformance.se static.hotjar.com bat.bing.com track.adform.net *.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net test-allentetest.lekane.net allente.lekane.net tango-churn.viasat.dk *.vo.msecnd.net assets.adobedtm.com dl.episerver.net canaldigital.d3.sc.omtrdc.net fast.canaldigital.demdex.net dpm.demdex.net cm.everesttech.net cd-static.telenorcdn.net canaldigital.demdex.net; frame-ancestors 'self' www.elkjop.no elkjop.no www.power.no power.no logon.canaldigital.com ssotest.api-canaldigital.com ssostage.api-canaldigital.com localhost; 6 frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com; 6 frame-ancestors 'self' https://secure.simplepart.com https://secure.cml.oeconnection.com https://portal.oeconnection.com; 6 default-src 'self' data: promolife.matomo.cloud actionapi.highco.be *.fontawesome.com *.fpapi.io eu.api.fpjs.io *.cookiefirst.com *.highco.be maps.googleapis.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' actionapi.highco.be maps.googleapis.com cdn.matomo.cloud *.fontawesome.com cdnjs.cloudflare.com *.fpapi.io eu.api.fpjs.io ssl.google-analytics.com connect.facebook.net platform.twitter.com www.googletagmanager.com www.google-analytics.com *.addthis.com static.addtoany.com consent.cookiefirst.com *.gstatic.com *.google.com *.highco.be stats.g.doubleclick.net cdn.cookielaw.org; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.cookiefirst.com cdnjs.cloudflare.com fonts.googleapis.com cdn2.hubspot.net; img-src 'self' blob: data: promolife.matomo.cloud *.fontawesome.com maps.gstatic.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org; font-src 'self' data: *.fontawesome.com eu.api.fpjs.io fonts.gstatic.com fonts.googleapis.com; frame-src 'self' 6 frame-ancestors 'self' https://*.tw.mawebcenters.com 6 base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dmca.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.jivo.ru https://*.jivosite.com https://cdn.jsdelivr.net https://fonts.googleapis.com wss://*.jivosite.com; img-src 'self' data: https://*.dmca.com https://*.google-analytics.com https://*.jivo.ru https://*.jivosite.com; 6 default-src 'self' cdn.privacy-mgmt.com;script-src 'self' *.wsj.net *.wsj.com 'unsafe-inline' 'unsafe-eval';script-src-elem * 'unsafe-inline';manifest-src 'self' *.wsj.com;media-src * data: blob: https:;worker-src * 'unsafe-inline' 'unsafe-eval' blob: data:;frame-src * 'unsafe-inline';connect-src * 'unsafe-inline' 'unsafe-eval';form-action * 'unsafe-inline';frame-ancestors *;script-src-attr 'unsafe-inline';object-src 'self' 'unsafe-inline';img-src * data: blob: https:;font-src 'self' * 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';style-src 'self' https: 'unsafe-inline' 5 script-src 'self' *.bac-assets.com cdn.cookielaw.org *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com api.boldchat.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:; 5 frame-ancestors https://*.mongodb.com 5 frame-ancestors 'self' xerox.com *.xerox.com 5 default-src 'self' data: https://*.epam.com https://*.epam-group.ru;script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://connect.facebook.net https://conv.indeed.com https://www.google.com https://snap.licdn.com https://*.hotjar.com https://use.typekit.com https://www.google-analytics.com https://*.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://s.ytimg.com https://www.youtube.com https://*.assets-yammer.com https://*.typekit.net https://*.typekit.com https://menu.epam.com https://googleads.g.doubleclick.net https://vk.com https://*.adform.net https://res.wx.qq.com https://t.visitorqueue.com https://munchkin.marketo.net https://www.linkedin.com https://platform.linkedin.com https://embed.typeform.com https://js.driftt.com https://widget.drift.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://click.appcast.io https://bat.bing.com https://*.clarity.ms https://epam.widget.insent.ai https://www.redditstatic.com https://*.cookiepro.com https://*.onetrust.com https://rum-static.pingdom.net https://access.epam.com https://static.cloudflareinsights.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.gstatic.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://*.hotjar.com;connect-src 'self' https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.md https://yandexmetrica.com https://*.hotjar.io https://www.google.com https://translate.googleapis.com https://www.youtube.com wss://menu.epam.com https://menu.epam.com https://*.typekit.net https://*.typekit.com https://www.facebook.com https://stats.g.doubleclick.net https://a.visitorqueue.com https://*.mktoresp.com https://*.mktoutil.com https://*.clarity.ms https://*.analytics.google.com https://analytics.google.com https://*.cookiepro.com https://*.onetrust.com https://cookies-data.onetrust.io https://apm-cluster6.cloudapp.epam.com https://apm-cluster12.cloudapp.epam.com https://access.epam.com https://service.infongen.com https://t.visitorqueue.com https://cdn.linkedin.oribi.io;frame-src 'self' https://*.hotjar.com https://www.facebook.com https://www.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.md https://*.doubleclick.net https://www.google-analytics.com https://www.google.by https://www.google.com https://*.epam.com https://*.yammer.com https://login.microsoftonline.com https://vk.com https://login.vk.com https://www.googletagmanager.com https://w.soundcloud.com https://www.linkedin.com https://api.linkedin.com https://form.typeform.com https://player.vimeo.com https://embed.podcasts.apple.com https://js.driftt.com https://widget.drift.com https://optimize.google.com https://epam.widget.insent.ai;img-src 'self' * data: blob: about: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com;font-src 'self' data: https://*.typekit.net https://*.typekit.com https://fonts.gstatic.com https://*.hotjar.com;report-uri /services/interaction/csp-report 5 frame-ancestors 'self' *.mathworks.com feedads.baidu.com *.mwcloudtest.com mathworks--uat.sandbox.my.site.com mathworks--dev2.sandbox.my.site.com mathworks--dev1.sandbox.my.site.com mathworks--test3.sandbox.my.site.com mathworks--mangesha.sandbox.my.site.com; 5 default-src 'none'; media-src 'self' https://videos.ctfassets.net:*; script-src-elem 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://unpkg.com/@rive-app/canvas@1.0.102/rive.wasm https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://us.app.unleash-hosted.com https://flow.1passwordservices.com https://telemetry.transcend.io/collect; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' blob: http://images.ctfassets.net:* https://images.ctfassets.net:* https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com https://sync.transcend.io; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src 'self' https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors https://*.1passwordservices.com https://*.1password.com https://*.1password.ca https://*.1password.eu; report-uri https://csp.1passwordservices.com/report?tags=1pw_prd; report-to csp-endpoint; 5 default-src 'self' https://mw-ar-recom-prod.pgapi.io/ feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 5 frame-ancestors 'self' https://nielsensports.com https://www.qa.nielsen.com https://develop.nielsen.com 5 default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 5 default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 5 frame-ancestors https://poshmark.lightning.force.com; 5 frame-ancestors 'self' *.bazaarvoice.com 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://solutions.invocacdn.com/js/invoca-latest.min.js dev.visualwebsiteoptimizer.com ndn.statistinamics.com static.traversedlp.com api.traversedlp.com js.alocdn.com p.alocdn.com https://cableone1615402851.zendesk.com/ https://zendesk-eu.my.sentry.io fidelitycommunications.zendesk.com https://fidelitycommunications.referralrock.com/ https://apps.sitecore.net *.office.com *.google.com *.hsforms.com *.hsforms.net *.slgnt.us *.youtube.com www.googletagmanager.com support.sparklight.com static.zdassets.com maps.googleapis.com snapwidget.com fonts.googleapis.com ekr.zdassets.com maps.gstatic.com cableone.zendesk.com widget-mediator.zopim.com static.ada.support sparklight.ada.support rollout.ada.support sentry.io www.cableone.net wss://widget-mediator.zopim.com bat.bing.com *.google-analytics.com static.hotjar.com www.googleadservices.com connect.facebook.net cltgtstor001.blob.core.windows.net js.adsrvr.org *.fls.doubleclick.net *.g.doubleclick.net *.hotjar.com cdn.polyfill.io insight.adsrvr.org targetuscentral.slgnt.us *.speedtestcustom.com *.clarity.ms sparklight.slgnt.us code.jquery.com cdnjs.cloudflare.com woobox.com *.smartmove.us jsonip.com *.wufoo.com *.gstatic.com *.googleoptimize.com optimize.google.com wss://*.hotjar.com *.hotjar.io blob: dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com *.smartmove.us optimize.google.com; img-src 'self' data: cableone1615402851.zendesk.com dev.visualwebsiteoptimizer.com v2assets.zopim.io *.gstatic.com www.cableone.net www.sparklight.com *.fls.doubleclick.net www.facebook.com *.google-analytics.com *.google.com cableone.zendesk.com *.smartmove.us ctam.demdex.net *.googletagmanager.com *.clarity.ms *.bing.com *.hsforms.com *.doubleclick.net; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com use.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; 5 frame-ancestors https://www.airship.com/ https://app.mutinyhq.com/; upgrade-insecure-requests; 5 frame-ancestors 'self' *.blackbaud.com www.blackbaud.com justgiving.blackbaud.com justgiving.com blackbaud.sitefinity.cloud; 5 frame-ancestors http://kpmg.experiencecloud.adobe.com 5 frame-ancestors 'self' https://*.athenahealth.com/ https://*.athenahealth.com:*/ https://*.athenanet.athenahealth.com/ https://*.athenanet.athenahealth.com:*/ https://*.nimbus.athena.io/ 5 upgrade-insecure-requests; frame-ancestors 'self' https://*.delfi.ee 5 frame-ancestors *.motor1.com 5 default-src 'self' *.talent.com *.neuvoo.com neuvoo.com neuvoo.ca *.acsbapp.com acsbapp.com js.stripe.com fonts.gstatic.com fonts.googleapis.com *.google.com *.doubleclick.net s3.amazonaws.com *.googlesyndication.com *.atlassian.net *.googleapis.com *.cookielaw.org *.onetrust.com *.bing.com *.cloudflare.com; img-src https: 'unsafe-inline' data: 'unsafe-eval' 'unsafe-inline' blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; frame-ancestors 'self' www.jobs-im-suedwesten.de www.energyjobline.com www.onlyengineerjobs.com www.meinestelle.de www.startus.cc www.mapmeo.com www.papa-jobs.ch job.kurier.at www.jobs-in-chemie.de www.med-jobs.com; frame-src *.google.com *.doubleclick.net *.googlesyndication.com *.talent.com talent.com *.stripe.com *.atlassian.net *.hotjar.com; worker-src data: *.talent.com 'unsafe-eval' 'unsafe-inline' blob:; 5 frame-ancestors 'self' https://*.analog.com 5 default-src 'self' *.idrive.com *.idrivesync.com https://graph.facebook.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://js.zohocdn.com https://salesiq.zoho.com https://embed.tawk.to https://app.chatsupport.co https://*.zendesk.com https://static.zdassets.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://js.hcaptcha.com https://*.facebook.com https://bmrsignal.idrivelite.com https://*.google.com https://apis.google.com https://accounts.google.com https://www.google-analytics.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://cdn.livechatinc.com https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://ajax.googleapis.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.google.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://js.stripe.com https://www.googletagmanager.com https://api.maxaccess.io; img-src https://* 'self' data: blob: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://css.zohocdn.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com; font-src https://* https://fonts.gstatic.com data: ; object-src 'self' https://secure.livechatinc.com; frame-src https://* 'self' data: blob:; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; 5 default-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests 5 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 5 default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net;style-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *; 5 frame-ancestors 'self' https://app.contentful.com; 5 default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.clickcease.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mouseflow.com *.cdn.linkedin.oribi.io *.oribi.io app.clearbit.com *.visualwebsiteoptimizer.com; font-src 'self' data: *.kinstacdn.com *.slidesharecdn.com *.wistia.com; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self' *.covideo.com; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.marketo.com *.marketo.net html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com *.emarsys.com *.vidmails.com *.covideo.com *.g2.com *.hotjar.com *.clearbitjs.com *.marketimpacttools.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com *.px.ads.linkedin.com googleads.g.doubleclick.net *.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org *.hotjar.com *.clearbitjs.com *.visualwebsiteoptimizer.com; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.driftqa.com *.driftt.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.on24.com *.clickcease.com *.hotjar.com *.clearbitjs.com tag.clearbitscripts.com *.mouseflow.com *.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.marketo.com *.marketo.net; worker-src 'self' blob:; 5 default-src 'self'; base-uri 'self'; connect-src 'self' wss: *.6sc.co *.6sense.com *.adnxs.com *.bugherd.com *.bugsnag.com *.clarity.ms *.clickagy.com *.company-target.com *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.litix.io *.luckyorange.com *.mktoresp.com *.mktoutil.com *.nr-data.net *.optimizely.com *.oribi.io *.pusher.com *.stripe.com *.techtarget.com *.trustarc.com *.visitors.live *.wistia.com *.zoominfo.com api.lever.co bugherd-attachments.s3.amazonaws.com embedwistia-a.akamaihd.net hackerone.com; font-src 'self' data: *.bugherd.com *.gstatic.com *.trustarc.com *.typekit.net d2iiunr5ws5ch1.cloudfront.net; form-action 'self' *.marketo.com; frame-ancestors 'self'; frame-src 'self' *.clickagy.com *.driftt.com *.marketo.com *.optimizely.com *.pima.app *.trustarc.com *.twitter.com *.vimeo.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com; img-src 'self' blob: data: *.6sc.co *.adsymptotic.com *.agkn.com *.bidr.io *.bing.com *.bizible.com *.bizibly.com *.clarity.ms *.clickagy.com *.company-target.com *.crwdcntrl.net *.demdex.net *.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.googletagmanager.com *.linkedin.com *.rlcdn.com *.sitescout.com *.techtarget.com *.trustarc.com *.ttgtmedia.com *.twimg.com *.twitter.com *.wistia.com d2iiunr5ws5ch1.cloudfront.net embedwistia-a.akamaihd.net s3.amazonaws.com stags.bluekai.com t.co us-u.openx.net; media-src 'self' blob: data: *.wistia.com *.driftt.com *.trustarc.com s3.amazonaws.com embedwistia-a.akamaihd.net; script-src 'self' 'sha256-/k3Lky8OmuiUX6COqMxH79YVPvcq2c55gd/HqG7lsi0=' 'sha256-2WByjQp2bEKmAfglCfsC0ggkbkJSHmj3WCSw+jgveC0=' 'sha256-43zSHbOuMWDb2rGu3wx/gHsFF+wudWtJuIIpJYnh8Cw=' 'sha256-4ogSPhBj5gyjxtI/kkTjyHlW/2tNk4FLetX3+ik9fPs=' 'sha256-8+M6mWeVaqvmXQr6ICEeK1L8fOvFp6I+bpTpkYePz0Q=' 'sha256-beC9gSgoOLBjF6WPV9h2TG/2KJvbVTctAxQ9MTMyYbk=' 'sha256-C/XnmIDSby/TfS8o9gnXE69xiMpWlgYySjbz2ZjCghs=' 'sha256-dAMs3/Yp2SSUrhzjwbwLmPPB0soj/thHemUrM4u00O8=' 'sha256-evOIAQWlBJQ+3KMf/PHqxrFNdU5DSFFYTRb4ZcJL6jk=' 'sha256-fUPVzBO4Mo+NL5cVHRBbgZhsv1LF+vvQppJWvNHOPvA=' 'sha256-hU4B0G69nqzy1PZ5Jda591+j5XhFOmWiX9q0zyoaMsY=' 'sha256-IrV9Fg7V86Q0Cvaj3VjsYrdiSjSDh11ZL0uoRakJ1dc=' 'sha256-kOInjzOirxmZclWPSxkzctlGjV0O6JqJzqupo8lMEDw=' 'sha256-njEVDP22SRLTbvkBGYBk/bZxj3vsHZe/TM7+ykFIPtk=' 'sha256-pNPKD6tBXhkr0zBK19DIurCMWWZBViu552fpWoZY5sQ=' 'sha256-pRMbUhnw0qjc6R64b23mwCtKdCF6fTKAYnukOH7ZzOw=' 'sha256-ro0ByAljN6NGoOZb+6i8vg5PCLARZ70ABRdT5xCvHG4=' 'sha256-y3d2tvDYg+MhraoBMp/mKN9h+/v463y/LOWR/x2fNmw=' 'sha256-kRf9P+VHGzPcP5Sf3z3NJBQog5MJRyz7GZYD5lqaaco=' 'sha256-Ji9SvaviPt4MpmFP3swVVsn3z/WlrxtNiyaxDq1O718=' 'sha256-cw5LcnmMGX0GZ+AoSMP2q01hsdNtd16fltSdHeBU6RQ=' *.6sc.co *.ads-twitter.com *.bing.com *.bizible.com *.bred4tula.com *.bugherd.com *.clarity.ms *.clickagy.com *.cloudflare.com *.demandbase.com *.driftt.com *.gartner.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.jsdelivr.net *.linkedin.com *.luckyorange.com *.marketo.com *.marketo.net *.newrelic.com *.nr-data.net *.optimizely.com *.techtarget.com *.trustarc.com *.truste.com *.twitter.com *.wistia.com *.wistia.net *.zoominfo.com d2iiunr5ws5ch1.cloudfront.net d2wy8f7a9ursnm.cloudfront.net snap.licdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.jsdelivr.net *.marketo.com *.stripe.com *.twitter.com *.typekit.net *.wistia.com *.google.com google.com.ua d2iiunr5ws5ch1.cloudfront.net; worker-src blob:; 5 frame-ancestors https://*.shopstyleops.com/ https://local.shopstyleops.com:*/ https://*.shopstylecollective.com https://shopstylecollective.com https://*.collectivevoicelocal.com https://collectivevoicelocal.com https://*.collectivevoiceqa.com https://collectivevoiceqa.com https://*.collectivevoicedev.com https://collectivevoicedev.com https://*.collectivevoicebeta.com https://collectivevoicebeta.com https://*.collectivevoice.com https://collectivevoice.com https://*.builder.io/ https://builder.io; report-uri /csp-violation; 5 default-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' support.carousell.com 5 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.sanity.io/files/ https://analytics.twitter.com/ https://static.ads-twitter.com/uwt.js https://www.redditstatic.com/ads/pixel.js https://player.vimeo.com/api/player.js https://kantarinteractive.3mil-demo.co.uk/ https://media-cdn.ipredictive.com/js/cirt_v2.min.js https://go.in.kantar.com/ https://media-cdn.ipredictive.com/js/ https://www.googleadservices.com/ https://online2.superoffice.com/ https://snap.licdn.com/li.lms-analytics/ https://services.cognitoforms.com/scripts/ https://embedsocial.com/cdn/iframe.js https://embedsocial.com/embedscript/in.js https://view-awesome-table.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/pagead/conversion_async.js https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://ct.capterra.com/ https://gomedia.kantar.com/ https://ws.zoominfo.com/ https://e.infogram.com/ https://consentcdn.cookiebot.com https://player.podigee-cdn.net/ https://digitalpacemaker.podigee.io/ https://crm.zoho.eu/ https://crm.zohopublic.eu/ js-eu1.hsforms.net https://extend.vimeocdn.com https://79b5d9bf7db0483cbfe2471a3040bd31.js.ubembed.com/ https://assets.ubembed.com/ https://scripts.teamtailor-cdn.com siteimproveanalytics.com https://static.hotjar.com https://script.hotjar.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net; style-src 'self' 'unsafe-inline' https://cdn.sanity.io/files/ https://embedsocial.com/cdn/iframe-lightbox.min.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; connect-src *; img-src 'self' data: https://668620654.privacysandbox.googleadservices.com/ https://405677348.privacysandbox.googleadservices.com/ https://pixel.tapad.com/ https://idsync.rlcdn.com/ https://x.bidswitch.net/ https://stags.bluekai.com/ https://pixel.advertising.com/ https://dsum-sec.casalemedia.com/ https://eu-u.openx.net/ https://alb.reddit.com/ https://px.ads.linkedin.com/ https://pixel.mathtag.com/ https://simage2.pubmatic.com/ https://t.co/ https://ad.ipredictive.com/ https://www.google.co.za/pagead/1p-user-list/668928299/ https://p.adsymptotic.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.co.uk/ads/ https://events.jotform.com/ https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg https://ct.capterra.com/ https://cdn.sanity.io/ https://media.glassdoor.com/ *.siteimproveanalytics.io https://static.hotjar.com https://script.hotjar.com; frame-src 'self' https://kantarinteractive.3mil-demo.co.uk/ https://www.mavens.co.uk/ https://11404277.fls.doubleclick.net/ https://app.livestorm.co/ https://app.powerbi.com/ https://newsletterform.z6.web.core.windows.net/ https://go.in.kantar.com/ http://mkt.kantar.com/ https://tns-portal.rexx-recruitment.com/ https://www.kantarlivefr.com/ https://online2.superoffice.com/ https://v.qq.com/ https://services.cognitoforms.com/f/ https://embedsocial.com/ https://view-awesome-table.com/ https://www.kantarworldpanel.com https://form.jotform.com/ https://submit.jotformeu.com/ https://app-widgets.jotform.io https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://play.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://go.na.kantar.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/ https://gomedia.kantar.com/ https://anchor.fm/ https://e.infogram.com/ https://player.podigee-cdn.net/ https://audionow.de/ cdn.jotfor.ms https://*.kantar.com/ forms-eu1.hsforms.com https://ktglbuc-my.sharepoint.com/ https://kantar.marketin.cn https://www.baidu.com/ https://forms.zohopublic.eu/ https://79b5d9bf7db0483cbfe2471a3040bd31.pages.ubembed.com https://vars.hotjar.com https://www2.kantar-xtel.com; frame-ancestors https://*.khapps.com https://*.khapps.jp; font-src 'self' data: https://cdn.sanity.io/files/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com https://script.hotjar.com; media-src 'self' data: https://cdn.sanity.io/ https://vimeo.com/ 5 default-src https: wss://*.hotjar.io wss://*.hotjar.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 5 frame-ancestors https://*.ionos.de https://ionos.de https://*.ionos.at https://ionos.at https://*.profiseller.de https://profiseller.de https://*.1und1-partner.de https://1und1-partner.de https://*.1und1-hostingpartner.de https://1und1-hostingpartner.de https://*.1und1-premiumpartner.de https://1und1-premiumpartner.de; 5 frame-ancestors 'self' *.maxon.net 5 default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl cvapp.de *.cvapp.de rirekisho.jp *.rirekisho.jp onlinecurriculo.com.br *.onlinecurriculo.com.br career.io *.career.io cvapp.ro *.cvapp.ro cvapp.gr *.cvapp.gr cvapp.hu *.cvapp.hu resume-test.io *.resume-test.io cvapp.nz *.cvapp.nz cvapp.ie *.cvapp.ie lebenslaufapp.ch *.lebenslaufapp.ch lebenslaufapp.at *.lebenslaufapp.at; frame-src https:; frame-ancestors 'self' vwo.com *.vwo.com 5 default-src 'self' https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' blob: data: https://*.analytics.google.com https://*.google.com https://*.brightfunnel.com https://q.quora.com https://alb.reddit.com https://www.marketing-town.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services; connect-src 'self' https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/; object-src blob: ; frame-src https://www.google.com.pa https://10155546.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com https://youtu.be 5 default-src 'self' data: blob: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.bioz.com *.vwr.com *.doubleclick.net *.avantorsciences.com *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com *.facebook.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk ahpp2.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.bioz.com *.vwr.com *.googleapis.com *.facebook.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.bioz.com *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.pinimg.com *.avantorsciences.com *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; 5 frame-ancestors 'self' *.brandwatch.com https://insights.hotjar.com; object-src 'none'; form-action 'self'; 5 default-src 'self' https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' data: https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://cdn.m-t.io https://trk.m-t.io https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://chat-snippet.terminusplatform.com https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services; connect-src 'self' https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/; object-src blob: ; frame-src https://www.google.com.pa https://www.facebook.com https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com 5 script-src 'self'; 5 worker-src 'self' blob: 5 worker-src * 5 frame-ancestors 'self' https://*.yahooinc.com 5 upgrade-insecure-requests; frame-ancestors 'self' *.reforma.com *.elnorte.com *.mural.com.mx *.gruporeforma.com *.agenciareforma.com *.avisosdeocasion.com *.elviernesnocuesta.com aristeguinoticias.com *.ezproxy.iteso.mx http://intraneteditora http://intranetreforma http://intranetmural http://operacionesinternet; 5 frame-ancestors dev.mwcbarcelona.com www.mwcbarcelona.com mwcbarcelona.com dev.mwc-africa.com www.mwc-africa.com mwc-africa.com dev.mwclasvegas.com www.mwclasvegas.com mwclasvegas.com dev.gsmaevents.com www.gsmaevents.com staging.gsmaevents.com gsmaevents.com gsma.force.com 5 default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com js.hs-banner.com js.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com *.gbgplc.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com js.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com js.hsforms.net forms.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com npmcdn.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com j.6sc.co tracking.g2crowd.com js.hubspot.com www.atmrum.net; style-src 'self' blob: 'unsafe-inline' *.googleapis.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud ifaqs.flexanswer.com; img-src 'self' 'unsafe-inline' *.gravatar.com data: gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com *.hsforms.com analytics.twitter.com b.6sc.co gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net; font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud; media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com; worker-src blob:; child-src blob:; connect-src 'self' *.google-analytics.com api.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net gbg-cms-web-uat-staging.azurewebsites.net gbg-cms-web-dev.azurewebsites.net gbg.local maps.googleapis.com *.execute-api.ap-southeast-2.amazonaws.com cdn.linkedin.oribi.io m1.openfpcdn.io *.applicationinsights.azure.com ipv6.6sc.co c.6sc.co gbgplc.com; frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com codepen.io *.loqate.com *.buzzsprout.com *.umbraco.com www.edisoninvestmentresearch.com; frame-ancestors 'self' *.loqate.com; 5 frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io gdata.onlyfy.jobs *.gdata.de www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__ 5 upgrade-insecure-requests;block-all-mixed-content 5 frame-ancestors 'self' animepahe.com *.animepahe.com animepahe.org *.animepahe.org animepahe.ru *.animepahe.ru 5 frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/; 5 frame-ancestors 'self' https://lojaonline.nos.pt 5 default-src 'self' http://localhost:* http://127.0.0.1:* https://*.supercharge-srp.co https://*.safeframe.googlesyndication.com http://tpc.googlesyndication.com https://tpc.googlesyndication.com http://securepubads.g.doubleclick.net https://securepubads.g.doubleclick.net https://tags.tiqcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' http://localhost:* http://127.0.0.1:* https://*.jobsdb.com/ https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://*.hotjar.com/ https://*.hotjar.io/ https://analytics.tiktok.com https://unpkg.com/ https://polyfills.io/ https://cdnjs.cloudflare.com https://cdn.ravenjs.com https://widget.intercom.io http://www.googletagservices.com https://www.googletagservices.com http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com https://adservice.google.com http://securepubads.g.doubleclick.net https://securepubads.g.doubleclick.net https://cdn.taboola.com http://tpc.googlesyndication.com https://tpc.googlesyndication.com https://adservice.google.com.au https://adservice.google.com.hk https://adservice.google.com.sg https://js.intercomcdn.com http://www.googletagmanager.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://www.googleadservices.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.branch.io/ https://app.link/ https://www.google-analytics.com http://tags.tiqcdn.com https://tags.tiqcdn.com https://www.youtube.com https://s.ytimg.com https://*.useinsider.com https://web-staging.sol-data.com https://web.aips-sol.com http://*.amplitude.com https://*.amplitude.com https://*.tealiumiq.com https://*.qualtrics.com http://wrsiteinterceptengine; style-src 'unsafe-inline' 'self' http://localhost:* http://127.0.0.1:* https://*.jobsdb.com/ https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://fonts.googleapis.com/ https://tagmanager.google.com https://*.useinsider.com; img-src * data:; font-src 'self' https://*.jobsdb.com https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://fonts.gstatic.com/ https://static.hotjar.com/ https://static.hotjar.io/ https://js.intercomcdn.com data:; connect-src 'self' https://www.seek.com.au/ http://www.seek.com.au.staging/ https://*.seek.com http://candidate-graphql-api-candy-shared-dev-active.ap-southeast-2.elasticbeanstalk.com/ http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:* https://web-staging.sol-data.com https://web.aips-sol.com https://*.supercharge-srp.co:8080/ https://*.jobsdb.com/ http://*.jobsdb.com/ https://dpm.demdex.net/ https://*.jobstreet.com/ http://*.jobstreet.co.id http://*.jobstreet.com.my http://*.jobstreet.com.ph http://*.jobstreet.com.sg https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg http://*.supercharge-srp.co https://*.supercharge-srp.co https://*.hotjar.com:*/ https://*.hotjar.io:*/ https://*.elasticbeanstalk.com:8080/ ws://*.hotjar.com/ wss://*.hotjar.com/ ws://*.hotjar.io/ wss://*.hotjar.io/ https://*.intercom.io wss://*.intercom.io http://*.g.doubleclick.net https://*.g.doubleclick.net https://csi.gstatic.com https://api2.branch.io/ https://app.link/ https://pagead2.googlesyndication.com https://*.useinsider.com https://*.amplitude.com https://*.tealiumiq.com https://*.qualtrics.com https://www.google-analytics.com https://analytics.tiktok.com; frame-src https://*.fls.doubleclick.net/ https://vars.hotjar.com https://vars.hotjar.io https://*.google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net http://tpc.googlesyndication.com https://tpc.googlesyndication.com https://staticxx.facebook.com https://www.youtube.com https://*.useinsider.com https://*.safeframe.googlesyndication.com https://seekasia.demdex.net 5 default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5 img-src 'self' img.youtube.com *.s3waas.gov.in secure.gravatar.com data: www.nic.in informatics.nic.in xn--m1bet4hqd2b.xn--h2brj9c; connect-src 'self' *.s3waas.gov.in;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 5 default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://www.googletagmanager.com https://addsearch.com https://www.google-analytics.com https://www.googleanalytics.com https://snap.licdn.com https://www.redditstatic.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://analytics.tiktok.com https://connect.facebook.net https://j.6sc.co https://amplify.outbrain.com https://tr.outbrain.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hubspot.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://s8.searchcdn.com https://grid.is https://edge.fullstory.com https://www.comeet.co https://player.vimeo.com https://cdn.ampproject.org https://bugcrowd.com https://assets.bugcrowdusercontent.com https://www.google.com https://optimize.google.com https://www.googleoptimize.com https://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://app.addsearch.com https://*.cloudfront.net https://optimize.google.com https://www.comeet.com; img-src 'self' https: data: blob:; connect-src 'self' https://api.ipstack.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://fb-capi.rapyd.net https://analytics.google.com https://www.google-analytics.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://ipv6.6sc.co https://analytics.tiktok.com https://dashboard.rapyd.net https://cta-service-cms2.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.linkedin.oribi.io https://c.6sc.co https://edge.fullstory.com https://rs.fullstory.com https://secure.adnxs.com https://dev.visualwebsiteoptimizer.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self' https://grid.is https://www.rapyd.is; frame-src https://aax-eu.amazon-adsystem.com https://www.facebook.com https://optimize.google.com https://www.google.com https://forms.hsforms.com https://grid.is https://www.rapyd.is https://www.comeet.co https://player.vimeo.com https://bugcrowd.com 5 default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: ; img-src * data: ; 5 frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self'; 5 frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none' 5 default-src 'self' *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 'unsafe-eval';img-src * data: blob:;connect-src *;font-src *;object-src *;media-src * 5 frame-ancestors 'self' zendesk.com training.finalsite.com www.taistn.com www.tri-association.org www.swaes.org www.qais.qc.ca www.partnersinmission.com www.paispa.org www.nysais.org www.nwais.org www.njais.org www.nesacenter.org www.mn-ais.org www.maisschools.com www.mais-web.org www.lmais.org isasw.finalsite.com www.theibsc.org www.fobisia.org www.fcis.org www.cristoreynetwork.org www.cobis.org.uk www.cisontario.ca www.cois.org www.capss.org www.cais.ca www.cabe.org aisne.finalsite.com www.aims-mi.org www.acaap.net www.aassa.com www.aaie.org https://www.finalsite.co.uk www.finalsite.co.uk *.pendo.io pendo-io-static.storage.googleapis.com www.boarding.org.au app.getguru.com; 5 script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://recaptcha-staging.corp.google.com/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/allowlist;base-uri www.google.com 5 frame-src 'self' bazaarvoice.com *.bazaarvoice.com https://www.terminland.de *.datev-bot.de *.datev.de *.datev.com *.iesnare.com *.cookielaw.org *.salesviewer.org *.salesviewer.com 5 base-uri 'none'; default-src 'self' https://accesso.com https://cdn.cookielaw.org https://p.adsymptotic.com https://px.ads.linkedin.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://analytics.google.com https://app.marker.io https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://code.jquery.com https://edge.marker.io https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://marker.io https://pi.pardot.com https://secure.agileenterpriseintelligence.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://accesso.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cloud.typography.com https://code.jquery.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://www.googletagmanager.com; img-src 'self' https://accesso.com https://www.accesso.com https://www.google-analytics.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.com https://www.googletagmanager.com https://fonts.gstatic.com https://privacy-policy.truste.com https://media.marker.io https://app.marker.io https://edge.marker.io blob: data:; connect-src 'self' https://analytics.google.com https://api.marker.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://idx.liadm.com https://privacyportal.onetrust.com https://ssr.marker.io https://stats.g.doubleclick.net https://www.googletagmanager.com; font-src 'self' https://app.marker.io https://cloud.typography.com https://edge.marker.io https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com data:; frame-src 'self' https://bid.g.doubleclick.net https://hello.accesso.com/ https://app.marker.io https://player.vimeo.com/ https://polaris.brighterir.com https://www.youtube.com; 5 default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: https://c.iad.oracleinfinity.io blob:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; frame-ancestors 'self' https://*.beocms.com https://communities.evonik.com; frame-src 'self' data: https: blob:; connect-src 'self' data: https:; media-src 'self' data: https: blob: 5 frame-ancestors 'self' https://sonae.outsystemsenterprise.com outsystems://sonae.outsystemsenterprise.com https://cartaocontinente.pt outsystems://cartaocontinente.pt sonae-dev.outsystemsenterprise.com 5 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; frame-ancestors *; 5 default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 5 frame-ancestors 'self' *.factorial.be *.factorial.ch *.factorial.co *.factorial.fr *.factorial.it *.factorial.mx *.factorialhr.ar *.factorialhr.be *.factorialhr.ch *.factorialhr.cl *.factorialhr.co *.factorialhr.co.uk *.factorialhr.com.br *.factorialhr.de *.factorialhr.es *.factorialhr.fr *.factorialhr.it *.factorialhr.mx *.factorialhr.pt *.factorialhr.com 5 media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' https://www.onlinereservationsystems.com; 5 default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: webstatistik.bundeswehr.de webstatistik.bmvg.de *.video-cdn.net *.de.kaltura.com *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.de.kaltura.com *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: www.bundeswehr.de *.bmvg.de *.video-cdn.net *.de.kaltura.com fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://webstatistik.bundeswehr.de/report-uri/ 5 frame-ancestors media.kaufland.de media.kaufland.com wissen-kaufland.kcenter.usu.com kaufland.staffbase.com 'self' 5 frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 5 upgrade-insecure-requests ; default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; style-src 'self' https://*.apple.com 'unsafe-inline'; font-src 'self' https://*.apple.com; media-src 'self' https://*.apple.com blob:; connect-src 'self' https://*.apple.com https://*.mzstatic.com; script-src 'self' https://*.apple.com 'unsafe-eval' 'sha256-4ywTGAe4rEpoHt8XkjbkdOWklMJ/1Py/x6b3/aGbtSQ=' blob:; frame-src 'self' https://*.apple.com itmss: itms-appss: itms-bookss: itms-itunesus: itms-messagess: itms-podcasts: itms-watchs: macappstores: musics: apple-musics: podcasts: videos:; 5 frame-ancestors 'self' https://dashboard.sitew.com https://www.sitew.com; 5 default-src 'none'; script-src 'self'; img-src 'self' https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://www.google-analytics.com:443 https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.handelsbanken.se https://*.handelsbanken.no https://*.handelsbanken.nl https://*.handelsbanken.com https://*.handelsbanken.co.uk https://*.qbrick.com:443 synpunkter-1788b.firebaseio.com https://www.google-analytics.com:443; style-src 'self' 'unsafe-inline'; frame-src https://assets.adobedtm.com *.demdex.net *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com handelsbanken.easycruit.com handelsbankendk.easycruit.com handelsbankennl.easycruit.com handelsbankenno.easycruit.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com go.beanstream.com; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 5 frame-ancestors 'self' https://*.j2t.com https://j2t.com https://*.j2t.exchange https://j2t.exchange https://*.just2trade.cn https://just2trade.cn https://webvisor.com https://*.webvisor.com http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://metrica.yandex.com https://metrika.yandex.by https://metrica.yandex.com.tr 5 frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.mobil.co.in/ https://www.mobil.com/ https://r1.dotdigital-pages.com https://*.eame.mobil.com/ https://www.exxonmobil.com/ https://www.mobil.co.id/ https://www.facebook.com/ https://*.adsrvr.org/ https://www.youtube.com/ https://*.livechatinc.com/ https://*.udesk.cn/ https://cdn.appdynamics.com/ https://*.brightcove.net/ https://*.doubleclick.net/ https://*.avndscxom.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ https://*.bazaarvoice.com/ ;default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://apps.sitecore.net https://*.avndscxom.com/ https://*.bing.com https://players.brightcove.net https://apps.spheracloud.net https://cdn.cookielaw.org https://cdn.pricespider.com/ https://cdn.appdynamics.com/ https://unpkg.com/ https://*.googletagmanager.com/ https://cdn.appdynamics.com/ https://players.brightcove.net/ https://api.map.baidu.com/ https://www.youtube.com/ https://api-maps.yandex.ru/ https://*.bazaarvoice.com/ https://*.pricespider.com/ https://geolocation.onetrust.com/ https://*.analytics.google.com/ https://*.vimeo.com/ https://*.youtube-nocookie.com/ https://*.g.doubleclick.net/ https://*.doubleclick.net/ https://pdx-col.eum-appdynamics.com/ https://privacyportal.onetrust.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.google.co.uk/ https://*.google.co.in/ https://*.brightcove.com https://*.boltdns.net https://*.googleapis.com/ https://*.akamaihd.net https://cdn.linkedin.oribi.io/ https://miao.baidu.com/ https://api.mapbox.com/ https://events.mapbox.com/ https://www.facebook.com/ https://*.livechatinc.com/ https://xom-ws-us-meijer.phoenix.earlweb.net https://lubesapi.webmarketing-inc.com/ https://developers.onemap.sg/ https://ka-f.fontawesome.com/ https://*.go-mpulse.net/ https://*.akstat.io/; img-src 'self' data: blob: https://*.virtualearth.net https://*.avndscxom.com/ https://*.baidu.com https://cdn.cookielaw.org https://cdn.pricespider.com/ https://*.analytics.google.com https://*.google-analytics.com/ https://*.vimeo.com/ https://*.youtube-nocookie.com/ https://*.vimeocdn.com https://www.mobil.com.cn/ https://*.brightcove.com https://*.boltdns.net https://*.google.com/ https://*.google.co.uk/ https://*.google.co.in/ https://*.googleapis.com/ https://*.gstatic.com/ https://*.doubleclick.net/ https://*.bing.com https://*.googletagmanager.com/ https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://yandex.ru https://api.map.baidu.com/ https://*.bdimg.com/ https://*.bazaarvoice.com/ https://*.linkedin.com https://*.pricespider.com/ https://miao.baidu.com/ https://content.dps.mobil.com/ https://www.exxon.com/ https://*.ytimg.com/ https://www.facebook.com/ https://*.livechatinc.com/ https://s3.amazonaws.com/ https://*.youtube.com https://productselector.eame.mobil.com/ https://www.exxonmobil.com https://www.mobil.com.cn/;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.iesnare.com https://*.baidu.com https://*.bing.com https://*.virtualearth.net https://cdn.cookielaw.org https://cdn.pricespider.com/ https://*.googletagmanager.com/ https://cdn.appdynamics.com/ https://unpkg.com/ https://static.cloud.coveo.com https://players.brightcove.net/ https://*.googleapis.com/ https://api.map.baidu.com/ https://www.youtube.com/ https://api-maps.yandex.ru/ https://*.google-analytics.com/ https://vjs.zencdn.net/ https://*.doubleclick.net/ https://yastatic.net/ https://dlswbr.baidu.com https://*.bazaarvoice.com/ https://*.pricespider.com/ https://gateway.foresee.com/ https://snap.licdn.com https://api.tiles.mapbox.com/ https://*.linkedin.com https://*.bdimg.com/ https://*.ytimg.com/ https://connect.facebook.net/ https://*.adsrvr.org/ https://suggest-maps.yandex.ru/ https://core-renderer-tiles.maps.yandex.net/ https://*.livechatinc.com/ https://*.udesk.cn/ https://cdn.ampproject.org/ https://pi.pardot.com/ https://*.mobil.com https://*.go-mpulse.net/ https://*.akstat.io/ https://www.googleadservices.com/ https://*.avndscxom.com/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bing.com https://static.cloud.coveo.com https://core-renderer-tiles.maps.yandex.net https://suggest-maps.yandex.ru/ https://api.map.baidu.com/ https://cdn.pricespider.com https://api.tiles.mapbox.com/ https://*.bazaarvoice.com/ https://*.udesk.cn/ https://maxcdn.bootstrapcdn.com/ https://db.onlinewebfonts.com/ https://ka-f.fontawesome.com/ https://*.gstatic.com/ https://cdnjs.cloudflare.com/ https://*.avndscxom.com/; font-src 'self' 'unsafe-inline' https://raka.bing.com https://vjs.zencdn.net/ https://*.livechatinc.com/ https://maxcdn.bootstrapcdn.com/ https://db.onlinewebfonts.com/ https://*.gstatic.com/ https://ka-f.fontawesome.com/ https://cdnjs.cloudflare.com/ https://*.googleapis.com https://*.avndscxom.com/ https://*.cloud.coveo.com https://www.bing.com data:; upgrade-insecure-requests; block-all-mixed-content; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 5 frame-ancestors http://*.ccf.org https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org http://*.clevelandclinic.org 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; 5 frame-ancestors 'self' https://www.bosoy-online.com 5 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://iplogger.org/csp.php; 5 default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://s.yimg.jp/ https://connect.facebook.net/ https://b92.yahoo.co.jp/ https://b97.yahoo.co.jp/ https://maps.googleapis.com/ https://*.mul-pay.jp/ https://ssl.google-analytics.com https://www.google.com https://global.localizecdn.com/ https://use.typekit.net/ https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; object-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net/; connect-src * data: blob: 'unsafe-inline'; manifest-src 'self'; frame-src https://bid.g.doubleclick.net/ https://www.googletagmanager.com/ https://*.facebook.com/ https://www.youtube.com/; media-src * data: blob:; worker-src * data: blob: 5 base-uri 'none'; default-src: 'none'; block-all-mixed-content 5 default-src 'self' *.infinity-tracking.net *.infinity-tracking.com *.lfeeder.com *.leadfeeder.com *.fullstory.com *.hscollectedforms.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com static.cloudflareinsights.com *.licdn.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.hotjar.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.krollontrack.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.infinity-tracking.com *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp *.plavxml.com *.onetrust.com *.cookielaw.org js.monitor.azure.com *.msecnd.net *.lfeeder.com *.leadfeeder.com *.hscta.net *.fullstory.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.krollontrack.com *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.hubspotusercontent20.net *.ibas.com *.compiled.com *.kldiscovery.com *.ediscovery.com *.krollontrack.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp *.onetrust.com *.cookielaw.org *.lfeeder.com *.leadfeeder.com; media-src 'self' data: blob: *.krollontrack.com *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com *.ediscovery.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.youtube-nocookie.com youtube-nocookie.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.hotjar.com *.doubleclick.net *.krollontrack.com *.hsforms.com *.typeform.com *.avrotros.nl *.hsforms.net; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.hsforms.com blob:; connect-src 'self' wss: *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com cloudflareinsights.com *.hotjar.com *.hotjar.io *.infinity-tracking.net *.infinity-tracking.com google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net dc.services.visualstudio.com *.googletagmanager.com *.onetrust.com *.cookielaw.org *.fullstory.com *.hscollectedforms.net; 5 default-src https: data: 'unsafe-inline' 'unsafe-eval'; 5 default-src https: wss: 'self' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com nimbleswan.io static.tagboard.com; style-src 'self' https: 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; img-src 'unsafe-eval' https: data: blob: mediastream:; media-src https: 'self' *.mightycause.com w.chatlio.com blob:; font-src https: data: 'self' *.mightycause.com *.gstatic.com cdn.embedly.com; manifest-src 'self' *.mightycause.com; report-uri https://mightycause.report-uri.com/r/d/csp/reportOnly 5 default-src https://*.go-mpulse.net https://*.akstat.io 'self' 'unsafe-inline' 'unsafe-eval' view.ceros.com herbalife.preview.ceros.com hnx.myherbalife.com herbalife-econnect.hrbl.com hlf.maps.arcgis.com www.herbalife.com www.herbalife.de www.herbalife.ca privacyportal-cdn.onetrust.com services.herbalifenutrition.com media.herbalifenutrition.com negocio.herbalife.com.mx privacyportal.onetrust.com privacyseals.bbbprograms.org da7xgjtj801h2.cloudfront.net cf-images.us-east-1.prod.boltdns.net translate.googleapis.com googleads.g.doubleclick.net bid.g.doubleclick.net www.googleadservices.com dev.day.com rl.quantummetric.com geolocation.onetrust.com http-inputs-hrbl.splunkcloud.com herbalife-app.quantummetric.com herbalife-sync.quantummetric.com cdn.quantummetric.com cdn.cookielaw.org code.jquery.com optanon.blob.core.windows.net stats.g.doubleclick.net herbalife.112.2o7.net www.gstatic.com connect.facebook.net blob: data: user-aaimrzl.cld.bz www.google-analytics.com www.googletagmanager.com www.facebook.com twitter.com www.instagram.com www.linkedin.com www.dsa.org dsef.org www.bbb.org fonts.googleapis.com fonts.gstatic.com pixel.wp.com s0.wp.com stats.wp.com api.ceros.co ajax.googleapis.com media-s3-us-east-1.ceros.com namcerosdev.wpengine.com sdk.ceros.com assets.adobedtm.com metrics.brightcove.com players.brightcove.net cdn.flipsnack.com edge.api.brightcove.com cdnjs.cloudflare.com assets.herbalifenutrition.com smetrics.herbalife.com manifest.prod.boltdns.net httpsak-a.akamaihd.net bcbolt446c5271-a.akamaihd.net ds-aksb-a.akamaihd.net secure.brightcove.com vjs.zencdn.net f1.media.brightcove.com edge.myherbalife.com herbalife.demdex.net dpm.demdex.net herbalife.tt.omtrdc.net cm.everesttech.net www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat 5 connect-src *; default-src 'self'; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 5 frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 5 manifest-src 'self' *.mywebinar.net;default-src 'self' blob:;connect-src 'self' wss: *.mywebinar.com *.mywebinar.net *.mywebinar.io *.mywebinar.live myownconference.net *.myownconference.net client.crisp.chat storage.crisp.chat www.googletagmanager.com *.google-analytics.com;frame-src 'self' *.myownconference.com *.mywebinar.com tpc.googlesyndication.com bid.g.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.myownconference.com *.mywebinar.com *.mywebinar.net *.mywebinar.io client.crisp.chat www.google.com www.googletagmanager.com www.googleadservices.com tpc.googlesyndication.com googleads.g.doubleclick.net;img-src 'self' data: *;media-src 'self' blob: *.mywebinar.com *.mywebinar.net *.mywebinar.io myownconference.net *.myownconference.net;style-src 'self' 'unsafe-inline' *.mywebinar.com *.mywebinar.net *.mywebinar.io client.crisp.chat www.google.com www.googletagmanager.com fonts.googleapis.com;font-src 'self' data: *.mywebinar.net *.mywebinar.io client.crisp.chat fonts.gstatic.com;object-src 'self' *.mywebinar.net *.mywebinar.io;frame-ancestors 'self'; 5 frame-ancestors https://modelcentro.com/ 5 frame-ancestors 'self' www.charleskeith.com www.pedroshoes.com 5 frame-ancestors tarketthome.com www.tarketthome.com 5 default-src 'self' 'unsafe-inline' www.youtube-nocookie.com uccftp.presidio.com:443 gitblit.presidio.com kit.fontawesome.com okr.presidio.com spaceman.presidio.com:443 cdn2.hubspot.net js.hs-analytics.net forms.hsforms.com forms.hubspot.com js.hs-banner.com d2o0yh38wy20at.cloudfront.net play.hubspotvideo.com cms.presidio.com login.ms.presidio.com cpuser.presidio.com px4.ads.linkedin.com codaglobal.wpengine.com content.hotjar.io csa.presidio.com *.cloudfront.net in.hotjar.com blog.arkphire.com wss://*.hotjar.com *.hotjar.io *.hotjar.com ws19.hotjar.com uccftp.presidio.com:443 pass.presidio.com okr.presidio.com okr.presidio.com:443 cyber.presidio.com spamq.presidio.com tpass.presidio.com tpass.presidio.com:443 bigcloud.presidio.com pass.presidio.com:443 portal.presidio.com *.brighttalk.com gitblit.presidio.com www.coda.global js.hsadspixel.net pro.fontawesome.com use.fontawesome.com *.arkphire.com *.presidio.com login.ms.presidio.com wordpress.coda.global dev-okr.presidio.com dev-okr.presidio.com:443 www.arkphire.com *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com unpkg.com cta-service-cms2.hubspot.com no-cache.hubspot.com ak5.picdn.net forms.hsforms.com fonts.googleapis.com fonts.gstatic.com ipapi.co geoip.cookieyes.com coda.global www.google.com www.google.co.in analytics.google.com www.youtube.com t.co www.google-analytics.com analytics.twitter.com cs.lf-discover.com tr.lfeeder.com px.ads.linkedin.com ws15.hotjar.com vars.hotjar.com wss.hotjar.com vc.hotjar.io ws9.hotjar.com www.google.ie stats.g.doubleclick.net region1.analytics.google.com cdn.linkedin.oribi.io px.ads.linkedin; script-src 'self' www.googleadservices.com 'unsafe-inline' 'unsafe-eval' bigcloud.presidio.com spamq.presidio.com portal.presidio.com gitblit.presidio.com csa.presidio.com cdn.jsdelivr.net js.hscta.net kit.fontawesome.com www.youtube.com *.usemessages.com *.hs-scripts.com js.hscollectedforms.net unpkg.com *.hubspotusercontent20.net *.hubspot.com *.hsforms.com js.hsleadflows.net cdn2.hubspot.net js.hs-banner.net d2o0yh38wy20at.cloudfront.net cdn2.hubspot.net www.arkphire.com blog.arkphire.com unpkg.com platform.twitter.com platform.linkedin.com static.hsappstatic.net script.hotjar.com ajax.googleapis.com www.gstatic.com www.google.com cdnjs.cloudflare.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com connect.facebook.net js.hs-banner.com js.hsadspixel.net js.hs-analytics.net www.brighttalk.com app.hubspot.com js.hsleadflows.net www.arkphire.com unpkg.com no-cache.hubspot.com ak5.picdn.net forms.hsforms.com use.fontawesome.com pro.fontawesome.com cta-service-cms2.hubspot.com fonts.googleapis.com sc.lfeeder.com fonts.gstatic.com www.google.co.in analytics.google.com static.hotjar.com static.ads-twitter.com snap.licdn.com analytics.twitter.com ws15.hotjar.com vc.hotjar.io; connect-src 'self' 'unsafe-inline' www.googleadservices.com www.youtube-nocookie.com csa.presidio.com d2o0yh38wy20at.cloudfront.net *.hubapi.com *.hubspot.com www.facebook.com hubspot-forms-static-embed.s3.amazonaws.com js.hs-banner.com cdn.linkedin.oribi.io blog.arkphire.com cdn2.hubspot.net wss://*.hotjar.com content.hotjar.io *.hotjar.com *.hotjar.io codaglobal.wpengine.com forms.hubspot.com cta-service-cms2.hubspot.com www.google.com stats.g.doubleclick.net *.cloudfront.net connect.facebook.net www.gstatic.com csmetrics.hotjar.com cdnjs.cloudflare.com api.hubapi.com ajax.googleapis.com www.arkphire.com www.googletagmanager.com in.hotjar.com googleads.g.doubleclick.net www.google-analytics.com analytics.google.com cs.lf-discover.com; style-src 'self' 'unsafe-inline' spamq.presidio.com csa.presidio.com cdn2.hubspot.net static.hsappstatic.net www.arkphire.com *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-banner.net *.hsforms.net clearpathdev.wpengine.com *.hsforms.com js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com unpkg.com no-cache.hubspot.com ak5.picdn.net cta-service-cms2.hubspot.com forms.hsforms.com fonts.googleapis.com *.arkphire.com use.fontawesome.com js.hsleadflows.net pro.fontawesome.com app.hubspot.com d2o0yh38wy20at.cloudfront.net; img-src https: data:; frame-src 'self' www.brighttalk.com www.youtube-nocookie.com portal.presidio.com csa.presidio.com open.spotify.com cdn2.hubspot.net d2o0yh38wy20at.cloudfront.net *.hubspot.com *.hsforms.com forms.hsforms.com www.facebook.com platform.twitter.com www.google.com www.youtube.com blog.arkphire.com play.hubspotvideo.com spaceman.presidio.com lyncdiscover.presidio.com *.presidio.com; font-src 'self' blog.arkphire.com www.arkphire.com csa.presidio.com cpuser.presidio.com tpass.presidio.com dev-okr.presidio.com gitblit.presidio.com spamq.presidio.com pass.presidio.com cdnjs.cloudflare.com clearpathdev.wpengine.com fonts.gstatic.com use.fontawesome.com cdn2.hubspot.net script.hotjar.com pro.fontawesome.com; object-src 'none'; 5 connect-src log.wien maps.nextbike.net *.googleapis.com *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/ wtb.maptiles.arcgis.com *.arcgisonline.com *.arcgis.com chatbot.wlb.at onlim-chatbot-production.s3.amazonaws.com *.onlim.com wss://*.onlim.com wss://app.onlim.com/api/cs/ws wss://api.onlim.com/cs/ws *.vimeo.com vimeo.com *.addthis.com www.google-analytics.com routenplaner.verkehrsauskunft.at *.wienit.at *.api.wienenergie.at api.wienenergie.at service.wienerstadtwerke.at *.service.wienernetze.at service.wienernetze.at api.wstw.at int-api.wstw.at test-api.wstw.at styles.wienerstadtwerke.at 'self' jobs.wienerstadtwerke.at https://www.facebook.com/tr/; style-src static.dvinci-easy.com https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-feedbacklet-d69f3b461dc32d40f77b744a4b3eb522.css 'self' styles.wienerstadtwerke.at 'unsafe-inline' fonts.googleapis.com *.onlim.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.chatvisor.com; base-uri 'self' *.onlim.com; script-src https://app.onlim.com/chat-app/js/host.js *.onlim.com *.adform.net *.googletagmanager.com connect.facebook.net/ *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net walls.io *.virtualq.io polyfill.io openstreetmap.org *.openstreetmap.org chatbot.wlb.at *.vimeocdn.com ajax.googleapis.com maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com assets.adobedtm.com *.ytimg.com *.youtube.com styles.wienerstadtwerke.at 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com/ *.onlim.com/ https://googleads.g.doubleclick.net/ *.usabilla.com/ *.googletagmanager.com/ *.googleadservices.com static.dvinci-easy.com; frame-src *.wienit.at lehrlingstest-wienerstadtwerke.azurewebsites.net video.eko.com ubscal.seeyou.at *.issuu.com issuu.com *.walls.io walls.io *.virtualq.io app.onlim.com www.whatchado.com *.vimeo.com vimeo.com *.youtube.com www.google.com www.bestattungwien.at *.friedhoefewien.at mailto: service.wienerstadtwerke.at 'self' https://langenacht.orf.at youtu.be *.wienit.at/ *.wienernetze.at/ *.facebook.com https://terminreservierung.reinisch.tech/ https://terminreservierung.staging.reinisch.tech/ *.youtu.be; media-src 'self' data: *.onlim.com; img-src *.wienernetze.at/ wienitedv.d3.sc.omtrdc.net facebook.com/tr/ rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.wien.gv.at *.fluidtime.com *.arcgisonline.com onlim-chatbot-production.s3.eu-central-1.amazonaws.com onlim-base.s3.eu-central-1.amazonaws.com dacodi-production.s3.amazonaws.com *.onlim.com *.openstreetmap.org *.vimeocdn.com *.omtrdc.net *.2o7.net maps.googleapis.com maps.gstatic.com *.ytimg.com csi.gstatic.com chatbot.wlb.at *.wienit.at *.upstream-mobility.at blob: data: styles.wienerstadtwerke.at 'self' https://googleads.g.doubleclick.net *.facebook.com https://www.google.at/pagead/ https://www.google.com/pagead/; default-src 'self'; font-src https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-font-file-url-de462eaa4f394073e3723d639af661c0.woff *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net data: styles.wienerstadtwerke.at chatbot.wlb.at *.onlim.com fonts.gstatic.com 'self'; 5 5 default-src 'self' *.bokf.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://bat.bing.com/bat.js *.bokf.com *.mpeasylink.com https://i.tryinteract.com https://tr-rc.lfeeder.com https://tag.clearbitscripts.com ws.sessioncam.com https://bokf.wufoo.com https://sc.lfeeder.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com cdn.timetrade.com *.googletagmanager.com *.calcxml.com http://cdnjs.cloudflare.com http://www.google.com http://ajax.googleapis.com *.google-analytics.com http://maxcdn.bootstrapcdn.com *.cloudfront.net *.googleadservices.com app.quotemedia.com http://qmod.quotemedia.com c1.rfihub.net http://connect.facebook.net img.en25.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com *.doubleclick.net *.convertlanguage.com s3.amazonaws.com/trk.cetrk.com/9/t.js s3.amazonaws.com/trk.cetrk.com/b/t.js *.facebook.com https://www.linkedin.com/ www.gstatic.com cdn.glassboxcdn.com snap.licdn.com tracking.bokfinancial.com https://www.google-analytics.com https://ssl.google-analytics.com https://js.adsrvr.org https://insight.adsrvr.org https://extend.vimeocdn.com http://player.vimeo.com https://www.vimeo.com https://gtm-pchlzvs-yzg3y.uc.r.appspot.com vimeo.com/api/oembed.js www.bokfinancial.com www.bankofalbuquerque.com www.bankofoklahoma.com www.bankoftexas.com; style-src 'self' 'unsafe-inline' fast.fonts.net https://optimize.google.com http://www.calcxml.com *.mpeasylink.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com fonts.googleapis.com https://www.googletagmanager.com; img-src 'self' data: *.kaltura.com i.ytimg.com https://www.google-analytics.com https://tr-rc.lfeeder.com https://www.googletagmanager.com/ https://www.google.com.mx/ads/ *.mpeasylink.com http://www.google-analytics.com *.google.com https://stats.g.doubleclick.net insight.adsrvr.org *.bokfinancial.com *.bankofoklahoma.com *.bankofalbuquerque.com *.bankoftexas.com https://www.facebook.com http://www.calcxml.com https://i.vimeocdn.com px.ads.linkedin.com p.adsymptotic.com https://cm.g.doubleclick.net https://analytics.convertlanguage.com https://dpm.demdex.net https://www.linkedin.com/ https://match.adsrvr.org https://idpix.media6degrees.com https://s.thebrighttag.com https://uipglob.semasio.net https://loadm.exelator.com https://ads.scorecardresearch.com https://cw.addthis.com https://e.nexac.com https://match.sync.ad.cpe.dotomi.com https://cs.adingo.jp https://usermatch.krxd.net https://x.dlx.addthis.com https://x.bidswitch.net https://match.sharethrough.com https://simage2.pubmatic.com https://eb2.3lift.com https://load77.exelator.com https://pixel.rubiconproject.com https://su.addthis.com https://ib.adnxs.com https://pixel.tapad.com https://mid.rkdms.com/ https://dmp.truoptik.com https://i.liadm.com https://io.narrative.io https://odr.mookie1.com https://ups.analytics.yahoo.com https://ml314.com/utsync.ashx https://beacon.krxd.net https://tags.rd.linksynergy.com https://px4.ads.linkedin.com https://googleads.g.doubleclick.net https://data.adxcel-ec2.com https://gtm-pchlzvs-yzg3y.uc.r.appspot.com; font-src 'self' data: *.mpeasylink.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com fast.fonts.net *.cloudflare.com fonts.gstatic.com; connect-src 'self' chat.bok.com https://cdn.linkedin.oribi.io/ *.googleapis.com *.calcxml.com app.quotemedia.com https://cdn.linkedin.oribi.io api.addsearch.com report.bokf.glassboxdigital.io http://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://gtm-pchlzvs-yzg3y.uc.r.appspot.com; frame-src 'self' *.mpeasylink.com *.timetrade.com https://optimize.google.com https://quiz.tryinteract.com/ https://bokf.wufoo.com https://cdn.embedly.com/ http://player.vimeo.com http://www.surveygizmo.com *.doubleclick.net adservice.google.com *.youtube.com http://www.google.com *.kaltura.com http://videos.bokf.com tracking.bokfinancial.com https://insight.adsrvr.org https://quickquote-config.optimalblue.com https://quickquote-consumer.optimalblue.com/ https://match.adsrvr.org https://*.bokf.com; frame-ancestors 'self' *.bokf.com; report-uri /csp-violations 5 default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com https://www.clickcease.com;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://www.clickcease.com https://monitor.clickcease.com https://go.to.peoplefluent.com;script-src 'self' 'unsafe-inline' https://microapps.pf-labs.net https://cdn.inspectlet.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com https://monitor.clickcease.com https://go.to.peoplefluent.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://stats.g.doubleclick.net https://monitor.clickcease.com https://region1.analytics.google.com 5 default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://*.hotjar.com *.hotjar.io wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.bosch-thermotechnology.com *.hotjar.com 5 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.storyblok.com data: *.netlify.com data: *.adnxs.com *.amazonaws.com *.analytics.google.com *.bing.com *.cloudfront.net *.connect.facebook.net *.criteo.com *.criteo.net *.doubleclick.net *.exacttarget.com *.exploretock.com *.extole.io *.facebook.com *.facebook.net *.facebook.net *.formstack.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleanalytics.com *.google-analytics.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.lafourchette.com *.licdn.com *.linkedin.com *.matterport.com *.metalocator.com *.metalocator.com *.netlify.com *.netlify.app *.pinterest.com.au *.resy.com *.resy.com *.rezdy.com *.salesforce.com *.sc-static.net *.sfdcstatic.com *.sfmc-content.com *.snapchat.com *.snapchat.com *.storyblok.com *.static.hotjar.com *.sweeppromo.com *.sweeppromo.com *.tealiumiq.com *.thefork.com.au *.tiqcdn.com *.tripleseat.com *.unsplash.com *.vimeo.com *.vimeocdn.com *.vtinfo.com *.wayin.com *.weblink.com.au *.xtlo.net *.yahoo.com *.yimg.com *.youtube.com *.amazonaws.com ws://localhost:3000; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.adnxs.com *.amazonaws.com *.analytics.google.com *.bing.com *.cloudfront.net *.connect.facebook.net *.criteo.com *.criteo.net *.doubleclick.net *.exacttarget.com *.exploretock.com *.extole.io *.facebook.com *.facebook.net *.facebook.net *.formstack.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleanalytics.com *.google-analytics.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.lafourchette.com *.licdn.com *.linkedin.com *.matterport.com *.metalocator.com *.metalocator.com *.netlify.com *.netlify.app *.pinterest.com.au *.resy.com *.resy.com *.rezdy.com *.salesforce.com *.sc-static.net *.sfdcstatic.com *.sfmc-content.com *.snapchat.com *.snapchat.com *.storyblok.com *.static.hotjar.com *.sweeppromo.com *.sweeppromo.com *.tealiumiq.com *.thefork.com.au *.tiqcdn.com *.tripleseat.com *.unsplash.com *.vimeo.com *.vimeocdn.com *.vtinfo.com *.wayin.com *.weblink.com.au *.xtlo.net *.yahoo.com *.yimg.com *.youtube.com *.amazonaws.com ws://localhost:3000; frame-src 'self' data: *.adnxs.com *.amazonaws.com *.analytics.google.com *.bing.com *.cloudfront.net *.connect.facebook.net *.criteo.com *.criteo.net *.doubleclick.net *.exacttarget.com *.exploretock.com *.extole.io *.facebook.com *.facebook.net *.facebook.net *.formstack.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleanalytics.com *.google-analytics.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.lafourchette.com *.licdn.com *.linkedin.com *.matterport.com *.metalocator.com *.metalocator.com *.netlify.com *.netlify.app *.pinterest.com.au *.resy.com *.resy.com *.rezdy.com *.salesforce.com *.sc-static.net *.sfdcstatic.com *.sfmc-content.com *.snapchat.com *.snapchat.com *.storyblok.com *.static.hotjar.com *.sweeppromo.com *.sweeppromo.com *.tealiumiq.com *.thefork.com.au *.tiqcdn.com *.tripleseat.com *.unsplash.com *.vimeo.com *.vimeocdn.com *.vtinfo.com *.wayin.com *.weblink.com.au *.xtlo.net *.yahoo.com *.yimg.com *.youtube.com *.amazonaws.com ws://localhost:3000; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.adnxs.com *.amazonaws.com *.analytics.google.com *.bing.com *.cloudfront.net *.connect.facebook.net *.criteo.com *.criteo.net *.doubleclick.net *.exacttarget.com *.exploretock.com *.extole.io *.facebook.com *.facebook.net *.facebook.net *.formstack.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleanalytics.com *.google-analytics.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.lafourchette.com *.licdn.com *.linkedin.com *.matterport.com *.metalocator.com *.metalocator.com *.netlify.com *.netlify.app *.pinterest.com.au *.resy.com *.resy.com *.rezdy.com *.salesforce.com *.sc-static.net *.sfdcstatic.com *.sfmc-content.com *.snapchat.com *.snapchat.com *.storyblok.com *.static.hotjar.com *.sweeppromo.com *.sweeppromo.com *.tealiumiq.com *.thefork.com.au *.tiqcdn.com *.tripleseat.com *.unsplash.com *.vimeo.com *.vimeocdn.com *.vtinfo.com *.wayin.com *.weblink.com.au *.xtlo.net *.yahoo.com *.yimg.com *.youtube.com *.amazonaws.com ws://localhost:3000; img-src 'self' * data: *.adnxs.com *.amazonaws.com *.analytics.google.com *.bing.com *.cloudfront.net *.connect.facebook.net *.criteo.com *.criteo.net *.doubleclick.net *.exacttarget.com *.exploretock.com *.extole.io *.facebook.com *.facebook.net *.facebook.net *.formstack.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleanalytics.com *.google-analytics.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.lafourchette.com *.licdn.com *.linkedin.com *.matterport.com *.metalocator.com *.metalocator.com *.netlify.com *.netlify.app *.pinterest.com.au *.resy.com *.resy.com *.rezdy.com *.salesforce.com *.sc-static.net *.sfdcstatic.com *.sfmc-content.com *.snapchat.com *.snapchat.com *.storyblok.com *.static.hotjar.com *.sweeppromo.com *.sweeppromo.com *.tealiumiq.com *.thefork.com.au *.tiqcdn.com *.tripleseat.com *.unsplash.com *.vimeo.com *.vimeocdn.com *.vtinfo.com *.wayin.com *.weblink.com.au *.xtlo.net *.yahoo.com *.yimg.com *.youtube.com *.amazonaws.com ws://localhost:3000; style-src 'self' 'unsafe-inline'; font-src 'self' * data:; 5 upgrade-insecure-requests; base-uri 'self'; 5 frame-ancestors 'self' https://portais.cruzeirodosuleducacional.edu.br https://noticias.cruzeirodosuleducacional.edu.br https://www.cruzeirodosuleducacional.edu.br https://www.cruzeirodosulvirtual.com.br https://www.cruzeirodosul.edu.br https://www.unicid.edu.br https://www.unifran.edu.br https://www.unipe.edu.br https://www.udf.edu.br https://www.modulo.edu.br https://www.fass.edu.br https://www.ceunsp.edu.br https://www.cesuca.edu.br https://www.fsg.edu.br https://www.brazcubas.edu.br https://www.up.edu.br https://constesuahistoria.cruzeirodosulvirtual.com.br https://constesuahistoria.cruzeirodosul.edu.br https://constesuahistoria.unicid.edu.br https://constesuahistoria.unifran.edu.br https://constesuahistoria.unipe.edu.br https://constesuahistoria.udf.edu.br https://constesuahistoria.modulo.edu.br https://constesuahistoria.fass.edu.br https://constesuahistoria.ceunsp.edu.br https://constesuahistoria.cesuca.edu.br https://constesuahistoria.fsg.edu.br https://constesuahistoria.brazcubas.edu.br https://constesuahistoria.up.edu.br https://simule.pravaler.com.br https://cadastro.creditouniversitario.com.br 5 upgrade-insecure-requests; frame-ancestors 'self' https://*.schaeffler.com; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://cdn.cookielaw.org https://www.schaeffler.com https://*.schaeffler-cdn.com https://*.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://*.fbcdn.net https://*.twimg.com/ https://*.ytimg.com https://*.ggpht.com/ https://*.licdn.com https://cdn.socialstudio.radian6.com data: blob:; 5 ; 5 default-src *; script-src 'unsafe-inline' 'unsafe-eval' https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://americannational.com https://*.lifeannuitydi.com https://*.inmoment.com https://tagmanager.google.com https://www.googletagmanager.com https://*.airkit.com https://*.airkitapps.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://unpkg.com https://*.vtimg.com https://*.assistant.watson.appdomain.cloud https://*.ytimg.com http://*.angularjs.org https://*.youtube.com https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 5 'self' 5 frame-ancestors 'self' https://moderncampus.lookbookhq.com https://moderncampus.pathfactory.com https://resources.moderncampus.com http://moderncampus.lookbookhq.com http://moderncampus.pathfactory.com http://resources.moderncampus.com; 5 default-src * 'unsafe-inline' 'unsafe-eval'; 5 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src * data:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 5 img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval';worker-src blob:; 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com https://cdn.insight.sitefinity.com https://code.jquery.com/jquery-3.4.1.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js *.youtube.com/ https://youtube.com https://player.vimeo.com/api/player.js https://vjs.zencdn.net/7.11.4/video.min.js connect.facebook.net https://connect.facebook.net/en_US/fbevents.js platform.twitter.com https://syndication.twitter.com/ https://analytics.twitter.com/i/adsct platform.linkedin.com https://www.linkedin.com/ https://s.ytimg.com https://publish.twitter.com https://twitter.com/ https://static.ads-twitter.com/uwt.js ajax.aspnetcdn.com *.twimg.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://sopra-steria.career-inspiration.com/js/fbapppromobox.js https://snap.licdn.com/ https://sjs.bizographics.com/insight.min.js https://secure.quantserve.com/quant.js https://rules.quantcount.com/rules-p-U-rxjfyRkAJ0Y.js https://static.pathmotion.io/initjs/init.min.js https://rules.quantcount.com/rules-p-5eXwvumSeTF0n.js *.lfeeder.com *.leadfeeder.com https://pi.pardot.com/pd.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://pi.pardot.com/ https://go.soprasteria.de/ https://walls.io/js/ https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/ https://chatbot-widget.jobijoba.io https://ytimg.com https://siteimproveanalytics.com/js/siteanalyze_6035851.js https://npmcdn.com/imagesloaded@4.1/imagesloaded.pkgd.js https://tags.inzynk.io/cl383xbw/iztag.js https://analytics.inzynk.io/v/cl383xbw https://player.gobistories.com/index.js https://www.buzzsprout.com https://tag.aticdn.net/piano-analytics.js https://*.xiti.com https://*.ati-host.net https://*.aticdn.net https://unpkg.com https://tagmanager.google.com *.googletagmanager.com cdn1.readspeaker.com *.goldenbees.fr/ https://cdn.goldenbees.mgr.consensu.org/ https://cdnjs.cloudflare.com/ajax/libs/videojs-youtube/2.5.0/Youtube.min.js https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.6/xlsx.full.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/js/bootstrap-multiselect.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.1/iframeResizer.min.js https://www2.soprasteria.no https://analytics.inzynk.io */widget/v1/sr-job-alerts.js https://widget.gobistories.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://pixel.quantserve.com/pixel https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/css/bootstrap-multiselect.css https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css cdn1.readspeaker.com https://chatbot-widget.jobijoba.io https://fonts.googleapis.com https://vjs.zencdn.net/7.11.4/video-js.css https://www.googletagmanager.com/debug/badge.css; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://dc.ads.linkedin.com/collect/ https://px.ads.linkedin.com/ https://t.co/i/adsct https://counter.adcourier.com https://stats.g.doubleclick.net/r/collect https://pixel.quantserve.com/ data: blob: *.cdninstagram.com *.lfeeder.com *.leadfeeder.com *.google.fr/ads/ *.google.com/ads/ https://cdn.recman.no/ https://i.ytimg.com/ https://cdn.jobijoba.com https://hellojaiblog.files.wordpress.com https://media.giphy.com https://s3.eu-central-1.amazonaws.com https://ytimg.com https://6035851.global.siteimproveanalytics.io/ https://conv.indeed.com/pagead/conv/5314231913872130/ https://img.youtube.com/ https://media-proxy.gobistories.co/ https://res.cloudinary.com https://ad.doubleclick.net https://analytics.twitter.com https://www.googletagmanager.com; media-src 'self' data: blob: https://lesjoiesducode.fr/ https://firebasestorage.googleapis.com https://s3.eu-central-1.amazonaws.com https://youtube.com https://googlevideo.com https://cdn.jobijoba.com https://www.youtube.com/ https://res.cloudinary.com; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://karriere.soprasteria.de/ https://candidate.hr-manager.net/ https://my.walls.io/ https://www.google.com/ https://sopra.symex.be/ https://charts.symex.be/ https://maps.google.com/ https://sopra-steria.career-inspiration.com/ https://youtube.com https://chatbot-webview.jobijoba.io https://app-eu.readspeaker.com/ https://app.livestorm.co/ https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/ https://www.buzzsprout.com https://forms.office.com/ https://app.powerbi.com/ https://subscriptions.smartrecruiters.com/ https://go.soprasteria.com/ https://smrtr.io/ https://join.smartrecruiters.com/; child-src 'self' blob: *.twitter.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com *.facebook.com badge.stumbleupon.com https://charts.symex.be/ https://sopra.symex.be/ https://sopra-steria.career-inspiration.com/ *.google.com/ https://candidate.hr-manager.net/ https://karriere.soprasteria.de/ https://app-eu.readspeaker.com/; connect-src 'self' accounts.google.com *.sitefinity.com *.mktoresp.com https://maps.googleapis.com/ https://vimeo.com/ *.readspeaker.com https://media-eu.readspeaker.com/ https://cdn1.readspeaker.com/ https://www.digitale-exzellenz.de https://www.instagram.com *.lfeeder.com *.leadfeeder.com https://vttts-eu.readspeaker.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatbot-widget.jobijoba.io wss://chatbot-api.jobijoba.io https://chatbot-api.jobijoba.io https://www.linkedin.com/ https://api.gobistories.co/ https://api.gobistories.com/ https://res.cloudinary.com https://*.xiti.com https://*.ati-host.net https://*.aticdn.net https://cdn.linkedin.oribi.io https://analytics.inzynk.io; 5 default-src 'self' data: blob: *.conac.cn *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 5 frame-ancestors 'self' https://app.storyblok.com; 5 default-src 'self'; font-src *;img-src * data:; script-src *; style-src *; 5 default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' data: blob: https:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; form-action 'self' https:; object-src https:; media-src blob: data: https:; style-src https: 'unsafe-inline'; frame-ancestors 'self' https://static.mysph.sph.com.sg;upgrade-insecure-requests; 5 default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.intellimizeditor.com https://intellimizeditor.com https://cdn.intellimize.co https://ajax.googleapis.com https://ajax.cloudflare.com https://analytics.twitter.com https://api.intellimize.co https://app-abk.marketo.com https://audience.nrich.ai https://bat.bing.com https://boards.greenhouse.io https://cdn.ampproject.org https://cdn.cookielaw.org https://cdn.onesignal.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://js.chilipiper.com https://maps.googleapis.com https://munchkin.marketo.net https://onesignal.com https://player.vimeo.com https://s.yimg.com https://sc.lfeeder.com https://script.crazyegg.com https://script.hotjar.com https://secure.esignlive.com https://secure.onespan.com https://serve.nrich.ai https://ssl.google-analytics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://static.hotjar.com https://tag.demandbase.com https://tag.nrich.ai https://tpc.googlesyndication.com https://translate.google.com https://tribl.io https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://d41.co https://*.d41.co https://embed.ustudio.com https://asana-user-private-us-east-1.s3.us-east-1.amazonaws.com https://id.rlcdn.com https://scout-cdn.salesloft.com https://tracking.g2crowd.com https://j.6sc.co https://view.ceros.com https://app.leandata.com https://js.driftt.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://optimize.google.com https://www.googleoptimize.com/; style-src 'self' 'report-sample' 'unsafe-inline' https://app-abk.marketo.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://js.chilipiper.com/ https://onesignal.com https://secure.onespan.com https://tag.demandbase.com https://translate.googleapis.com https://tribl.io https://use.fontawesome.com https://cdn.jsdelivr.net https://optimize.google.com; form-action 'self'; base-uri 'self'; object-src 'none'; connect-src 'self' https://*.clarity.ms https://*.company-target.com https://*.nr-data.net https://308-zmt-742.mktoresp.com https://308-zmt-742.mktoutil.com https://adservice.google.com https://analytics.google.com https://api.chilipiper.com https://api.intellimize.co https://audience.nrich.ai https://bat.bing.com https://cdn.cookielaw.org https://in.hotjar.com https://log.intellimize.co https://maps.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://s.yimg.com https://secure.onespan.com https://serve.nrich.ai https://stats.g.doubleclick.net https://tag.nrich.ai https://tracking.chilipiper.com https://translate.googleapis.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://cdn.linkedin.oribi.io https://www.facebook.com https://www.google-analytics.com https://app.leandata.com https://js.zi-scripts.com https://ws.zoominfo.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.by https://www.google.bs https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.cz https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.cg https://www.google.com.co https://www.google.com.cy https://www.google.com.cu https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kh https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.li https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.nl https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.com https://www.google.cu https://www.google.de https://www.google.dk https://www.google.dl https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fl https://www.google.fr https://www.google.ge https://www.google.gm https://www.google.gr https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.lk https://www.google.li https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rw https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.vu https://www.google.zm https://www.googletagmanager.com https://cs.lf-discover.com https://*.d41.co https://d41.co https://se-services.intellimize.co https://*.salesloft.com https://*.6sc.co https://www.google.co.ls https://www.google.bi https://www.google.com.af https://www.google.tt https://www.google.ws https://www.google.st https://www.google.gg https://www.google.im https://secure.adnxs.com/ https://js.driftt.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src https://*.esignlive.com/ https://*.onespan.com https://api.intellimize.co https://app.intellimize.co https://*.intellimizeio.com https://onespan.chilipiper.com https://apps.chilipiper.com https://app-abk.marketo.com https://bid.g.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://sandbox.esignlive.com https://secure.onespan.com https://test.api.intellimize.co https://tpc.googlesyndication.com https://tribl.io https://vars.hotjar.com https://vimeo.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.youtube.com https://youtube.com https://*.prod.acquia-sites.com https://embed.ustudio.com/ https://view.ceros.com/ https://app.leandata.com https://js.driftt.com https://optimize.google.com; img-src 'self' data: blob: *; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://ea04e958cc13a15d0bbc4cbc506ff315.report-uri.com/r/d/csp/enforce; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com fast.fonts.net siteimproveanalytics.com snap.licdn.com *.googleapis.com *.cloudfront.net ipmeta.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.fonts.net p.typekit.net use.typekit.net; font-src 'self' data: fast.fonts.net fonts.googleapis.com fonts.gstatic.com use.typekit.net; img-src 'self' data: www.faegrebd.com *.google-analytics.com 29268.global.siteimproveanalytics.io p.adsymptotic.com px.ads.linkedin.com fast.fonts.net; frame-src 'self' *.google.com cdn.yoshki.com faegredrinker.mediasite.com html5-player.libsyn.com player.pbs.org legaltalknetwork.com sho.co *.youtube.com *.vimeo.com podcast-stream.wbez.org *.embedly.com; connect-src 'self' *.google-analytics.com analytics.google.com fast.fonts.net *.doubleclick.net cdn.linkedin.oribi.io ipmeta.io; upgrade-insecure-requests; block-all-mixed-content; 5 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data:; 5 frame-ancestors *; report-uri /log/csp-violation 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.medcity.net https://youtube.com https://www.youtube.com https://*.googleapis.com https://*.google.com https://*.formstack.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.healthgrades.com *.undertone.com *.facebook.net *.facebook.com *.trkn.us *.jotform.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://translate.google.com https://fonts.gstatic.com https://www.gstatic.com; img-src 'self' data: https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.ytimg.com https://*.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://carelinkhca.my.salesforce-sites.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net; frame-src 'self' 'unsafe-inline' https://*.clearstep.health https://www.youtube.com https://youtube.com *.crazyegg.com https://*.medcity.net *.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; upgrade-insecure-requests; block-all-mixed-content; 5 frame-ancestors 'self' *.authorize.net; 5 frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 5 frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 5 default-src 'self' *.driftt.com widget.drift.com *.smartrecruiters.com *.clickagy.com *.zoominfo.com *.coveo.com *.fluidads.com *.stackadapt.com *.truste.com *.omtrdc.net *.livechatinc.com *.chatbot.com *.adobe.com c.6sc.co secure.adnxs.com epsilon.6sense.com *.tableau.com *.experian.com *.experianmarketingservices.com api.ipgeolocation.io *.adobedtm.com *.adsrvr.org *.ads-twitter.com *.bing.com *.brightcove.com *.brightcove.net *.brightfunnel.com *.cloudflare.com *.demdex.net *.doubleclick.net *.eloqua.com *.everesttech.net *.facebook.com *.facebook.net metrics1.experian.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hsadspixel.net *.hs-analytics.net *.hsappstatic.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hs-scripts.com *.hubapi.com *.hubspot.com *.hubspot.net *.licdn.com *.linkedin.com *.omappapi.com *.omniture.com *.optmnstr.com *.terminus.services *.twimg.com *.twitter.com *.usemessages.com *.youtube.com *.zencdn.net *.google-analytics.com img.en25.com p.adsymptotic.com bcove.video *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net manifest.prod.boltdns.net *.media.brightcove.com *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 5 default-src https: data: 'unsafe-inline' 5 img-src * 5 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 5 frame-ancestors https://*.myshopify.com https://admin.shopify.com 5 frame-ancestors 'self' weleda.sabio.de 5 object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 5 img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data: 5 default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 5 upgrade-insecure-requests;frame-ancestors 'self' engage.dnb.com; 5 frame-ancestors 'self' http://webvisor.com https://webvisor.com 5 default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 5 worker-src 'http://test.datalex.org' 'http://www.lawnet.sg'; 5 default-src * https: data: 'unsafe-eval' 'unsafe-inline' blob:; 5 child-src 'self' blob: tr.snapchat.com sc-static.net static.ads-twitter.com https://*.tagcommander.com *.tagcommander.com optimize.google.com gateway.euronext.com forms.logiforms.com https://*.iadvize.com *.iadvize.com *.trustedshops.com aax-eu.amazon-adsystem.com *.trustcommander.net *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net www.ausschreiben.de cdn.thinglink.me *.thinglink.com form.123formbuilder.com https://form.123formbuilder.com https://px.ads.linkedin.com *.px.ads.linkedin.com https://www.linkedin.com/ *.linkedin.com https://d6tizftlrpuof.cloudfront.net player.teester.com landings.somfy.co.il my.matterport.com *.myfeelback.com *.kameleoon.com *.kameleoon.eu https://somfyicebucket.com actorssl-5637.kxcdn.com 5 object-src 'none'; frame-ancestors 'self'; report-uri https://ribboncommunications.com/report-uri/enforce 5 frame-ancestors 'self' https://accept.authorize.net 5 frame-ancestors https://findmyforevermate.com 5 default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; frame-ancestors 'self' ; base-uri 'self'; 5 frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com; 5 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com https://sdk.privacy-center.org/ https://api.privacy-center.org/; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ 5 default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' 5 frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 5 upgrade-insecure-requests; frame-ancestors: self 5 default-src 'self'; connect-src *;font-src * data:;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; frame-src * 5 default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src *; 5 frame-ancestors 'self' *; upgrade-insecure-requests; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 5 frame-ancestors 'self' https://*.storyblok.com/ 5 default-src 'self' https: 'unsafe-inline';img-src 'self' data: https:;font-src 'self' data: https:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:;object-src 'none';form-action 'self';frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' https://marvel-b1-cdn.bc0a.com https://play.vidyard.com https://www.facebook.com https://www.google-analytics.com https://www.google.com * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://use.typekit.net *; upgrade-insecure-requests; script-src https://play.vidyard.com https://www.facebook.com https://www.google-analytics.com https://www.google.com 'unsafe-inline' 'unsafe-eval' *; block-all-mixed-content; 5 default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi occhat.elisa.fi stat.traficom.fi stat.viestintavirasto.fi 10.250.193.20 'nonce-9607db27-11d1-40fb-a27c-3fbb81ede6eb'; img-src 'self' data: *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi 'nonce-9607db27-11d1-40fb-a27c-3fbb81ede6eb'; font-src 'self' occhat.elisa.fi; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi https://stat.viestintavirasto.fi https://stat.traficom.fi; form-action 'self' 5 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src * data: blob: 'unsafe-inline'; 5 default-src * data: blob: 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sodonsolution.org *.sodonsolution.com www.google-analytics.com www.googletagmanager.com www.gstatic.com maps.gstatic.com maps.googleapis.com cse.google.com www.google.com www.youtube.com connect.facebook.net staticxx.facebook.com graph.facebook.com platform.twitter.com s.ytimg.com static.whatshelp.io certify-js.alexametrics.com cdnjs.cloudflare.com static.getbutton.io js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.usemessages.com js.hscollectedforms.net erxes.bid-finance.mn geo.erxes.io;style-src 'self' 'unsafe-inline' *.sodonsolution.org *.sodonsolution.com www.gstatic.com cse.google.com www.google.com static.whatshelp.io geo.erxes.io;connect-src 'self' *.sodonsolution.org *.sodonsolution.com www.google-analytics.com www.googletagmanager.com connect.facebook.net staticxx.facebook.com graph.facebook.com api.hubspot.com forms.hubspot.com whatshelp.io geo.erxes.io www.membership.mn:8080 *.trademongolia.mn; 5 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'none'; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com https://cobertura.cwpanama.com https://cwpanama.speedtestcustom.com https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com; form-action *; worker-src * blob:; 5 default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval' 5 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 5 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' 5 frame-ancestors 'self' https://*.hotjar.com 5 frame-ancestors 'self' https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 5 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; base-uri 'self'; 5 default-src 'self' *.wistia.com *.hotjar.com www.google.com www.google.co.in pages.wcgclinical.com www.google-analytics.com *.doubleclick.net; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.tickcounter.com *.wcgclinical.com www.googletagmanager.com *.marketo.com pages.wcgclinical.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.hotjar.com *.marketo.net *.cloudfront.net *.mktoresp.com www.google.com *.cdntwrk.com snap.licdn.com *.wistia.com *.wistia.net wcgclinical.staging.wpengine.com widget.yeps.io www.buzzsprout.com; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com pages.wcgclinical.com *.cdntwrk.com *.wcgclinical.com *.marketo.com; object-src 'self'; base-uri 'self'; connect-src 'self' *.doubleclick.net *.hotjar.io *.hotjar.com *.mktoresp.com *.hotjar.io *.wistia.com *.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.yeps.io embedwistia-a.akamaihd.net; font-src 'self' fonts.gstatic.com data:; frame-src 'self' *.wcgclinical.com *.tickcounter.com *.doubleclick.net *.hotjar.com www.google.com *.wistia.net *.wistia.com *.powerbi.com *.youtube.com *.vimeo.com wcgclinical.outgrow.us *.five9.com *.marketo.com www.buzzsprout.com data:; img-src 'self' *.mmgo.io *.gravatar.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.in *.cdntwrk.co *.cdntwrk.com *.wistia.net *.wistia.com *.fdanews.com via.placeholder.com wcgclinical.staging.wpengine.com embedwistia-a.akamaihd.net wcgclinical.wpengine.com px.ads.linkedin.com *.cookielaw.org data:; media-src 'self' *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com data: blob:; worker-src 'self' blob: 5 frame-ancestors 'self' https://auto-emotion.cupra.de https://showcase.cupra.de.showcase.dev.cupra.de; 5 default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gg 4 default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://*.actions.githubusercontent.com github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 4 default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src 'self' data: blob: *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net fonts.gstatic.com;img-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;media-src 'self' data: blob: *.fbcdn.net;frame-src 'self' data: blob: *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests; 4 frame-ancestors 'self' imdb.com *.imdb.com *.media-imdb.com withoutabox.com *.withoutabox.com amazon.com *.amazon.com amazon.co.uk *.amazon.co.uk amazon.de *.amazon.de translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com 4 default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 4 report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net data: https://www.facebook.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://snap.licdn.com; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://sales-live-chat.stripe.com https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://register.stripesessions.com https://b.stripecdn.com https://crypto-js.stripe.com https://sales-live-chat.stripe.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-eNaGg+YMox6LtUAMUegc8RPYMvlgqKfr5wXhQq7t0rU=' 'sha256-2FWbbMoT7waHBCiV2wuUG048ErDHcGNjbfOOSp5PtJs=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://crypto-js.stripe.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com http://dev-embed.notion.co http://embed.notion.co https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://api.smooch.io https://solve-widget.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://analytics.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com https://static.profitwell.com js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://player.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://api-v2.mutinyhq.io https://client-registry.mutinycdn.com https://client.mutinycdn.com https://user-data.mutinycdn.com https://cdn.metadata.io https://platformapi.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://cdn.transcend.io https://x.clearbitjs.com http://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net http://munchkin.marketo.net https://414-xmy-838.mktoresp.com http://414-xmy-838.mktoresp.com https://414-xmy-838.mktoutil.com http://414-xmy-838.mktoutil.com https://info.notion.com http://info.notion.com https://bat.bing.com https://s.yimg.jp https://assets.customer.io http://track.customer.io https://track.customer.io http://www.youtube.com https://js.partnerstack.com https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://cdn01.boxcdn.net https://cdn.sprig.com assets.customer.io code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com;connect-src 'self' data: blob: https://msgstore.www.notion.so wss://msgstore.www.notion.so ws://localhost:* ws://127.0.0.1:* https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly http://dev-embed.notion.co http://embed.notion.co https://js.intercomcdn.com https://api-iam.intercom.io https://uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://api.segment.io https://analytics.pgncs.notion.so https://api.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://player.vimeo.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://api-v2.mutinyhq.io https://client-registry.mutinycdn.com https://client.mutinycdn.com https://user-data.mutinycdn.com https://cdn.metadata.io https://platformapi.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://cdn.transcend.io https://telemetry.transcend.io https://x.clearbitjs.com http://x.clearbitjs.com http://app.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net http://munchkin.marketo.net https://414-xmy-838.mktoresp.com http://414-xmy-838.mktoresp.com https://414-xmy-838.mktoutil.com http://414-xmy-838.mktoutil.com https://info.notion.com http://info.notion.com https://bat.bing.com https://s.yimg.jp https://assets.customer.io http://track.customer.io https://track.customer.io http://www.youtube.com https://js.partnerstack.com https://grsm.io/ https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://file.notion.so notion://file.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com track.customer.io *.api.gist.build *.cloud.gist.build;font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com fonts.gstatic.com https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com http://track.customer.io https://track.customer.io https://file.notion.so notion://file.notion.so https://*.mux.com track.customer.io;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://cdn.transcend.io fonts.googleapis.com https://cdn01.boxcdn.net code.gist.build;worker-src blob: self;child-src blob: self;media-src blob: https: http: https://file.notion.so notion://file.notion.so https://*.mux.com;frame-src https: http: https://accounts.google.com renderer.gist.build code.gist.build https://challenges.cloudflare.com 4 default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net *.change.org change-production.s3.amazonaws.com change-public-stuff.s3.amazonaws.com *.google.ca *.googleadservices.com *.youtube.com *.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.recaptcha.net *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net fbrpc://* fb-messenger://* *.twitter.com *.twimg.com *.ads-twitter.com ajax.cdnjs.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.braintree-api.com *.stripe.com *.dlocal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com px-cdn.net *.px-cdn.net *.px-client.net *.px-cloud.net pxchk.net *.pxchk.net *.hotjar.com:* *.hotjar.io wss://*.hotjar.com p2a.co *.profitwell.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.messagebird.com *.pushnotifications.pusher.com js.pusher.com secure.everyaction.com d3rse9xjbp8270.cloudfront.net *.ngpvan.com js2.verygoodvault.com code.jquery.com cdn.embedly.com player.vimeo.com bat.bing.com soundcloud.com *.soundcloud.com www.instagram.com www.flickr.com *.staticflickr.com *.voteamerica.com *.jotform.com actionnetwork.org *.airbrake.io browser-update.org *.tiktok.com *.bannerbear.com us-central1-niftic-agency.cloudfunctions.net/openai/generate-draft d2yyd1h5u9mauk.cloudfront.net web.delighted.com cdn.iframe.ly change.my.salesforce.com help.change.org; font-src 'self' data: *.change.org d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net fonts.gstatic.com *.hotjar.com *.hotjar.io d3rse9xjbp8270.cloudfront.net; img-src * blob: data:; form-action 'self' 4 frame-ancestors 'self' *.nike.com *.nikecloud.com *.nikedev.com 4 frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca https://*.us.adp; 4 frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com *.viceops.net 4 default-src *.asus.com *.asus.com.cn *.freshworksapi.com https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:;style-src * 'unsafe-inline';object-src *; script-src *.asus.com *.asus.com.cn https: 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors 'self'; 4 default-src 'self' *.starbucks.com *.starbucks.ca; child-src 'self' *.starbucks.com *.starbucks.ca *.doubleclick.net *.optimizely.com *.trustarc.com; connect-src 'self' *.starbucks.com *.starbucks.ca https://fonts.gstatic.com *.akamaihd.net *.akstat.io *.doubleclick.net *.go-mpulse.net *.google-analytics.com *.googlevideo.com *.nr-data.net *.optimizely.com *.pinterest.com *.trustarc.com; font-src 'self' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com https://fonts.gstatic.com *.trustarc.com; img-src 'self' data: *.starbucks.com *.starbucks.ca https://*.gstatic.com *.adsrvr.org *.agkn.com *.akamaihd.net *.appcast.io *.bing.com *.doubleclick.net *.facebook.com *.ggpht.com *.google.com *.google-analytics.com *.googletagmanager.com *.nr-data.net *.pinterest.com *.snapchat.com *.trustarc.com *.truste.com *.videoamp.com *.xg4ken.com *.ytimg.com; manifest-src 'self' *.starbucks.com *.starbucks.ca; media-src 'self' blob: *.starbucks.com *.starbucks.ca *.youtube.com; frame-src 'self' *.optimizely.com *.trustarc.com *.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.starbucks.com *.starbucks.ca cdnjs.com *.appcast.io *.bing.com *.doubleclick.net *.facebook.net *.go-mpulse.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.newrelic.com *.nr-data.net *.optimizely.com *.pinimg.com *.sc-static.net *.snapchat.com *.trustarc.com *.xg4ken.com; style-src 'self' 'unsafe-inline' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com; report-uri /webhooks/csp-report; 4 script-src 'sha256-OIpYYX7CBR4HDHttLa/0kANAtkjPACNrfJLTCiAiZFY=' 'self' jobs.jobvite.com www.googletagmanager.com 4 connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://*.adaptv.advertising.com https://trk.vidible.tv https://beap.gemini.yahoo.com https://api.cloudinary.com; object-src https://*.engadget.com https://s.yimg.com https://api.cloudinary.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net; connect-src 'self' https://*.engadget.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://assets.video.yahoo.net https://cdn-ssl.vidible.tv/prod https://*.doubleclick.net https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://s.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://ads.adaptv.advertising.com https://video.adaptv.advertising.com https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://*.pictela.net https://api.cloudinary.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; 4 upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 4 default-src 'self' feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://service.maxymiser.net/ https://tags.tiqcdn.com/ https://*.netsuite.com https://consent.truste.com https://*.trustarc.com https://*.bing.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://static.atgsvcs.com https://rules.atgsvcs.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://www.rnengage.com https://*.rightnowtech.com https://assets.adobedtm.com https://img.en25.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.akamaihd.net https://*.demdex.net https://*.omtrdc.net https://*.adobetag.com https://*.linkedin.com https://*.licdn.com https://*.2o7.net https://tags.bkrtx.com https://flex.atdmt.com https://*.oracleinfinity.io https://dqm.crownpeak.com/ https://app.hushly.com https://script.crazyegg.com https://activitymap.adobe.com https://static.ocecdn.oraclecloud.com https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://fonts.googleapis.com https://app.hushly.com https://hud.crazyegg.com; img-src * data: ; frame-src 'self' https://service.maxymiser.net/ https://go.netsuite.com https://*.doubleclick.net https://*.youtube.com https://*.youtu.be https://*.facebook.com https://*.facebook.net https://*.omtrdc.net https://*.trustarc.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat-na--tst1.custhelp.com https://netsuite-salechat-na.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com https://*.demdex.net https://*.bluekai.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://hud.crazyegg.com https://activitymap.adobe.com; connect-src 'self' https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com https://*.omtrdc.net https://*.demdex.net https://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://www-stage.oracle.com https://api.crownpeak.net/ https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com https://hud.crazyegg.com https://app.hushly.com https://*.google-analytics.com https://cdn.linkedin.oribi.io/partner/297948/domain/netsuite.com/token https://www.facebook.com https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net; font-src 'self' data:; media-src 'self' blob: ;child-src 'self' blob: ; report-uri https://nlcorp.app.netsuite.com/app/security/csp/cspaudit.nl 4 frame-ancestors 'self' https://partner.tp-link.com https://partner-test.tp-link.com 4 child-src 'unsafe-inline' 'self' *.directnic.net *.livechatinc.com *.paypal.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.g.doubleclick.net *.braintree.com *.hcaptcha.com; frame-ancestors 'self' directnic.net; 4 frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://beta.theweathernetwork.com https://beta.theweathernetwork.com http://beta.meteomedia.com https://beta.meteomedia.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca 4 frame-ancestors 'self' http://webvisor.com http://*.webvisor.com 4 frame-ancestors na.amzheimdall.com delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.vrsnl.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 4 default-src 'none'; form-action 'self'; frame-ancestors 'self' https://*.matomo.cloud https://*.innocraft.cloud http://localhost; base-uri 'self' https://demo-web.matomo.org https://web.innocraft.cloud; prefetch-src 'self'; connect-src 'self' https://matomo.org https://web.innocraft.cloud https://www.userlike.com https://cdn.plyr.io https://demo-web.matomo.org https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://chat.userlike.com wss://umd.userlike.com https://api.userlike.com https://video.matomo.org; script-src 'self' https://userlike-cdn-umm.b-cdn.net https://web.innocraft.cloud https://cdn.matomo.cloud https://embed.clickmeeting.com https://madmimi.com http://ajax.googleapis.com https://cdn.shortpixel.ai https://cdnjs.cloudflare.com https://www.youtube.com api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://static.matomo.org https://demo-web.matomo.org https://m-img.org 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org https://fonts.googleapis.com; img-src 'self' https://demo-web.matomo.org https://web.innocraft.cloud https://plugins.matomo.org https://qrcode.kaywa.com https://raw.githubusercontent.com https://user-images.githubusercontent.com https://m-img.org https://piwik.org https://matomo.org https://static.matomo.org https://video.matomo.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com data:; media-src 'self' https://video.matomo.org https://www.matomo.org https://matomo.org blob:; font-src 'self' https://userlike-cdn-umm.b-cdn.net https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org data: https://fonts.gstatic.com https://github.com https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://play.quickchannel.com https://matomo.clickmeeting.com https://embed.clickmeeting.com https://www.youtube-nocookie.com https://demo.matomo.cloud https://demo-web.matomo.org https://demo2.piwik.org https://demo2.matomo.org; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://public.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com/launcher.js https://bat.bing.com https://www.youtube.com https://www.clarity.ms https://cdnjs.cloudflare.com https://webto.salesforce.com https://tracker.adreadyclick.com https://code.jquery.com https://kit.fontawesome.com https://survey.alchemer.com https://www.surveygizmo.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://*.go-mpulse.net https://*.rfihub.net https://cdn.boomtrain.com https://secure.adnxs.com https://acdn.adnxs.com https://*.kaltura.com https://live.rezync.com https://www.googleadservices.com https://*.hotjar.com https://www.googleadservices.com https://analytics.tiktok.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://sc-static.net https://snap.licdn.com https://*.optimix.cn https://munchkin.marketo.net https://cdn.resonate.com https://libjs.s4mdsp.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js.hs-scripts.com https://www.googletagmanager.com https://*.ets.org https://assets.adobedtm.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://888-oul-143.mktoweb.com; style-src 'self' 'unsafe-inline' https://www.surveygizmo.com https://fonts.googleapis.com https://*.ets.org https://maxcdn.bootstrapcdn.com https://assets.adobedtm.com https://ka-f.fontawesome.com https://888-oul-143.mktoweb.com; font-src 'self' data: https://ka-p.fontawesome.com https://www.surveygizmo.com https://*.kaltura.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://ka-f.fontawesome.com https://*.kaltura.com; connect-src 'self' https://kit.fontawesome.com https://webto.salesforce.com https://www.livelook.com/cobrowse/auth https://www.livelook.com https://*.clarity.ms/ https://ka-p.fontawesome.com https://pixelconnector.adready.com https://*.kaltura.com https://*.akamaihd.net https://*.rfihub.net https://*.akstat.io https://*.go-mpulse.net https://*.hotjar.com https://people.api.boomtrain.com https://events.api.boomtrain.com https://www.facebook.com https://analytics.tiktok.com https://lm.serving-sys.com https://secure-ds.serving-sys.com https://tr-shadow.snapchat.com https://cdn.linkedin.oribi.io https://analytics.google.com https://stats.g.doubleclick.net https://709-zco-379.mktoresp.com https://www.google-analytics.com https://ds.reson8.com https://forms.hscollectedforms.net https://*.ets.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://ka-f.fontawesome.com https://cdn.cookielaw.org wss://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; frame-src 'self' https://public.cobrowse.oraclecloud.com https://s.amazon-adsystem.com https://*.kaltura.com https://*.fls.doubleclick.net https://*.rfihub.com https://www.facebook.com https://*.snapchat.com https://e03.optimix.cn https://www.google-analytics.com https://888-oul-143.mktoweb.com https://www.youtube.com https://*.ets.org https://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com https://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com https://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; media-src 'self' blob: https://*.kaltura.com; img-src 'self' data: https: https://www.surveygizmo.com https://i.ytimg.com https://www.google-analytics.com https://aax-eu.amazon-adsystem.com https://bx01.optimix.cn https://cm.g.doubleclick.net https://e03.optimix.cn https://forms.hsforms.com https://track.hubspot.com https://www.google.com https://www.facebook.com https://px.ads.linkedin.com https://cfvod.kaltura.com https://maps.gstatic.com https://cdn.cookielaw.org https://objectstorage.us-ashburn-1.oraclecloud.com https://*.akstat.io; worker-src blob: https:; 4 default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.sas.com assets.adobedtm.com ssl.google-analytics.com accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com *.amuselabs.com amuselabs.com feedback-us.app.khoros.com *.jmp.com *.outgrow.us;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics *.curriculumpathways.com *.hubb.me 4 frame-ancestors https://*.publons.com:* http://*.publons.com:* https://publons.com:* https://cortellis.com:* https://*.cortellis.com:* http://*.cortellis.com:* https://cortellis.cn:* https://*.cortellis.cn:* http://*.cortellis.cn:* https://*.clarivate.com:* http://*.clarivate.com:* https://*.dev-wos.com:* http://*.dev-wos.com:* https://*.endnote.com:* http://*.endnote.com:* https://*.myendnoteweb.com:* http://*.myendnoteweb.com:* https://myendnoteweb.com:* https://*.dev-cortellis.com:* http://*.dev-cortellis.com:* https://*.ezproxy.auckland.ac.nz:* http://*.ezproxy.auckland.ac.nz:* http://*.dev.oneplatform.build:* https://*.dev.oneplatform.build:* https://*.cptest.idm.oclc.org:* https://*.idm.oclc.org:* https://*.libproxy.albany.edu:* https://*.twu.edu:* http://*.dev-cortellis.cn:* https://*.dev-cortellis.cn:* http://webofscience.com:* https://webofscience.com:* http://*.webofscience.com:* https://*.webofscience.com:* https://*.proxy.lnu.se:* https://*.ub.oru.se:* https://*.griffith.edu.au:* https://*.uexternado.edu.co:*; sandbox allow-top-navigation allow-same-origin allow-scripts allow-popups allow-forms 4 connect-src 'self' https://surveystats.hotjar.io https://*.hotjar.io https://*.clarity.ms https://l.getsitecontrol.com https://dash.getsitecontrol.com https://gse.gigaset.com *.hotjar.com wss://*.hotjar.com *.getsitectrl.com https://api.chatchamp.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu graphql.usercentrics.eu stats.g.doubleclick.net www.google-analytics.com www.google.de bat.bing.com halc.iadvize.com in.hotjar.com s.adroll.com ct.pinterest.com https://fast-static.smarketer.de https://*.billwerk.com sandbox.billwerk.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com vc.hotjar.io ws3.hotjar.com ws7.hotjar.com wss://ws3.hotjar.com wss://ws7.hotjar.com www.facebook.com www.google.ch www.google.com www.google.fr ws6.hotjar.com wss://ws6.hotjar.com www.google.co.uk ws10.hotjar.com ws4.hotjar.com ws8.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws4.hotjar.com wss://ws8.hotjar.com www.google.be www.google.hr www.google.it www.google.nl www.google.ru ws12.hotjar.com ws18.hotjar.com ws2.hotjar.com wss://ws12.hotjar.com wss://ws18.hotjar.com wss://ws2.hotjar.com ws5.hotjar.com wss://ws5.hotjar.com www.google.es www.google.se www.google.com.tr www.google.cz ws17.hotjar.com wss://ws17.hotjar.com ws15.hotjar.com wss://ws15.hotjar.com www.google.co.in ws16.hotjar.com wss://ws16.hotjar.com www.google.com.cy www.google.pl ws9.hotjar.com wss://ws9.hotjar.com ws11.hotjar.com wss://ws11.hotjar.com app.getsitecontrol.com ws1.hotjar.com www.google.at d.adroll.com ws13.hotjar.com ws14.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com www.google.gr api.trustbadge.etrusted.com www.google.cl www.google.co.cr www.google.co.za www.google.com.ar www.google.rs service.gigaset.com www.google.ba www.google.dk www.google.ae network-eu.bazaarvoice.com www.google.hu wss://ff.kis.v2.scr.kaspersky-labs.com www.google.com.mx www.bing.com www.google.co.il www.google.co.ma www.google.co.ve www.google.com.bd www.google.com.co www.google.com.lb www.google.com.pe www.google.ie www.google.lu www.google.no www.google.pt www.google.ro www.google.si *.convertize.io pop1.getsitecontrol.com maps.googleapis.com *.etracker.de s.clcktrax.com *.analytics.google.com consent-api.service.consent.usercentrics.eu gcmatomo.gigaset.com https://fast.smarketer.de https://eu-api.friendlycaptcha.eu https://api.friendlycaptcha.com api.bazaarvoice.com accounts-eu.freshworks.com gigaset-org.freshworks.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.iamsmartad.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu app.usercentrics.eu connect.facebook.net data: googleads.g.doubleclick.net graphql.usercentrics.eu https://pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.facebook.com www.google-analytics.com www.google.com www.google.de https://www.googletagmanager.com www.youtube.com halc.iadvize.com bat.bing.com widgets.getsitecontrol.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com pixel.convertize.io p.typekit.net use.typekit.net ct.pinterest.com https://fast-static.smarketer.de s.pinimg.com ups.xplosion.de display.ugc.bazaarvoice.com s.adroll.com gse.gigaset.com ff.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com https://mpsnare.iesnare.com gcmatomo.gigaset.com accounts-eu.freshworks.com gigaset-org.freshworks.com; font-src https://script.hotjar.com use.typekit.net data: 'self' st.getsitecontrol.com fonts.gstatic.com github.com static3.avast.com gcmatomo.gigaset.com; form-action 'self' www.facebook.com feldtest.gigaset.com security.gigaset.com service.gigaset.com api.bazaarvoice.com 'unsafe-eval' ct.pinterest.com gigaset-org.freshworks.com accounts-eu.freshworks.com partner-service.gigaset.com; frame-ancestors 'self' www.gigaset.com *.etracker.com; img-src 'self' 'report-sample' https://c.clarity.ms/c.gif https://c.bing.com https://dsum-sec.casalemedia.com https://script.hotjar.com https://smarttracking.defacto-x.net https://m2.getsitecontrol.com https://trc.taboola.com https://d.adroll.com https://www.google.ee https://www.google.is app.usercentrics.eu googleads.g.doubleclick.net pixel.mathtag.com test.gse.gigaset.com tr.outbrain.com widgets.magentocommerce.com widgets.trustedshops.com www.facebook.com www.gigaset.com www.google-analytics.com www.google.com www.google.de display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com photos-uat-eu.bazaarvoice.com bat.bing.com data: d.adroll.com cdn.pay1.de image-charts.com www.googletagmanager.com ct.pinterest.com img.youtube.com network-eu-stg-a.bazaarvoice.com app.getsitecontrol.com media.getsitecontrol.com gse.gigaset.com insight.adsrvr.org network-eu.bazaarvoice.com pro-gse.gigaset.com www.google.ch www.google.co.uk www.google.com.tr www.google.com.tw www.google.es www.google.fr www.google.it www.google.nl www.google.pl photos-eu.bazaarvoice.com test.gigaset.com www.google.at www.google.be aax-eu.amazon-adsystem.com ads.yahoo.com cm.g.doubleclick.net connect.facebook.net network-eu-a.bazaarvoice.com stats.g.doubleclick.net sync.outbrain.com sync.taboola.com www.google.co.il www.google.cz www.google.hr www.google.lu www.google.ru www.google.sk www.gstatic.com www.google.com.lb translate.google.com www.google.se www.google.co.ao www.google.co.in www.google.co.kr www.google.com.mx www.google.hu www.google.no px.ads.linkedin.com www.awin1.com www.google.com.cy ib.adnxs.com i.ytimg.com www.google.az www.google.co.za www.google.com.bd www.google.fi www.google.pt www.google.co.cr www.google.ci www.google.com.sa www.google.rs www.google.gr android-webview-video-poster www.google.com.ar www.google.tn www.google.com.vn www.google.cl www.google.iq maps.googleapis.com maps.gstatic.com www.google.com.mt www.google.mn www.google.ro www.google.si www.google.ba blob: www.google.com.eg www.google.ae www.google.dk www.google.li pixel.rubiconproject.com pagead2.googlesyndication.com www.google.co.id www.google.co.ma www.google.ge www.google.ie www.linkedin.com analytics.google.com fcmatch.google.com fcmatch.youtube.com sync.mathtag.com ups.analytics.yahoo.com www.google.by www.google.cn www.google.co.ve www.google.com.br www.google.com.co www.google.com.et www.google.com.gt www.google.com.kw www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.ua dpm.demdex.net *.advertising.com *.pubmatic.com *.3lift.com *.bidswitch.net *.outbrain.com *.openx.net *.convertize.io www.etracker.de uct.service.usercentrics.eu s.clcktrax.com photos-us.bazaarvoice.com gcmatomo.gigaset.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://*.clarity.ms https://s2.getsitecontrol.com https://cdn.iamsmartad.com amplify.outbrain.com app.usercentrics.eu connect.facebook.net googleads.g.doubleclick.net js.chatchamp.com pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com halc.iadvize.com widgets.getsitecontrol.com analytics-static.ugc.bazaarvoice.com bat.bing.com display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com stg.api.bazaarvoice.com script.hotjar.com static.hotjar.com a.adroll.com d.adroll.com d.adroll.mgr.consensu.org s.adroll.com pixel.convertize.io secure.pay1.de s.pinimg.com cdn.xplosion.de ups.xplosion.de sandbox.billwerk.com selfservice.sandbox.billwerk.com https://*.billwerk.com https://selfservice.billwerk.com apps.bazaarvoice.com asn-trk.advolution.de st.getsitecontrol.com api.bazaarvoice.com network-eu.bazaarvoice.com tpc.googlesyndication.com gse.gigaset.com me.kis.v2.scr.kaspersky-labs.com static.iadvize.com www.google.com www.dwin1.com ad1.adfarm1.adition.com adfarm1.adition.com gc.kis.v2.scr.kaspersky-labs.com secure.adnxs.com snap.licdn.com maps.googleapis.com s2.adform.net track.adform.net www.pagespeed-mod.com 'unsafe-eval' cdn.taboola.com ff.kis.v2.scr.kaspersky-labs.com www.google.de www.google.it imagesrv.adition.com https://mpsnare.iesnare.com https://l.getsitecontrol.com/p7jz5lm4.js *.etracker.com *.etracker.de cdn.iamstudent.com s.clcktrax.com https://api.signalize.com/accounts/X3ssZWx/signalize.min.js *.analytics.google.com gcmatomo.gigaset.com https://fast-static.smarketer.de https://fast.smarketer.de; style-src data: 'self' 'unsafe-inline' display.ugc.bazaarvoice.com s.adroll.com p.typekit.net use.typekit.net gse.gigaset.com gc.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com me.kis.v2.scr.kaspersky-labs.com translate.googleapis.com gcmatomo.gigaset.com; child-src blob:; frame-src https://www.pinterest.de https://ir.tools.investis.com pixel.mathtag.com www.google.com www.facebook.com vars.hotjar.com secure.pay1.de www.youtube.com bid.g.doubleclick.net js.chatchamp.com api.bazaarvoice.com display.ugc.bazaarvoice.com tpc.googlesyndication.com cms.gigaset.com gigaset-prov.gigaset.com gigaset.secure.force.com where-to-buy.co www.googletagmanager.com player.vimeo.com ad2.adfarm1.adition.com 'self' gigaset-net.gigaset.com ct.pinterest.com forms.office.com verify.iamstudent.com www.iamstudentverify.com pwm-image.trendmicro.com www.pinterest.com gcmatomo.gigaset.com app.usercentrics.eu; 4 frame-ancestors https://*.complex.com 4 frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com 4 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: mediastream: android-webview-video-poster: https://*.goodrx.com http://blocked.goodrx.com https://*.grxstatic.com https://*.grxweb.com https://*.heydoctor.com https://d4fuqqd5l3dbz.cloudfront.net https://*.px-cloud.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-client.net https://*.split.io https://gx9e.app.link https://app.link https://*.branch.io https://bnc.lt https://*.doubleclick.net https://*.2mdn.net https://*.osano.com https://optimizely-edge.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagservices.com https://*.googletagmanager.com https://bat.bing.com https://*.sentry-cdn.com https://sentry.io https://*.ingest.sentry.io https://cdn.ampproject.org https://*.doubleverify.com https://*.typekit.net https://c.evidon.com https://l.betrad.com https://d79i1fxsrar4t.cloudfront.net https://static.legitscript.com https://cdn.contentful.com https://unpkg.com https://images.ctfassets.net https://cdnjs.cloudflare.com https://*.appsflyer.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.polyfill.io https://polyfill.io https://*.smartystreets.com https://s3-us-west-2.amazonaws.com https://s3.amazonaws.com https://my.wpengine.com https://secure.gravatar.com https://*.embed.ly https://*.mzstatic.com https://*.onelink.me https://www.recaptcha.net https://*.qualaroo.com https://datawrapper.dwcdn.net https://hire.withgoogle.com https://www.youtube.com https://*.insightexpressai.com https://connect.facebook.net https://www.facebook.com https://adservice.google.co.in https://adservice.google.com.au https://adservice.google.ca https://*.ytimg.com https://*.verticalhealth.net https://d.turn.com https://*.demdex.net https://idsync.rlcdn.com https://di.rlcdn.com https://*.adsafeprotected.com https://bcg.coupons.com https://*.embedly.com https://*.flashtalking.com https://pixel.sbal4kp.com https://*.adnxs.com https://*.adnxs-simple.com https://tracker.samplicio.us https://choices.truste.com https://choices.trustarc.com https://cf.adxcel.com https://*.accelerator.ibm.com https://*.serving-sys.com https://cdn.besafe.global https://api.lever.co https://*.segment.io https://*.segment.com https://*.userzoom.com https://sc.iasds01.com https://sb.voicefive.com https://*.scorecardresearch.com https://*.iqfp1.com https://*.dvtps.com https://*.pxsrv.net https://*.zentrick.com https://*.zentrick.name https://*.unwrapper.io https://*.dvva.io https://js.stripe.com https://www.redditstatic.com https://alb.reddit.com https://wsdk.rokt.com https://*.speedcurve.com https://fast.wistia.com https://platform.twitter.com https://*.doceree.com https://*.liadm.com https://www.medtargetsystem.com https://*.hcn.health https://thrtle.com https://trc.lhmos.com https://api.prod.projectexodus.us https://js.appboycdn.com https://*.braze.com https://use.fontawesome.com https://cdn.materialdesignicons.com https://*.twilio.com https://*.twiliocdn.com wss://*.twilio.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomassets.com https://intercom-sheets.com https://*.heydoctor.io https://*.deepintent.com https://*.moatads.com https://*.s.moatpixel.com https://*.adform.net https://*.jwpcdn.com https://*.jwplayer.com https://*.jwplatform.com https://*.jwpltx.com https://*.jwpsrv.com https://*.mux.com https://videos-fms.jwpsrv.com https://videos-cloudflare.jwpsrv.com https://*.datadoghq.com https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://pswec.com https://*.pswec.com https://sync.graph.bluecava.com https://*.adsrvr.org https://*.parsely.com https://*.qualtrics.com https://res.lassomarketing.io https://*.gvt1.com https://*.googlevideo.com https://*.quantummetric.com https://*.innovid.com https://btloader.com https://*.btloader.com https://ad-delivery.net https://*.ad-delivery.net https://*.ads2ads.net https://*.ads.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.linkedin.oribi.io https://sjs.bizographics.com https://*.videoamp.com https://ecp-prd-data.s3.us-west-2.amazonaws.com https://secure-gl.imrworldwide.com https://*.trustpilot.com https://*.hcpverify.com https://*.iassist.com; report-uri https://sentry.io/api/5148329/security/?sentry_key=b77e90b1f5654f2e83a0238f4cf07987 4 upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 4 frame-ancestors https://members.cafepress.com https://members.cafepress.co.uk https://members.cafepress.ca https://members.cafepress.com.au; 4 frame-ancestors 'self' https://webvisor.com 4 default-src 'self' data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.fbcdn.net *.youtube.com connect.facebook.net;style-src 'self' 'unsafe-inline' data: *.fbcdn.net 'unsafe-eval';connect-src *.fbcdn.net www.meta.com *.www.meta.com meta.ada.support www.facebook.com/tr/ gw.conversionsapigateway.com;font-src data: *.fbcdn.net;img-src 'self' blob: data: *.fbcdn.net *.fbsbx.com *.oculuscdn.com *.youtube.com *.ytimg.com www.facebook.com/tr/ *.cdninstagram.com;media-src blob: data: *.fbcdn.net *.cdninstagram.com *.oculuscdn.com;child-src blob: data: *.fbcdn.net;frame-src data: *.fbcdn.net www.meta.com/tealium/ *.www.meta.com/tealium/ *.youtube.com www.meta.com/payments/ *.www.meta.com/payments/ centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com *.fbthirdpartypixel.com meta.ada.support;worker-src blob: data: *.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 4 frame-ancestors 'self' centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com *.bazaarvoice.com mpsnare.iesnare.com *.googleapis.com *.paypal.com tracking.channelsight.com gateway.foresee.com sc-static.net qoe-1.yottaa.net cdn.yottaa.com ecwportal.vertexsmb.com j.6sc.co s.yjtag.jp yjtag.yahoo.co.jp s.yimg.jp tag.demandbase.com paapi8935.d41.co cdn-0.d41.co id.rlcdn.com ecf.d41.co 'unsafe-eval' 'unsafe-inline'; 4 default-src https: data: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 4 default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 4 default-src 'self' *.vidyard.com *.onetrust.com; frame-ancestors 'self'; form-action *; object-src 'none'; base-uri 'none'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src *; frame-src *; font-src * data:; media-src *; 4 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://optimize.google.com ;frame-src self https://6337982.fls.doubleclick.net https://*.loopnet.com http://*.loopnet.com https://*.loopnet.co.uk http://*.loopnet.co.uk https://*.loopnet.fr http://*.loopnet.fr https://*.loopnet.es http://*.loopnet.es https://*.loopnet.mx http://*.loopnet.mx https://*.loopnet.lat http://*.loopnet.lat https://*.loopnet.de http://*.loopnet.de https://*.loopnet.it http://*.loopnet.it https://*.loopnet.pt http://*.loopnet.pt https://*.loopnet.nl http://*.loopnet.nl http://*.loopnet.ca https://*.loopnet.ca https://*.costargroup.com https://www.facebook.com https://servedby.flashtalking.com https://adclick.g.doubleclick.net/ https://optimize.google.com https://*.googlesyndication.com/ https://s0.2mdn.net/ https://console.googletagservices.com/ https://*.adsrvr.org/ https://www.googletagservices.com https://www.google.com https://*.cybersource.com/ https://*.doubleclick.net/ https://*.firebaseapp.com/ https://*.us.criteo.com https://*.criteo.com https://*.criteo.net https://dynamic.criteo.com https://static.criteo.net criteo.net criteo.com *.criteo.com *.criteo.net https://players.brightcove.net https://www.youtube.com https://flickrembed.com https://*.knightlab.com https://viewer.panoskin.com https://my.matterport.com https://accounts.google.com https://*.ten-x.com https://*.pendo.io https://costar.brightspotcdn.com https://costar-brightspot-lower.s3.amazonaws.com https://flo.uri.sh https://s.company-target.com https://tpc.googlesyndication.com https://tpc.googlesyndication.com; 4 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; 4 script-src-elem 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com https://www.google.com https://www.gstatic.com ajax.googleapis.com 'unsafe-inline' static.freeimages.com; img-src 'self' cdn.cookielaw.org images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com http://script.hotjar.com www.google-analytics.com www.googletagmanager.com optimize.google.com www.gstatic.com *.google-analytics.com *.analytics.google.com fonts.gstatic.com *.freeimages.com data: blob: 'self' images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy cdn.cookielaw.org data: www.gstatic.com static.freeimages.com; connect-src 'self' geoapi.freeimages.com https://*.freeimages.com https://geoapi.freeimages.com cookies-data.onetrust.io getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com picspree.s3.amazonaws.com vectorhq-files.s3.amazonaws.com clipartlogo-getty.s3.amazonaws.com 365psd-getty.s3.amazonaws.com clipartme-getty.s3.amazonaws.com vectorme-getty.s3.amazonaws.com findicons-getty.s3.amazonaws.com https://*.hotjar.com https://*.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com analytics.google.com 'self' getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com geoapi.freeimages.com cookies-data.onetrust.io geolocation.onetrust.com in.hotjar.com stats.g.doubleclick.net wss://*.hotjar.com static.freeimages.com; frame-ancestors 'self'; script-src 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com 'unsafe-inline' static.freeimages.com; frame-src www.google.com vars.hotjar.com optimize.google.com converter.freeimages.com; default-src 'none'; base-uri 'none'; manifest-src 'self' static.freeimages.com; form-action 'self'; font-src 'self' fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com static.freeimages.com; style-src 'self' optimize.google.com https://static.hotjar.com https://script.hotjar.com fonts.googleapis.com 'unsafe-inline' www.googletagmanager.com static.freeimages.com; object-src 'none' 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 4 frame-ancestors 'self' https://tiaa-stagingx.unqork.io https://tiaa-uatx.unqork.io https://digitalforms.tiaa.org 4 connect-src 'self' https://vimeo.com https://hcaptcha.com https://apm-web.index-education.com.preprod/ https://*.hcaptcha.com ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com https://metrics-apm-d01.clients.dev.france:8200 http://*.datatables.net;default-src 'self' *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src *.index-education.france https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.openstreetmap.org http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.index-education.com http://*.index-education.com http://index-education.com https://app.mailjet.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self' *.index-education.france *.index-education.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ndx.plus *.ndx.plus https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.licdn.com *.tiny.cloud *.adobe.com *.cloudflare.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com code.jquery.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com https://app.mailjet.com;style-src 'self' 'unsafe-inline' https://hcaptcha.com ndx.plus *.ndx.plus https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com *.index-education.net data:;img-src 'self' https://*.index-education.com ndx.plus *.ndx.plus *.linkedin.com data:; 4 object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go2.grafana.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://x.clearbitjs.com https://app.clearbit.com https://munchkin.marketo.net https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com/ https://px.ads.linkedin.com https://www.linkedin.com https://fresnel.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://api.twitter.com https://twitter.com https://static.hotjar.com https://in.hotjar.com https://script.hotjar.com https://www.googletagmanager.com/gtag/ *.googleadservices.com https://googleads.g.doubleclick.net/pagead/ https://static.doubleclick.net https://www.youtube.com https://www.eventbrite.com http://rsdk.grafana.com https://heypal.chat https://www.heypal.chat https://pal-api-production.up.railway.app; report-uri /api/csp-reports 4 frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 4 frame-ancestors 'self' *.basf.com basf-performance-materials.expo-ip.com experience.adobe.com 4 frame-ancestors 'self' *.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com http://www.straitsfinancial.com www.straitsfinancial.com http://straitsfinancial.com https://www.home.saxo https://app.topsteptrader.com https://help.topsteptrader.com https://staging.topsteptrader.com https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom http://star-website.com https://www.investing.com https://*.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com https://zingbot.bz https://m.zingbot.bz https://dev.futuresfirstacademy.com https://uat.futuresfirstacademy.com https://futuresfirstacademy.com http://stage.barchart.com http://www.barchart.com https://www.infinityfutures.com https://kilofutures.com https://m.cqg.com https://mdemo.cqg.com *.chicago.cme.com:7822 https://uatm.cqg.com https://local.zingbot.bz https://www.gulfbondsukuk.org www.kgieworld.sg https://www.propex24.wpcomstaging.com https://www.propex24.com *.straitsfinancial.gate39tech.com us.straitsfinancial.com https://*.kapcoclients.com https://kapcoclients.com https://*.wallstreetbound.org https://wallstreetbound.org https://cofcointl.plateau.com https://rise.articulate.com https://members.tradeday.com http://blf-django.herokuapp.com https://www.bluelinefutures.com https://www.bluelinefutures.live https://www.bluelinefutures.trade https://login.chicago.cme.com https://loginnr.chicago.cme.com https://logincert.chicago.cme.com https://login-ny.chicago.cme.com https://ampfutures.com https://cme.ampfutures.com https://*.advantagefutures.com https://*.e-futures.com https://*.etrade.com https://*.gffbrokers.com https://infinityfutures-cn.com https://sweetfutures.com https://*.tradovate.com https://home.saxo https://*.tickmill.co.uk https://*.directa.it https://big.pt https://*.tradestation-international.com https://*.stonex.com http://tradinglessons.com https://tradinglessons.com *.ibroker.it *.ibroker.es *.cornertrader.ch *.whselfinvest.com *.banxbroker.de *.ameritrade.com *.sweetfutures.com *.danielstrading.com *.gainfutures.com gainfutures.com *.futuresonline.com *.tdainc.com *.lsvp.com *.schwab.com *.schwab.co.uk *.us.global.schwab.com *.dev.schwab.com *.cmegroupfoundation.org news.cqg.com https://www.banxbroker.de https://www.banxbroker.ch https://www.banxbroker.at https://www.banxbroker.com https://www.gulfcapitalmarket.org https://www.kqmarkets.co.uk https://dev.kqmarkets.co.uk https://www.kqmarkets.de https://dev.kqmarkets.de https://www.kqtrader.com https://dev.kqmarkets.com https://kqmarketportal.24livehost.com local.thetradingpit.com staging.thetradingpit.com www.thetradingpit.com *.trendspider.com trendspider.com fxpronode12template.azurewebsites.net uat-fxpro-website.azurewebsites.net fxpro.com www.thetradingpit.com staging.thetradingpit.com local.thetradingpit.com *.youfinance.it *.traderlink.it paradigmfutures.net www.e-mini.com www.e-futures.com www.foreigncurrencies.com www.cannontrading.com *.gcs-web.com www.rjobrien.com www.fxpro.com *.rjobrien.com http://www.acmfutures.com; 4 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 4 frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us; 4 frame-ancestors 'self' https://app.contentful.com 4 frame-ancestors 'self' *.ampproject.org *.zdbb.net 4 frame-ancestors 'self' https://admarket.no https://admarket.schibsted.se https://frontpage-wayback-machine.sls.schibsted.tech/; upgrade-insecure-requests 4 frame-ancestors https://blog.sherwin-williams.com https://www.sherwin-williams.com https://*.sherwin-williams.com 4 default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https:; report-uri /report-csp-violation 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.101datacenter.net https://*.101domain.com https://chat.livecustomer.com https://my.101domain.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com https://secure.campaigner.com https://connect.facebook.net https://*.kissmetrics.com https://*.googleapis.com https://*.facebook.com https://*.llnwd.net https://*.doubleclick.net https://*.infusionsoft.com https://*.google.bg https://d3pkntwtp2ukl5.cloudfront.net https://*.livechatinc.com https://*.googleusercontent.com https://*.gstatic.com https://*.linkedin.com https://*.bing.com https://*.infusionsoft.app https://*.adsymptotic.com https://*.truste.com https://*.comodo.com https://*.trust-provider.com https://*.101d.dev https://*.101s.dev https://*.ytimg.com https://*.clarity.ms https://*.videodelivery.net https://*.devicevalidation.io https://cdn.livechat-files.com https://cdn.linkedin.oribi.io https://*.licdn.com data: 4 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * 'self' data: 'unsafe-inline'; connect-src *; media-src *; frame-src *; frame-ancestors *; worker-src blob:; 4 connect-src 'self' *.cackle.me *.maps.yandex.net api-maps.yandex.ru api.selectel.ru go.selectel.ru hog.selectel.ru chatwoot.selectel.ru wss://chatwoot.selectel.ru google-analytics.bi.owox.com googleads.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com https://selectel.status.io/1.0/status/5980813dd537a2a7050004bd https://analytics.google.com https://api.amplitude.com https://api.mindbox.ru https://personalization-web-stable.mindbox.ru https://cackle.me https://selectel.ru https://top-fwz1.mail.ru https://tracker.softcube.com https://web.popmechanic.ru leads.selectel.ru mc.yandex.ru selectel.ru sendsay.ru stats.g.doubleclick.net suggest-maps.yandex.ru wss://*.cackle.me wss://api.selectel.ru wss://ws.selectel.ru www.facebook.com www.google-analytics.com www.youtube.com https://hooks.zapier.com/hooks/catch/11509819/ https://hooks.zapier.com/hooks/catch/12416931/ https://script.google.com/macros/s/AKfycbxV2XXAR0xrDMbWAwb3zq_FLwecjfful2Co8KilO-hH9D8epb6tEML78Pq7ypkJ0dA6/exec; default-src 'none'; font-src 'self' data: https://cdn.selectel.ru https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self' my.selectel.ru promo.selectel.ru go.teachbase.ru learn.selectel.org webvisor.com metrika.yandex.ru; frame-src 'self' *.cackle.me api-maps.yandex.ru calc.selectel.ru go.selectel.ru chatwoot.selectel.ru googleads.g.doubleclick.net https://cackle.me https://forms.amocrm.ru/ https://optimize.google.com https://player.vimeo.com/ https://vk.com/ www.facebook.com www.google.com www.google.ru www.youtube.com; img-src https: data: blob: region1.google-analytics.com region1.analytics.google.com; manifest-src 'self'; media-src 'self' https://chatwoot.selectel.ru https://cdn.selectel.ru https://files.selectel.ru; object-src 'self' blob:; report-uri https://relay.selectel.ru/api/87/security/?sentry_key=33110db9255441e5b312279003c189b1 https://relay.selectel.ru/api/20/csp-report/?sentry_key=7af12a7683624269a0cab11188e3d86e; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cackle.me *.maps.yandex.net analytics.twitter.com api-maps.yandex.ru cdn.ampproject.org connect.facebook.net go.selectel.ru hog.selectel.ru chatwoot.selectel.ru https://api.mindbox.ru/ https://cackle.me https://cdn.amplitude.com https://cdn.selectel.ru https://cse.google.com/adsense/search/async-ads.js https://cse.google.com/cse.js https://cse.google.com/cse/element/v1 https://dct.mango-office.ru https://embed.typeform.com/embed.js https://forms.amocrm.ru/ https://googleads.g.doubleclick.net https://optimize.google.com https://s.ytimg.com https://script.softcube.com https://static.popmechanic.ru https://top-fwz1.mail.ru https://vk.com https://widgets.mango-office.ru https://www.google.com https://www.googleoptimize.com/optimize.js mc.yandex.ru personalization-web-stable.mindbox.ru pi.pardot.com selectel.ru ssl.google-analytics.com static.ads-twitter.com suggest-maps.yandex.ru tagmanager.google.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com yastatic.net; style-src 'self' 'unsafe-inline' *.cackle.me https://cdn.selectel.ru/ https://chatwoot.selectel.ru https://cackle.me https://fonts.googleapis.com https://optimize.google.com https://static.popmechanic.ru https://tagmanager.google.com/ https://www.google.com/cse/static/element/ https://www.google.com/cse/static/style/look/v4/espresso.css https://personalization-web-stable.mindbox.ru/; upgrade-insecure-requests; 4 frame-ancestors 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au https://keepersecurity.jp https://keepersecurity.ca; 4 default-src 'self' *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.google.au *.google.be *.google.ca *.google.ch *.google.co.in *.google.co.nz *.google.co.uk *.google.com.br *.google.com.mx *.google.com.ph *.google.com.sg *.google.com *.google.de *.google.es *.google.fr *.google.ie *.google.nl *.google.no *.google.pl *.google.ru *.doubleclick.net js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net https://cdn.jsdelivr.net/npm/@sheerid/jslib@1.78.0/sheerid.js https://cdn.jsdelivr.net/npm/@sheerid/jslib@1.78.0/sheerid.css 'self' data: 'unsafe-eval' 'unsafe-inline' *.youneedabudget.com *.ynab.com youneedabudget.helpscoutdocs.com youneedabudget.myshopify.com www.gstatic.com/recaptcha/ hello.myfonts.net appleid.cdn-apple.com polyfill.io cdnjs.cloudflare.com/ajax/libs/lottie-web/5.7.6/lottie.min.js s.ytimg.com *.ads-twitter.com *.twitter.com *.pusher.com *.soundcloud.com *.sumologic.com *.youtube.com ajax.cloudflare.com s.pinimg.com player.vimeo.com cdn.kustomerapp.com cdn.rollbar.com *.helpscout.net *.tiktok.com *.ttwstatic.com zapier.com/apps/embed/widget.js cdn.zapier.com embed.typeform.com *.mparticle.com *.amplitude.com d.impactradius-event.com cdn.pdst.fm/ping.min.js sc-static.net/scevent.min.js *.snapchat.com *.pinterest.com *.quora.com snap.licdn.com cookie-cdn.cookiepro.com js.recurly.com;frame-ancestors *.youneedabudget.com *.ynab.com;connect-src *.google.com *.google-analytics.com *.googletagmanager.com *.googleusercontent.com *.doubleclick.net *.googlesyndication.com services.sheerid.com orgsearch.sheerid.net https://cdn.jsdelivr.net/npm/@sheerid/jslib@1.78.0/localized-messages/en-US.json *.youneedabudget.com *.ynab.com ynab.api.kustomerapp.com *.pndsn.com kustomer-prod1-attachments.s3.amazonaws.com kustomer-prod2-attachments.s3.amazonaws.com s3.amazonaws.com/kustomer-prod1-attachments s3.amazonaws.com/kustomer-prod2-attachments https://cdn.jsdelivr.net/npm/emoji-picker-element-data@%5E1/en/emojibase/data.json api.rollbar.com *.helpscout.net d3hb14vkzrxvla.cloudfront.net forms.hscollectedforms.net sdk.iad-03.braze.com *.giphy.com api.zapier.com/elements/zap-templates/ *.mparticle.com *.amplitude.com youneedabudget.a4xxmk.net us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink *.snapchat.com *.pinterest.com *.quora.com *.facebook.com cdn.linkedin.oribi.io cookie-cdn.cookiepro.com geolocation.onetrust.com privacyportal.cookiepro.com api.recurly.com https://ynab-coaching-payments.netlify.app;font-src 'self' data: fonts.gstatic.com *.youneedabudget.com *.ynab.com cdn.kustomerapp.com;frame-src accounts.google.com *.doubleclick.net optimize.google.com 'self' w.soundcloud.com *.youtube-nocookie.com vimeo.com open.spotify.com assets.pinterest.com www.pinterest.com ct.pinterest.com www.pinterest.co.uk www.pinterest.com.au www.pinterest.ca www.pinterest.cl www.pinterest.de www.pinterest.es www.pinterest.fr www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.youneedabudget.com www.ynab.com docs.youneedabudget.com wellness.youneedabudget.com wellness.ynab.com support.youneedabudget.com support.ynab.com ynab.kustomer.help ynab-wellness.kustomer.help www.tiktok.com form.typeform.com youneedabudget.a4xxmk.net *.snapchat.com *.facebook.com api.recurly.com;img-src data: * blob: cdn.kustomerhostedcontent.com cdn.kustomerapp.com *.giphy.com *.getcloudapp.com kustomer-prod1-attachments.s3.amazonaws.com kustomer-prod2-attachments.s3.amazonaws.com;report-uri /y/csp-report/; 4 frame-ancestors http://www.moex.com 4 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https:; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 4 frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://sites.dev.penguinrandomhouse.com/ https://sites.tst.penguinrandomhouse.com/ https://sites.prh.com/ https://iteratehq.com/ *.penguinrandomhouse.com *.dev.penguinrandomhouse.com *.tst.penguinrandomhouse.com 4 object-src 'none'; frame-ancestors *.tim.it; 4 frame-ancestors https://events.martechconf.com https://martech.org 4 default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com surfnl.containers.piwik.pro 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com surfnl.containers.piwik.pro surfnl.piwik.pro; img-src http: https: surfnl.containers.piwik.pro surfnl.piwik.pro data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com; font-src 'self' fonts.gstatic.com surfnl.containers.piwik.pro surfnl.piwik.pro data:; connect-src 'self' surfnl.piwik.pro webstats.surf.nl surfnl.containers.piwik.pro surfnl.piwik.pro; report-uri /report-csp-violation; upgrade-insecure-requests 4 frame-ancestors 'self' *.datto.com *.backupify.com datto.engineering *.openmesh.com *.autotask.net; report-uri https://www.datto.com/actions/contentSecurityPolicy/report/log; report-to csp-endpoint; 4 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ *.s3.amazonaws.com *.optimizely.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://*.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com https://gba4ya26.micpn.com/p/js/ https://tr.snapchat.com/config/ https://www.google.com/pagead/ https://bat.bing.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://analytics.tiktok.com https://m5srpdpi.micpn.com https://tags.crwdcntrl.net https://ynnpkxoz.micpn.com https://tag.demandbase.com https://mi.chamberlain.edu https://static.hotjar.com https://s.adroll.com https://script.hotjar.com https://d.adroll.com https://marvel-b2-cdn.bc0a.com https://geoip-js.com *.avaamo.com https://munchkin.marketo.net https://ict.infinity-tracking.net https://js.adsrvr.org https://s.yimg.com https://waldenuniversity.referralrock.com https://cdn.mouseflow.com https://tag.mtrcs.samba.tv https://pixel.mathtag.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://pixel.admedia.com *.googlesyndication.com *.storelocatorwidgets.com https://ajax.googleapis.com https://home-c20.incontact.com https://gateway.on24.com https://www.riddle.com/; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com *.salesforceliveagent.com https://rossu.secure.force.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/ https://hello.myfonts.net/ https://fast.fonts.net/ https://cdnjs.cloudflare.com/ https://optimize.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdn.storelocatorwidgets.com *.googletagmanager.com https://*.crazyegg.com; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com/ https://www.adtalem.com/ https://*.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://www.google-analytics.com https://optimize.google.com https://webtracking.medical.rossu.edu https://analytics.tiktok.com https://rossu.secure.force.com https://webtrackingvet.rossu.edu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://ipv4.d.adroll.com https://pt.ispot.tv *.amazonaws.com https://sp.analytics.yahoo.com https://webtracking.chamberlain.edu https://pixel.mtrcs.samba.tv https://cu.secure.force.com https://bidagent.xad.com https://data.adxcel-ec2.com https://pixel.mathtag.com https://cdnjs.cloudflare.com https://img.storelocatorwidgets.com https://www.googleadservices.com https://arttrk.com ads-api.twitter.com analytics.twitter.com ads-twitter.com https://bam.nr-data.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' *.avaamo.com; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com https://vr.showmecaribbean.com/ https://e.issuu.com/ https://optimize.google.com *.cdn.optimizely.com https://waldenuniversity.referralrock.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://match.adsrvr.org https://pixel.mathtag.com https://cdn.hypemarks.com https://widget.spreaker.com https://app.calconic.com https://www.google.com *.avaamo.com https://home-c20.incontact.com https://www.riddle.com https://gateway.on24.com https://cdn.yoshki.com https://massinteract.com https://www.flickr.com https://*.siteimprove.com; frame-ancestors 'self'; child-src 'self' *.youtube.com blob:; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net https://fonts.gstatic.com *.avaamo.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://cdn.mouseflow.com; connect-src 'self' wss://wsp43.hotjar.com https://gtm.waldenu.edu https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://*.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/ https://analytics.google.com https://bam.nr-data.net https://ipinfo.io https://www.facebook.com/tr/ https://analytics.tiktok.com https://cdn.linkedin.oribi.io *.optimizely.com https://api.company-target.com https://vc.hotjar.io https://wsp43.hotjar.com https://s.yimg.com *.mktoresp.com https://ict.infinity-tracking.net https://nas.lon.infinity-tracking.net https://pixel.mtrcs.samba.tv https://in.hotjar.com https://segments.company-target.com https://geoip-js.com *.mouseflow.com https://api.tintup.com *.amazonaws.com https://ad.doubleclick.net https://pixel.admedia.com *.mapbox.com *.storelocatorwidgets.com ads-api.twitter.com ads-twitter.com analytics.twitter.com *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; report-uri /report-csp-violation 4 upgrade-insecure-requests; default-src 'self'; frame-src 'self' *.consentmanager.net www.youtube.com www.youtube-nocookie.com *.altrulabs.com *.smartrecruiters.com *.equitystory.com *.conti-apps.de *.continental.com *.wowza.com livestream.com *.nc3-cdn.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.continental.com *.bing.com *.virtualearth.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.continental.com www.googletagmanager.com *.mouseflow.com *.equitystory.com *.bing.com *.virtualearth.net *.admiralcloud.com *.altrulabs.com *.smartrecruiters.com *.linkedin.com *.licdn.com *.analytics.google.com *.google-analytics.com cdn.trkkn.com unpkg.com *.consentmanager.net blob:; font-src 'self' data: *.continental.com *.bing.com *.admiralcloud.com *.altrulabs.com *.gstatic.com; connect-src 'self' *.continental.com *.admiralcloud.com *.bing.com *.virtualearth.net *.altrulabs.com *.analytics.google.com *.google-analytics.com stats.g.doubleclick.net *.mouseflow.com *.consentmanager.net cdn.linkedin.oribi.io; img-src * data:; media-src * blob:; 4 font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io; 4 default-src 'self' www.app5.unisys.com js.qualified.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net data: ws: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com js.qualified.com www.googleadservices.com *.optimizely.com *.twitter.com *.gartner.com cdn.pdst.fm www.gstatic.com *.6sc.co t.contentsquare.net app.contentsquare.com *.google.com *.cloudfront.net *.createjs.com *.facebook.net *.eloqua.com *.statcounter.com *.youtube.com *.vimeocdn.com *.en25.com *.demandbase.com *.hotjar.com *.licdn.com *.adroll.com https://www.google-analytics.com *.googletagmanager.com https://js.ipredictive.com *.google-analytics.com *.trustarc.com https://www.googletagmanager.com https://vimeo.com *.vimeo.com https://js.hs-banner.com https://js.hs-scripts.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hs-analytics.net https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://s7.addthis.com https://v1.addthisedge.com https://m.addthis.com/ https://z.moatads.com https://maxcdn.bootstrapcdn.com https://www.facebook.com *.episerver.net *.bing.com *.virtualearth.net *.unisys.com https://api.company-target.com *.sharethis.com https://unpkg.com *.consensu.org https://ajax.googleapis.com https://cdnjs.cloudflare.com https://t.contentsquare.net/ https://static.ads-twitter.com/ *.newscred.com *.rezync.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.gartner.com https://fonts.googleapis.com *.episerver.net *.bing.com https://maxcdn.bootstrapcdn.com https://unpkg.com *.sharethis.com https://*.unisys.com; img-src 'self' blob: data: http: https: *.ipredictive.com www.googletagmanager.com *.contentsquare.net https://cdn.optimizely.com; font-src 'self' *.gartner.com data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.unisys.com; connect-src 'self' https://logx.optimizely.com *.demandbase.com https://*.optimizely.com https://us-central1-adaptive-growth.cloudfunctions.net *.optimizely.com *.6sc.co *.adnxs.com cdn.linkedin.oribi.io *.trustarc.com *.hotjar.io *.hotjar.com *.doubleclick.net *.google.com *.googletagmanager.com *.google-analytics.com https://forms.hubspot.com https://api.hubspot.com https://m.addthis.com https://dc.services.visualstudio.com https://vimeo.com ws: wss: *.bing.com *.episerver.net *.virtualearth.net https://api.company-target.com https://c.statcounter.com *.contentsquare.net; child-src 'self' *.trustarc.com https://api.hubspot.com https://app.hubspot.com https://vimeo.com *.vimeo.com https://www.youtube.com https://s7.addthis.com; media-src 'self' www.app5.unisys.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net https://*.unisys.com; frame-src *; worker-src 'self' blob: data: 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wootric.com https://wootric-eligibility.herokuapp.com https://s.yimg.com https://static.lightning.force.com https://onsemineworg.my.salesforce.com https://service.force.com https://d.la2-c1-ia5.salesforceliveagent.com https://c.la2-c1-ia5.salesforceliveagent.com https://onsemineworg.my.site.com https://c1.sfdcstatic.com https://www.gstatic.cn https://www.recaptcha.net https://onsemineworg.my.salesforce.com https://onsemineworg.my.site.com https://d.la2-c1-ia5.salesforceliveagent.com https://service.force.com https://c1.sfdcstatic.com https://onsemi.componentsearchengine.com https://*.plexim.com https://event.on24.com https://my.onsemi.com https://www.onsemi.jp https://www.onsemi.cn https://www.onsemi.com https://identity.onsemi.com https://tags.tiqcdn.cn https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.zencdn.net https://*.akamaihd.net https://go.onsemi.com blob: data: https://cdn.linkedin.oribi.io https://767-faw-709.mktoutil.com https://sp.analytics.yahoo.com https://*.analytics.google.com 4 frame-ancestors 'self' hhs.gov *.hhs.gov 4 frame-ancestors https://www.cedars-sinai.org/ https://aem-dispatcher-dev.cedars-sinai.org/ https://patients.mycslink.org/ https://patients-dev.mycslink.org/ https://patients-test.mycslink.org/ https://patients-stage.mycslink.org/ 4 default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests; 4 frame-ancestors 'self' commander.weatherops.com 4 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4 frame-ancestors 'self' http://safebrands.fr https://safebrands.fr http://safebrands.com https://safebrands.com 4 frame-src 'self' https://*.zf.com https://app.powerbi.com https://684e6358a25146d7b2463db408d33a1e.svc.dynamics.com https://players.brightcove.net https://*.baidu.com https://*.bdimg.com https://maps.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com ; worker-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zf.com https://skk.erecruiter.pl https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js https://rec.smartlook.com https://vjs.zencdn.net https://players.brightcove.net https://cdn.syndication.twimg.com https://cdn.cookielaw.org https://*.twitter.com https://*.facebook.net https://*.piwik.pro https://*.baidu.com https://*.bdimg.com https://maps.googleapis.com; frame-ancestors 'self' https://*.zf.com https://justaraiv.com; 4 default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.streaming.media.azure.net; style-src 'self' 'unsafe-inline' https://*.oebb.at https://*.nightjet.com https://apis.google.com https://*.googleapis.com https://*.azureedge.net https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com https://*.azureedge.net https://static.userback.io https://walls.io https://cdn.botframework.com https://*.myincert.com https://myincert.com https://*.traumgutscheine.com; connect-src 'self' https://*.oebb.at https://*.nightjet.com https://obc.railcargo.com https://*.azureedge.net https://directline.botframework.com wss://directline.botframework.com https://api.userback.io https://*.playertec.de https://powerva.microsoft.com https://graph.microsoft.com https://login.microsoftonline.com https://api.siteimprove.com blob:; img-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://static.userback.io https://oebbtalentinastorage.blob.core.windows.net data: blob:; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com https://at.cloud.fabasoft.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://ec21aac802964ead8485bcf19e4d7cc9.svc.dynamics.com https://*.azureedge.net https://live.virtual-events.at https://*.streaming.media.azure.net https://www.traumgutscheine.com https://my.walls.io https://*.vimeo.com https://vimeo.com https://service.studiobaff.com https://*.playertec.de https://login.microsoftonline.com https://live.brame-gamification.com https://www.komoot.de https://wien.radelt.at https://railtours.traumgutscheine.com https://*.microsoftstream.com; frame-ancestors https://oebb-test.hafas.de https://*.oebb.at http://fahrplan.oebb.at https://*.nightjet.com; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com; child-src https://www.traumgutscheine.com https://railtours.traumgutscheine.com blob:; 4 default-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch data: https://www.metanet.ch; base-uri 'none'; connect-src 'self' https://region1.google-analytics.com/ https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net; font-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net; img-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://*.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://static.metanet.ch https://www.gstatic.com https://ssl.gstatic.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.googleapis.com 4 frame-ancestors 'self' http://turan.urw.com/ https://turan-web.preprod.cloud.coreoz.com/ https://turan-web2.preprod.cloud.coreoz.com/ https://apollo.int.coreoz.com/world https://prod.id.westfield.com/ 4 default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net; worker-src blob:; img-src * blob: data:; 4 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 4 default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: https: 'self'; connect-src blob: https: 'self' 'unsafe-inline' wss://*.hotjar.com 4 frame-ancestors 'self' http://ideas.cloudera.com https://ideas.cloudera.com http://pages.cloudera.com https://pages.cloudera.com https://video.cloudera.com https://resources.cloudera.com http://resources.cloudera.com https://*.kampyle.com https://*.medallia.com 4 upgrade-insecure-requests; frame-ancestors 'none'; 4 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.deutsche-rentenversicherung.de *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.deutsche-rentenversicherung.de *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' *.deutsche-rentenversicherung.de multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com ; img-src 'self' data: *.deutsche-rentenversicherung.de *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/ https://www.google-analytics.com/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/; connect-src 'self' https://stats.g.doubleclick.net/ https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 4 frame-ancestors https://*.blackboard.com https://*.anthology.com; 4 default-src https:; connect-src https: wss:; font-src https: data:; frame-src http://webvisor.com blob: https:; frame-ancestors http://webvisor.com blob: https:; img-src https: data: blob:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; child-src blob: https:; 4 connect-src wss: https:; upgrade-insecure-requests; object-src blob: 'self'; frame-ancestors 'self' https://tre3content.develop.wunder.io https://tre3content.stage.wunder.io https://content.tuni.fi; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 4 frame-ancestors 'self' http://tutorialcorreo.xsi.es http://correo.natural.es http://correo.mundored.com http://mundored.com https://correo.nuevecomanueve.es 4 default-src 'self' wss: https: data: 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self'; script-src 'unsafe-inline' 'self' blob: 4 frame-ancestors 'self' *.hillspetnutrition.com; 4 upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src https:; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://www.googletagmanager.com https://talkdriver.ru https://support.smsc.ru https://support.smsc.kz https://sup.smsc.ua https://plugins.stripo.email blob: 4 frame-ancestors 'self' https://dealerexperience.cadillac.com https://dealerexperience-cadillac-com.*.wpx.gm.com 4 default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 4 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net; img-src * data: *; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.google.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net; report-uri /admin/config/system/seckit/csp-report 4 frame-ancestors 'self' *.ncmec.org *.ncmecad.net *.adobecqms.net *.missingkids.org *.articulate.com articulateusercontent.com ncmec.docebosaas.com learn.secondcity.com *.dcbstatic.com; 4 frame-ancestors 'self' *.lift.acquia.com lift.acquia.com; report-uri /report-csp-violation 4 frame-ancestors https://purinaric.website1.dev https://v2-ric-72644--purina-unitedstatesofamerica.pantheonsite.io; report-uri /report-csp-violation 4 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 4 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 4 default-src * data:; script-src http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline' 4 referrer no-referrer 4 '' 4 default-src *.crazyegg.com blob: https: 'unsafe-inline' 'unsafe-eval' ;img-src https: data:; font-src https: data:; object-src 'none'; 4 default-src 'self' https://brightdata.com wss://nexus-websocket-a.intercom.io wss://widget-mediator.zopim.com 'unsafe-inline' 'unsafe-eval' https://www.comeet.co/ data: https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com www.googleadservices.com *.googlesyndication.com https://www.pagespeed-mod.com https://assets.calendly.com https://calendly.com *.doubleclick.net http://ad.doubleclick.net *.youtube.com i.ytimg.com *.visualwebsiteoptimizer.com https://widget.trustpilot.com https://*.zdassets.com https://brightdata.zendesk.com https://*.userway.org https://cdn.mxpnl.com https://*.mxpnl.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com *.thesmilingelbows.com *.bing.com https://*.clarity.ms https://www.clarity.ms *.baidu.com https://*.lfeeder.com https://widget.intercom.io *.linkedin.com https://js.intercomcdn.com https://api-iam.intercom.io https://*.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com https://api-js.mixpanel.com *.hsforms.net *.hsforms.com https://*.oribi.io *.gravatar.com cdn.jsdelivr.net cdnjs.cloudflare.com ajax.cloudflare.com code.jquery.com unpkg.com https://snap.licdn.com *.yandex.ru *.yandex.net *.yandex.com *.yandex.md *.yandex.by *.facebook.net *.facebook.com *.capterra.com *.netstar-inc.com *.gstatic.com yastatic.net https://cdn.datatables.net *.fleeq.io *.google.com *.google.ad *.google.ae *.google.com.tr *.google.co.il *.google.co.cr *.google.ca *.google.com.ua *.google.es *.google.co.in *.google.com.sg *.google.com.np *.google.com.mt *.google.de *.google.com.bd *.google.co.id *.google.it *.google.co.uk *.google.co.th *.google.co.kr *.google.fr *.google.co.za *.google.com.my *.google.com.co *.google.co.ve *.google.com.sa *.google.pt *.google.be *.google.cz *.google.co.ma *.google.com.br *.google.com.cy *.google.co.jp *.google.com.vn *.google.com.tw *.google.ro *.google.co.ke *.google.com.ng *.google.hu *.google.pl *.google.ie *.google.nl *.google.se *.google.com.do *.google.com.mx *.google.co.mz *.google.at *.google.com.ph *.google.ge *.google.com.au *.google.dz *.google.ch *.google.rs *.google.cn *.google.la *.google.by *.google.com.gt *.google.tn *.google.cl *.google.com.py *.google.ge *.google.com.ar *.google.lk *.google.com.kh *.google.ru *.google.com.mm *.google.az *.google.com.hk *.google.kz *.google.com.gh *.google.am *.google.me *.google.com.et *.google.no *.google.md *.google.com.pk *.google.bj *.google.com.af *.google.hr *.google.co.uz *.google.com.pa *.google.com.sv *.google.cm *.google.bg *.google.sk *.google.com.pr *.google.com.eg *.google.lu *.google.al *.google.si *.google.com.jm *.google.iq *.google.lu *.google.com.pe *.google.com.ec *.google.com.bo *.google.kg *.google.mu *.google.sn *.google.rw *.google.co.ug *.google.gr *.google.fi *.google.mk *.google.com.lb *.google.ee *.google.jo *.google.ba *.google.com.sv *.google.ps *.google.com.fj *.google.co.ao *.google.com.gi *.google.com.qa *.google.tt *.google.gy *.google.lt *.google.com.sv *.google.mg *.google.tm *.google.gm *.google.so *.google.cz *.google.co.tz *.google.com.uy *.google.bf *.google.vg *.google.com.cu *.google.sm *.google.com.bn *.google.hn *.google.ci *.google.com.na *.google.co.ls *.google.dk *.google.co.nz *.google.ht *.google.cv *.google.ne *.google.mv google.com.sb google.is google.com.ly google.com.kw google.co.vi google.je google.sc google.cd google.mg google.cg google.lv google.tg google.bt google.vu google.dz google.com.pg google.ht google.com.ni google.co.id google.com.uy google.mn google.bs google.tj google.co.uk google.com.sl google.com.bz google.ml google.com.ph google.co.in google.tm google.ms google.com.tj https://*.comeet.com; frame-ancestors 'self'; report-uri https://brightdata.com/web_api/report_csp 4 object-src 'none'; script-src 'self' https://ads.pubmatic.com https://polyfill.io https://js.ad-score.com https://*.revcontent.com https://hcaptcha.com https://*.hcaptcha.com https://*.cloudflare.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://ads.scored.co 'unsafe-inline' 'unsafe-eval' 4 default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: blob: 4 frame-ancestors 'self' www.cv.ee cv.ee www.cv.lv cv.lv www.prakse.lv prakse.lv https://www.fritz-henkel.com https://fritz-henkel.com; 4 default-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; frame-ancestors 'self' https://xodo-web.sanity.studio; 4 frame-ancestors 'self' *.lovecrafts.com 4 default-src 'self' *.iphouse.com data: 'unsafe-inline' 'unsafe-eval'; 4 img-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.facebook.com *.linkedin.com *.ytimg.com secure.gravatar.com data: https: 'self'; style-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.vimeocdn.com *.vimeo.com data: https: 'unsafe-inline' 'self'; object-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-inline' 'self'; script-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-eval' 'unsafe-inline' 'self'; 4 frame-ancestors 'self' https://c360.cricketwireless.com; 4 font-src * 4 child-src 'self';worker-src * blob: 'unsafe-inline';font-src * data: 'unsafe-inline';frame-ancestors *;frame-src *;script-src-attr * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 4 default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' https: blob:; style-src 'self' 'unsafe-inline' https: data: 4 default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 4 frame-ancestors 'self' *.authorize.net 4 default-src *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.demdex.net *.day.com *.everesttech.net *.scene7.com *.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.ski-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com *.teads.tv brp.my.salesforce-sites.com cdn.jsdelivr.net stconsumercaseapip01.blob.core.windows.net arttrk.com *.yimg.com www.filepicker.io *.unchartedsociety.com *.qualtrics.com; 4 base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' https:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.everbridge.com https://*.adsymptotic.com https://bestinenterpriseresilience.com https://*.bestinenterpriseresilience.com https://secure.adnxs.com https://*.cookiebot.com https://*.addtoany.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://www.g2.com https://px.ads.linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.marketo.net https://*.marketwire.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://analytics.twitter.com https://static.ads-twitter.com https://*.driftt.com https://*.hotjar.com https://epsilon.6sense.com https://*.6sc.co https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://www.comparably.com https://*.itcentralstation.com https://www.peerspot.com https://cdn.amcharts.com https://*.gravatar.com https://*.cdninstagram.com https://*.instagram.com https://player.simplecast.com https://*.vimeo.com https://vpn.seminolecountyfl.gov/ https://*.youtube.com https://*.ytimg.com https://*.zoominfo.com https://t.co/i/adsct https://www.gstatic.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; media-src 'self' https://js.driftt.com; object-src 'self' *.everbridge.com; prefetch-src 'self' ajax.googleapis.com s.w.org; style-src 'self' 'unsafe-inline' *.everbridge.com https://fonts.googleapis.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googleoptimize.com https://optimize.google.com https://www.google-analytics.com https://static.addtoany.com https://*.marketo.com; 4 frame-ancestors 'none';upgrade-insecure-requests; 4 frame-ancestors 'self' http://dezshira.in/ https://www.china-briefing.com https://www.india-briefing.com https://www.vietnam-briefing.com https://www.aseanbriefing.com https://www.russia-briefing.com/ https://www.silkroadbriefing.com/ 4 report-uri ; 4 frame-ancestors 'self' *.cvonline.lt cvonline.lt; default-src 'unsafe-inline' 'self' teltonika-energy.com *.googletagmanager.com *.googleapis.com *.gstatic.com; script-src 'self' blob: 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' *.taboola.com *.googlesyndication.com *.googleadservices.com *.googleapis.com *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hs-analytics.net *.chatbot.com *.licdn.com *.facebook.net *.hs-scripts.com *.sentry.io *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com; img-src 'self' blob: teltonika-energy.com *.ytimg.com *.facebook.net teltonika-iot-group.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.teltonika.lt *.linkedin.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.hsforms.com *.hubspot.com *.youtube.com *.gstatic.com *.googleapis.com data:; connect-src 'self' blob: *.taboola.com *.hscollectedforms.net cdn.linkedin.oribi.io *.teltonika-networks.com *.gstatic.com *.facebook.com *.google.com *.googleapis.com *.hubspot.com *.hubapi.com *.teltonika.lt *.chatbot.com sentry.io *.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net data:; frame-src 'self' youtu.be *.youtu.be *.facebook.com *.chatbot.com *.youtube.com *.google.com; child-src blob: 4 default-src https: 'unsafe-inline' 'unsafe-eval'; 4 frame-ancestors 'self' https://next.brella.io/ https://taikalyhty.shapespark.com/ https://tiet01mstr6v7esprep.dxcloud.episerver.net/ 4 frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl http://*.ben.nl https://*.ben.nl http://*.liveforward.nl https://*.liveforward.nl https://thuismy.t-mobile.nl https://app.storyblok.com 4 frame-ancestors 'self'; object-src 'self'; 4 base-uri 'self'; frame-ancestors *;frame-src *;child-src 'self';block-all-mixed-content;object-src 'none'; prefetch-src 'self';worker-src 'self'; default-src https: data: ws:; script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline'; 4 frame-src 'self' *.microfocus.com *.ubembed.com https://12964123.fls.doubleclick.net/ https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://app.vwo.com https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 4 frame-ancestors 'self' https://*.cite-sciences.fr https://*.palais-decouverte.fr https://*.universcience.fr; 4 default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 4 frame-ancestors 'self' https://*.cloudfront.net/ https://*.inovalon.com https://www.mdon-line.com/ https://inovalon.canto.com; 4 default-src https: data: blob: wss:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 4 default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors https://*.offshore-energy.biz 4 base-uri 'self'; object-src 'none'; frame-ancestors 'self'; 4 default-src 'self'; base-uri 'self'; img-src https: data: ssl.gstatic.com; font-src 'self' fonts.gstatic.com f.hubspotusercontent-eu1.net blog.delen.bank data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com static.hsappstatic.net; script-src https: 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com *.google-analytics.com; connect-src https: *.google-analytics.com www.google-analytics.com *.hotjar.com *.hotjar.io; frame-src 'self' *.google.com *.hotjar.com player.vimeo.com player.clevercast.com *.webflow.io vimeo.com *.vimeo.com delenhackdays.be *.dynamics.com www.google-analytics.com *.delen.be *.delen.bank *.delen.lu *.oyens.com *.typeform.com *.doubleclick.net https://app httpsdelen://app https://forms.office.com https://oyensappsimulator.acpt.delen.be https://delenappsimulator.acpt.delen.be https://login.acpt.delen.be https://online.acpt.delen.bank https://loginoyens.acpt.delen.be https://delenappsimulator.acpt.delen.lu https://delenchappsimulator.acpt.delen.lu https://login.acpt.delen.lu https://loginch.acpt.delen.lu platform.twitter.com https://forms-eu1.hsforms.com vimeo.com blog.delen.bank;; upgrade-insecure-requests 4 default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data: https:; font-src * 'self' data: https:; connect-src *; media-src *; object-src *; prefetch-src *; child-src * 'self' data: https: blob:; base-uri *; 4 frame-ancestors https://*.1-grid.com/ 'self'; 4 default-src 'self'; connect-src 'self' use.typekit.net cdn.linkedin.oribi.io ajax.googleapis.com stats.g.doubleclick.net bat.bing.com f.clarity.ms www.facebook.com api.hubspot.com vimeo.com www.google-analytics.com wp.ocelotbot.com snap.licdn.com js.hsforms.net js.hs-scripts.com js.hs-analytics.net forms.hsforms.com forms.hs-forms.com hubspot-forms-static-embed.s3.amazonaws.com js.usemessages.com js.hs-banner.com; prefetch-src 'self' js.hs-banner.com js.usemessages.com js.hs-analytics.com snap.licdn.com www.google-analytics.com www.googletagmanager.com; font-src 'self' use.typekit.net data:; frame-src app.hubspot.com player.vimeo.com www.facebook.com bid.g.doubleclick.net forms.hsforms.com; img-src 'self' data: wp.ocelotbot.com wppub.ocelotbot.com forms-na1.hsforms.com bat.bing.com secure.adnxs.com forms.hsforms.com www.facebook.com googleads.g.doubleclick.net secure.adnxs.com secure.gravatar.com www.google.com p.adsymptotic.com track.hubspot.com px.ads.linkedin.com px4.ads.linkedin.com www.google-analytics.com www.gstatic.com ssl.gstatic.com i.vimeocdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' wp.ocelotbot.com ajax.googleapis.com www.clarity.ms bat.bing.com connect.facebook.net ws.zoominfo.com googleads.g.doubleclick.net www.googleadservices.com slate.technolutions.net px.ads.linkedin.com snap.licdn.com track.hubspot.com js.hsforms.net forms.hsforms.com forms.hs-forms.com p.adsymptotic.com js.usemessages.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com apis.google.com f.vimeocdn.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net f.vimdeocdn.com; object-src 'none'; upgrade-insecure-requests; 4 default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 4 default-src 'self' api.marker.io app.marker.io *.aticdn.net bat.bing.com *.bootstrapcdn.com cdn.linkedin.oribi.io cdn.matomo.cloud *.cdninstagram.com *.clarity.ms *.clickdimensions.com *.comaweb.de data: *.easyway.site edge.marker.io *.elfsquad.io www.facebook.com *.fbcdn.net *.firebot.io *.flockler.app *.flockler.com flockler.com *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleapis.com www.googletagmanager.com *.gstatic.com *.iconfinder.com *.ingest.sentry.io *.licdn.com *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me randomuser.me s3-eu-west-1.amazonaws.com snap.licdn.com ssr.marker.io svrdntfctn.com *.twimg.com *.usercentrics.eu webasto-comfort.com *.webasto-comfort.com *.webasto.com webasto.matomo.cloud webastoamericas.bullseyelocations.com wss://firebot.galacticweb.net *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' api.marker.io app.marker.io *.aticdn.net *.bootstrapcdn.com *.clarity.ms *.clickdimensions.com *.easyway.site edge.marker.io *.elfsquad.io *.firebot.io *.flockler.app *.flockler.com *.formsite.com *.galacticweb.net *.googleapis.com *.gstatic.com *.ingest.sentry.io *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me snap.licdn.com ssr.marker.io svrdntfctn.com *.webasto.com webastoamericas.bullseyelocations.com *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.marker.io app.marker.io *.aticdn.net bat.bing.com *.bootstrapcdn.com cdn.matomo.cloud *.clarity.ms *.clickdimensions.com https://connect.facebook.net/ *.easyway.site edge.marker.io *.elfsquad.io *.firebot.io firebot.io *.flockler.app *.flockler.com *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com www.googletagmanager.com *.gstatic.com *.ingest.sentry.io *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me randomuser.me snap.licdn.com ssr.marker.io svrdntfctn.com *.usercentrics.eu *.webasto.com webasto.matomo.cloud webastoamericas.bullseyelocations.com *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; 4 frame-ancestors 'self' https://wood.showpad.biz https://www.wood.showpad.biz https://www.wood.showpad.com https://wood.showpad.com 4 upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; img-src 'self' data: https:; frame-src 'self' https:; connect-src 'self' https: 4 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 4 default-src 'self' https:; img-src 'self' https: data:; media-src 'self' https: data:; script-src https: 'unsafe-inline' blob:; style-src 'self' https: 'unsafe-inline'; object-src 'none'; connect-src 'self' https: wss: 4 frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.launcher.williamhill.com *.launcher.williamhill.local 4 frame-ancestors 'self' http://dev.hop.it/ https://www.spikenow.com/ https://spikenow.com/ 4 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.lcmchealth.org 4 default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net geoid.investisdigital.com www.google-analytics.com *.doubleclick.net bam.nr-data.net cookiemanager.investisdigital.com www.googletagmanager.com www.iff.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com *.investisdigital.com player.vimeo.com geoid.investisdigital.com cdn.rawgit.com www.recaptcha.net *.googletagmanager.com www.iff.com snap.licdn.com https://consent.trustarc.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com geoid.investisdigital.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com www.iff.com www.instagram.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com ir.iff.com www.facebook.com https://consent-pref.trustarc.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com https://consent.trustarc.com; connect-src house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.media.brightcove.com edge.api.brightcove.com 'self' 'unsafe-inline' bam.nr-data.net www.google-analytics.com iff-corp-rev.pid2-e1.investis.com stats.g.doubleclick.net cookiemanager.investisdigital.com www.iff.com geoid.investisdigital.com cdn.linkedin.oribi.io https://www.facebook.com 4 frame-ancestors 'self' https://business.fundingsocieties.com 4 frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 4 frame-src api.xprt.com *.api.xprt.com extension.xprt.com *.extension.xprt.com xprt.com *.xprt.com energy-xprt.com *.energy-xprt.com agriculture-xprt.com *.agriculture-xprt.com environmental-expert.com *.environmental-expert.com *.medical-xprt.com medical-xprt.com google.com *.google.com google.es *.google.es ubembed.com *.ubembed.com braintreegateway.com *.braintreegateway.com braintree-api.com *.braintree-api.com newrelic.com *.newrelic.com *.gstatic.com *.googlesyndication.com *.googlesyndication.com iperceptions.com *.iperceptions.com doubleclick.net *.doubleclick.net vimeo.com *.vimeo.com youtube.com *.youtube.com placeholder.com *.placeholder.com dailymotion.com *.dailymotion.com d20854696ijsuu.cloudfront.net *.d20854696ijsuu.cloudfront.net d3c0q80nmylf81.cloudfront.net *.d3c0q80nmylf81.cloudfront.net d3pcsg2wjq9izr.cloudfront.net *.d3pcsg2wjq9izr.cloudfront.net dpjzd8xd615dp.cloudfront.net *.dpjzd8xd615dp.cloudfront.net adservice.google.com *.adservice.google.com cardinalcommerce.com *.cardinalcommerce.com paypal.com *.paypal.com *.d35rpq4gusjz9h.cloudfront.net d35rpq4gusjz9h.cloudfront.net americanexpress.com *.americanexpress.com; frame-ancestors 'self' *.environmental-expert.com *.xprt.com *.agriculture-xprt.com *.energy-xprt.com *.medical-xprt.com environmental-expert.com xprt.com agriculture-xprt.com energy-xprt.com medical-xprt.com 4 frame-ancestors https://www.cwtanalytiqs.com https://int.cwtanalytiqs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.cookielaw.org https://cdnjs.cloudflare.com service.maxymiser.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://img04.en25.com https://connect.facebook.net https://fonts.googleapis.com https://s.ytimg.com https://content.mycwt.com https://content-d.mycwt.com https://www.google-analytics.com https://bugcrowd.com https://assets.bugcrowdusercontent.com https://geolocation.onetrust.com https://www.youtube.com img04.en25.com/i/elqCfg.min.js https://s.go-mpulse.net siteimproveanalytics.com *.contentsquare.com *.infogram.com *.contentsquare.net *.adobe.com *.turtl.co *.vimeo.com *.joinsherpa.io https://snap.licdn.com https://s2068514591.t.eloqua.com https://www.buzzsprout.com; object-src 'self'; 4 child-src *.doubleclick.net *.dynad.net https://www.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.hotjar.io wss://*.hotjar.com *.pagseguro.com.br *.pagbank.com.br *.uol.com.br *.google-analytics.com wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.pagbank.uol.com.br *.pagbank.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.googletagmanager.com *.google.com.br *.googleapis.com *.gstatic.com https://www.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.pagbank.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com bat.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src bat.bing.com *.doubleclick.net *.dynad.net https://connect.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.pagbank.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.xg4ken.com *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.pagbank.uol.com.br *.pagbank.com.br *.hotjar.com *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 4 default-src 'self' *.e-point.pl *.adocean.pl *.ingbank.pl https://ing.pl https://analytics.google.com *.ing.pl *.google.com mojeing.pl; font-src 'self' *.ingbank.pl *.googleusercontent.com data: *.gstatic.com *.e-point.pl https://ing.pl https://analytics.google.com *.googleapis.com *.ing.pl *.googletagmanager.com *.google.com mojeing.pl; style-src 'self' 'unsafe-inline' code.jquery.com *.ingbank.pl *.e-point.pl *.twitter.com *.gstatic.com https://ing.pl https://analytics.google.com *.ytimg.com *.twimg.com *.googleapis.com *.ing.pl *.googletagmanager.com *.google.com mojeing.pl; img-src 'self' data: *.ggpht.com *.adocean.pl *.e-point.pl www.google.pl *.googleusercontent.com *.akamaized.net *.gstatic.com ingbankslaski.d2.sc.omtrdc.net *.domy.pl *.demdex.net *.glosdlafirm.pl https://galeria.domiporta.pl ingbankslaski.d3.sc.omtrdc.net *.ingbank.pl *.hit.gemius.pl *.google-analytics.com *.twitter.com *.doubleclick.net https://ing.pl *.cdngr.pl *.staticdomy.com.pl *.staticmorizon.com.pl *.staticoferty.net.pl https://analytics.google.com *.analytics.google.com https://ireland.apollo.olxcdn.com *.ytimg.com *.twimg.com *.googleapis.com *.ing.pl *.googletagmanager.com *.google.com *.youtube-nocookie.com mojeing.pl https://ingbsmojedev.112.2o7.net; frame-src 'self' *.tradedoubler.com *.demdex.net *.e-point.pl *.hit.gemius.pl *.ingbank.pl *.doubleclick.net https://ing.webnotarius.pl *.twitter.com https://ing.pl *.pl.ing-ad https://analytics.google.com *.ing.pl *.googletagmanager.com *.google.com *.youtube-nocookie.com mojeing.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hit.gemius.pl https://www.fbstatic-a.akamaihd.net *.ingbank.pl *.doubleclick.net code.jquery.com assets.adobedtm.com *.google-analytics.com *.googleusercontent.com ingbankslaski.d2.sc.omtrdc.net ingbankslaski.d3.sc.omtrdc.net *.gstatic.com *.demdex.net www.googleadservices.com *.twitter.com *.e-point.pl *.adocean.pl https://ing.pl https://analytics.google.com https://www.googleoptimize.com https://ireland.apollo.olxcdn.com *.ytimg.com *.twimg.com *.googleapis.com *.ing.pl *.googletagmanager.com *.google.com *.youtube-nocookie.com mojeing.pl; object-src 'self' *.ingbank.pl *.e-point.pl https://ing.pl *.ing.pl *.googletagmanager.com mojeing.pl; connect-src 'self' *.e-point.pl *.adocean.pl *.demdex.net ingbankslaski.d2.sc.omtrdc.net ingbankslaski.d3.sc.omtrdc.net *.google-analytics.com *.doubleclick.net *.ingbank.pl *.twitter.com *.hit.gemius.pl https://ing.pl https://analytics.google.com *.googleapis.com *.analytics.google.com *.ing.pl *.googletagmanager.com *.google.com mojeing.pl; frame-ancestors 'self' *.ingbank.pl *.demdex.net *.e-point.pl https://ing.pl *.ing.pl *.googletagmanager.com mojeing.pl; 4 default-src https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://gameduell.de https://gameduell.com https://gameduell.fr https://gameduell.nl https://gameduell.co.uk https://gameduell.se https://gameduell.dk https://gameduell.at https://gameduell.ca; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: asset: https://assets.gameduell.de *.google-analytics.com https://webchat.helpshift.com https://seal.digicert.com https://seal-goldengate.bbb.org https://connect.facebook.net https://www.redditstatic.com https://*.micropayment.de https://*.checkout.com 'report-sample'; img-src 'self' data: https://mein.gameduell.de https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca blob: https://assets.gameduell.de https://media.gameduell.de https://seal.digicert.com https://d2duuy9yo5pldo.cloudfront.net https://www.facebook.com https://alb.reddit.com 'report-sample'; style-src 'self' 'unsafe-inline' https://assets.gameduell.de https://seal-blue.bbb.org; object-src 'self' https://*.gameduell.de https://assets.gameduell.de; connect-src 'self' wss://*.gameduell.de wss://my.gameduell.com wss://mon.gameduell.fr wss://mijn.gameduell.nl wss://www.gameduell.de wss://www.gameduell.com wss://www.gameduell.fr wss://www.gameduell.nl wss://www.gameduell.co.uk wss://www.gameduell.se wss://www.gameduell.dk wss://www.gameduell.at wss://www.gameduell.ca https://*.gameduell.de blob: https://assets.gameduell.de https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://perf-events.cloud.unity3d.com https://*.checkout.com https://*.boku.com; form-action 'self' https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca 'report-sample'; child-src 'self' blob: https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com; font-src 'self' data: blob: https://assets.gameduell.de https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com https://orange.w-ha.com https://3dsecure-vrp.de; worker-src 'self' blob:; media-src 'self' data: https://assets.gameduell.de; frame-ancestors 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://admintool.gameduell.de; base-uri 'self' https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca; manifest-src blob: 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca; report-uri /gd/rest/jslog/csp 4 object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob:; base-uri https: http: 4 style-src https: 'unsafe-inline' 4 default-src 'self' *.gstatic.com 'unsafe-inline'; img-src 'self' www.gstatic.com *.recaptcha.net; script-src *.gstatic.com *.recaptcha.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *.recaptcha.net 'self'; 4 allow 'self'; 4 frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';frame-src * mailto: data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.acaa-cmps.com *.dbedirectory.com *.uhsvendors.com *.mdbecert.com *.mwdbe.com *.traviscountyhub.com *.civilrightsystem.com *.gob2g.com *.mwdsbe.com *.mwsbe.com *.sbeda.com *.thesupplierclearinghouse.com *.smwbe.com *.diversitycomplance.com *.civilrightsconnect.com *.b2gnow.com *.newnycontracts.com *.diversitysystem.com *.dbesystem.com *.civilrightsconnect.dot.gov *.sbdbe.com *.sctrca.org *.civilrightsconnect.dot.gov *.webnclink.org *.vendorreg.com *.txdotcms.com *.diversitysoftware.com *.sbecompliance.com; 4 default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com code.jquery.com *.cloudinary.com cdn.cookielaw.org pr.globenewswire.com *.trustpilot.com api.stockdio.com t2mstatus.com *.microsoft.com *.leadinfo.net *.bcebos.com *.baidu.com *.twitter.com *.ads-twitter.com snap.licdn.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com mktdplp102cdn.azureedge.net *.google-analytics.com *.youtube.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ *.en25.com *.msecnd.net *.cloudflare.com *.googletagmanager.com *.hms-networks.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.googleapis.cn pr.globenewswire.com *.fontawesome.com *.windows.net ewonsupport.biz *.ewonsupport.biz api.stockdio.com t2mstatus.com *.microsoft.com *.hms-networks.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.cloudflare.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png platform.twitter.com/css/ *.twimg.com data: blob: img.youtube.com hms-networks.com *.hms-networks.com *.intesis.com *.ixxat.com *.ewon.biz *.anybus.com *.sitefinity.cloud *.livechat-static.com *.livechat-files.com *.livechatinc.com *.cloudinary.com *.dynamics.com *.windows.net *.cookielaw.org pr.globenewswire.com ml-eu.globenewswire.com https://p.adsymptotic.com *.azurewebsites.net api.stockdio.com t2mstatus.com *.microsoft.com *.baidu.com *.google.fi *.google.com t.co *.linkedin.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com *.azureedge.net *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com *.googletagmanager.com *.wistia.net *.hms-networks-data.com *.zdusercontent.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: fonts.gstatic.cn *.googleapis.cn cdnjs.cloudflare.com pr.globenewswire.com *.windows.net *.fontawesome.com api.stockdio.com t2mstatus.com *.microsoft.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com; frame-src 'self' *.dynamics.com *.livechatinc.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com api.stockdio.com *.intesis.com www.google.com www.bihl-wiedemann.de pr.globenewswire.com *.trustpilot.com t2mstatus.com *.microsoft.com *.leadinfo.net *.bcebos.com *.baidu.com *.twitter.com *.ads-twitter.com snap.licdn.com *.azureedge.net *.google-analytics.com *.youtube.com cdn.insight.sitefinity.com https://dec.azureedge.net/ *.en25.com *.msecnd.net *.googletagmanager.com *.hms-networks.com *.wistia.net *.hms-networks-data.com *.swwtech.cn *.zendesk.com *.zdusercontent.com *.qq.com *.youku.com hms.neckarfreunde.net *.jacando.io web-chat.nativechat.com; connect-src 'self' accounts.google.com cdn.linkedin.oribi.io cdnjs.cloudflare.com *.cloudinary.com *.onetrust.com cdn.cookielaw.org pr.globenewswire.com *.windows.net *.dynamics.com api.stockdio.com t2mstatus.com *.microsoft.com *.leadinfo.net *.leadinfo.com *.baidu.com stats.g.doubleclick.net https://*.insight.sitefinity.com *.visualstudio.com *.google-analytics.com *.hms-networks.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn; media-src 'self' data: blob: *.cloudinary.com pr.globenewswire.com ml-eu.globenewswire.com t2mstatus.com api.stockdio.com *.hms-networks.com *.azureedge.net *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com console.cloudinary.com cloudinary.com blob: *.youku.com pr.globenewswire.com *.trustpilot.com hms.neckarfreunde.net *.bihl-wiedemann.de *.jacando.io api.stockdio.com t2mstatus.com *.microsoft.com *.qq.com *.intesis.com *.dynamics.com *.google.com *.youtube-nocookie.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn media.hms-networks.com 'self' web-chat.nativechat.com; frame-ancestors 'self' *.bihl-wiedemann.de *.hms-networks-data.com hms-stg.sitefinity.cloud *.hms-networks.com hms-local.sitefinity.cloud *.zendesk.com *.zdusercontent.com 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org urldefense.com *.samlassertion *.gstatic.com *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.urldefense.com *.googleapis.com; report-uri /report-csp-violation 4 frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net *.google-analytics.com *.analytics.google.com 4 font-src 'self' *.littleforest.co.uk fonts.gstatic.com cdn.jsdelivr.net fonts.googleapis.com data: 4 object-src 'none'; block-all-mixed-content; upgrade-insecure-requests; 4 frame-ancestors 'self' https://www.quironsalud.es https://betaweb.quironsalud.es https://intranetfjd.idc.local https://olympia.quironsalud.com https://olympia.quironsalud.es https://overweightinstitute.fjd.es https://pacientes.healthdiagnostic.es https://rare-genomics.com https://www.cirujanosdelcorazon.es https://www.clinicadelpilar.org https://www.clinicavalles.com https://www.cuidamosdelamujer.es https://www.diverhospital.es https://www.e-quironsalud.com https://www.fjd.es https://www.fundacionquironsalud.org https://www.hgc.es https://www.hgvillalba.es https://www.hope-documental.es https://www.hospitalinfantaelena.es https://www.hospitalpublicocolladovillalba.es https://www.hospitalreyjuancarlos.es https://www.hscor.com https://www.idcsaludenfermeria.es https://www.idcsalud.es https://www.jornadaspbp.es https://www.lungscreen.eu https://www.oncohealth.eu https://www.porquesabeselegir.es https://www.quironsalud.com https://www.quironsalud-hospitals.com https://www.rare-genomics.com https://www.recetaenergia.es https://www.redneurosalud.es https://www.ruber.es https://www.ruberinternacional.es https://www.teknonbarcelona.com https://www.teknonbarcelona.it https://www.teknonbarcelona.ru https://www.teknon.es https://www.tucanaldesalud.es 4 default-src 'self' https:; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src https:; worker-src blob: 4 frame-src 'self' 4 default-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: *.brightcove.com *.cloudfront.net *.doubleclick.net *.google.com *.facebook.com forms.hsforms.com app.hubspot.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://forms.hubspot.com www.connectidfeed.com otp.tools.investis.com irs.tools.investis.com https://www.youtube.com/ https://youtu.be/ https://www.youtube.com/iframe_api *.investisapi.com investisapi.com *.posthog.com wec-assets.terminus.services; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.convertexperiments.com *.hsforms.net *.jsdelivr.net *.googletagmanager.com *.connectid.cloud *.investis.com *.jquery.com *.cloudflare.com *.googleusercontent.com *.cloudfront.net *.hsforms.com *.facebook.net *.licdn.com *.google-analytics.com *.googleadservices.com *.investisdigital.com *.doubleclick.net *.lfeeder.com *.investis.com blob: data: *.hs-scripts.com *.google.com *.gstatic.com *.googleapis.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hs-banner.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud unpkg.com tools.luckyorange.com *.investisapi.com investisapi.com *.posthog.com wec-assets.terminus.services; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.googleusercontent.com *.investis.com *.cloudfront.net ; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.investisdigital.com *.connectid.cloud *.investis.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.cloudfront.net *.brightcove.com *.lfeeder.com *.adsymptotic.com *.google-analytics.com *.hsforms.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hubspot.com brightcove.hs.llnwd.net cf-images.eu-west-1.prod.boltdns.net *.wpengine.com https://exceptions.hs-embed-reporting.com wec-assets.terminus.services match.adsrvr.org; font-src 'self' *.cloudfront.net *.googleusercontent.com *.gstatic.com; connect-src 'self' *.amazonaws.com *.brightcove.com *.luckyorange.net *.linkedin.com *.google-analytics.com *.investis.com *.doubleclick.net *.googleapis.com wss://*.visitors.live wss://visitors.live *.investisdigital.com *.hubspot.com *.hubapi.com forms.hsforms.com www.facebook.com api.luckyorange.com matomo-prod.connectid.cloud settings.luckyorange.com wss://mqtt.luckyorange.com/mqtt public-auth-dot-lucky-orange.appspot-preview.com api-preview.luckyorange.com wss://realtime.luckyorange.com app.posthog.com cdn.linkedin.oribi.io analytics.google.com; report-uri /report-csp-violation 4 default-src 'self' https://www.all-connect.net; img-src 'self' data: https://s.w.org https://ps.w.org; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; worker-src 'self' https://www.all-connect.net; frame-ancestors 'self' 4 frame-ancestors https://app.storyblok.com/ 4 default-src 'self'; img-src 'self' data: https://fonts.gstatic.com https://secure.gravatar.com https://*.libsyn.com https://*.internetstiftelsen.se https://internetstiftelsen.se https://s3-eu-north-1.amazonaws.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.internetstiftelsen.se https://graphtool.internetstiftelsen.se https://privacyportal-eu-cdn.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.lordicon.com https://*.readspeaker.com https://www.youtube.com https://connect.facebook.net; font-src 'self' data: https://fonts.gstatic.com https://*.internetstiftelsen.se; style-src 'self' 'unsafe-inline' https://*.internetstiftelsen.se https://www.googletagmanager.com https://fonts.googleapis.com; manifest-src 'self' https://*.internetstiftelsen.se; connect-src 'self' https://static.internetstiftelsen.se https://www.facebook.com https://region1.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com https://cdn.lordicon.com https://*.bugsnag.com https://*.readspeaker.com https://yoast.com; frame-src 'self' https://www.google.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://*.libsyn.com; media-src 'self' https://*.libsyn.com 4 default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; frame-src 'self' data: https://web.powerva.microsoft.com https://www.youtube.com https://player.vimeo.com https://vimeo.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com; 4 frame-ancestors 'self' shopmetrics.com *.shopmetrics.com gigspot.com *.gigspot.com *.velocity.online; object-src 'self'; report-uri https://training89.shopmetrics.com/CSPEndpoint.aspx; report-to default; 4 script-src * 'self' 'unsafe-inline' 'unsafe-eval' 4 object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 4 require-sri-for script style 4 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src data: 'self' https://*.kiavi.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hsappstatic.net https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://bat.bing.com https://d.adroll.com https://f.hubspotusercontent20.net https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://sp.analytics.yahoo.com https://www.facebook.com; upgrade-insecure-requests 4 upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none' 4 default-src 'self' *.vanheusenindia.com *.yellowmessenger.com *.trendin.com *.abfrl.net *.abfrl.in *.paytm *.louisphilippe.com *.peterengland.com *.allensolly.com *.gstatic.com data:; img-src * 'self' https://*.akstat.io vanhuesenindia.imgix.net blob: data:;script-src 'self' *.google.com pantaloons.imgix.net tr.snapchat.com *.yellowmessenger.com in1.clevertap-prod.com https://*.go-mpulse.net trc.taboola.com rtb-global.com webtrafficsource.com i.l-dsp.inmobicdn.net cdn.taboola.com go-mpulse.net sc-static.net sdk.rsut.io router.paytm.in stage-router.paytm.in securegw-stage.paytm.in *.paytm.com *.paytm.in *.amazonaws.com *.wizrocket.com *.criteo.com *.criteo.net *.googleapis.com *.resu.io sdk.resu.io cdnjs.cloudflare.com *.adobedtm.com *.gstatic.com *.primeai1.org *.primeai.co.uk *.primeai3.in *.jquery.com *.facebook.net *.google.com *.googleapis.com *.cloudfront.net *.hotjar.com *.contentsquare.net *.google-analytics.com *.bing.com *.streamoid.com *.googleadservices.com *.abfrl.in *.abfrl.net *.trendin.com *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com google.com *.googletagmanager.com *.usersnap.com *.clevertap.com *.adobedtm.com *.wzrkt.com 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.crazyegg.com; connect-src 'self' widget.usersnap.com tr.snapchat.com wss://cloud.yellow.ai *.yellow.ai *.paytm.in *.akamaihd.net wss://stage-router.paytm.in wss://router.paytm.in wss://securegw-stage.paytm.in wss://securegw.paytm.in *.taboola.com wss://websoc.resu.io http://abfrl.com/ *.google.com *.google.co.in *.criteo.com rtb-global.com webtrafficsource.com https://*.akstat.io https://*.go-mpulse.net cdn.taboola.com *.adobedc.net in1.wzrkt.com apis.google.com *.googletagmanager.com *.abfrl.in *.abfrl.net *.trendin.com assets.trendin.com assets.abfrlcdn.com use.typekit.net *.gstatic.com *.facebook.com pantaloons.imgix.net bat.bing.com *.hotjar.io geolocation-db.com *.hotjar.com *.googleapis.com *.primeai.co.uk *.primeai1.org *.primeai3.in http://recs.richrelevance.com/* http://recs.richrelevance.com *.richrelevance.com *.amazonaws.com *.wizrocket.com adityabirlafashion.sc.omtrdc.net *.google-analytics.com *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com *.doubleclick.net *.demdex.net *.adobeaemcloud.com nodeserver.sdk.streamoid.com *.elastic-cloud.com *.crazyegg.com sdk.resu.io cdnjs.cloudflare.com *.clickpost.in; style-src 'self' 'unsafe-inline' *.google.com accounts.google.com *.abfrl.in *.abfrl.net *.yellowmessenger.com *.paytm.in *.trendin.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.streamoid.com *.googleapis.com nodeserver.sdk.streamoid.com *.typekit.net; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobeaemcloud.com *.typekit.net *.abfrl.in *.abfrl.net *.trendin.com *.elastic-cloud.com *.scene7.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' tr.snapchat.com *.paytm.in afftracer.g2afse.com static.criteo.net *.amazon-adsystem.com *.criteo.com *.amazonaws.com *.wizrocket.com *.facebook.com accounts.google.com *.doubleclick.net *.demdex.net *.hotjar.com *.abfrl.in *.abfrl.net *.trendin.com *.youtube.com; child-src pantaloons.imgix.net *.googleapis.com; worker-src localhost:3000 blob: *.vanheusenindia.com *.abfrl.in *.abfrl.net *.louisphilippe.com *.peterengland.com *.allensolly.com; prefetch-src *.googleapis.com *.abfrl.in assets.abfrlcdn.com imagescdn.abfrl.in connect.facebook.net cdn.yellowmessenger.com script.crazyegg.com 4 frame-ancestors https://*.netinfo.bg/ 4 default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; connect-src * data: blob: 'unsafe-inline' 'report-sample'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' assurance.com *.assurance.com assurance.dev *.assurance.dev ; worker-src 'self' data: blob: cdn.trustedform.com; object-src 'self' ftp-assurance.s3.amazonaws.com; report-uri https://60ede17b9dc1b52ae71f0257.endpoint.csper.io?v=10; 4 default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.nakanohito.jp *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org *.ddev.site *.friendlycaptcha.com cdn.jsdelivr.net data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com *.hcaptcha.com; frame-ancestors 'self' https://*.wibu.com at.alicdn.com; worker-src blob:; 4 frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl itesco.sk 4 default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; img-src 'self' editor.ne16.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; report-uri /Reports/LogCspError.ashx; 4 base-uri 'self';frame-ancestors 'self';frame-src *;object-src 'none'; 4 frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 4 default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://statistikk.fnsp.no/ https://web-sdk-eu.aptrinsic.com/ https://code.jquery.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ https://cdn.tiny.cloud https://js.monitor.azure.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://web-sdk-eu.aptrinsic.com/ https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net/; font-src 'self' data: https://fonts.gstatic.com/ https://dhm5hy2vn8l0l.cloudfront.net/ https://web-sdk-eu.aptrinsic.com/ https://esp-eu.aptrinsic.com/; img-src 'self' data: https://www.ahus.no/ https://ahus.no https://www.betanienhospital.no/ https://betanienhospital.no/ https://www.betaniensykehus.no https://betaniensykehus.no https://www.diakonhjemmetsykehus.no https://diakonhjemmetsykehus.no https://fellesinnhold.hn.nhn.no/ https://www.finnmarkssykehuset.no https://finnmarkssykehuset.no https://www.haraldsplass.no/ https://haraldsplass.no/ https://www.hsr.as https://hsr.as https://www.helgelandssykehuset.no https://helgelandssykehuset.no https://www.helse-bergen.no https://helse-bergen.no https://www.helse-fonna.no https://helse-fonna.no https://www.helse-forde.no https://helse-forde.no https://www.helse-midt.no https://helse-midt.no https://www.helse-mr.no https://helse-mr.no https://www.helsenordikt.no https://helsenordikt.no https://www.helse-nord.no https://helse-nord.no https://www.hnt.no https://hnt.no https://www.helse-sorost.no https://helse-sorost.no https://www.helse-stavanger.no https://helse-stavanger.no https://www.helse-vest-ikt.no https://helse-vest-ikt.no https://www.helse-vest.no https://helse-vest.no https://www.helseplattformen.no https://helseplattformen.no https://www.hdo.no/ https://hdo.no/ https://www.hemit.no https://hemit.no https://www.lovisenbergsykehus.no https://lovisenbergsykehus.no https://www.luftambulanse.no https://luftambulanse.no https://www.martinahansen.no/ https://martinahansen.no/ https://www.jdps.no/ https://jdps.no/ https://www.olaviken.no https://olaviken.no https://www.nordlandssykehuset.no https://nordlandssykehuset.no https://www.nortrials.no/ https://nortrials.no/ https://www.nyemetoder.no/ https://nyemetoder.no/ https://www.oslo-universitetssykehus.no https://oslo-universitetssykehus.no https://www.pasientreiser.no https://pasientreiser.no https://www.revmatismesykehuset.no/ https://revmatismesykehuset.no/ https://www.saman.no https://saman.no https://www.sjukehusapoteka-vest.no https://sjukehusapoteka-vest.no https://www.solli.no https://solli.no https://www.sshf.no/ https://sshf.no/ https://www.spesialisthelsetjenesten.no https://spesialisthelsetjenesten.no https://www.stolav.no https://stolav.no https://www.sunnaas.no/ https://sunnaas.no/ https://www.sykehusapotekene.no https://sykehusapotekene.no https://www.sykehusapotek-nord.no https://sykehusapotek-nord.no https://www.sykehusapoteket.no https://sykehusapoteket.no https://www.sykehusbygg.no https://sykehusbygg.no https://www.sykehuset-ostfold.no https://sykehuset-ostfold.no https://siv.no/ https://www.siv.no/ https://www.sykehuset-innlandet.no https://sykehuset-innlandet.no https://www.sykehusinnkjop.no https://sykehusinnkjop.no https://www.sykehuspartner.no https://sykehuspartner.no https://www.unn.no https://unn.no https://www.vestreviken.no https://vestreviken.no https://bjorkeli.no https://www.bjorkeli.no https://sp.tinymce.com; connect-src 'self' https://esp-eu.aptrinsic.com/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://pui.episerver.net/ https://dc.services.visualstudio.com/; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://fellesinnhold.fnsp.nhn.no; frame-ancestors 'self'; 4 : upgrade-insecure-requests 4 frame-ancestors 'self' https://betterhearing.lightning.force.com https://betterhearing--staging.sandbox.lightning.force.com; 4 frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com 4 frame-ancestors app.storyblok.com 4 default-src 'self' data: ; child-src 'self' blob: ; img-src * data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.contactoffice.com https://remote.captcha.com https://hcaptcha.com https://*.hcaptcha.com blob: ; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com ; base-uri 'none' ; font-src 'self' data: ; form-action 'self' ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com blob: ; frame-ancestors 'self' ; connect-src 'self' https://xmpp.contactoffice.com https://hcaptcha.com https://*.hcaptcha.com https://blockchain.info https://api.coinlayer.com https://api.friendlycaptcha.com ; 4 upgrade-insecure-requests;block-all-mixed-content; 4 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; 4 frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 4 default-src 'self' https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.googlesyndication.com/ https://www.tntv.pf; media-src 'self' blob: https://ooyalaeuwest.streaming.mediaservices.windows.net https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://manifest.prod.boltdns.net https://*.2mdn.net/ https://*.gvt1.com/ https://www.tntv.pf https://*.youtube.com https://*.dailymotion.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.opta.net https://*.privacy-center.org https://js-cdn.dynatrace.com https://story.tl https://widget.ausha.co https://az416426.vo.msecnd.net https://vjs.zencdn.net https://acdn.adnxs.com https://s0.2mdn.net https://cdn.ampproject.org https://cdn.syndication.twimg.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagservices.com https://*.google.fr https://*.googlesyndication.com https://*.googleapis.com https://*.doubleclick.net https://players.brightcove.net https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.youtube.com https://*.dailymotion.com; style-src 'self' 'unsafe-inline' https://*.opta.net https://*.ausha.co https://story.tl https://use.fontawesome.com https://players.brightcove.net https://*.googleapis.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://*.twitter.com https://*.youtube.com https://*.dailymotion.com https://*.instagram.com; child-src 'self' blob: https://*.myligue.fr https://cartemercatoligue1.com https://www.cartemercatoligue1.com https://story.tl https://*.sporcle.com https://*.ausha.co https://*.global-mmk.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://players.brightcove.net https://*.twitter.com https://*.facebook.com https://*.youtube.com https://*.dailymotion.com https://*.instagram.com https://*.linkedin.com https://*.spotify.com; img-src 'self' data: https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://lspcridevglcdn.azureedge.net https://lspemeintglcdn.azureedge.net https://lspsapuatglcdn.azureedge.net https://lsprubpreglcdn.azureedge.net https://lspisphereglcdn.azureedge.net https://lspprdglcdn.azureedge.net https://lfpimageproxy.azureedge.net https://cf-images.us-east-1.prod.boltdns.net https://cf-images.eu-west-1.prod.boltdns.net https://*.google.com https://*.google.fr https://*.googlesyndication.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://play-lh.googleusercontent.com https://*.doubleclick.net https://secure-cf-c.ooyala.com https://publish.lfpstg.ooflex.net https://metrics.brightcove.com https://*.opta.net https://*.privacy-center.org https://story.tl https://widget.ausha.co https://*.twitter.com/ https://*.instagram.com https://*.facebook.com https://*.youtube.com https://*.dailymotion.com https://*.twimg.com https://ib.adnxs.com; connect-src 'self' https://*.doubleclick.net https://*.google-analytics.com https://dc.services.visualstudio.com https://licensing.bitmovin.com https://*.mediaservices.windows.net https://csi.gstatic.com https://edge.api.brightcove.com https://manifest.prod.boltdns.net https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://bcbolt446c5271-a.akamaihd.net https://*.googlesyndication.com https://*.privacy-center.org https://bf03397sci.bf.dynatrace.com; frame-ancestors 'self' https://*.myligue.fr; 4 default-src 'self'; connect-src * data: 'unsafe-inline'; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; 4 frame-ancestors 'self' https://*.moody.edu 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com; 4 frame-src 'self' *.microfocus.com *.ubembed.com https://12964123.fls.doubleclick.net/ https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://app.vwo.com https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/ http://demo.havendemo.com/ https://open.spotify.com https://player.vimeo.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 4 frame-ancestors https://*.fw1.biz https://*.freewebstore.org https://*.freewebstore.com https://*.ridge.pro http://127.0.0.1:55779 http://localhost:55779; 4 default-src 'self' *.sysnet.ie *.sysnetgs.com player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.boldchat.com; connect-src 'self' assurance.sysnetgs.com *.boldchat.com www.google-analytics.com *.demdex.net; img-src 'self' data: us01-prod-sair-static-assets.s3.amazonaws.com eu01-prod-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-itops-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-bau-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-devops-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-dev-sair-static-assets.s3-eu-west-1.amazonaws.com adservice.google.com images.boldchat.com *.sysnet.ie www.google-analytics.com *.demdex.net ad.doubleclick.net stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fonts.net; font-src 'self' data: fonts.gstatic.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' iscan: data: blob: *.sysnetgs.com *.vimeo.com *.boldchat.com; 4 default-src 'self'; style-src 'self' 'unsafe-inline' 4 upgrade-insecure-requests; object-src 'none'; frame-ancestors 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://i.checkmybus.com https://cdn.priv.center https://www.googleanalytics.com https://www.google-analytics.com https://*.googleoptimize.com https://optimize.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.bstatic.com https://*.services.visualstudio.com https://script.crazyegg.com https://*.msecnd.net https://cdn.jsdelivr.net https://maps.googleapis.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://adservice.google.de https://script.crazyegg.com https://tpc.googlesyndication.com https://*.google.com https://*.gstatic.com https://www.googleadservices.com https://*.clicktripz.com https://cdn.ampproject.org https://*.facebook.net https://*.fontawesome.com https://*.clicktripz.com; style-src 'self' 'unsafe-inline' https://i.checkmybus.com https://fonts.googleapis.com https://*.fontawesome.com https://*.googletagmanager.com https://*.googleoptimize.com https://optimize.google.com; frame-src 'self' https://*.googleoptimize.com https://optimize.google.com https://*.googletagmanager.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.booking.com https://*.bstatic.com https://cdnjs.cloudflare.com https://*.gstatic.com https://*.google.com https://*.youtube.com/ https://*.facebook.com https://*.msecnd.net https://*.services.visualstudio.com; worker-src 'self' blob: 'unsafe-eval' 'unsafe-inline' www.checkmybus.com; form-action 'self' www.checkmybus.com.ar www.checkmybus.com.br https://blog.checkmybus.com.br www.checkmybus.cz www.checkmybus.cl www.checkmybus.co www.checkmybus.de https://blog.checkmybus.de www.checkmybus.co.uk https://blog.checkmybus.co.uk www.checkmybus.com https://blog.checkmybus.com www.checkmybus.es https://blog.checkmybus.es www.checkmybus.fr https://blog.checkmybus.fr www.checkmybus.hr www.checkmybus.it https://blog.checkmybus.it www.checkmybus.my www.checkmybus.com.mx www.checkmybus.nl www.checkmybus.at www.checkmybus.pe www.checkmybus.pl https://blog.checkmybus.pl www.checkmybus.pt www.checkmybus.ch www.checkmybus.com.tr; base-uri 'self' i.checkmybus.com 4 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none';frame-ancestors 'none' 4 default-src: 'self'; 4 default-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.googletagmanager.com www.googleadservices.com snap.licdn.com/li.lms-analytics/insight.min.js js.hs-scripts.com/4398552.js googleads.g.doubleclick.net/pagead/; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob: android-webview-video-poster: px.ads.linkedin.com www.googletagmanager.com; media-src 'self' https: monkapps.com; frame-src 'self' https: www.youtube.com; frame-ancestors 'self'; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: cdn.cookielaw.org www.googleadservices.com www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ www.google-analytics.com/g/collect; manifest-src 'self'; script-src-elem 'self' https: 'unsafe-inline' www.googletagmanager.com www.googleadservices.com; report-uri https://sentry.nadapada.net/api/125/security/?sentry_key=b569db56805c4e5f98879e39f0fc3053 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 4 frame-ancestors 'self' *.windy.com:* 4 frame-ancestors 'self' *.gestionradioqc.com *.cogecolive.com;upgrade-insecure-requests 4 frame-ancestors https://*.cisin.com https://*.developers.dev https://*.esignly.com https://*.idea2app.dev https://*.coders.dev; 4 default-src https://faelix.net; img-src https://faelix.net https://faelix.net/static/ https://analytics.faelix.link https://platform.twitter.com https://syndication.twitter.com; script-src https://faelix.net/static/javascripts/ https://faelix.net/elasticlunr.min.js https://faelix.net/search_index.en.js https://analytics.faelix.link https://platform.twitter.com/widgets.js https://unpkg.com/website-carbon-badges@1.1.3/b.min.js 'unsafe-eval' 'unsafe-inline'; connect-src https://fulcrm.email/webform/1/5/faelix.net/website-enquiry/contact/person.name/person.email/email/8r7lurl0u31535mccf86l0r341l650f3 https://api.websitecarbon.com/b https://analytics.faelix.link; frame-src https://platform.twitter.com https://grafana.faelix.net https://youtu.be https://www.youtube.com; font-src https://faelix.net; style-src 'unsafe-inline' https://faelix.net/static/css/ https://faelix.net/static/main.css https://faelix.net/static/webfonts.css https://faelix.net/static/stylesheets/ https://faelix.net/static/iconoir/ 4 frame-ancestors 'self'; upgrade-insecure-requests; frame-src 'self' *.demdex.net consent.cookiebot.com consentcdn.cookiebot.com *.youtube.com *.infrontfinance.com; connect-src 'self' *.demdex.net cm.everesttech.net assets.adobedtm.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net; img-src 'self' *.demdex.net cm.everesttech.net assets.adobedtm.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net data:; script-src *.infrontfinance.com *.infront.co *.adobeaemcloud.com documentcloud.adobe.com *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.google-analytics.com dqm.crownpeak.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net 'self' 'unsafe-eval' 'unsafe-inline'; 4 default-src 'self' ; base-uri 'self' ; frame-ancestors 'self' ; form-action 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://info.viterra.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pi.pardot.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com/ ; connect-src 'self' https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://mobilews.viterra.com.au/api/ https://priceapi.viterra.com.au/api/ https://www.google-analytics.com/ https://region1.google-analytics.com/ https://stats.g.doubleclick.net/ ; img-src * 'self' data: https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ ; frame-src 'self' https://www.youtube.com/ https://www.googletagmanager.com/ https://www.google.com/ https://pr.globenewswire.com/ ; child-src 'self' https://www.youtube.com/ https://www.googletagmanager.com/ https://www.google.com/ https://pr.globenewswire.com/ ; 4 default-src * ; img-src * 'self' data: blob: mediastream: https: 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' 'unsafe-eval' 'self' data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' 'unsafe-eval'; 4 default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 4 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self' https://*.ci360.sas.com; 4 frame-ancestors 'self' https://content.amplience.net; 4 default-src 'self';style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://design-system.webprod.eberry.digital https://static.webprod.eberry.digital https://static-north.webprod.eberry.digital tagmanager.google.com fonts.googleapis.com api.tiles.mapbox.com https://cloud.cention.com https://inbox.proposales.com https://widget.ybug.io https://ybug.io;font-src 'self' data: https://design-system.webprod.eberry.digital https://use.typekit.net fonts.gstatic.com https://script.hotjar.com https://cloud.cention.com https://static.webprod.eberry.digital;img-src 'self' data: blob: images.ctfassets.net images.contentful.com static.webprod.eberry.digital www.google-analytics.com region1.google-analytics.com region1.analytics.google.com googleads.g.doubleclick.net www.google.com ssl.gstatic.com www.gstatic.com t.co analytics.twitter.com bat.bing.com connect.facebook.net www.facebook.com px.ads.linkedin.com www.linkedin.com www.google.se www.google.no www.google.dk www.google.fi www.google.com www.tripadvisor.se static.tacdn.com https://cloud.cention.com https://cdn.pixabay.com https://design-system.webprod.eberry.digital https://widget.ybug.io https://ybug.io https://static.webprod.eberry.digital pagead2.googlesyndication.com www.googletagmanager.com https://*.hotjar.com/;script-src 'self' 'unsafe-inline' blob: www.googletagmanager.com tagmanager.google.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com connect.facebook.net analytics.twitter.com static.ads-twitter.com bat.bing.com snap.licdn.com polyfill.io/v2/polyfill.min.js https://cdn.giftup.app/ https://js.stripe.com/v3/ api.tiles.mapbox.com https://*.hotjar.com/ https://unpkg.com/web-vitals/ static.webtest.eberry.digital https://script.hotjar.com/ https://cloud.cention.com https://bookingengine-mp.s3.eu-west-2.amazonaws.com https://widget.ybug.io https://ybug.io static.webprod.eberry.digital static-north.webprod.eberry.digital consent.cookiebot.com consentcdn.cookiebot.com pagead2.googlesyndication.com pagead2.googlesyndication.com https://www.thehotelsnetwork.com https://js.sentry-cdn.com https://static.proposales.com/embed.js https://consent.cookiebot.com http://static.criteo.net/js/ld/ld.js https://sslwidget.criteo.com/;frame-src https://www.youtube.com https://www.facebook.com https://www.google.com/recaptcha/ https://download.yourgift.cards/ https://cdn.giftup.app/ https://inbound.giftup.app/ https://js.stripe.com/ https://social.loopon.com/ https://tbs.tradedoubler.com https://vars.hotjar.com/ https://bookingengine-mp.s3.eu-west-2.amazonaws.com https://widget.ybug.io https://ybug.io pagead2.googlesyndication.com https://www.thehotelsnetwork.com https://bookingengine-mp.s3.eu-west-2.amazonaws.com https://www.thehotelsnetwork.com/ https://consentcdn.cookiebot.com https://gum.criteo.com/;media-src https://www.youtube.com https://youtu.be videos.ctfassets.net;connect-src 'self' analytics.google.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com https://inbound.giftup.app/ api.mapbox.com events.mapbox.com sgtm.nordicchoicehotels.se https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://vc.hotjar.io https://cloud.cention.com wss://cloud.cention.com https://www.facebook.com https://bat.bing.com https://cdn.linkedin.oribi.io https://widget.ybug.io https://ybug.io consent.cookiebot.com consentcdn.cookiebot.com pagead2.googlesyndication.com https://www.google.com/pagead/ https://www.thehotelsnetwork.com https://js.sentry-cdn.com https://cdn.linkedin.oribi.io https://secure.proposales.com https://www.thehotelsnetwork.com/ https://consentcdn.cookiebot.com;worker-src blob:;child-src blob: 4 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 4 default-src 'self' https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://cdn.curator.io https://static.etracker.com https://www.etracker.de https://code.etracker.com;style-src 'self' 'unsafe-inline' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com https://cdn.curator.io;img-src 'self' data: https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://curator-assets.b-cdn.net https://pbs.twimg.com https://media-exp1.licdn.com https://*.fbcdn.net https://yt3.ggpht.com https://i.ytimg.com *.google.ae/ads/ *.google.al/ads/ *.google.am/ads/ *.google.at/ads/ *.google.ba/ads/ *.google.be/ads/ *.google.bg/ads/ *.google.bj/ads/ *.google.by/ads/ *.google.ca/ads/ *.google.cd/ads/ *.google.ch/ads/ *.google.cl/ads/ *.google.cn/ads/ *.google.co.id/ads/ *.google.co.il/ads/ *.google.co.in/ads/ *.google.co.jp/ads/ *.google.co.kr/ads/ *.google.co.ma/ads/ *.google.co.nz/ads/ *.google.co.th/ads/ *.google.co.uk/ads/ *.google.co.uz/ads/ *.google.co.za/ads/ *.google.com.au/ads/ *.google.com.bd/ads/ *.google.com.br/ads/ *.google.com.co/ads/ *.google.com.cy/ads/ *.google.com.ec/ads/ *.google.com.eg/ads/ *.google.com.hk/ads/ *.google.com.jm/ads/ *.google.com.lb/ads/ *.google.com.mx/ads/ *.google.com.my/ads/ *.google.com.ng/ads/ *.google.com.np/ads/ *.google.com.ph/ads/ *.google.com.pk/ads/ *.google.com.qa/ads/ *.google.com.sa/ads/ *.google.com.sg/ads/ *.google.com.tr/ads/ *.google.com.tw/ads/ *.google.com.ua/ads/ *.google.com.uy/ads/ *.google.com.vn/ads/ *.google.com/ads/ *.google.cz/ads/ *.google.de/ads/ *.google.dk/ads/ *.google.dz/ads/ *.google.es/ads/ *.google.fi/ads/ *.google.fr/ads/ *.google.gr/ads/ *.google.gy/ads/ *.google.hr/ads/ *.google.hu/ads/ *.google.ie/ads/ *.google.it/ads/ *.google.jo/ads/ *.google.li/ads/ *.google.lt/ads/ *.google.lu/ads/ *.google.lv/ads/ *.google.md/ads/ *.google.mk/ads/ *.google.mu/ads/ *.google.nl/ads/ *.google.no/ads/ *.google.pl/ads/ *.google.pt/ads/ *.google.ro/ads/ *.google.rs/ads/ *.google.ru/ads/ *.google.se/ads/ *.google.si/ads/ *.google.sk/ads/ *.google.tn/ads/;font-src 'self' https://fonts.gstatic.com https://cdn.curator.io data:;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com *.cloudfront.net https://api.curator.io https://www.etracker.de https://consentmanager.mgr.consensu.org;frame-src https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com https://e.video-cdn.net https://vimeo.com https://webcast2.promeas.com/ https://player.vimeo.com/ https://www.brn-ag.de/ https://soziale-anwendung.de/ https://www.youtube.com/embed/ https://www.youtube-nocookie.com/;media-src 'self' blob: https://curator-assets.b-cdn.net https://www.youtube.com *.cloudfront.net/jenoptik/ https://video.twimg.com;worker-src blob:;report-uri https://jeno.report-uri.com/r/d/csp/enforce 4 default-src 'self'; connect-src *; font-src 'self' data: fonts.gstatic.com *; frame-src *; img-src * blob: data:; media-src * blob:; object-src *; child-src blob:;worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4 frame-ancestors *.gallupatwork.com *.gallup.com 4 default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 4 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 4 default-src 'self' https://www-cdn01.avisonyoung.com https://api-eu1.hubspot.com https://analytics.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://www-proxy01.avisonyoung.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://optimize.google.com https://uat-ay.buildout.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com http://script.hotjar.com https://script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://buildout.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://cdn.analytics.foleon.com https://previewer.foleon.com https://optimize.google.com https://uat-ay.buildout.com https://e.infogram.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://avantanalytics.avisonyoung.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com https://ext.chtbl.com https://www.googleoptimize.com https://js-eu1.hsleadflows.net https://www.google.com https://www.gstatic.com https://js-eu1.usemessages.com https://js-eu1.hsadspixel.net https://analytics.avisonyoung.com; img-src https: data: blob:; frame-src 'self' https://buildout.com https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie https://experience.arcgis.com https://infogram.com https://optimize.google.com https://buildout-production.s3.amazonaws.com https://e.infogram.com https://vars.hotjar.com https://avantanalytics.avisonyoung.com https://*.hsforms.com https://omny.fm https://forms-eu1.hubspot.com https://app-eu1.hubspot.com https://analytics.avisonyoung.com https://player.cohostpodcasting.com; connect-src 'self' https://www-cdn01.avisonyoung.com https://www.google-analytics.com https://maps.googleapis.com/ https://widget.usersnap.com https://api.analytics.foleon.com https://api.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://web.chtbl.com https://stats.g.doubleclick.net https://forms-eu1.hubspot.com https://vimeo.com https://api-eu1.hubspot.com https://api-eu1.hubapi.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://browser.sentry-cdn.com *.azureedge.net https://client.prod.repmap.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.cookiebot.com https://www.youtube.com https://sc-static.net https://connect.facebook.net https://*.snapchat.com https://www.googleadservices.com analytics.tiktok.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https://picsum.photos https://*.picsum.photos https://*.cloudfront.net https://*.azureedge.net https://assets-eur.mkt.dynamics.com *.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleusercontent.com/docsdf https://*.snapchat.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl; media-src 'self' ; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://tourmkr.com *.svc.dynamics.com https://projects.ivorystudio.net https://open.spotify.com https://*.cookiebot.com https://docs.google.com https://*.snapchat.com; font-src 'self' data:; connect-src 'self' https://sentry.netvlies.nl *.svc.dynamics.com https://*.analytics.google.com https://*.cookiebot.com https://region1.google-analytics.com www.google-analytics.com analytics.tiktok.com stats.g.doubleclick.net https://sentry.netvlies.nl/api/106/store/ https://sentry.netvlies.nl/api/106/envelope/; report-uri /report-csp-violation 4 script-src www.anuvu.com *.equisolve.net qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' d1io3yog0oux5.cloudfront.net; font-src www.anuvu.com *.equisolve.net qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' d1io3yog0oux5.cloudfront.net 4 default-src https://*.hotjar.com https://*.hotjar.io https://proofed.com https://proofed.co.uk https://getproofed.com.au wss://*.hotjar.com https: data: 'unsafe-inline' 'unsafe-eval' 4 frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: https://api.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://libs.de.coremetrics.com https://tmscdn.de.coremetrics.com https://20779843p.rfihub.com https://analytics-static.ugc.bazaarvoice.com https://api.sovendus.com https://api.trustedshops.com https://apps-stg.nexus.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://appsapi.veinteractive.com https://ariane.abtasty.com https://bat.bing.com https://benefits.sovendus.com https://config1.veinteractive.com https://cookiee1.veinteractive.com https://datacollect6.abtasty.com https://dcinfos-cache.abtasty.com https://dcinfos.abtasty.com https://display-stg.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com https://drs2.veinteractive.com https://elk.vhwrz.net https://googleads.g.doubleclick.net https://images.baby-walz.at https://images.baby-walz.ch https://images.baby-walz.de https://insitez.blob.core.windows.net https://live.adyen.com https://magpie-static.ugc.bazaarvoice.com https://maps.googleapis.com https://maps.gstatic.com https://meya.ai https://network-eu-stg.bazaarvoice.com https://network.bazaarvoice.com https://rum.vhwrz.net https://s.kelkoogroup.net https://s.kk-resources.com https://s.ytimg.com https://s3.amazonaws.com https://sessionapi.veinteractive.com https://shops-si.trustedshops.com https://stg.api.bazaarvoice.com https://t13.intelliad.de https://t23.intelliad.de https://test.adyen.com https://trustbadge.api.etrusted.com https://try.abtasty.com https://widgets.trustedshops.com https://www.awin1.com https://www.billiger.de https://www.dwin1.com https://www.econda-monitor.de https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.sovendus.com; report-uri /walz-webservices/csp-report-collector 4 default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au usercheck.vgso.vic.gov.au cdnjs.cloudflare.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com app-script.monsido.com connect.facebook.net *.cloudfront.net media.twiliocdn.com *.youtube.com ytimg.com *.ytimg.com public.tableau.com *.openforms.com *.serving-sys.com player.vimeo.com spreadsheets.google.com cdn.storerocket.io cdn.jsdelivr.net *.mapbox.com *.googleadservices.com drive.google.com *.googleusercontent.com docs.google.com web-messenger.ingenious.ai *.smooch.io; style-src 'self' 'unsafe-inline' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au ui.chatbot.digital.vic.gov.au fonts.googleapis.com tagmanager.google.com fast.fonts.net *.openforms.com fontlibrary.org *.googletagmanager.com web-messenger.ingenious.ai *.smooch.io drwgdblqzrfiz.cloudfront.net; img-src 'self' data: blob: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au dhhs.vic.gov.au www.dhhs.vic.gov.au base.maps.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.doubleclick.net www.google.com *.google.com *.google.com.au *.hotjar.com *.hotjar.io wss://*.hotjar.com api.mapbox.com *.gstatic.com vic-bot.netlify.app secure.adnxs.com www.facebook.com i.ytimg.com www.google.com.eg www.google.com.co www.google.ie www.google.com.br www.google.co.jp www.google.gr www.google.co.za www.google.co.uk www.google.com.mx www.google.com.na www.google.it www.google.rs www.google.com.sg www.google.co.id www.googletagmanager.com www.google.com.tr www.google.com.pk www.google.nl www.google.lk www.google.hr www.google.fr www.google.com.bo www.google.com.co www.google.com.om www.google.com.ua au-gmtdmp.mookie1.com lh3.googleusercontent.com *.fastly.net cdn.storerocket.io assets.storerocket.io *.gravatar.com *.smooch.io *.ingenious.ai drwgdblqzrfiz.cloudfront.net; font-src 'self' data: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au fonts.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com fonts.gstatic.com fontlibrary.org *.smooch.io *.ingenious.ai; frame-src 'self' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au *.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com batchgeo.com www.google.com app.powerbi.com macuport.com dhhs.carto.com public.tableau.com *.libsyn.com *.soundcloud.com *.openforms.com *.serving-sys.com tour.cite360.com.au *.doubleclick.net livestream.com flo.uri.sh zingtree.com control.5stream.com e.issuu.com deakin.h5p.com padlet.com e.infogram.com fuse.education.vic.gov.au *.arcgis.com; manifest-src 'self'; media-src 'self' *.ingenious.ai; connect-src 'self' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au *.myvictoria.vic.gov.au discover.data.vic.gov.au directory.data.vic.gov.au chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au api.go.vic.gov.au *.api.go.vic.gov.au geo.mapshare.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.doubleclick.net api.ipify.org *.mapbox.com drwgdblqzrfiz.cloudfront.net iam.twilio.com tsock.us1.twilio.com flex-api.twilio.com tsock.us1.twilio.com wss://tsock.us1.twilio.com www.facebook.com www.google.com secure-ds.serving-sys.com *.fastly.net storerocket.io *.storerocket.io analytics.google.com web-messenger.ingenious.ai stat.data.abs.gov.au wss://*.smooch.io *.smooch.io *.au.ingenious.ai *.arcgis.com; frame-ancestors 'self' *.vic.gov.au; 4 frame-ancestors 'none'; report-uri https://prod-bk-csp-service.rbictg.com/csp; report-to csp-endpoint 4 default-src * 'unsafe-inline' 'unsafe-eval' data: https: 4 Content-Security-Policy-Report-Only 4 script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport 4 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 4 script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 4 default-src 'self' http: https: data: blob: wss: 'unsafe-inline'; 4 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://contents-calculator.swintonassets.uk/ https://accident-map.swintonassets.uk/ https://quiz.tryinteract.com/ https://flo.uri.sh/ https://www.youtube.com/ https://chat.atlantagroup.co.uk/ https://prod.respondselfserve.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google.co.uk https://www.google.com https://schema.org https://ict.infinity-tracking.net http://track.omguk.com https://googleleads.g.doubleclick.net https://9210165.fls.doubleclick.net https://secure.adnxs.com/px https://secure.quantserve.com/ https://rules.quantcount.com/ https://connect.facebook.net/ https://script.crazyegg.com/ https://acsbap.com/apps/ https://acsbapp.com/apps/ https://secure.servicetick.com/ https://widget.trustpilot.com https://register.feefo.com/ https://bat.bing.com/ https://script.infinity-tracking.com https://googleads.g.doubleclick.net http://ict.infinity-tracking.net http://edge.quantserve.com https://cdn-launching.servicetick.com https://cdn.jsdelivr.net https://ad.doubleclick.net http://rules.quantcount.com https://pixel.quantserve.com https://pagead2.googlesyndication.com https://ppc-v3.swintonassets.uk https://code.jquery.com https://almanac.jaywing.com https://mazda.almanac.jaywing.com https://*.civiccomputing.com https://www.clarity.ms *.hotjar.com *.helpshift.com *.defaqto.com *.spotify.com *.youtube-nocookie.com https://swintonchat.widget.custhelp.com https://dqm.crownpeak.com https://swintonchat.custhelp.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.rnengage.com 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com http://use.fontawesome.com http://fast.fonts.net https://cdn-launching.servicetick.com https://ppc-v3.swintonassets.uk *.swintonassets.uk fast.fonts.net https://optimize.google.com https://fonts.googleapis.com https://swintonchat.widget.custhelp.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://bat.bing.com https://www.google.com https://www.google.co.uk https://secure.adnxs.com https://ad.doubleclick.net https://pxl.qccerttest.com https://pixel.quantserve.com https://cm.g.doubleclick.net https://ib.adnxs.com https://us-u.openx.net https://stags.bluekai.com https://dpm.demdex.net https://idsync.rlcdn.com https://ups.analytics.yahoo.com https://dsum-sec.casalemedia.com https://ce.lijit.com https://x.bidswitch.net https://beacon.krxd.net https://rtb-csync.smartadserver.com https://sync.search.spotxchange.com https://aa.agkn.com https://e1.emxdgt.com https://sync.crwdcntrl.net https://eb2.3lift.com https://sync.1rx.io https://cs.lkqd.net https://sync.taboola.com https://quantcast.partners.tremorhub.com https://sync.teads.tv https://sync.outbrain.com https://router.infolinks.com https://www.googletagmanager.com https://cms.quantserve.com *.swintonassets.uk ad.yieldlab.net https://i.ytimg.com https://web1.acsbapp.com https://adservice.google.com https://*.entirecoverinsurance.co.uk https://script.hotjar.com https://www.hotjar.com https://www.google-analytics.com https://optimize.google.com https://track.omguk.com https://www.rnengage.com 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com https://acsbapp.com https://script.hotjar.com fast.fonts.net https://fonts.gstatic.com; frame-src https://widget.trustpilot.com https://prod.respondselfserve.com https://*.doubleclick.net https://www.youtube.com https://www.facebook.com *.hotjar.com *.defaqto.com *.spotify.com *.youtube-nocookie.com *.wirewax.com https://*.helpshift.com https://player.vimeo.com https://optimize.google.com https://datawrapper.dwcdn.net 'self' web-chat.nativechat.com; connect-src accounts.google.com 'unsafe-inline' 'unsafe-eval' *.mktoresp.com chat.atlantagroup.co.uk *.crazyegg.com cdn.acsbapp.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://ict.infinity-tracking.net https://googleads4.g.doubleclick.net *.autonetmobility.co.uk *.mackenziehodgson.co.uk *.justmotorinsurance.com *.just-motorcycleinsurance.com *.expressbikeinsurance.com *.entirecover.co.uk *.insurance.harley-davidson.uk *.carolenash.com *.carolenash.ie *.qa.carolenash.ie http://qa.carolenash.ie *.stg.carolenash.ie http://stg.carolenash.ie *.preview.carolenash.ie http://preview.carolenash.ie *.www.carolenash.ie http://www.carolenash.ie *.atlantagroup.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.swinton.co.uk http://qa.swinton.co.uk *.qa.swinton.co.uk http://stg.swinton.co.uk *.stg.swinton.co.uk http://preview.swinton.co.uk *.preview.swinton.co.uk http://www.swinton.co.uk *.www.swinton.co.uk *.insurance4carhire.com *.comparemybikeinsurance.com https://*.kdbmedicals.co.uk https://nas.lon.infinity-tracking.net https://*.civiccomputing.com https://a.clarity.ms *.swintonassets.uk *.googleadservices.com *.google.com *.hotjar.com https://vc.hotjar.io https://pixel.quantcount.com https://api.crownpeak.net https://analytics.entirecoverinsurance.co.uk https://surveystats.hotjar.io https://content.hotjar.io wss://wsp27.hotjar.com wss://ws.hotjar.com 'self' *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://player.vimeo.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-src 'self' https:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob:; frame-ancestors 'self' *.7across.travel *.7acrosstravel *.accorplusdiscovery.com *.addthis.com *.airportparking.net.au *.avctravel.com.au *.azurewebsites.net *.bzzworld.com *.bzzworldtravel.com *.clubmedaustralia.com.au *.crownclubmarketplace.com *.cruise.ovscruise.com *.cruise.wotif.com *.cruisemegastore.com.au *.cruisepilot.com.au *.dae-travel.com *.discover365.co.nz *.discover365.co.uk *.discover365.com.au *.doubleclick.net *.driveaway.com.au *.facebook.com *.favc.com *.hightide.com.au *.IAMLVC.com *.ice-cdn.com *.icecruises.com.au *.iceenterprise.com *.icevacations.com.au *.kampyle.com *.kivac.com.mx *.latitude21resorts.com *.latitudeguestservices.com *.latitudevacationclub.com *.lifestylebywyndhamlite.com *.liveaquaresidenceclub.com *.livechatinc.com *.looking4.com *.mustdotravels.com *.my241cruise.com.au *.my241rewards.com.au *.myfuturecruisecredit.com *.optimizely.com *.ourvacationcentre.com *.ourvacationcentre.com.au *.ourvacationcentre.net *.ovctour.com *.ovscruise.com *.ovsresort.com *.qvitravelsavings.com *.rci.my241cruise.com.au *.rci.travel *.re-set.mx *.re-set.travel *.saveonresorts.com *.tawk.to *.theclub365.com.au *.tourmegastore.com.au *.travelii.mx *.travelmegastore.com.au *.travelperksplus.com *.travelsavingspassport.com *.tripauthority.com *.tripsavr.com *.tripsavr2.com *.ultiqa.com.au *.ultiqaexplore.com.au *.ultiquaexplore.com.au *.windows.net *.world2go.mx *.wotif.com *.youtube.com 7across.travel accorplusdiscovery.com agentportalui-wa-dev-usw.azurewebsites.net agentportalui-wa-qa-usw.azurewebsites.net assets.cruisemail.com.au avctravel.com.au bid.g.doubleclick.net cruise.flybuystravel.com.au cruise.ovscruise.com cruise.wotif.com cruisemegastore.com.au cruisepilot.com.au dae-travel.com discover365.co.nz discover365.co.uk discover365.com.au elcidsales.latitudeguestservices.com hightide.com.au icecruises.com.au iceenterprise.com icevacations.com.au latitudevacationclub.com lifestylebywyndhamlite.com mustdotravels.com my241cruise.com.au my241rewards.com.au myfuturecruisecredit.com ourvacationcentre.com ourvacationcentre.com.au ourvacationcentre.net ovctour.com ovscruise.com rci.my241cruise.com.au rci.travel tawk.to theclub365.com.au tour.icruiserewards.com tour.thevidalifestyle.com tourmegastore.com.au tours.icruise.com tours.tourmegastore.com.au travelmegastore.com.au travelperksplus.com ukproducthub.azureedge.net ukproducthub.blob.core.windows.net ultiqa.com.au ultiqaexplore.com.au ultiquaexplore.com.au windows.net wotif.com; block-all-mixed-content; upgrade-insecure-requests; 4 default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-gAoLN6KJ0A9OafcVJMjzxNdkYgp5k6N6TAeX0LWP/FI=' 'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k=' 'sha256-h0q/wc9bqEqBhdFWnKDHIxeXP11Ajil7n/hsjm6/dqM=' 'sha256-C5rDgRHg+vqKO7WuW9xWaUgdVJbqlhnjKIbfvsKF0xE=' 'sha256-JExGmEvC7ZiVWk+GdIt3rVoPWN4W8NCmOfUKXbey7ig=' 'sha256-xVILJh0lK70lVi3RoL4ILRgU+KTxxEWHvZDNRTV6JrA=' 'sha256-Xi0aUTero+2HCGXxqbCOJfZM32R2yQ2vJ1qfEx5uB2M=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-/JfUu6Zem/6hYsbOAALYRBMS6NOtpUCjDi0RlTS/qb8=' 'sha256-2+sA5gLjooF7uql+LE1YEJtYO9VyaPgYBt1rWu41zm0=' 'sha256-0D4HtGLdTewYCOXEfwwNl9/8Dl+VhGM1tNJGkLTdgE4=' 'sha256-S9ZGnLkZ7P/9E037KPJ434vL+yLVOncfSKLiJjet2bE=' 'sha256-6fQwbrnXjDFfyddlQVIIWnIbDc2fp+SIiOI+WBxcjr4=' 'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE=' 'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k=' 'sha256-A0/707MQdpfr/tR18VnYSk7JMJoUQSBURZEJa8wF6po=' 'sha256-kvqasyXMdm/oaFYV13Vo7H+iWofPfqO92EjT+TP30wQ=' 'sha256-3ajBc/dcb/EhkUUCWwgas0KdZImxjGdF3bpG8w8YRPY=' 'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE=' maps.googleapis.com px.ads.linkedin.com p.adsymptotic.com snap.licdn.com www.google-analytics.com player.vimeo.com extend.vimeocdn.com *.archgroup.com www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' maps.googleapis.com px.ads.linkedin.com p.adsymptotic.com snap.licdn.com www.google-analytics.com player.vimeo.com extend.vimeocdn.com www.archgroup.com www.googletagmanager.com platform.twitter.com; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com *.googletagmanager.com fonts.gstatic.com; frame-src *.archgroup.com www.podbean.com www.youtube.com www.google.com *.icims.com player.vimeo.com *.twitter.com; img-src 'self' data: www.archgroup.com archgroup.com ps.w.org p.adsymptotic.com wpengine.com dify.wpengine.com maps.gstatic.com *.googleapis.com *.ggpht.com secure.gravatar.com *.linkedin.com www.google-analytics.com *.twitter.com; font-src 'self' data: *.fontawesome.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.archgroup.com insurance.archgroup.com mortgage.archgroup.com reinsurance.archgroup.com www.google-analytics.com analytics.google.com archcapital2020tf.q4web.com *.licdn.com stats.g.doubleclick.net my.wpengine.com yoast.com api.redirect.li cdn.linkedin.oribi.io; media-src *.archgroup.com extend.vimeocdn.com; form-action 'self'; base-uri 'self'; frame-ancestors 'self' www.slipcase.com marketplace.marsh.com; upgrade-insecure-requests ; object-src 'self'; child-src 'self'; 4 frame-ancestors 'self' https://fuse.pav.portals.swisslife.ch https://fuse.portals.swisslife.ch https://www.swisslife.ch 4 default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.christianjobs.com www.churchstaffing.com *.churchstaffing.com www.childrens-ministry-deals.com childrens-ministry-deals.com support.salemchurchproducts.com conversations.app-us1.com *.ably.io realtime.ably.io *.ably-realtime.com trackcmp.net n.clarity.ms *.stripe.com *.survicate.com youthworker.com www.youthworker.com *.app-us1.com scpmedia.activehosted.com *.braintreegateway.com *.renewedvision.com *.livechatinc.com *.livechat.com livechat.com *.stackadapt.com *.srv.stackadapt.com *.unpkg.com unpkg.com *.clarity.ms api.sermonsearch.com *.crazyegg.com *.gstatic.com lightboxapi1.azurewebsites.net lightboxapi2.azurewebsites.net lightboxapi3.azurewebsites.net *.googleadservices.com *.swncdn.com *.google.com *.bing.com *.facebook.com *.facebook.net connect.facebook.net *.google-analytics.com *.googletagmanager.com *.blueconic.net *.googleapis.com *.sitescout.com *.sermonspice.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net *.g.doubleclick.net *.kissmetrics.com *.googlesyndication.com kit-free.fontawesome.com *.fontawesome.com *.yahoo.com srv3.wa.marketingsolutions.yahoo.com flex.atdmt.com *.atdmt.com widget.freshworks.com *.freshworks.com salemchurchproducts.freshdesk.com *.freshdesk.com cdn.linkedin.oribi.io api.omappapi.com *.omappapi.com snap.licdn.com *.linkedin.com googletagservices.com *.googletagservices.com whm.attn.tv *.attn.tv events.attentivemobile *.attentivemobile.com ; script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' data: api.sermonsearch.com www.youthworker.com youthworker.com *.unpkg.com unpkg.com api.omappapi.com *.omappapi.com www.childrens-ministry-deals.com childrens-ministry-deals.com *.sitescout.com *.sermonspice.com *.gstatic.com *.lightboxcdn.com *.googleapis.com bid.g.doubleclick.net *.google.com pubads.g.doubleclick.net *.s3.amazonaws.com worshiphousemedia.s3.amazonaws.com *.google-analytics.com *.salemwebnetwork.com *.facebook.com *.facebook.net *.googlesyndication.com *; img-src 'unsafe-inline' 'unsafe-eval' data: *; frame-src 'unsafe-inline' 'unsafe-eval' data: youthworker.com www.youthworker.com www.churchstaffing.com *.churchstaffing.com www.childrens-ministry-deals.com childrens-ministry-deals.com api.sermonsearch.com *.sitescout.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net *.g.doubleclick.net *.lightboxcdn.com *.kissmetrics.com *.facebook.com *.googlesyndication.com *; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *; 4 “upgrade-insecure-requests;” 4 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://www.bern-altstadt.ch https://www.mediservice-news.ch https://rechner.soziale-sicherheit-chss.ch https://bsv.admin.ch https://www.bsv.admin.ch https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch https://www.mediapulse.ch https://app.diespeisekarte.ch https://www.diespeisekarte.ch; 4 frame-ancestors 'none'; default-src 'none'; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.ckeditor.com https://use.fontawesome.com https://cdn.jsdelivr.net 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.ckeditor.com; connect-src self * blob: https://*.connectiverx.com data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; worker-src blob: data: gap: 4 frame-ancestors 'self' http://*.trendin.com https://*.trendin.com 4 default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 4 frame-ancestors 'self' analytics.pt-dlr.de 4 default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: blob: data:; 4 frame-ancestors https://www.facebook.com/ 4 default-src 'self' *.pcdn.co *.dgepress.com cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net;script-src 'self' *.pcdn.co *.dgepress.com *.cloudfront.net *.bitmovin.com cdn.rawgit.com code.jquery.com platform.twitter.com cdnjs.cloudflare.com api-6fce660a.duosecurity.com ajax.googleapis.com cdn.datatables.net *.streamhub.tv *.streamhub.io link.theplatform.com js-agent.newrelic.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' *.pcdn.co *.dgepress.com *.bitmovin.com cdn.rawgit.com code.jquery.com cdnjs.cloudflare.com platform.twitter.com ajax.googleapis.com maxcdn.bootstrapcdn.com cdn.datatables.net 'unsafe-inline';img-src * data:;font-src * data:;frame-src 'self' *.dgepress.com *.pcdn.co *.cloudfront.net player.vimeo.com duo.com *.duosecurity.com duomobile.s3-us-west-1.amazonaws.com platform.twitter.com;connect-src 'self' *.pcdn.co *.dgepress.com *.bitmovin.com cdn.rawgit.com dge.akamaized.net code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net link.theplatform.com stats.streamhub.io disabcpress-vh.akamaihd.net bam.nr-data.net;media-src 'self' *.pcdn.co *.dgepress.com disabcpress-vh.akamaihd.net dge.akamaized.net cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net link.theplatform.com blob:;worker-src 'self' *.pcdn.co *.dgepress.com blob: 4 default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ; report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 4 default-src 'self' https://services-customerstaging.allyo.com https://rs.fullstory.com https://trk-api.crossengage.io https://l.sharethis.com https://www.facebook.com https://www.linkedin.com https://www.snapengage.com https://privacyportal.onetrust.com https://eu2-live.inside-graph.com https://eu2-cdn.inside-graph.com wss://eu2-live.inside-graph.com blob: https://restcountries.eu https://ipinfo.io https://services.allyo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://notifier-configs.airbrake.io https://api.airbrake.io https://cdn.cookielaw.org/consent/undefined/undefined.json https://cdn.cookielaw.org https://datastudio.google.com https://app.satismeter.com ; script-src 'self' https://eu2-live.inside-graph.com https://eu2-track.inside-graph.com http://js.maxmind.com https://js.maxmind.com https://app.crossengage.io https://trk-api.crossengage.io https://fullstory.com https://edge.fullstory.com http://browser-update.org https://www.linkedin.com https://optanon.blob.core.windows.net https://eu2-cdn.inside-graph.com https://services-customerstaging.allyo.com https://rs.fullstory.com https://freegeoip.net http://freegeoip.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://storage.googleapis.com https://ajax.googleapis.com https://app.satismeter.com https://pixel.convertize.io https://embed.typeform.com https://browser-update.org https://www.snapengage.com https://connect.facebook.net https://sjs.bizographics.com https://px.ads.linkedin.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://s3.amazonaws.com/jotrack/ https://snap.licdn.com https://services.allyo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://www.redditstatic.com https://player.vimeo.com https://fi-api.qa.predictivehire.com https://at.alicdn.com blob: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://rsms.me https://optanon.blob.core.windows.net https://eu2-cdn.inside-graph.com; font-src 'self' https://eu2-live.inside-graph.com https://eu2-track.inside-graph.com https://fonts.gstatic.com data: https://rsms.me https://use.typekit.net https://*.hotjar.com; img-src 'self' https://fonts.gstatic.com https://customer-assets.allyo.com https://i.etsystatic.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://eu2-cdn.inside-graph.com https://1000logos.net https://www.google-analytics.com https://www.google.de https://www.facebook.com https://stats.g.doubleclick.net https://www.snapengage.com https://optanon.blob.core.windows.net https://dev.visualwebsiteoptimizer.com https://rs.fullstory.com blob: https://px.ads.linkedin.com https://www.linkedin.com https://www.stickpng.com https://www.google.ae https://lh3.googleusercontent.com https://www.googletagmanager.com https://i.pinimg.com https://cdn.cookielaw.org https://flagcdn.com https://googleads.g.doubleclick.net https://www.google.hu https://px.ads.linkedin.com https://alb.reddit.com https://www.snapengage.com https://browser-update.org https://*.hotjar.com data: ; connect-src 'self' https://cdn.cookielaw.org https://rs.fullstory.com https://trk-api.crossengage.io https://notifier-configs.airbrake.io https://services.allyo.com https://app.satismeter.com https://*.google-analytics.com https://privacyportal-eu.onetrust.com https://cluster.allyo.com wss://cluster.allyo.com https://content.hotjar.io https://surveystats.hotjar.io https://privacyportal.onetrust.com https://eu2-live.inside-graph.com https://in.hotjar.com wss://ws24.hotjar.com wss://*.hotjar.com https://*.hotjar.com https://vc.hotjar.io https://eu2-cdn.inside-graph.com wss://eu2-live.inside-graph.com https://vimeo.com https://fi-api.qa.predictivehire.com https://fi-api.sandbox.predictivehire.com https://cdn.linkedin.oribi.io ; frame-src 'self' data: https://www.youtube.com https://connect.facebook.net https://c.sharethis.mgr.consensu.org https://talent-pool.typeform.com https://www.jometer.com https://clickmeter.com https://trk.thematopi.com https://conversions.clickmeter.com https://jotrack.s3.amazonaws.com https://www.google.com/recaptcha/ https://player.vimeo.com https://vars.hotjar.com ; object-src 'self' data: https://www.youtube.com ; 4 default-src data: blob: 'unsafe-inline' 'self' *.domainoo.com images.prismic.io 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: filesystem: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4 frame-ancestors 'self' https://photocar.riteaid.com/ https://chatcar.riteaid.com/ 4 frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; 4 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: filesystem: *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com;frame-ancestors 'self' 4 default-src https: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 4 default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 4 frame-ancestors www.faselhd.vip 4 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com 4 default-src 'self' 'unsafe-inline' https:; frame-ancestors 'self' https://bat.bing.com; img-src 'self' 'unsafe-inline' https: data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; 4 upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 4 frame-ancestors 'self' https://www.mfortune.co.uk https://www.pocketwin.co.uk https://www.drslot.co.uk https://www.mrspin.co.uk https://www.cashmo.co.uk https://www.casino2020.co.uk https://www.bonusboss.co.uk https://staging.bonusboss.co.uk https://mf-bingo.mfortune.co.uk https://pw-bingo.pocketwin.co.uk https://roulette.mfortune.co.uk https://*.weblauncher.devmfortune.co.uk https://*.devmfortune.co.uk itginternal://* 4 frame-ancestors 'self'; default-src 'self' 'unsafe-inline' data: https: wss: 4 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 4 default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://cdn-sp.kertn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://cdn-sp.kertn.net *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://analytics.twitter.com https://platform.twitter.com https://quantcount.com https://rules.quantcount.com https://quantserve.com https://secure.quantserve.com https://edge.quantserve.com https://*.creative-serving.com https://*.snapchat.com https://snapchat.com https://sc-static.net; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://cdn-sp.kertn.net https://app.vwo.com https://tagmanager.google.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/45/csp-report/?sentry_key=e5368be6f1e24bce9ce26ca332a1f973 4 default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 4 block-all-mixed-content;upgrade-insecure-requests; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 4 "upgrade-insecure-requests" 4 frame-ancestors 'self' bid.g.doubleclick.net; script-src *.clarity.ms *.hs-analytics.net *.hs-banner.com *.hs-scripts.com ajax.googleapis.com bat.bing.com ct.capterra.com googleads.g.doubleclick.net myintervals.cdnedge.bluemix.net www.rapidscansecure.com ssl.google-analytics.com stats.myintervals.com www.clarity.ms www.getapp.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com 'self' 'unsafe-inline'; object-src 'none' 4 frame-ancestors 'self' *.egovcdn.com 4 default-src 'self' data: *.bing.com *.bingj.com *.clarity.ms *.doubleclick.net *.dailymotion.com *.googletagmanager.com *.google.ch *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.paypal.com *.paypalobjects.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.bingj.com *.clarity.ms *.googleapis.com *.google-analytics.com *.googletagmanager.com *.vimeocdn.com *.vimeo.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.dailymotion.com *.paypal.com *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; object-src 'none' ; 4 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 4 default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src * 'self' data: 4 default-src 'self' 'unsafe-eval' 'unsafe-inline' data:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; sandbox allow-forms allow-pointer-lock allow-presentation allow-same-origin allow-scripts allow-popups; 4 default-src https: 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' ;script-src 'self' https://www.paypal.com https://www.paypalobjects.com https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' ;img-src 'self' https://www.facebook.com *.fbcdn.net data:;connect-src 'self' https://www.facebook.com https://graph.facebook.com *.googleapis.com data:;worker-src *;frame-src *; 4 frame-ancestors https://www.youtube.com 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com js-agent.newrelic.com/nr-1212.min.js *.livechatinc.com analytics.ajla.net bam.nr-data.net 4 default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors https:; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://www.google.de https://connect.facebook.net https://cdn.livechatinc.com https://api.livechatinc.com https://secure.livechatinc.com; img-src 'self' data: https://api.cs.fail https://cs.fail https://api.csfail.net https://csfail.net https://api.csfail.pro https://csfail.pro https://api.csfail.org https://csfail.org https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://www.google.de https://www.facebook.com https://s-static.ak.facebook.com https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.giphy.com https://cdn.livechatinc.com https://api.livechatinc.com https://secure.livechatinc.com https://t.me https://*.telegram-cdn.org https://*.userapi.com https://*.googleusercontent.com https://*.fbcdn.net https://*.fbsbx.com https://avatars.mds.yandex.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.livechatinc.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.livechatinc.com; frame-src https://widget.onramper.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://www.google.de https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com https://cdn.livechatinc.com https://api.livechatinc.com https://secure.livechatinc.com; frame-ancestors 'self' https://app.utorg.pro ; connect-src 'self' data: wss://cs.fail/api/ws wss://csfail.net/api/ws wss://csfail.pro/api/ws wss://csfail.org/api/ws https://api.cs.fail https://api.csfail.net https://api.csfail.pro https://api.csfail.org https://*.giphy.com https://*.ingest.sentry.io https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://www.google.de https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.ingest.sentry.io https://cdn.livechatinc.com https://api.livechatinc.com https://secure.livechatinc.com; object-src 'none'; 4 style-src * 'self' 'unsafe-inline'; 4 “default-src" 4 frame-ancestors https://www2.cdkglobal.com; 4 frame-ancestors 'self' https://*.qtx.dev https://*.dev.qtxquartz.com https://*.stage.qtxquartz.com https://www.fiercewireless.com https://www.fiercetelecom.com https://sample.dragonforms.com https://*.questexinfo.com http://resources.questex.com https://resources.questex.com 4 frame-ancestors 'self' https://*.visitor.chat; 4 frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self'; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php 4 default-src 'self'; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; media-src * 'self' https:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; 4 frame-ancestors 'self' https://app.socialscreen.com 4 default-src http: https: 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self' http://www.podcastics.com; img-src data: http: https: 'self' ; media-src blob: data: http: https: 'self'; 4 default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self'; object-src 'none'; report-to default; 4 frame-ancestors http://*.prosites.com https://*.prosites.com http://*.lifelearn.ca https://*.lifelearn.ca 4 upgrade-insecure-requests; frame-ancestors 'self' *.webex.com *.cisco.com; 3 default-src 'self' *.gatsbyjs.io *.linktr.ee website.linktr.ee *.intercom.io intercom.io *.intercomcdn.com intercomcdn.com tally.so *.tally.so; script-src 'self' *.jsdelivr.net jsdelivr.net tiktok.com *.tiktok.com *.ttwstatic.com ttwstatic.com tally.so *.tally.so *.linktr.ee website.linktr.ee *.linktr.ee *.statsigapi.net *.statsig.com *.featuregates.org featuregates.org *.trustpilot.com *.marker.io *.branch.io *.intercom.io intercom.io https://*.intercom.io https://*.intercom.com *.intercomcdn.com https://js.intercomcdn.com intercomcdn.io *.redditstatic.com *.sc-static.net sc-static.net *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com app.link *.exchangerate.host *.doubleclick.net *.cloudfunctions.net *.googleadservices.com public.profitwell.com analytics.tiktok.com analytics.twitter.com bat.bing.com *.onetrust.com cdn.heapanalytics.com cdn.pdst.com cdn.pdst.fm *.facebook.net *.pinterest.com d.adroll.com heapanalytics.com *.gastbyjs.io websitelinktree.gatsbyjs.io assets.production.linktr.ee s.adroll.com analytics.google.com unpkg.com s.pinimg.com static.ads-twitter.com *.googleoptimize.com *.clarity.ms *.ads-twitter.com *.hsforms.net *.hsforms.com *.youtube.com *.lever.co *.profitwell.com *.sentry-cdn.com *.chargebee.com *.stripe.com *.snapchat.com *.tiktokcdn-us.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: *.facebook.net *.bing.com http://linktreestg.wpengine.com linktreestg.wpengine.com https://linktreestg.wpengine.com *.api.blog.production.linktr.ee https://api.blog.production.linktr.ee tally.so *.tally.so *.linktr.ee website.linktr.ee *.gatsbyjs.io *.trustpilot.com *.branch.io *.intercomcdn.com intercomcdn.io *.intercomassets.com *.intercomcdn.eu *.intercomusercontent.com *.intercom.io intercom.io *.intercom-attachments-1.com *.snapchat.com *.clarity.ms *.reddit.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu *.hsforms.com *.w55c.net *.stackadapt.com ml314.com *.cxense.com *.sharethis.com *.ctfassets.net q.quora.com bat.bing.com *.facebook.com heapanalytics.com *.linktr.ee *.google.com *.google.com.au t.co *.yahoo.com *.adnxs.com *.bidswitch.net *.openx.net *.rlcdn.com *.twitter.com *.facebook.com *.pinterest.com *.adroll.com *.google-analytics.com *.onetrust.com *.cloudfront.com *.stripe.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googletagmanager.com ; style-src 'self' *.ttwstatic.com *.tiktokcdn-us.com *.linktr.ee website.linktr.ee fonts.googleapis.com *.stripe.com 'unsafe-inline'; font-src 'self' data: *.linktr.ee website.linktr.ee *.gatsbyjs.io https://js.intercomcdn.com https://fonts.intercomcdn.com fonts.gstatic.com; form-action 'self' *.facebook.com *.hsforms.com *.intercom.help *.intercom.io intercom.io https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://messenger-apps.intercom.io *.snapchat.com; connect-src 'self' *.browser-intake-datadoghq.com *.gstatic.com *.doubleclick.net *.statsigapi.net *.bing.com *.googlesyndication.com tiktok.com *.tiktok.com facebook.com *.facebook.com website.linktr.ee *.linktr.ee *.statsigapi.net *.statsig.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io *.exchangerate.host https://capi.tr.ee *.featuregates.org featuregates.org *.snapchat.com *.branch.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.clarity.ms ingress.linktr.ee *.onetrust.com *.hsforms.net *.hsforms.com *.amazonaws.com *.lever.co *.gatsbyjs.io *.google-analytics.com analytics.tiktok.com *.analytics.google.com analytics.google.com *.google.com.au stats.g.doubleclick.net google-analytics.com ct.pinterest.com *.googleadservices.com *.google.com *.cloudfunctions.net *.sentry.io *.profitwell.com wss://*.intercom.io https://*.intercom.io https://*.intercom.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com; media-src 'self' *.linktr.ee website.linktr.ee *.intercomcdn.com intercomcdn.io https://js.intercomcdn.com *.ctfassets.net; frame-src 'self' *.ttwstatic.com ttwstatic.com tiktok.com *.tiktok.com tally.so *.tally.so *.linktr.ee https://linktr.ee website.linktr.ee *.trustpilot.com *.branch.io *.intercom.io intercom.io *.intercomcdn.com intercomcdn.io *.snapchat.com *.pinterest.com *.doubleclick.com *.doubleclick.net *.facebook.com *.formstack.com *.google.com *.hsforms.net *.hsforms.com *.stripe.com https://*.intercom.io https://*.intercom.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net spotify.com *.spotify.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; worker-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; object-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub3c5384c350f7b86c67a1cba0b315ee9d&dd-evp-origin=content-security-policy&ddsource=csp-report 3 frame-ancestors 'self' *.cnbc.com *.acorns.com; 3 frame-ancestors 'self' *.grammarly.com 3 frame-ancestors https://pam.mcafee.com 3 default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ *.google-analytics.com https://www.gstatic.com https://recaptcha.net https://www.gstatic.cn/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ *.google-analytics.com; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'none'; 3 frame-ancestors 'self' *.intranet *.uolinc.com; 3 frame-ancestors https://voxmedia.stories.usechorus.com 'self' 3 style-src 'self' 'unsafe-inline' *.gov *.com; 3 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.apple.com http://*.apple.com https://*.mzstatic.com https://*.apple-mapkit.com https://p-events-delivery.akamaized.net http://p-events-delivery.akamaized.net https://apple-events.akamaized.net https://mediaservices.cdn-apple.com http://mediaservices.cdn-apple.com https://wwdr-aws-dev.apple.com 3 frame-ancestors 'self' https://*.apa.org; 3 default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' matomo.openstreetmap.org https://nominatim.openstreetmap.org/ https://query.openstreetmap.org/query-features https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route https://valhalla1.openstreetmap.de/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com tile.openstreetmap.org *.tile.openstreetmap.org *.tile.thunderforest.com tileserver.memomaps.de *.openstreetmap.fr matomo.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com https://openstreetmap-gps-images.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' matomo.openstreetmap.org; style-src 'self' 'unsafe-inline'; worker-src 'none' 3 frame-ancestors braze-redesign-qa.herokuapp.com braze-redesign-uat.herokuapp.com braze-redesign-production.herokuapp.com homeslice.braze.com https://www.braze.com/ braze.com https://www.braze.co.jp/ braze.co.jp app.optimizely.com 3 frame-ancestors 'self' https://*.trontv.com https://rainberrytv.com; 3 default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: com.mmm.postit.miro: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 3 frame-ancestors 'self' *.avira.com *.avira.org *.avira.net *.prod-blog.avira.com prod-blog.avira.com; 3 frame-ancestors 'self' https://*.mercedes-benz.com; default-src 'self' https://*.mercedes-benz.com https://*.mercedes-benz.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.krxd.net https://*.day.com https://*.anythingabout.net https://*.system360gmbh.de https://*.mercedes-benz-classic.com https://*.speedcurve.com https://alltime-stars.com https://cdn.jsdelivr.net https://*.mb-lounge.com https://*.eventbase.com https://narando.com https://*.narando.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.plyr.io https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.doubleclick.net https://shop.nostalgic.de https://*.gstatic.com https://cdn.ampproject.org https://amp.azure.net https://*.windows.net https://cmsdata.net https://booking-widget.quandoo.de https://api.corpinter.net https://*.facebook.net https://*.facebook.com https://*.atdmt.com https://*.adobe.com https://www.kinoheld.de https://mb-prototypes.swhost.in https://*.go-mpulse.net https://*.akstat.io data: blob: 'unsafe-inline' 'unsafe-eval' 3 3 report-uri https://appserver-b825ad0d-nginx-d236ecf5e57046339811d13304ef7bb1 3 default-src 'self' https://mw-ar-recom-prod.pgapi.io/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src https://* 'self' data: https: blob: feed.pghub.io pandg.tapad.com ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; frame-ancestors * 'self' data: https: blob: ; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; report-uri /report-csp-violation; upgrade-insecure-requests 3 frame-ancestors https://events.searchengineland.com https://searchengineland.com 3 frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ 3 frame-src https://portal.exoscale.com/ https://push.getbeamer.com/ https://app.getbeamer.com/ https://changelog.exoscale.com/ 3 connect-src 'self' https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://bat.bing.com https://mc.yandex.ru *.mouseflow.com https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/ https://cdn.linkedin.oribi.io analytics.twitter.com https://www.facebook.com https://analytics.synology.com/events https://px.adhigh.net/ https://api.mapbox.com https://*.clarity.ms https://api-fra.livechatinc.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.googletagmanager.com region1.google-analytics.com region1.analytics.google.com; default-src 'self'; font-src 'self' data: *.mouseflow.com https://synostatic.synology.com https://cdn.livechatinc.com https://themes.googleusercontent.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.facebook.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com; frame-src 'self' *.mouseflow.com https://vars.hotjar.com/ https://*.facebook.com https://staticxx.facebook.com https://*.synology.com https://px.adhigh.net/ https://player.youku.com/ https://synology.jobbase.io https://secure.livechatinc.com https://secure-fra.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://cse.google.com https://www.googletagmanager.com https://*.doubleclick.net https://optimize.google.com https://youtube.com https://www.youtube.com https://synoform.synology.com; img-src 'self' data: blob: https://*.bing.com https://mc.yandex.ru https://alb.reddit.com *.mouseflow.com https://wcs.naver.com https://dc.ads.linkedin.com https://px.ads.linkedin.com/ https://www.linkedin.com/px https://p.adsymptotic.com/d/px analytics.twitter.com https://t.co/ https://www.facebook.com https://*.synology.com https://global.download.synology.com https://cndl.synology.cn https://gallery.synology.com https://gallery.test.synology.inc https://global.synologydownload.com https://api.mapbox.com https://*.clarity.ms https://c.bing.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://api-fra.livechatinc.com https://cdn.livechat-files.com https://*.google-analytics.com https://*.doubleclick.net https://www.googleapis.com https://*.google.com https://www.google.com.tw https://*.gstatic.com https://maps.googleapis.com https://*.googletagmanager.com https://www.google.de region1.google-analytics.com region1.analytics.google.com https://i.ytimg.com; media-src 'self' https://download.synology.com https://cdn.livechatinc.com https://api-fra.livechatinc.com; object-src 'none'; script-src 'self' data: blob: 'unsafe-eval' 'nonce-98144d79af44407273f26589afc01901b7b296deada61a4740b0d404c5043c53' https://demo.synology.com https://demo.synology.de https://bat.bing.com https://mc.yandex.ru https://www.redditstatic.com *.mouseflow.com https://static.hotjar.com https://script.hotjar.com/ https://wcs.naver.net/wcslog.js https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://sjs.bizographics.com/insight.min.js https://analytics.twitter.com https://static.ads-twitter.com https://t.co/i/adsct https://connect.facebook.net https://px.adhigh.net/ https://cdnjs.cloudflare.com https://synology.jobbase.io https://api.mapbox.com https://*.clarity.ms https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://www.google-analytics.com https://www.google.com https://clients1.google.com https://www.gstatic.com https://*.googletagmanager.com https://cse.google.com https://www.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com https://optimize.google.com https://tagmanager.google.com https://www.googleadservices.com https://*.doubleclick.net https://www.gstatic.cn https://www.recaptcha.net https://www.youtube.com; style-src 'self' 'unsafe-inline' https://synostatic.synodev.com https://synostatic.synology.com https://cdnjs.cloudflare.com https://api.mapbox.com https://cdn.livechat-files.com https://www.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com 3 frame-ancestors 'self' https://*.adobe.com; 3 frame-ancestors https://library.mulesoft.com https://resources.mulesoft.com 'self' 3 frame-ancestors https://*.ionos.com https://ionos.com; 3 frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz https://nzme.coral.coralproject.net/; 3 frame-ancestors https://playersupport.my.salesforce.com 3 default-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ipv6.6sc.co j.6sc.co secure.adnxs.com js.adsrvr.org analytics.bgalytics.com bat.bing.com cdn.bttrack.com https://www.clarity.ms cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com googleads.g.doubleclick.net stats.g.doubleclick.net *.t.eloqua.com img.en25.com *.evidon.com connect.facebook.net tracker.gaconnector.com www.google-analytics.com apis.google.com optimize.google.com tagmanager.google.com www.google.com www.googleadservices.com maps.googleapis.com *.googletagmanager.com www.googletagmanager.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com js.hs-analytics.net js.hs-scripts.com mpsnare.iesnare.com widget.intercom.io js.intercomcdn.com pnapi.invoca.net solutions.invocacdn.com snap.licdn.com munchkin.marketo.net apps.mypurecloud.com nifegwy.neustar.biz h.online-metrix.net *.optimizely.com cdn.optimizely.com amplify.outbrain.com s.pinimg.com *.qualtrics.com rules.quantcount.com secure.quantserve.com cdn.ravenjs.com recaptcha.net www.redditstatic.com https://analytics.tiktok.com tags.tiqcdn.com play.vidyard.com *.walkme.com sp.analytics.yahoo.com s.yimg.com www.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com optimize.google.com tagmanager.google.com chart.googleapis.com fonts.googleapis.com heapanalytics.com *.qualtrics.com; img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net b.6sc.co js.adsrvr.org p.adsymptotic.com data.adxcel-ec2.com mver.agkn.com s.amazon-adsystem.com apintego.com cx.atdmt.com bat.bing.com d3sbxpiag177w8.cloudfront.net dxkdvuv3hanyu.cloudfront.net res.cloudinary.com *.clover.com cloverstatic.com dev.cloverstatic.com www.google.co.uk www.google.co.in www.google.co.id www.google.com.pr www.google.com.br www.google.com.co images.contentful.com *.ctfassets.net *.doubleclick.net *.g.doubleclick.net *.t.eloqua.com *.evidon.com *.eyeota.net connect.facebook.net www.facebook.com *.ggpht.com *.google-analytics.com www.google-analytics.com *.google.com *.analytics.google.com www.google.com www.google.ca www.google.de www.google.ie *.googleapis.com chart.googleapis.com maps.googleapis.com *.googletagmanager.com www.googletagmanager.com lh3.googleusercontent.com *.gstatic.com heapanalytics.com script.hotjar.com track.hubspot.com static.intercomassets.com *.intercomcdn.com js.intercomcdn.com uploads.intercomusercontent.com *.ads.linkedin.com www.linkedin.com *.online-metrix.net *.optimizely.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io *.perka.com s.pinimg.com ct.pinterest.com *.qualtrics.com pixel.quantserve.com recaptcha.net alb.reddit.com www.redditstatic.com *.rfihub.com cdn.vidyard.com play.vidyard.com *.walkme.com sp.analytics.yahoo.com s.yimg.com; font-src data: 'self' maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.clover.com cloverstatic.com dev.cloverstatic.com use.fontawesome.com fonts.gstatic.com heapanalytics.com script.hotjar.com js.intercomcdn.com *.qualtrics.com; connect-src 'self' c.6sc.co ipv6.6sc.co secure.adnxs.com collection.bgalytics.com bat.bing.com *.browser-intake-datadoghq.com https://a.clarity.ms *.clover.com wss://*.clover.com cloverstatic.com dev.cloverstatic.com *.contentful.com *.ctfassets.net *.datadoghq.com *.g.doubleclick.net *.evidon.com www.facebook.com oamportal.fdvs.com secure.geonames.org *.google-analytics.com www.google-analytics.com analytics.google.com apis.google.com www.google.com maps.googleapis.com storage.googleapis.com *.googletagmanager.com *.greenhouse.io heapanalytics.com *.hotjar.com vc.hotjar.io wss://*.hotjar.com wss://ws4.hotjar.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com pnapi.invoca.net *.mktoresp.com *.tt.omtrdc.net h.online-metrix.net *.optimizely.com cdn.linkedin.oribi.io https://cdn.linkedin.oribi.io *.perka.com ct.pinterest.com *.qualtrics.com recaptcha.net sentry.io *.sentry.io collection.sperse.io api.thelevelup.com https://analytics.tiktok.com s.yimg.com; media-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com *.ctfassets.net commondatastorage.googleapis.com js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com h.online-metrix.net vd.vidoplay.com; child-src intercom-sheets.com player.vimeo.com www.youtube.com; frame-src mailto: 'self' tel: insight.adsrvr.org s.amazon-adsystem.com players.brightcove.net *.clover.com cloverstatic.com dev.cloverstatic.com sync-flow.codat.io *.fls.doubleclick.net bid.g.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com maps.googleapis.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.optimizely.com *.cdn.optimizely.com *.perka.com https://ct.pinterest.com play.vidyard.com player.vimeo.com www.youtube.com *.ytimg.com; frame-ancestors *.clover.com cloverstatic.com dev.cloverstatic.com *.optimizely.com *.perka.com; 3 style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://my.visme.co 3 frame-ancestors https://*.phoenix.razer.com https://www.razer.com; 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.marthastewart.com 3 frame-src 'self'; 3 frame-src 'self' ms-windows-store: get.microsoft.com https: data:; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; img-src 'self' http://cps-static.rovicorp.com https: data: 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 3 frame-ancestors 'self' https://ajc.newspapers.com https://*.ajchomefinder.com https://www.legacy.com https://epaper.ajc.com https://editions.ajc.com 3 frame-ancestors 'self' https://*.sproutsocial.com https://sproutsocial.com; 3 frame-src 'self' *.kidshealth.org *.doubleclick.net *.snapchat.com *.vimeo.com *.google.com *.hotjar.com *.krxd.net *.adsrvr.org *.readspeaker.com *.polldaddy.com *.familysurvey.org *.survey.fm *.pinterest.com; 3 script-src 'self' *.startpage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com 'unsafe-inline'; img-src 'self' blob: data: *.startpage.com; frame-src 'self' *.startpage.com; frame-ancestors 'self'; connect-src 'self' *.startpage.com; worker-src blob:; report-uri https://www.startpage.com/do/cspvr 3 frame-ancestors https://*.demandbase.com 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 3 default-src https:; child-src blob: https:; connect-src blob: https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 3 connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-ancestors https://*.adobemsbasic.com https://*.lingotek.com https://*.nuance.com https://*.nuance.fr https://*.nuance.de https://*.nuance.es https://*.nuance.co.uk 'self' https:; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; connect-src 'self' https:; object-src 'none'; media-src 'self' https:; frame-src 'self' https:; frame-ancestors 'self' *.heylink.me; form-action 'self' https:; base-uri 'self'; 3 frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 3 object-src 'none', frame-ancestors https://www.facebook.com 3 frame-ancestors http://*.seagate.com https://*.seagate.com http://*.seagate.cn https://*.seagate.cn http://seagate.saleshood.com https://seagate.saleshood.com http://seagate.pathfactory.com https://seagate.pathfactory.com; 3 frame-ancestors 'self' https://*.otto.de https://*.ottogroup.com https://og2gether.sharepoint.com; 3 frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 3 frame-ancestors 'self' https://*.chronicle.com 3 frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns https://www.scotiabank.com; 3 upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com *.appdynamics.com *.webex.com 3 frame-ancestors www.jivochat.com https://*.jivosite.com https://*.jivo.ru https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://disqus.com; child-src blob: https://mc.yandex.ru; frame-src blob: https://*.jivosite.com https://*.jivo.ru https://*.youtube.com https://mc.yandex.ru https://*.facebook.com https://*.marquiz.ru https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://disqus.com https://*.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://events.nethouse.ru https://go.vooozer.com 3 default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob: https://*.code.org; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080 https://curriculum.code.org/ wss://*.code.org; media-src 'self' https: data: https://*.code.org http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net cuantrix.mx code.org studio.code.org curriculum.code.org codecurricula.com 3 frame-ancestors 'self' *.gov.on.ca *.ontario.ca *.ontariogovernment.ca; 3 default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src * data: blob: ; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; worker-src * blob:; 3 frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.virginplus.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca 3 default-src 'none'; base-uri 'none'; connect-src 'self' data: *.credit-suisse.com *.hedani.net *.decibelinsight.net *.demdex.net *.doubleclick.net *.inbenta.com *.inbenta.io *.knowledgevision.com *.omtrdc.net *.qualtrics.com www.google-analytics.com wss://cdn.decibelinsight.net wss://collection.decibelinsight.net *.facebook.com *.googletagmanager.com soundcloud.com cdn.ampproject.org *.bing.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.cookielaw.org *.onetrust.com *.pinterest.com webexapis.com *.wbx2.com *.ciscospark.com wss://*.ciscospark.com analytics.tiktok.com *.teads.tv *.googleapis.com edge.adobedc.net;font-src 'self' 'unsafe-inline' data: *.credit-suisse.com *.hedani.net *.inbenta.com fonts.gstatic.com *.anychart.com *.inbenta.io gateway.zscloud.net *.qumucloud.com; frame-ancestors 'self' *.students.ch *.rowini.net *.ch.hedani.net content-uat.csintra.net content.csintra.net *.credit-suisse.com *.hedani.net *.adobedtm.com *.abusizz.ch *.maglr.com; frame-src 'self' blob: *.adobedtm.com *.credit-suisse.com *.hedani.net *.doubleclick.net *.facebook.com *.facebook.net *.inbenta.com *.knowledgevision.com *.omtrdc.net *.qq.com *.youtube.com *.youtube-nocookie.com creditsuisse.demdex.net maps.gstatic.com wl.fundsquare.net w.soundcloud.com *.snapchat.com *.qualtrics.com *.3vrooms.app dev.3volutions.ch *.ceros.com *.swisscom.ch video.csintra.net beneal.com *.apacwebinar.com *.qumucloud.com player.vimeo.com *.pinterest.com anchor.fm *.microad.jp analytics.tiktok.com bugcrowd.com; img-src 'self' data: *.hedani.net *.credit-suisse.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ch t.co *.quantserve.com *.everesttech.net *.demdex.net *.youtube.com *.facebook.com *.facebook.net *.inbenta.com maps.gstatic.com maps.googleapis.com *.linkedin.com *.qualtrics.com *.gstatic.com *.inbenta.io *.mathtag.com *.bing.com gateway.zscloud.net *.googletagmanager.com *.glassdoor.com *.cookielaw.org *.qq.com *.adsymptotic.com *.pinterest.com *.teads.tv *.microad.jp b97.yahoo.co.jp b91.yahoo.co.jp analytics.tiktok.com; object-src 'self' blob: *.qq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.adobedtm.com *.ads-twitter.com cdn.ampproject.org *.anychart.com *.credit-suisse.com *.hedani.net *.everesttech.net *.facebook.net *.forms.credit-suisse.com *.google.ch *.google-analytics.com *.googleapis.com *.googletagmanager.com *.inbenta.com *.inbenta.io *.jquery.com *.knowledgevision.com *.licdn.com *.linkedin.com *.qualtrics.com *.twitter.com *.youtube.com *.ytimg.com maps.google.com tagmanager.google.com sc-static.net *.googleadservices.com googleads.g.doubleclick.net *.ampproject.org *.mathtag.com *.bing.com gateway.zscloud.net *.go-mpulse.net *.akstat.io *.akamaihd.net *.ceros.com *.cookielaw.org *.qq.com *.qumucloud.com *.pinimg.com *.teads.tv *.microad.jp s.yimg.jp b97.yahoo.co.jp b91.yahoo.co.jp analytics.tiktok.com bugcrowd.com *.bugcrowdusercontent.com tr.snapchat.com; style-src 'self' 'unsafe-inline' *.credit-suisse.com *.hedani.net *.inbenta.com fonts.googleapis.com tagmanager.google.com *.anychart.com *.inbenta.io gateway.zscloud.net analytics.tiktok.com *.teads.tv; style-src-elem 'self' 'unsafe-inline' data: *.credit-suisse.com *.inbenta.com *.inbenta.io; manifest-src 'self' data: *.credit-suisse.com; 3 base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.us-east-1.pipedriveassets.com cdn.segment.com *.pipedrive.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com snippet.growsumo.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com connect.facebook.net *.hotjar.com *.outbrain.com www.redditstatic.com www.youtube.com play.vidyard.com *.doubleclick.net *.taboola.com app.livestorm.co www.googleadservices.com static.ads-twitter.com https://*.browser-intake-datadoghq.com www-cms.pipedriveassets.com bat.bing.com *.quora.com js.grsm.io analytics.tiktok.com vitals.vercel-insights.com a.omappapi.com googleadservices.com tpc.googlesyndication.com analytics.twitter.com; style-src 'self' 'unsafe-inline' cdn.us-east-1.pipedriveassets.com fonts.googleapis.com www.googletagmanager.com www-cms.pipedriveassets.com a.omappapi.com; frame-src cdn.us-east-1.pipedriveassets.com *.cdn.optimizely.com *.cdn-pci.optimizely.com www.facebook.com www.youtube.com www.youtube-nocookie.com www.google.com play.vidyard.com *.doubleclick.net app.livestorm.co tpc.googlesyndication.com airtable.com *.hotjar.com; img-src 'self' data: https://*; object-src 'none'; worker-src blob:;; report-to csp-endpoint; report-uri https://www.pipedrive.com/api/csp-reports 3 default-src https: http: data: 'unsafe-inline' 'unsafe-eval' 3 default-src 'unsafe-inline' https: wss:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; worker-src 'self' blob:; frame-ancestors 'self' https://*.unitycms.io; 3 frame-ancestors 'self' tvn24.pl *.tvn24.pl *.tvn.pl 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com ;script-src * 'unsafe-inline' 'unsafe-eval';connect-src * 'unsafe-inline'; frame-src *; 3 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.clearpay.com *.googleapis.com public.fbot.me static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com *.cookielaw.org *.bizible.com hbiq.net cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net munchkin.marketo.net www.googleadservices.com cdn.dashhudson.com djnf6e5yyirys.cloudfront.net cdn.builder.io t.contentsquare.net www.google-analytics.com googleads.g.doubleclick.net app.link v5tufwer.micpn.com pi.pardot.com tag.clearbitscripts.com/v1/pk_ba428737ee82fd942f13030da0c2629b/tags.js tag.rmp.rakuten.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/tracking.min.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/destinations.min.js analytics.tiktok.com/i18n/pixel/events.js analytics.tiktok.com/i18n/pixel/config.js analytics.tiktok.com/i18n/pixel/identify.js bat.bing.com/bat.js bat.bing.com/p/action/137009782.js afterpay-business-site.vercel.app afterpay-consumer-content-hub.vercel.app cdn.amplitude.com; img-src * data:; object-src 'none'; base-uri 'none'; 3 report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.bam.nr-data.net *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.newrelic.com *.pagespeed-mod.com *.twitter.com *.typekit.net *.uservoice.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org widget-mediator.zopim.com wss://widget-mediator.zopim.com/ reserveddomainnames.wildapricot.org sf.wildapricot.org; img-src * data: blob:; media-src * blob:; font-src * https://*.aptrinsic.com data:; 3 frame-ancestors 'self' *.blacknight.com *.blacknight.ie *.blacknight.blog *.blacknight.tech *.feedpress.me 3 frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 3 default-src 'self' https://www.google-analytics.com https://messenger.sber.ru:7766 wss://messenger.sberbank.ru:7766/api/ wss://messenger.sber.ru:7766 https://messenger.sberbank.ru:7766/api/device/auth_prelogin https://bitrix.info opt-1379625.ssl.1c-bitrix-cdn.ru http://ip-api.com https://static.doubleclick.net/instream/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ amcharts.com https://fonts.googleapis.com/ https://www.youtube.com https://s.ytimg.com top-fwz1.mail.ru play.google.com mc.yandex.ru amcharts.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://sbchat.netlify.com/ *.yandex.net/ https://vk.com cdn.rutarget.ru opt-1379625.ssl.1c-bitrix-cdn.ru https://static.doubleclick.net/ www.youtube.com/iframe_api https://s.ytimg.com www.youtube.com top-fwz1.mail.ru code.jquery.com www.amcharts.com mc.yandex.ru ajax.googleapis.com yastatic.net api-maps.yandex.ru bitrix.info cdn.mxpnl.com www.google-analytics.com ; frame-src 'self' https://www.youtube.com opt-1379625.ssl.1c-bitrix-cdn.ru https://cdn.rutarget.ru http://webvisor.com https://metrika.yandex.ru api-maps.yandex.ru; object-src 'self' opt-1379625.ssl.1c-bitrix-cdn.ru amcharts.com ;img-src 'self' data: https://core-renderer-tiles.maps.yandex.net https://och1.efs.sberbank.ru:450 https://och1.efspsi.sberbank.ru:444 opt-1379625.ssl.1c-bitrix-cdn.ru cdn.rutarget.ru tag.rutarget.ru top-fwz1.mail.ru vk.com login.vk.com www.google.com www.google.ru www.google.com.ua counter.sberbank.ru stats.g.doubleclick.net https://yandex.ru/ http://www.amcharts.com/ https://www.amcharts.com/ https://www.google-analytics.com google-analytics.com vec01.maps.yandex.net amcharts.com vec02.maps.yandex.net vec03.maps.yandex.net vec04.maps.yandex.net api-maps.yandex.ru mc.yandex.ru google-analytics.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com opt-1379625.ssl.1c-bitrix-cdn.ru www.amcharts.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com opt-1379625.ssl.1c-bitrix-cdn.ru fonts.googleapis.com 3 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 3 default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://www.google.com https://www.youtube.com https://fonts.gstatic.com https://*.ul.com https://player.vimeo.com https://www.recaptcha.net data: blob: *.salesforce-sites.com; connect-src 'self' https://*.lift.acquia.com https://*.acquia.io https://*.wistia.com http://*.wistia.com https://*.ul.com https://*.solosegment.com https://www.google-analytics.com https://analytics.google.com https://spreadsheets.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://bam.nr-data.net https://bam-cell.nr-data.net https://sheets-proxy.knightlab.com https://cdn.cookielaw.org https://*.onetrust.com wss://*.hotjar.com https://csp.withgoogle.com/csp/lcreport https://csp.withgoogle.com/csp/lcreport/009740c9-f487-4513-8701-6eae104d7bed https://cdn.linkedin.oribi.io https://cdn.acsbapp.com/cache/app/www-dev.ul.com/config.json https://cdn.acsbapp.com/cache/app/ https://process.acsbapp.com/apps/app/ https://*.qualtrics.com https://en.wikipedia.org/ http://117-zlr-399.mktoresp.com *.my.salesforce-sites.com https://api.company-target.com; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://fonts.gstatic.com https://script.hotjar.com data: https://*.ul.com https://fast.wistia.com/ https://acsbapp.com/apps/app/dist/fonts/acsbi.ttf https://acsbapp.com/apps/app/dist/fonts/; frame-src 'self' https://*.marketo.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.com https://vars.hotjar.com https://www.facebook.com http://quote.ul.com https://quote.ul.com https://optimize.google.com https://www.recaptcha.net https://*.addtoany.com https://11349830.fls.doubleclick.net http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://airtable.com https://cse.google.com/cse_v2/ads https://12500278.fls.doubleclick.net https://ulsolutions.qualtrics.com *.salesforce.com *.salesforce-sites.com; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.wistia.com https://*.wistia.net https://*.solosegment.com https://embedwistia-a.akamaihd.net https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://www.ul.com https://www-stage.ul.com https://legacy-uploads.ul.com https://optimize.google.com https://s.ml-attr.com/getuid https://secure.adnxs.com/getuid https://attr.ml-api.io https://pixel.mathtag.com https://cdn.cookielaw.org data: https://collateral-library-production.s3.amazonaws.com https://*.ul.com https://*.adnxs.com https://*.gstatic.com/images https://*.googleapis.com https://clients1.google.com https://clients1.google.com/generate_204 https://googleads.g.doubleclick.net https://web1.acsbapp.com/apps/app/dist/media/ https://cdn.acsbapp.com/apps/app/dist/media/ https://*.qualtrics.com; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acquia.com http://*.acquia.com https://*.acquia.io https://*.wistia.com http://*.wistia.net https://*.wistia.net https://app.wistia.com https://www.youtube.com http://www.youtube.com https://*.vimeo.com https://connect.facebook.net https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://cdnjs.cloudflare.com https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.onetrust.com https://optimize.google.com https://cdn.c212.net https://c212.net https://pixel.mathtag.com https://commons.ul.com/* https://ww2.ul-renewables.com http://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com blob: https://app-ab48.marketo.com https://www.google.com/recaptcha/api.js https://browser-update.org/update.min.js https://browser-update.org/update.show.min.js https://cse.google.com https://www.google.com https://cse.google.com/cse.js https://partner.googleadservices.com/gampad/cookie.js https://cse.google.com/adsense/search/async-ads.js https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://acsbapp.com/apps/app/dist/js/app.js https://cdn.acsbapp.com/cache/app/www-dev.ul.com/config.json https://*.qualtrics.com https://en.wikipedia.org/w/ https://tag.demandbase.com/221ff2e93a5c1398.min.js http://browser-update.org/update.min.js http://munchkin.marketo.net https://service.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.lightning.force.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://code.jquery.com https://fast.wistia.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://cdn.cookielaw.org https://static.addtoany.com https://*.acquia.com https://*.acquia.io https://optimize.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.google.com *.salesforce.com *.salesforce-sites.com https://cdn.knightlab.com maxcdn.bootstrapcdn.com; frame-ancestors 'self' *.salesforce-sites.com *.force.com 3 style-src * blob: 'unsafe-inline'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob:; frame-ancestors 'self' http://*.carwale.com https://*.carwale.com https://*.bikewale.com https://*.cartrade.com; 3 script-src 'self' https://tag.simpli.fi https://bam-cell.nr-data.net https://cdn.cookielaw.org https://widget.trustpilot.com https://api.map.baidu.com https://fast.wistia.net https://fast.wistia.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://www.googleadservices.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://optanon.blob.core.windows.net https://cdn.callrail.com https://pi.pardot.com https://geolocation.onetrust.com https://tags.tiqcdn.com https://intljs.rmtag.com https://tags.rd.linksynergy.com https://act-us.rd.linksynergy.com https://resources.xg4ken.com https://go.control4.com https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://bat.bing.com https://solutions.invocacdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://pnapi.invoca.net https://maps.googleapis.com 'unsafe-eval' 'unsafe-inline' 3 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: health.gov https://d1il786i4vdqy4.cloudfront.net https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://analytics.google.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com survey.alchemer.com *.ytimg.com, frame-ancestors 'self' 3 report-uri /v1/csplog; block-all-mixed-content 3 script-src 'self' assets.adobedtm.com *.cognizant.com insight.adsrvr.org maps.googleapis.com www.google-analytics.com global.cognizant.com pi.pardot.com scripts.demandbase.com www.google-analytics.com px.ads.linkedin.com www.youtube.com tr.outbrain.com amplifypixel.outbrain.com munchkin.marketo.net ssl.google-analytics.com static.doubleclick.net ssl.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com connect.facebook.net miscmagazine.com graph.facebook.com api.linkedin.com api.instagram.com news.cognizant.com investors.cognizant.com *.onetrust.com api.twitter.com googleads.g.doubleclick.net static.doubleclick.net public.slidesharecdn.com www.slideshare.net saasfocus.com ideacouture.com digitally.cognizant.com originchddco.cognizant.com originchdai.cognizant.com originltfow.cognizant.com t.contentsquare.net t.contentsquare.net/uxa/* *.contentsquare.net api.company-target.com/* c.6sc.co cognizant.sc.omtrdc.net https: 'unsafe-inline' 'unsafe-eval' data: blob:; 3 frame-ancestors 'self' *.marketscreener.com *.zonebourse.com *.scoopnest.com; 3 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.go-mpulse.net https://cdn.polyfill.io https://*.dynamicyield.com https://www.googletagmanager.com https://d16fk4ms6rqz1v.cloudfront.net https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://tags.tiqcdn.com https://www.googleadservices.com https://static.ads-twitter.com https://js-agent.newrelic.com https://*.afterpay.com https://bam.nr-data.net https://y8ui6jzp.micpn.com https://*.datasteam.io https://ci-mpsnare.iovation.com https://tpc.googlesyndication.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://www.gstatic.com https://*.akamaihd.net https://www.myregistry.com https://s3.amazonaws.com https://app.curalate.com https://*.clearpay.co.uk https://polyfill.io https://js.appboycdn.com https://maxcdn.bootstrapcdn.com https://fast.fonts.net https://*.googleapis.com https://p.dlx.addthis.com https://px0.pbbl.co https://*.google.com https://images.contentful.com https://images.ctfassets.net https://*.criteo.com https://h.nexac.com https://*.dc-storm.com https://consent.jrs5.com https://consent.mediaforge.com https://consent.nxtck.com https://*.groupbycloud.com https://*.linksynergy.com https://www.polyvore.com https://*.bazaarvoice.com https://data.photorank.me https://www.ssense.com https://*.akstat.io https://www.google.co.uk https://*.perimeterx.net https://rtb-csync.smartadserver.com https://ads.yahoo.com http://images.anthropologie.com https://pixel.rubiconproject.com https://*.gstatic.com https://www.google.ca https://www.google.de https://*.rkdms.com https://idsync.rlcdn.com https://www.google.fr https://www.google.es https://www.google.com.au https://www.google.co.jp https://www.google.nl https://x.bidswitch.net https://www.google.it https://*.agkn.com https://pixel.advertising.com https://www.google.com.mx https://www.google.ie https://www.google.com.ar https://www.google.co.nz https://sync.outbrain.com https://secure.adnxs.com https://sp.analytics.yahoo.com https://www.google.co.in https://*.rewardstyle.com https://r.casalemedia.com https://cdn.dashhudson.com https://*.ra.linksynergy.com https://cx.atdmt.com https://pixel.tapad.com https://use.fontawesome.com https://fonts.gstatic.com https://cdn.dynamicyield.com https://*.fls.doubleclick.net https://dis.us.criteo.com https://c.go-mpulse.net https://dev.appboy.com https://www.facebook.com https://*.bluecore.com https://*.api.bazaarvoice.com https://dis.eu.criteo.com https://sentry.io https://videos.contentful.com https://www.youtube.com https://videos.ctfassets.net https://*.g.doubleclick.net https://gum.criteo.com https://images.anthropologie.com https://api.bazaarvoice.com https://static.criteo.net https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://player.vimeo.com https://core.conversant.mgr.consensu.org https://www.babylist.com https://*.scene7.com https://gmurphy2018.wufoo.com https://*.stg-sessionm.com https://*.sessionm.com https://*.dotomi.com https://mpsnare.iesnare.com https://*.adsymptotic.com https://*.attentivemobile.com https://*.attn.tv https://*.attentivemobile.com https://cdn.honey.io https://cdn.contentful.com https://open.spotify.com https://*.myunidays.com https://*.murdoog.com https://g.3gl.net https://r.3gl.net.cn https://r.3gl.net https://trustbadge.api.etrusted.com https://*.tealiumiq.com https://*.salesforce.com https://*.px-cloud.net https://sdk.iad-01.braze.com https://idsync.rlcdn.com https://*.force.com https://*.crazyegg.com https://d38xvr37kwwhcm.cloudfront.net https://trail.grin.co https://downloads.contentful.com https://cf.adxcel.com https://data.adxcel-ec2.com https://*.8x8.com/ https://*.btttag.com https://www.cloudflare.com/cdn-cgi/trace https://*.krxd.net https://track.securedvisit.com/ https://*.tiktok.com https://business.topbuzz.com https://business-sg.topbuzz.com https://*.tiktokcdn.com https://*.ibytedtos.com https://s0.ipstatp.com bytedance: https://cdn.cookielaw.org https://*.evergage.com https://connect.studentbeans.com/v4/anthropologie/uk https://privacyportal.onetrust.com https://*.urbndata.com https://*.pinterest.com https://*.urbanairship.com https://aswpapius.com/ https://*.bambuser.com https://geolocation.onetrust.com https://aswpsdkus.com/ https://anthropologie.qualtrics.com https://*.truefitcorp.com https://*.clarity.ms https://*.bing.com https://js.stripe.com/ https://js.stripe.com/v3 https://*.google-analytics.com https://*.analytics.google.com https://*.anthropologie.com https://*.rakuten.com https://*.ingest.sentry.io https://*.doubleclick.net https://*.rmtag.com https://*.salesforce-sites.com https://*.stylitics.com https://app.collectivevoice.com https://app.collectivevoiceqa.com;img-src 'self' * data:;frame-ancestors 'self'; 3 default-src 'self';connect-src *;style-src 'self' 'unsafe-inline';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.gstatic.com *.aticdn.net *.nmrodam.com *.imrworldwide.com *.sensic.net *.surveymonkey.com;img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com;media-src * mediastream: blob:;frame-src 'self' localhost:* *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net *.surveymonkey.com mailto: tg: threema: fb-messenger:;frame-ancestors *;worker-src 'self' blob: 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.twitter.com assets.juicer.io cdns.eu1.gigya.com cdn.cookielaw.org cdn.knightlab.com code.jquery.com connect.facebook.net geolocation.onetrust.com munchkin.marketo.net optanon.blob.core.windows.net snap.licdn.com static.ads-twitter.com www.buzzsprout.com *.googletagmanager.com www.google.com www.googleadservices.com www.gstatic.com www.youtube.com *.analytics.google.com *.google-analytics.com *.googleapis.com 505-xng-882.mktoweb.com 636-tke-312.mktoweb.com fonts.googleapis.com info.six-group.com info.finanzmuseum.ch info.ebill.ch accounts.eu1.gigya.com adservice.google.com ad.doubleclick.net cookies-data.onetrust.io graph.facebook.com info-sandbox.six-group.com privacyportal-ch.onetrust.com *.g.doubleclick.net www.juicer.io 505-xng-882.mktoresp.com 636-tke-312.mktoresp.com 505-xng-882.mktoutil.com 636-tke-312.mktoutil.com www.six-structured-products.com *.google.com *.google.ad *.google.at *.google.com.au *.google.be *.google.ca *.google.ch *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.com.hk *.google.ie *.google.im *.google.is *.google.it *.google.co.jp *.google.li *.google.lu *.google.nl *.google.no *.google.pt *.google.se *.google.com.sg *.google.sm *.google.co.uk fonts.gstatic.com data: cdnapisec.kaltura.com googleads.g.doubleclick.net player.vimeo.com share.transistor.fm www.facebook.com www.federli.ch www.youtube-nocookie.com *.fls.doubleclick.net anchor.fm podcasters.spotify.com; img-src https: data:; report-uri /api/six/cspreport; report-to csp-endpoint; 3 default-src 'self'; object-src 'self' *.cdn.datatables.net cdn.datatables.net; connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com; style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com; img-src 'self' data: i.mt.lv i.ytimg.com api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com; frame-src 'self' *.mt.lv youtu.be youtube.com www.youtube.com www.google.com; font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv; frame-ancestors 'self' *.mt.lv; 3 frame-ancestors 'self' http://info.barchart.com 3 frame-ancestors 'none'; default-src * data:; style-src 'self' https://code.jquery.com https://www.lightboxcdn.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; script-src 'self' https://code.jquery.com https://disqus.com https://j.6sc.co https://boards.greenhouse.io https://p.adsymptotic.com https://p.adsymptotic.com https://www.googleadservices.com https://px4.ads.linkedin.com https://c1.rfihub.net https://connect.facebook.net https://lightboxapi.azurewebsites.net https://d.adroll.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://snap.licdn.com https://com-zglobal.netmng.com https://s.adroll.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com cloudflare.com *.cloudflare.com rezync.com *.rezync.com hsforms.net *.hsforms.net lightboxcdn.com *.lightboxcdn.com gstatic.com *.gstatic.com vimeo.com *.vimeo.com hs-scripts.com *.hs-scripts.com google.com *.google.com capterra.com *.capterra.com hscollectedforms.net *.hscollectedforms.net hsadspixel.net *.hsadspixel.net hubspot.com *.hubspot.com hsforms.com *.hsforms.com hs-analytics.net *.hs-analytics.net usemessages.com *.usemessages.com hs-banner.com *.hs-banner.com licdn.com *.licdn.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com cloudflare.com *.cloudflare.com boomtrain.com *.boomtrain.com 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.gstatic.com https://www.chevron.com https://assetscdn.stackla.com https://widget.stackla.com https://*.core.windows.net https://*.mktoresp.com https://munchkin.marketo.net https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googlesapis.com https://www.googletagmanager.com https://apps.sitecore.net https://s.ytimg.com https://www.youtube.com https://cdn.cookielaw.org https://www.google-analytics.com https://*.qualtrics.com https://www.google.com https://www.googleapis.com https://extreme-ip-lookup.com https://secure-ds.serving-sys.com https://*.doubleclick.net https://chevroncorp.gcs-web.com https://vjs.zencdn.net https://adservice.google.com https://bs.serving-sys.com https://fonts.gstatic.com https://static.doubleclick.net https://www.googleadservices.com https://quiz.chevronstemquiz.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://t.co https://*.linkedin.com https://analytics.twitter.com https://www.facebook.com https://optimize.google.com https://178-uxe-734.mktoutil.com https://*.us-east-2.amazonaws.com https://service.force.com https://*.salesforce.com https://*.force.com https://*.salesforceliveagent.com https://code.jquery.com https://img.youtube.com https://www.linkedin.com https://*.adsymptotic.com https://*.doubleclick.net https://www.chevron.com https://fonts.googleapis.com https://cdn.cookielaw.org https://optimize.google.com https://178-uxe-734.mktoresp.com https://script.crazyegg.com https://static.chartbeat.com https://ping.chartbeat.net https://siteimproveanalytics.com https://*.siteimproveanalytics.io https://www.googleoptimize.com https://*.parsely.com https://cdn.linkedin.oribi.io https://*.force.com https://*.my.salesforce-sites.com https://cdn.fonts.net https://analytics.tiktok.com https://i.ytimg.com https://go.chevron.email; upgrade-insecure-requests; block-all-mixed-content; 3 img-src * data:; 3 frame-ancestors 'self' *.lpl.com; 3 default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' script-src: https://ajax.googleapis.com https://analytics.kaltura.com https://api.peer5.com https://bat.bing.com https://cdnapisec.kaltura.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://players.brightcove.net https://s7.addthis.com https://secure.perk0mean.com https://static.cloud.coveo.com https://tag.demandbase.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com object-src: https://fonts.gstatic.com connect-src: *.google-analytics.com *.analytics.google.com img-src: *.google-analytics.com *.analytics.google.com; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.geotab.com *.google.com *.google.ca *.googleapis.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.incontact.com *.salesforce.com *.buzzsprout.com *.visualwebsiteoptimizer.com *.vwo.com *.vidyard.com *.twitter.com *.ads-twitter.com https://www.youtube.com https://script.crazyegg.com https://googleads.g.doubleclick.net https://514004470.collect.igodigital.com/collect.js https://connect.facebook.net https://snap.licdn.com https://cmp.osano.com https://bugcrowd.com https://*.bugcrowdusercontent.com *.linkedin.com blob: https://s.saleswingsapp.com/ https://cdn.c212.net/ https://c212.net https://pixel.mathtag.com/ *.zoominfo.com *.clickagy.com; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.vwo *.typekit.net *.zoominfo.com data:; style-src 'self' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.vwo.com *.typekit.net; img-src * data:; connect-src *; object-src *; frame-src 'self' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.youtube.com *.facebook.com *.salesforce.com *.vwo.com https://home-c19.incontact.com *.doubleclick.net https://www.buzzsprout.com https://attendee.gotowebinar.com https://register.gotowebinar.com *.vidyard.com https://www.youtube.com https://cmp.osano.com https://www.recaptcha.net https://bugcrowd.com *.linkedin.com https://calendly.com/ https://www.youtube-nocookie.com https://pixel.mathtag.com/ *.gartner.com; media-src 'self' *.googleapis.com webtest2.geotab.com; frame-ancestors 'self' *.geotab.com https://geotab.my.salesforce.com; 3 default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com connect.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com bat.bing.com *.googleapis.com nsg.symantec.com analytics.po.st po.st *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.liveclicker.net *.netapp.com *.d41.co *.cxense.com static.ads-twitter.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.simpli.fi *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net media.flixfacts.com *.youtube.com media.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.linkedin.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.adsrvr.org *.dotomi.com blob: *.flixsyndication.net data.g2.com data.g2crowd.com *.adobe.com *.hotjar.io *.eloqua.com *.gstatic.com app.leadsrx.com *.turnto.com *.licdn.com *.hs-scripts.com *.teads.tv *.ispot.tv *.youvisit.com www.vmwarepartnerdemandcenter.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com alb.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.videohub.tv *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.bazaarvoice.com *.needle.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net media.flixcar.com *.easy2.com *.amazonaws.com platform.twitter.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.turnto.com *.syndigo.com *.syndigo.cloud *.scene7.com *.1worldsync.com;img-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.needle.com px.spiceworks.com *.liadm.com *.googleadservices.com *.doubleclick.net *.google-analytics.com bat.bing.com nsg.symantec.com *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.cxense.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net media.flixfacts.com *.youtube.com media.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com platform.twitter.com *.linkedin.com *.tribalfusion.com *.company-target.com www.facebook.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com secure.insightexpressai.com *.bluekai.com k.intellitxt.com *.everesttech.net *.adnxs.com ads.yahoo.com *.amgdgt.com *.bluecore.com *.prod.bidr.io cdn.optimizely.com syndication.twitter.com pe.intentiq.com p.adsymptotic.com *.adsrvr.org um.simpli.fi data: *.dotomi.com *.flixsyndication.net liveintent.com cbssports.com wogo *.adobe.com *.sc.omtrdc.net *.core.windows.net wac.edgecastcdn.net *.licdn.com *.teads.tv *.ispot.tv *.youvisit.com *.syndigo.com *.syndigo.cloud *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.mediaiqdigital.com *.redditstatic.com alb.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeocdn.com *.mintigo.com *.videohub.tv *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net;frame-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com *.hotjar.com *.needle.com *.liadm.com *.doubleclick.net nsg.symantec.com *.cnetcontent.com selectors.cnetcontentsolutions.com *.google.com *.twitter.com *.justuno.com *.liveclicker.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com a.sellpoint.net *.youtube.com media.flixcar.com *.easy2.com www.facebook.com *.rlcdn.com *.cloudfront.net rs.gwallet.com *.liveclicker.com *.cdwemail.com www.emjcd.com *.dotomi.com www.kingston.com *.flixsyndication.net cdw.zuberance.com *.hotjar.io *.eloqua.com *.swcontentsyndication.com www.cisco.com cl.s4.exct.net *.youvisit.com www.vmwarepartnerdemandcenter.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com chromeos-selector-cdw-prod.web.app *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.criteo.com *.criteo.net;font-src 'self' 'unsafe-inline' *.cdw.com *.needle.com *.googleapis.com *.cnetcontent.com *.webcollage.net a.sellpoint.net media.flixfacts.com media.flixcar.com *.easy2.com *.cloudfront.net data: *.flixsyndication.net *.typekit.net *.adobe.com *.gstatic.com *.syndigo.com *.syndigo.cloud *.etilize.com *.1worldsync.com *.spexaccess.net;connect-src 'self' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com bat.bing.com *.googleapis.com nsg.symantec.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.d41.co *.cxense.com vault.pactsafe.io pactsafe.io *.webcollage.net *.googletagmanager.com *.googletagservices.com t.sellpoints.com a.sellpoint.net *.go-mpulse.net platform.twitter.com *.company-target.com www.facebook.com *.cdnwidget.com *.cloudfront.net *.bluecore.com p.adsymptotic.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com data.g2crowd.com *.adobe.com *.hotjar.io app.leadsrx.com *.turnto.com *.teads.tv *.ispot.tv *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.scene7.com api.addressy.com *.etilize.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm p11.techlab-cdn.com;object-src 'self' a.sellpoint.net *.scene7.com;media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net media.flixfacts.com *.youtube.com blob: *.flixsyndication.net *.youvisit.com *.syndigo.com *.syndigo.cloud *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net;worker-src 'self' *.needle.com *.cloudfront.net blob:; 3 frame-ancestors https://*.upwave.com 3 frame-ancestors 'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com *.sas.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yxt.com *.soboten.com *.sobot.com *.baidu.com *.bcebos.com *.tankeai.com *.captcha.qq.com captcha.gtimg.com *.sohu.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' penguin.co.uk *.penguin.co.uk cdnjs.cloudflare.com cdn-ukwest.onetrust.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net *.tiktok.com www.dwin2.com *.riddle.com *.hotjar.com *.hotjar.io *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupl.tt.omtrdc.net *.youtube.com *.soundcloud.com *.tiktok.com *.tiktokcdn-us.com *.ttwstatic.com; object-src 'self'; worker-src blob 'self'; 3 frame-ancestors 'self' *.1und1.de *.1und1.com profiseller.de *.profiseller.de *.1and1.com dsl.gmx.de dsl.web.de 1und1-premiumpartner.de *.1und1-premiumpartner.de 1und1-partner.de *.1und1-partner.de 1und1-mm.de *.1und1-mm.de 1und1-hostingpartner.de *.1und1-hostingpartner.de 1und1-freenet.de *.1und1-freenet.de *.mouseflow.com; 3 frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/ 3 frame-ancestors 'self' https://*.vfc.coremedia.cloud https://digital.vfc.com; child-src * blob:; worker-src * blob:; img-src * *.contentsquare.net blob: data:; connect-src * *.contentsquare.net blob:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: t.contentsquare.net contentsquare.com blob: 3 script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.litix.io embedwistia-a.akamaihd.net/ https://*.marketo.net https://*.salesforceliveagent.com https://*.wistia.com https://1.tl813.com https://a.adroll.com/ https://a.sfdcstatic.com https://analytics.twitter.com https://apis.google.com https://app-sj15.marketo.com https://autocomplete.demandbase.com https://cdn.cookielaw.org/consent/4a3b4a16-9af0-4726-976d-39737fb16905.js https://checkout.stripe.com https://connect.facebook.net https://connectors.tableau.com https://d.adroll.com/ https://d.adroll.mgr.consensu.org https://demdex.com https://dpm.demdex.net https://fast.wistia.com https://fast.wistia.net/ https://geolocation.onetrust.com https://googleads.g.doubleclick.net/ https://js.adsrvr.org/ https://m.addthis.com https://m.addthisedge.com https://omtr2.partners.salesforce.com https://org62.my.salesforce.com https://platform.twitter.com https://play.vidyard.com https://px.ads.linkedin.com/ https://quip-cdn.com https://quip-marketing.com https://s.adroll.com/ https://s.ytimg.com https://s7.addthis.com https://scripts.demandbase.com https://sdk.snapkit.com https://secure2.sfdcstatic.com https://sjs.bizographics.com https://snap.licdn.com/ https://src.litix.io https://ssl.google-analytics.com https://static.ads-twitter.com https://static.lightning.force.com https://store.salesforce.com https://t.sf14g.com https://tag.demandbase.com/shared/forms.min.js https://tagmanager.google.com https://tracking.g2crowd.com https://vidassets.terminus.services https://wistia.com https://www-onepick-opensocial.googleusercontent.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com/csp/dtag https://www.youtube.com; frame-ancestors https://www.quip-resource-center.com http://www.quip-resource-center.com; report-uri /csp-report 3 base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io;style-src 'self' 'unsafe-inline';worker-src 'self'; 3 object-src 'none'; connect-src 'self' https://securepubads.g.doubleclick.net https://www.google-analytics.com https://hbopenbid.pubmatic.com https://pagead2.googlesyndication.com *.pubmatic.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' *.googlesyndication.com *.safeframe.googlesyndication.com https://ads.pubmatic.com https://www.google.com; worker-src 'none';manifest-src 'self'; 3 font-src 'self' tls.freenet.de https://fonts.gstatic.com oauth.freenet.de; img-src * data:; frame-ancestors 'self'; object-src 'self'; base-uri 'none'; 3 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; form-action https:; frame-ancestors tweakers.net *.tweakers.net; report-uri https://dpgtech.report-uri.com/r/t/csp/enforce 3 frame-ancestors 'self' *.infor.com *.Inforcloudsuite.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 3 default-src 'self' *.sensortower.com *.sentry.io *.sensortower-china.com *.facebook.com; connect-src 'self' *.netlify.app *.lever.co *.sensortower.com *.sentry.io *.sensortower-china.com *.doubleclick.net *.adroll.com *.google-analytics.com cdn.cookielaw.org *.mktoutil.com *.mktoresp.com *.salesloft.com *.pubmatic.com *.advertising.com *.taboola.com *.3lift.com *.clickagy.com *.zoominfo.com *.osano.com; base-uri 'none'; form-action *.facebook.com connect.facebook.net ; frame-ancestors 'none'; img-src * data:; media-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' *.sensortower.com *.sentry.io *.sensortower-china.com *.zoominfo.com *.google-analytics.com *.facebook.net *.bizible.com *.licdn.com *.cookielaw.org *.googletagmanager.com *.marketo.net *.salesloft.com *.adroll.com *.vidyard.com *.clickagy.com *.osano.com; style-src 'self' 'unsafe-inline' *.sensortower.com *.sentry.io *.sensortower-china.com fonts.googleapis.com; font-src 'self' *.sensortower.com *.sentry.io *.sensortower-china.com fonts.gstatic.com data:; prefetch-src 'self' *.sensortower.com *.sensortower-china.com *.vidyard.com; frame-src 'self' *.sensortower.com *.sensortower-china.com *.vidyard.com; 3 frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu ; 3 default-src 'self' *.fitchratings.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.google.com *.google.co.uk *.twitter.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com fitchconnect.piwikpro.com fitchconnect.piwik.pro cdn.polyfill.io *.brightcove.net *.brightcove.com munchkin.marketo.net your.fitchratings.com *.evidon.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbitscripts.com *.clearbit.com *.idio.co chart-studio.plotly.com public.flourish.studio app.fitchconnect-stg.com app.fitchconnect.com *.fitch.group *.hotjar.com vjs.zencdn.net *.mktorest.com *.clearbitjs.com *.ads-twitter.com; style-src 'self' 'unsafe-inline' blob: your.fitchratings.com fonts.googleapis.com *.fitch.group *.hotjar.com; connect-src 'self' blob: *.fitchratings.com notify.bugsnag.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.funnelenvy.com *.google.com *.google.co.uk *.twitter.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com fonts.googleapis.com *.piwikpro.com *.piwik.pro snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mktorest.com *.clearbit.com; prefetch-src 'self' *.funnelenvy.com 732-ckh-767.mktoresp.com *.boltdns.com *.betrad.com *.idio.co ga.clearbit.com house-fastly-signed-us-east-1-prod.brightcovecdn.com *.evidon.com fitchconnect.piwikpro.com fitchconnect.piwik.pro munchkin.marketo.net snap.licdn.com script.crazyegg.com *.google.com *.google.co.uk *.twitter.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.brightcove.com *.mktorest.com; img-src 'self' blob: *.fitchratings.com data: *.evidon.com *.googletagmanager.com trk.funnelenvy.com images.ctfassets.net *.boltdns.net metrics.brightcove.com www.google-analytics.com stats.g.doubleclick.net l.betrad.com fitchconnect.piwikpro.com fitchconnect.piwik.pro *.linkedin.com p.adsymptotic.com *.idio.co *.fitch.group *.openstreetmap.org *.fitchratings.com httpsak-a.akamaihd.net *.hotjar.com *.google-analytics.com *.analytics.google.com; font-src 'self' data: *.fitchratings.com fonts.gstatic.com *.hotjar.com; frame-src 'self' *.fitchratings.com *.evidon.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group flo.uri.sh plotly.com chart-studio.plotly.com fitchgroup.eu.qualtrics.com indd.adobe.com *.hotjar.com; worker-src 'self' blob:; child-src 'self' blob:; media-src 'self' blob: *.fitchratings.com *.brightcove.com videos.ctfassets.net *.akamaihd.net manifest.prod.boltdns.net; object-src 'none' 3 default-src * 'unsafe-eval' 'unsafe-inline' data:; 3 default-src 'self' *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; prefetch-src 'self' *.boltdns.net *.googleapis.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; media-src blob: 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.qualtrics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zuora.com tags.tiqcdn.com *.vergic.com *.brightcove.net *.brightcove.com blob: vjs.zencdn.net d2qrdklrsxowl2.cloudfront.net www.googletagmanager.com connect.facebook.net static.ads-twitter.com *.twitter.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.gstatic.com *.ceros.com *.turtl.co trustspot.io cdn.jsdelivr.net my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com adservice.google.com www.googletagservices.com *.qualtrics.com *.service.force.com c.paypal.com *.doublethedonation.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.turtl.co trustspot.io s3.amazonaws.com my.tealiumiq.com *.my.tealiumiq.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; img-src 'self' data: images.ctfassets.net aicpa.sc.omtrdc.net media.aicpa.org *.rackcdn.com cm.everesttech.net dpm.demdex.net content.psplugin.com *.brightcove.com *.boltdns.net players.brightcove.net static.ads-twitter.com t.co www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.google.co.uk *.facebook.com trustspot.io * c.paypal.com b.stats.paypal.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; font-src 'self' data: fonts.gstatic.com d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.vergic.com content.psplugin.com s3.amazonaws.com trustspot.io d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; connect-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com https://us.aicpa.org/bin/aicpaorg/uca?command=logout assets.ctfassets.net downloads.ctfassets.net sentry.io app.getsentry.org app.getsentry.com dpm.demdex.net aicpa.demdex.net collect.tealiumiq.com aicpa.sc.omtrdc.net players.brightcove.net *.brightcove.com *.hapyak.com *.boltdns.net *.brightcovecdn.com *.akamaihd.net *.akafms.net *.vergic.com *.facebook.com *.google.com trustspot.io my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com *.qualtrics.com sit.test-aicpa.org d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com apisandbox.zuora-cima.dev.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.com api.zuora-cima.securedataplatform.com api.zuora-cima.securedataplatform.co.uk zuora-cima.securedataplatform.com sandbox.na.zuora-cima.uat.securedataplatform.co.uk sandbox.na.zuora-cima.uat.securedataplatform.com na.zuora-cima.securedataplatform.co.uk na.zuora-cima.securedataplatform.com sandbox.na.zuora.com *.aicpa-cima.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com www.facebook.com m.facebook.com html5-player.libsyn.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net vjs.zencdn.net *.podomatic.com podomatic.com *.youtube.com apisandbox.zuora.com aicpa.demdex.net www.zuora.com bid.g.doubleclick.net *.ceros.com *.google.com my.tealiumiq.com *.my.tealiumiq.com *.safeframe.googlesyndication.com tpc.googlesyndication.com *.qualtrics.com *.zuora.com c.paypal.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-ancestors 'self' *.aicpa.org *.cgma.org; manifest-src 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://sentry.io/api/3382497/security/?sentry_key=9aee855e0ce84a1db4b69530c6b45163@sentry.io/3382497 3 frame-ancestors https://app.experiencewelcome.com/ https://test-panther.pantheonsite.io/; 3 frame-src *; frame-ancestors 'self' https://*.eventscloud.com; 3 frame-ancestors 'self' 3 script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 3 default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://*.contentful.com 'self' 3 default-src 'self' data: 'unsafe-inline'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.cloudflareinsights.com; media-src *; img-src 'self' data: www.facebook.com *.tawk.to *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com *.google.co.in *.s3.eu-west-2.amazonaws.com *.g.doubleclick.net www.trustlogo.com *.paypal.com *.paypalobjects.com *.cloudflareinsights.com content:; script-src 'self' 'unsafe-inline' data: *.paypal.com *.paypalobjects.com js.stripe.com widget.trustpilot.com *.tawk.to *.googletagmanager.com *.cloudflareinsights.com; frame-src 'self' data: widget.trustpilot.com *.cloudflareinsights.com www.sandbox.paypal.com *.paypal.com *.paypalobjects.com js.stripe.com *.tawk.to; connect-src 'self' data: *.cloudflareinsights.com www.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.tawk.to wss://*.tawk.to *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net; script-src-elem 'self' data: connect.facebook.net *.paypal.com *.paypalobjects.com js.stripe.com widget.trustpilot.com *.tawk.to cdn.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.cloudflareinsights.com www.trustlogo.com 'unsafe-inline'; font-src 'self' data: *.tawk.to *.cloudflareinsights.com fonts.gstatic.com/; 3 frame-ancestors 'self' *.eur.nl 3 frame-ancestors 'self' https://*.al-array.com/ 3 default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 3 frame-ancestors 'self' *.trekbikes.com 3 frame-ancestors https://*.sutterhealth.org 3 default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 3 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 3 frame-ancestors 'self' *.shift4shop.com *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 3 frame-ancestors 'self' https://epr.onepath.com.au https://eprotectpriv.service.anz https://eprotect.service.anz https://eprotectauth.service.anz https://eprotect https://epr.anz.com; 3 frame-ancestors www.red-gate.com; 3 frame-ancestors * ; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3 frame-ancestors 'none' script-src 'self' discoveryeducation.com *.discoveryeducation.com 3 default-src https: *.crazyegg.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob *.crazyegg.com; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss: *.crazyegg.com; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ https://dialpad.allbound.com/ 3 frame-ancestors self https://*.chaosgroup.com https://*.chaos.com https://secure.avangate.com https://secure.2checkout.com 3 worker-src 'self' blob: *.vix.tv *.vix.com; frame-ancestors SAMEORIGIN; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kfw.de *.kfw-ipex-bank.de *.kfw-entwicklungsbank.de www.energie-effizienz-experten.de *.deginvest.de *.youborafds01.com *.edge-cdn.net *.akamaized.net *.youboranqs01.com android-webview-video-poster *.mapbox.com *.bitmovin.com *.wt-safetag.com *.analytics.edgekey.net a-fds.youborafds01.com kfw-chatapp-live.x21wxzihtdv.eu-de.codeengine.appdomain.cloud fbc.wcfbc.net *.keyingress.de *.usercentrics.eu *.video-cdn.net responder.wt-safetag.com js.api.here.com *.hereapi.com *.mateti.net ajax.googleapis.com *.googleadservices.com *.googletagmanager.com *.analytics.yahoo.com *.ad.doubleclick.net *.yimg.com *.adform.net data: blob:; 3 frame-ancestors https://*.ti.com https://*.ti.com.cn https://*.tij.co.jp; 3 default-src 'self'; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com *.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com www.googletagmanager.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com https://optimize.google.com optimize.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 3 frame-ancestors 'self' *.mastercard.com *.cardinalcommerce.com *.adyen.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' http://cdn.appdynamics.com http://sin-col.eum-appdynamics.com sin-col.eum-appdynamics.com cdn.appdynamics.com *.mastercard.com *.cardinalcommerce.com *.adyen.com dbs-widgets.factsetdigitalsolutions.com dbs-api.factsetdigitalsolutions.com *.agoda.net *.travelapi.com api.emmprd.asia.manulife.com ap-gateway.mastercard.com adservice.google.com.sg www.prv.dbs.com.sg adservice.google.com.tw *.safeframe.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com www.google.com.tw csi.gstatic.com pagead2.googlesyndication.com securepubads.g.doubleclick.net www.googletagmanager.com tagmanager.google.com fonts.googleapis.com ssl.gstatic.com https://go.dbs.com www.gstatic.com fonts.gstatic.com www.google-analytics.com analytics.google.com ssl.google-analytics.com www.googleadservices.com www.google.com googleads.g.doubleclick.net bid.g.doubleclick.net securepubads.g.doubleclick.net http://q-xx.bstatic.com http://dom.jtb.co.jp secure.worldpay.com centinelapi.cardinalcommerce.com images.krisshop.com http://pix6.agoda.net maps.gstatic.com *.googleapis.com *.ggpht.com edge.prod-ext.api.manulife.com cm.g.doubleclick.net fcmatch.google.com fcmatch.youtube.com www.trinaxmind.com api-us.faceplusplus.com cdn.glassboxcdn.com report.gbpilot.glassboxdigital.io report.dbs.glassboxdigital.io s.ytimg.com idealanalyticsapi.dbs.com vc.hotjar.io dbs.com.sg https://qmslivechat.dbs.com www.orangeteeproperties.com storage.googleapis.com v1.addthisedge.com v1.addthis.com ampcid.google.com adservice.google.com ad.doubleclick.net ampcid.google.com.sg amp-error-reporting.appspot.com cdn.ampproject.org ssl.gstatic.com i.travelapi.com http://www.tripadvisor.com marketplace.dbs.com.sg marketplace-pilot.dbs.com.sg avp.blob.core.windows.net marketplace-pilot.dbs.com in.hotjar.com prod2-content-care-community-cdn.sprinklr.com script.hotjar.com vars.hotjar.com http://www.outbrain.com static.hotjar.com pixel.tapad.com res.cloudinary.com sc4.omniture.com authorize.omniture.com authorize.omniture.com sitecatalyst.omniture.com marketplace.dbs.com tagmanager.google.com wss://chatbanking.dbs.com gllt.morningstar.com img.tepcdn.com wss://qmslivechat.dbs.com platform-lookaside.fbsbx.com http://chart.googleapis.com http://tags.crwdcntrl.net http://bs.serving-sys.com cdn.jsdelivr.net http://www.dbs.com.sg prod2-content.sprinklr.com prod2-care-community-cdn.sprinklr.com *.akstat.io directline.botframework.com www.dbs.com.sg qmslivechat.dbs.com cdnjs.cloudflare.com www.gstatic.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.google.com certify.alexametrics.com www.dbs.com.sg www.youtube.com www.linkedin.com www.google.com.sg bcp.crwdcntrl.net www.dbs.com www.googleapis.com ajax.googleapis.com maps.gstatic.com fonts.googleapis.com property.atomic-marketplace.com www.facebook.com dc.ads.linkedin.com chatbanking.dbs.com bat.bing.com tr.outbrain.com snap.licdn.com chart.googleapis.com assets.adobedtm.com dbs.tt.omtrdc.net somniture.dbs.com.sg dpm.demdex.net dbs.demdex.net www.posb.com.sg farm-sg.plista.com amplifypixel.outbrain.com js.adsrvr.org s.go-mpulse.net c.go-mpulse.net maxcdn.bootstrapcdn.com sjs.bizographics.com tags.crwdcntrl.net code.jquery.com tpt.mysocialpixel.com www.dbs.com.sg use.fontawesome.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net px.ads.linkedin.com bs.serving-sys.com secure-ds.serving-sys.com ssl.google-analytics.com connect.facebook.net chatbanking-uat.dbs.com qmslivechat.dbs.com i.ytimg.com scrbizim.xyz insight.adsrvr.org www.google.co.in cx.atdmt.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net secure.marketinghub.hp.com m.addthisedge.com m.addthis.com s7.addthis.com graph.facebook.com api-public.addthis.com atomic-marketplace.com i.i-sgcm.com s3-ap-southeast-1.amazonaws.com by.essl.optimost.com secure.marketinghub.opentext.com chatbanking-sit.dbs.com stats.g.doubleclick.net maps.googleapis.com amplify.outbrain.com fonts.gstatic.com prod2-sprcdn-assets.sprinklr.com prod2-sprcdn.sprinklr.com lookaside.facebook.com www.sprinklr.com api-01.ubx.ibmmarketingcloud.com s7.addthis.com dbs.demdex.net platform.twitter.com d31qbv1cthcecs.cloudfront.net bid.g.doubleclick.net cdn-akamai.mookie1.com tags.tiqcdn.com wss://directline.botframework.com directline.com *.akamaihd.net *.fls.doubleclick.net wss://directline.botframework.com directline.botframework.com directline.com blob: data:; style-src 'self' 'unsafe-inline' tagmanager.google.com prod2-care-community-cdn.sprinklr.com chatbanking.dbs.com qmslivechat.dbs.com wss://directline.botframework.com fonts.googleapis.com graph.facebook.com maxcdn.bootstrapcdn.com directline.botframework.com www.dbs.com.sg directline.com chatbanking.dbs.com; 3 frame-ancestors secure.livechatinc.com www.youtube.com www.google.com widget.clym-sdk.net 'self'; frame-src analytics.clickdimensions.com *.doubleclick.net *.dynamics.com secure.livechatinc.com www.youtube.com www.google.com widget.clym-sdk.net 'self'; 3 frame-ancestors 'self', upgrade-insecure-requests 3 frame-ancestors 'self' https://www.entrust.com; default-src https: data: wss://*.hotjar.com; script-src 'unsafe-eval' 'self' https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:;media-src https: data: blob: mediastream:; child-src https: blob:; worker-src blob:; connect-src https: 3 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleanalytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://googletagmanager.com https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://*.clarity.ms https://c.bing.com https://bat.bing.com https://r.bing.com www.facebook.com connect.facebook.net https://*.hotjar.com https://js.driftt.com https://widget.drift.com https://tracking.g2crowd.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://amplify.outbrain.com/ https://tr.outbrain.com/ https://assets.quantcount.com https://rules.quantcount.com https://pixel.quantserve.com https://secure.quantserve.com https://www.redditstatic.com/ https://static.ads-twitter.com https://ybug.io https://widget.ybug.io https://secure.gravatar.com https://use.fontawesome.com https://kit.fontawesome.com https://assets.calendly.com https://calendly.com https://*.mouseflow.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com https://www.youtube.com https://m.youtube.com https://www.gstatic.com plausible.io https://*.marketo.com https://munchkin.marketo.net https://info.jazzhr.com https://app.jazz.co/ data:; img-src 'self' www.jazzhr.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.bing.com *.microsoft.com *.clarity.ms www.facebook.com *.hotjar.com *.g2crowd.com *.linkedin.com *.licdn.com p.adsymptotic.com app.jazz.co https://tr.outbrain.com *.quantserve.com *.quantcount.com https://alb.reddit.com t.co analytics.twitter.com *.gravatar.com assets.calendly.com *.mouseflow.com ybug.io *.vimeocdn.com *.vimeo.com *.ytimg.com *.youtube.com app-sj22.marketo.com blob: data:; style-src 'self' 'unsafe-inline' info.jazzhr.com www.googletagmanager.com https://fonts.googleapis.com *.google.com *.bing.com *.hotjar.com *.licdn.com content.quantcount.com secure.gravatar.com https://maxcdn.bootstrapcdn.com *.fontawesome.com *.marketo.com *.marketo.net https://assets.calendly.com https://calendly.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com *.fontawesome.com *.hotjar.com *.mouseflow.com data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net analytics.google.com www.googletagmanager.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.linkedin.oribi.io *.clarity.ms *.bing.com wss://*.bing.com www.facebook.com *.drift.com wss://*.drift.com *.linkedin.com *.licdn.com vast.quantserve.com *.gravatar.com *.fontawesome.com plausible.io *.mktoresp.com 599-ytr-991.marketo.com 599-ytr-991.mktoutil.com ybug.io *.mouseflow.com ws.zoominfo.com vimeo.com about:; object-src *.googlesyndication.com; frame-src 'self' info.jazzhr.com www.googletagmanager.com *.google.com *.doubleclick.net *.googlesyndication.com *.hotjar.com sdx.microsoft.com www.facebook.com js.driftt.com widget.drift.com www.linkedin.com app-ab10.marketo.com app-sj22.marketo.com 599-ytr-991.marketo.com assets.quantcount.com calendly.com *.mouseflow.com *.vimeo.com vimeo.com *.youtube.com *.youtube-nocookie.com; child-src *.google.com *.doubleclick.net *.googlesyndication.com *.vimeo.com vimeo.com www.youtube.com blob:; media-src 'self' dai.google.com js.driftt.com widget.driftt.com media.licdn.com *.vimeo.com vimeo.com; worker-src www.google.com blob:; frame-ancestors 'none'; base-uri 'self'; 3 frame-ancestors 'self' http://webvisor.com https://docs.ispsystem.ru https://docs.ispsystem.com https://www.ispmanager.com 3 upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://cdn.euc-freshbots.ai https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' https://cdn.euc-freshbots.ai https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://libraries.hund.io/ https://app.vwo.com/ https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' https://cdn.euc-freshbots.ai https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://libraries.hund.io/ https://heatmap.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://dev.visualwebsiteoptimizer.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl https://app.vwo.com/ https://secure.livechatinc.com/ https://form.typeform.com/ https://awps01.argewebhosting.nl https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.argeweb.nl argeweb.netwerkstatus.nl https://rts-euc.freshworksapi.com wss://rts-euc.freshworksapi.com https://www.euc-freshbots.ai https://cdn.euc-freshbots.ai https://monitor.clickcease.com/ https://api.livechatinc.com/ https://ws9.hotjar.com/ wss://ws9.hotjar.com/ https://ws8.hotjar.com/ wss://ws8.hotjar.com/ https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com; form-action https:; frame-ancestors 'self'; report-uri /debug/csp; 3 default-src 'none'; manifest-src 'self'; base-uri 'self'; form-action 'self' * https://jisc.msgfocus.com https://emails.jisc.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ux.digitalresources.jisc.ac.uk https://cdn.wootric.com https://www.jisc.ac.uk/sites/all/modules/custom/jisc_general/ckeditor/ckeditor_config.js?t=rec1bd https://www.jisc.ac.uk/sites/all/modules/custom/jisc_general/ckeditor/ckeditor_config.js https://live.matomo.jisc.ac.uk https://code.jquery.com https://www.youtube.com https://map.eduroam.uk https://www.bing.com https://cdn-eu.dynamicyield.com https://st-eu.dynamicyield.com https://www.gstatic.com https://embed.doorbell.io https://www.google-analytics.com https://ajax.googleapis.com http://static.hotjar.com https://static.hotjar.com/ https://script.hotjar.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com; connect-src 'self' https://ux.digitalresources.jisc.ac.uk https://adm.dynamicyield.eu https://cdn-eu.dynamicyield.com https://eligibility.wootric.com https://wootric-eligibility.herokuapp.com https://jisc.msgfocus.com/ https://live.matomo.jisc.ac.uk https://async-px-eu.dynamicyield.com https://doorbell.io https://www.google-analytics.com https://c9k2dloukg.execute-api.eu-west-1.amazonaws.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://ux.digitalresources.jisc.ac.uk cdn-eu.dynamicyield.com st-eu.dynamicyield.com rcom-eu.dynamicyield.com https://maxcdn.bootstrapcdn.com https://cdn-eu.dynamicyield.com https://embed.doorbell.io https://fonts.googleapis.com; img-src 'self' data: https://ux.digitalresources.jisc.ac.uk https://i.ytimg.com https://live.matomo.jisc.ac.uk https://www.jisc.ac.uk/ https://www.google-analytics.com www.googletagmanager.com https://script.hotjar.com http://script.hotjar.com; font-src 'self' https://ux.digitalresources.jisc.ac.uk https://maxcdn.bootstrapcdn.com https://cdn-eu.dynamicyield.com https://fonts.static.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; frame-src 'self' https://w.soundcloud.com https://soundcloud.com https://www.slideshare.net https://www.youtube.com https://player.vimeo.com https://maps.google.co.uk https://www.youtube-nocookie.com/ https://www.google.com https://newassets.hcaptcha.com https://vars.hotjar.com https://jisc.msgfocus.com https://www.jisc.ac.uk;frame-ancestors 'self' https://www.jisc.ac.uk; media-src *; 3 frame-ancestors 'self' https://app.experiencewelcome.com/ 3 frame-ancestors 'self' *.winfuture.de; 3 default-src 'self' ; script-src 'self' 'unsafe-inline' * 'unsafe-eval' * data: blob:; object-src 'self' 'unsafe-inline' * 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 'unsafe-eval' *; img-src 'self' 'unsafe-inline' * 'unsafe-eval' * data: blob:; media-src 'self' 'unsafe-inline' * 'unsafe-eval' * data: blob:; child-src 'self' 'unsafe-inline' * 'unsafe-eval' * data: * blob: *; font-src 'self' 'unsafe-inline' * 'unsafe-eval' * data: *; connect-src 'self' 'unsafe-inline' * 'unsafe-eval' *; report-uri /report-csp-violation 3 frame-ancestors 'none'; report-uri https://prod-bk-us-csp-service.rbictg.com/csp; report-to csp-endpoint 3 base-uri 'self'; default-src wss: ws-eu.pusher.com scatec.io *.tradetracker.net leadbooster-chat.pipedrive.com tradetracker.com *.tradetracker.com 'self' blob: data: *.googleapis.com tt-wp-corporate-site.s3.amazonaws.com *.gstatic.com *.google-analytics.com *.vimeo.com vimeo.com *.doubleclick.net doubleclick.net stats.g.doubleclick.net vod-progressive.akamaized.net; frame-src *.googletagmanager.com tradetracker.com *.tradetracker.com 'self' blob: i.vimeocdn.com f.vimeocdn.com vimeo.com fresnel.vimeocdn.com player.vimeo.com; img-src *.googletagmanager.com cdn.tradetracker.net i.vimeocdn.com tt-wp-corporate-site.s3.amazonaws.com tr.lfeeder.com scatec.io tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' blob: data: res.cloudinary.com *.facebook.com *.google-analytics.com *.doubleclick.net maps.gstatic.com *.ggpht *.googleapis.com *.hotjar.com *.hotjar.io *.licdn.com *.fbsbx.com *.google.com *.google.nl *.google.ae *.google.com.ag *.google.pl *.google.ru *.google.se *.google.ca *.google.com.au *.google.co.nz *.google.com.ua *.google.es *.google.co.uk *.google.com.br *.google.it *.google.co.in *.google.hu *.google.no *.google.com.mx *.google.be *.google.de *.google.fr *.google.fi *.google.dk *.google.at *.googleusercontent.com *.fbcdn.net *.cdninstagram.com assets.tradetracker.com; script-src 'unsafe-eval' tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' 'unsafe-inline' blob: *.googletagmanager.com *.google-analytics.com cdn.auth0.com cdn.jsdelivr.net cdnjs.cloudflare.com *.hotjar.com *.hotjar.io *.youtube.com/iframe_api *.vimeo.com vimeo.com *.ytimg.com maps.googleapis.com scatec.io sc.lfeeder.com code.jquery.com *.tradetracker.net *.tradetracker.com; style-src *.rocketcdn.me tradetracker.com *.tradetracker.com 'self' blob: 'unsafe-inline' *.googleapis.com *.hotjar.com *.hotjar.io data:; object-src tradetracker.com *.tradetracker.com; script-src-elem js.pusher.com maps.googleapis.com scatec.io tradetracker.com *.tradetracker.com *.jquery.com *.google-analytics.com *.googletagmanager.com sc.lfeeder.com leadbooster-chat.pipedrive.com 'unsafe-inline'; 3 frame-ancestors *.reviews.co.uk *.reviews.io 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.instagram.com *.facebook.net *.twimg.com; frame-ancestors file: cdvfile: 'self'; 3 frame-ancestors 'self' *.bloomreach.cloud 3 default-src 'self' https://dpm.demdex.net *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.fontawesome.com *.doubleclick.net *.castlighthealth.com *.mapbox.com https://*.google-analytics.com *.foresee.com cdc.112.2o7.net https://*.googletagmanager.com; child-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.google.com https://cdc.demdex.net blob:; object-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov; img-src 'self' https://dpm.demdex.net/ https://cm.everesttech.net/ *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov cdc.112.2o7.net *.google-analytics.com *.gstatic.com https://*.googletagmanager.com data:; style-src 'self' *.cdc.gov vaccines.gov vacunas.gov *.mapbox.com *.fontawesome.com 'unsafe-inline'; script-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.castlighthealth.com *.google-analytics.com *.adobe.com *.gstatic.com *.googletagmanager.com *.google.com 'unsafe-inline' 'unsafe-eval'; worker-src blob:; frame-ancestors *.cdc.gov 3 frame-ancestors 'self' path.absolute.com www.path.absolute.com 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 3 default-src 'none'; base-uri 'none'; frame-src checkout.stripe.com *.google.com; frame-ancestors 'none'; style-src *.scryfall.com scryfall.com; script-src *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com checkout.stripe.com 'unsafe-eval'; img-src *.scryfall.io *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.stripe.com data:; font-src *.scryfall.com scryfall.com; manifest-src *.scryfall.com scryfall.com; connect-src api.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com checkout.stripe.com; block-all-mixed-content; 3 frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn https://icp.renesas.com http://icp.renesas.com https://icp.renesas.cn http://icp.renesas.cn 3 frame-ancestors https://*.descartes.com https://*.folloze.com; report-uri /report-csp-violation 3 default-src data: https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; report-uri /_csp; report-to default 3 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' android-webview-video-poster: *.sky.com *.bskyb.com *.skyassets.com *.lpsnmedia.net *.liveperson.net *.doubleclick.net analytics.twitter.com assets.adobedtm.com bat.bing.com cdn3.nowinteract.com *.clicktale.net *.tvsquared.com connect.facebook.net *.googlesyndication.com secure.quantserve.com *.qualtrics.com smct.co track.uniqodo.com www.dwin1.com www.google-analytics.com www.googletagmanager.com static.ads-twitter.com staging-liveperson-dtm.herokuapp.com cdn.tt.omtrdc.net *.demdex.net ssl.google-analytics.com britishskybroadcasti.tt.omtrdc.net platform.twitter.com s0.2mdn.net www.zenaps.com *.google.com *.google.co.uk *.google.ie data1.ablapol.com www.facebook.com *.optimizely.com cdn.spatialbuzz.com cdn.privacy-mgmt.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com www.gstatic.com cdnjs.cloudflare.com rules.quantcount.com t.contentsquare.net contentsquare.com app.contentsquare.com cdn-assets-prod.s3.amazonaws.com sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com dmp.vfwmrm.net match.adsrvr.org tr.snapchat.com secure.adnxs.com www.uqd.io *.yimg.com yahoo.com smct.co js.smct.co smct.io js.smct.io js-cdn.dynatrace.com unpkg.com maps.googleapis.com cdn.co-buying.com *.yext-pixel.com aax-eu.amazon-adsystem.com *.stripe.com answers2-embed.sky.com.pagescdn.com assets.sitescdn.net content.zeotap.com api.taggstar.com *.taggstar.com cdn.taggstar.com qa.taggstar.com *.awin1.com the.sciencebehindecommerce.com edge.adobedc.net; style-src 'self' 'unsafe-inline' *.sky.com *.skyassets.com s0.2mdn.net www.gstatic.com *.liveperson.net www.facebook.com *.doubleclick.net assets.adobedtm.com www.google-analytics.com *.lpsnmedia.net *.clicktale.net *.contentsquare.net *.googlesyndication.com sky.lucidcx.com fonts.googleapis.com assets.sitescdn.net; font-src 'self' data: *.sky.com fonts.gstatic.com *.skyassets.com use.typekit.net *.google.com *.google.co.uk *.google.ie sky.lucidcx.com tr.snapchat.com www.pinterest.com fonts.smct.co fonts.smct.io fonts.gstatic.com; img-src 'self' data: android-webview-video-poster: *.sky.com *.doubleclick.net *.skyassets.com bat.bing.com *.clicktale.net *.optimizely.com *.tvsquared.com *.demdex.net *.online-metrix.net *.qualtrics.com t.co tracking.audio.thisisdax.com www.facebook.com www.google-analytics.com *.google.com *.google.co.uk *.google.ie *.atdmt.com *.cloudfront.net live.staticflickr.com tags.w55c.net www.googletagmanager.com *.contentstack.io *.lpsnmedia.net s0.2mdn.net www.zenaps.com connect.facebook.net engagement.uniqodo.com *.liveperson.net www.gstatic.com www.awin1.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com cdn.privacy-mgmt.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com uniqodo.s3-eu-west-1.amazonaws.com production-image-placeholder.herokuapp.com pixel.quantserve.com *.sky 8th.io sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com tr.snapchat.com www.pinterest.com secure.adnxs.com events.smct.co *.yahoo.com *.gumgum.com smct.co cdn.smct.co smct.io cdn.smct.io px.smct.co px.smct.io ep.smct.co ep.smct.io maps.gstatic.com maps.googleapis.com a.mktgcdn.com *.yext-pixel.com aax-eu.amazon-adsystem.com; connect-src 'self' blob: android-webview-video-poster: *.sky.com wss://*.sky.com *.skyassets.com *.bskyb.com api.amplitude.com bat.bing.com *.bf.dynatrace.com britishskybroadcasti.tt.omtrdc.net *.clicktale.net *.optimizely.com cdn.privacy-mgmt.com *.demdex.net *.doubleclick.net *.assistant.watson.appdomain.cloud *.qualtrics.com vip.timezonedb.com www.google-analytics.com api.amplitude.com *.akstat.io api.iperceptions.com www.facebook.com www.zenaps.com *.google.com *.google.co.uk *.google.ie s0.2mdn.net *.contentstack.io help-search-api-stage.herokuapp.com wss://*.liveperson.net *.lpsnmedia.net cdn.spatialbuzz.com prod-my-photo-api.herokuapp.com track.uniqodo.com connect.facebook.net engagement.uniqodo.com www.gstatic.com *.liveperson.net assets.adobedtm.com *.tvsquared.com *.googlesyndication.com www.googletagmanager.com wss://127.0.0.1 *.contentsquare.net www.googleadservices.com *.lucidcx.com awk.epgsky.com production-retriever.herokuapp.com cdn-assets-prod.s3.amazonaws.com sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com tr.snapchat.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk *.yimg.com smct.co smct.co js.smct.co smct.io js.smct.io ipb.smct.co ipb.smct.io cfg.smct.co cfg.smct.io ep.smct.co ep.smct.io cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com maps.googleapis.com liveapi.yext.com poc.idscan.cloud prod.idscan.cloud *.yext-pixel.com spl.zeotap.com api.taggstar.com *.taggstar.com cdn.taggstar.com qa.taggstar.com the.sciencebehindecommerce.com *.wepowerconnections.com edge.adobedc.net; frame-src 'self' blob: *.sky.com *.bskyb.com *.skyassets.com *.doubleclick.net *.optimizely.com *.demdex.net *.online-metrix.net *.lpsnmedia.net *.qualtrics.com www.facebook.com cdn.privacy-mgmt.com universal.iperceptions.com *.google.com *.google.co.uk *.google.ie *.clicktale.net s0.2mdn.net www.zenaps.com connect.facebook.net *.liveperson.net www.google-analytics.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com sky.lucidcx.com live.tvgenius.net servedby.flashtalking.com players.brightcove.net sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net tr.snapchat.com ct.pinterest.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk smct.co smct.io ls.smct.co ls.smct.io d2d7do8qaecbru.cloudfront.net w.etadirect.com aax-eu.amazon-adsystem.com *.stripe.com answers2-embed.sky.com.pagescdn.com www.awin1.com; worker-src 'self' blob: *.sky.com *.skyassets.com assets.adobedtm.com *.liveperson.net; child-src 'self' blob:; media-src 'self' data: *.sky.com *.skyassets.com *.contentstack.io *.lpsnmedia.net *.doubleclick.net *.google.com *.google.co.uk *.google.ie *.clicktale.net *.liveperson.net www.facebook.com bat.bing.com *.demdex.net assets.adobedtm.com www.google-analytics.com *.contentsquare.net *.googlesyndication.com; object-src 'self' *.sky.com; report-uri /csp-reports 3 frame-ancestors https://agents.ethoslife.com; 3 frame-ancestors 'self' *.regmovies.com *.authorize.net 3 frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net; report-uri /report-csp-violation 3 default-src 'self' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; script-src 'self' 'unsafe-inline' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; img-src 'self' data: *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; style-src 'self' 'unsafe-inline' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; font-src 'self' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; object-src 'self' frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 3 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; worker-src 'self' blob: ; child-src 'self' https: blob: ; 3 connect-src 'self' registry.tierra.net:8443 wss://registry.tierra.net:8443 *.tierra.net *.zdassets.com *.zendesk.com api.smooch.io wss://*.smooch.io *.sentry.io; default-src 'none'; font-src static.tierra.net maxcdn.bootstrapcdn.com use.fontawesome.com; frame-src 'self' www.youtube.com player.vimeo.com; img-src 'self' *.tierra.net secure.gravatar.com *.wp.com *.amazonaws.com *.zendesk.com *.zdassets.com data:; media-src; object-src *.tierra.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.tierra.net ajax.googleapis.com maxcdn.bootstrapcdn.com use.fontawesome.com *.zdassets.com *.zendesk.com api.smooch.io *.clearhello.com; style-src 'self' 'unsafe-inline' static.tierra.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; report-uri /special/report/csp; report-to default 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io anchor.fm podcasters.spotify.com player.vimeo.com js.hsforms.net forms-na1.hsforms.com *.wordpress.com *.typekit.net www.nielsenhomescansurveys.com; img-src 'self' 'unsafe-inline' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io anchor.fm podcasters.spotify.com player.vimeo.com js.hsforms.net forms-na1.hsforms.com *.wordpress.com *.typekit.net www.nielsenhomescansurveys.com; style-src 'self' 'unsafe-inline' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io anchor.fm podcasters.spotify.com player.vimeo.com js.hsforms.net forms-na1.hsforms.com *.wordpress.com *.typekit.net www.nielsenhomescansurveys.com; font-src 'self' 'unsafe-inline' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io anchor.fm podcasters.spotify.com player.vimeo.com js.hsforms.net forms-na1.hsforms.com *.wordpress.com *.typekit.net www.nielsenhomescansurveys.com; object-src 'self'; connect-src 'self' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io anchor.fm podcasters.spotify.com player.vimeo.com js.hsforms.net forms-na1.hsforms.com *.wordpress.com *.typekit.net www.nielsenhomescansurveys.com; frame-src 'self' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com *.nielseniq.cn nielseniq.cn js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.hs-analytics.net js.usemessages.com js.hsadspixel.net js.hscollectedforms.net api.hubapi.com forms.hsforms.com *.hubspot.com *.googleoptimize.com googleoptimize.com *.parsely.com stripe.com *.stripe.com *.clarity.ms subscriptions.smartrecruiters.com app.livestorm.co connect.facebook.net *.facebook.com *.intercom.io *.intercomcdn.com wss://*.intercom.io anchor.fm podcasters.spotify.com player.vimeo.com js.hsforms.net forms-na1.hsforms.com *.wordpress.com *.typekit.net www.nielsenhomescansurveys.com; frame-ancestors 'self' *.nielseniq.com; 3 default-src 'none'; connect-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; frame-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; script-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/ 'unsafe-inline'; style-src 'unsafe-inline'; 3 default-src 'none'; media-src *; manifest-src 'none'; frame-src https://*.hushmail.com https://forms.hubspot.com https://*.hubspot.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://forms.hsforms.com https://*.google-analytics.com https://*.doubleclick.net https://hushforms.com https://widget.trustpilot.com https://vars.hotjar.com/ https://www.hushmail.com 'self'; object-src 'self'; child-src 'self'; font-src https://*.hushmail.com https://fonts.gstatic.com https://script.hotjar.com 'self'; style-src https://*.hushmail.com https://hushforms.com https://fonts.googleapis.com 'self' 'unsafe-inline'; connect-src https://*.hushmail.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://stats.g.doubleclick.net https://frstre.com https://tapfiliate.com https://hushforms.com https://*.capterra.com https://*.google.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.wickedreports.com https://*.callrail.com https://d3hb14vkzrxvla.cloudfront.net https://chatapi.helpscout.net https://beaconapi.helpscout.net wss://ws-helpscout.pusher.com https://sockjs-helpscout.pusher.com https://api.hubapi.com https://*.hotjar.com https://*.hotjar.io wss://ws18.hotjar.com 'self'; img-src * data:; script-src https://*.hushmail.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsforms.net https://js.usemessages.com https://forms.hubspot.com https://forms.hsforms.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.tapfiliate.com https://hushforms.com https://*.capterra.com https://widget.trustpilot.com https://*.wickedreports.com https://*.callrail.com https://beacon-v2.helpscout.net/ https://js.hs-banner.com https://js.hsadspixel.net https://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.hushmail.com; report-uri /cspreport/ 3 frame-ancestors 'self' *.3sharecorp.com https://corpextdev.b2clogin.com https://corpsso.b2clogin.com https://staging.comfortsite.com 3 frame-ancestors 'self'; report-uri https://panicinc.report-uri.com/r/t/csp/enforce; 3 default-src matomo.iserv.eu forms.www-marketing.iserv.eu 'self'; script-src matomo.iserv.eu 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://cdn.iserv.eu data:; media-src 'self' https://cdn.iserv.eu; font-src 'self' data:; 3 default-src 'self' *.grdp.co blob:; img-src 'self' blob: data: https://releases/traefik/02-csp-middleware.yamlgrdp.co https://tr.outbrain.com https://byjusexamprep.com/ https://translate.google.com https://nr1.s3.amazonaws.com *.boldchat.com accounts.google.com *.doubleclick.net https://www.google.co.in https://bat.bing.com https://www.youtube.com/favicon.ico *.googleadservices.com http://gs-post-images.grdp.co https://gs-groups-images.grdp.co https://graph.facebook.com https://www.google.com gradeup.co https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://gs-post-images.grdp.co https://optimize.google.com cds.taboola.com api.typeform.com https://track.shoptopdeal.com https://events.ub-analytics.com https://ttrk.ringocount.com business.topbuzz.com gradestack.com i.ytimg.com trc.taboola.com *.fbcdn.net cost.affcost.com platform-lookaside.fbsbx.com d9hhrg4mnvzow.cloudfront.net csm.hk.as.criteo.net cm.g.doubleclick.net primedigital.go2cloud.org ad.admitad.com track.in.omgpm.com dis.criteo.com traqkar.com www.googletagmanager.com *.googleadservices.com myfaqprime.appspot.com heapanalytics.com *.googleusercontent.com *.grdp.co grdp.co connect.facebook.net q.quora.com *.gstatic.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://slike.indiatimes.com https://ventes40.gotrackier.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com *.joonbot.com https://www.googleadservices.com/ https://d34qb8suadcc4g.cloudfront.net *.boldchat.com https://googleadservices.com https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/TweenMax.min.js https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://tr.outbrain.com amplify.outbrain.com https://optimize.google.com https://cdn.jsdelivr.net/gh/cferdinandi/smooth-scroll@15.0.0/dist/smooth-scroll.polyfills.min.js https://www.google.co.in/pagead cdn.heapanalytics.com https://www.clarity.ms https://s-usc1c-nss-273.firebaseio.com https://udofy-crm-1022.firebaseio.com s.ytimg.com cdn.ampproject.org cdn.taboola.com trc.taboola.com www.googletagservices.com tagmanager.google.com https://s-usc1c-nss-281.firebaseio.com ajax.cloudflare.com builder-assets.unbounce.com accounts.google.com myfaqprime.appspot.com portal.referralcandy.com go.referralcandy.com cdn.asbmit.com platform.twitter.com maps.googleapis.com adservice.google.com adservice.google.co.in smartlock.google.com wzrkt.com d2r1yp2w7bby2u.cloudfront.net connect.facebook.net track.in.omgpm.com *.grdp.co grdp.co https://www.google-analytics.com/ cdn.mouseflow.com static.bytedance.com sslwidget.criteo.com www.gstatic.com https://www.google.com/pagead/1p-conversion/820422143/ apis.google.com widget.as.criteo.com maxcdn.bootstrapcdn.com https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdn.jsdelivr.net/npm/js-cookie@beta/dist/js.cookie.min.js https://tvid.akamaized.net https://tvid.in https://cdn.quilljs.com; connect-src 'self' https://google.com https://mpkgr-streaming.tllms.com https://byju.pc.cdn.bitgravity.com *.gradestack.co *.byjusexamprep.com https://gradeup-streaming.tllms.com https://byjus-in.akamaized.net https://gcdn.byjus.com https://*.nanorep.co https://*.nanorep.com wss://*.bold360.com *.boldchat.com https://gradeup-assets.grdp.co https://bat.bing.com https://d27yfew3jd3yhj.cloudfront.net https://drm.tllms.com/ https://us-central1-udofy-1021.cloudfunctions.net https://us-central1-amp-error-reporting.cloudfunctions.net https://adservice.google.com https://www.facebook.com https://maps.googleapis.com wss://photon.gradestack.co wss://mule.byjusexamprep.com webapi.byjusexamprep.com https://udofy-crm-1022.firebaseio.com trc-events.taboola.com trc.taboola.com wss://udofy-crm-1022.firebaseio.com https://www.clarity.ms wss://s-usc1c-nss-273.firebaseio.com https://sheets.googleapis.com https://script.google.com https://script.googleusercontent.com wss://s-usc1c-nss-281.firebaseio.com json.faqprime.com firebaseinstallations.googleapis.com *.grdp.co grdp.co cdnjs.cloudflare.com o2.mouseflow.com heapanalytics.com www.googletagmanager.com wss://*.gradeup.co https://www.google-analytics.com cdn.ampproject.org accounts.google.com www.google.com *.doubleclick.net cdn.ampproject.com https://cleovod.akamaized.net https://cleorec.akamaized.net https://cleolive.akamaized.net https://slike.indiatimes.com https://tvid.in https://*.slike.in https://s3.ap-south-1.amazonaws.com/byjus-media-delivery/videos/ ; frame-src whatsapp: *.doubleclick.net https://gradeup.co https://optimize.google.com https://help.byjusexamprep.com https://sin.creativecdn.com https://*.joonbot.com https://*.joonbot.xyz *.boldchat.com https://www.google.com/maps/embed https://s-usc1c-nss-273.firebaseio.com https://asia.creativecdn.com https://s-usc1c-nss-281.firebaseio.com ts.tradetracker.net tl.tradetracker.net tracking.icubeswire.co www.youtube.com portal.referralcandy.com go.onelink.me accounts.google.com gum.criteo.com tpc.googlesyndication.com secure.payu.in gradeup.referralcandy.com www.facebook.com grdp.co https://byjusexamprep.com gradestack.com smartlock.google.com static.criteo.net www.googletagmanager.com https://hts-premium.byjusexamprep.com; style-src 'self' blob: data: *.grdp.co 'unsafe-inline' https://optimize.google.com unpkg.com builder-assets.unbounce.com cdnjs.cloudflare.com myfaqprime.appspot.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com translate.googleapis.com maxcdn.bootstrapcdn.com https://www.googletagmanager.com/gtm.js accounts.google.com cdn.ampprojectorg cdn.materialdesignicons.com cloud.typography.com https://cdn.quilljs.com; object-src 'none'; font-src 'self' blob: data: *.grdp.co https://optimize.google.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net cloud.typography.com fonts.googleapis.com use.fontawesome.com cdnjs.cloudflare.com; worker-src 'self' blob: data: https://byjusexamprep.com gradestack.com; media-src 'self' blob: data: *.grdp.co https://gradeup-streaming.tllms.com https://cleolive.akamaized.net https://cleorec.akamaized.net https://d27yfew3jd3yhj.cloudfront.net; frame-ancestors 'self' *.nanorep.co https://byjus.com https://byjusexamprep.com; script-src-elem 'self' 'unsafe-inline' https://d2r1yp2w7bby2u.cloudfront.net/js/clevertap.min.js https://eu1.clevertap-prod.com https://connect.facebook.net https://amplify.outbrain.com https://tpc.googlesyndication.com *.joonbot.com https://*.joonbot.xyz https://www.googleadservices.com/ https://*.nanorep.co https://d34qb8suadcc4g.cloudfront.net https://bat.bing.com *.googleadservices.com https://*.boldchat.com https://fonts.googleapis.com/css2 https://cdn.ampproject.org/rtv/012110290545003/v0/amp-loader-0.1.js https://www.googletagmanager.com/ https://track.in.omgpm.com https://portal.referralcandy.com/assets/widgets/refcandy-poprocks.js https://apis.google.com https://d2r1yp2w7bby2u.cloudfront.net/js/a.js https://cdn.ampproject.org *.gstatic.com https://builder-assets.unbounce.com/published-js/ https://ajax.googleapis.com https://myfaqprime.appspot.com https://gradeup-assets.grdp.co https://www.google-analytics.com https://www.googletagmanager.com https://ajax.cloudflare.com https://wzrkt.com https://tr.outbrain.com https://maps.googleapis.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net *.googleadservices.com https://wzrkt.com https://www.youtube.com ; manifest-src 'self' blob: data: https://byjusexamprep.com; report-uri https://sentry.byjusexamprep.com/api/26/security/?sentry_key=e3c3abaf223b441c8dd91fdc48764d72 3 default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors 'self' https://*.ergo.com https://*.ergo.de; 3 default-src 'self'; media-src 'self'; img-src 'self' https://cs.admanmedia.com https://ads.stickyadstv.com https://match.sharethrough.com https://us-u.openx.net https://match.adsrvr.org https://*.dotomi.com https://partners.tremorhub.com https://bh.contextweb.com https://simage2.pubmatic.com https://cms.analytics.yahoo.com https://*.googletagmanager.com https://*.google-analytics.com https://optimize.google.com https://cdn.cookielaw.org https://fonts.gstatic.com https://c.bing.com https://c.clarity.ms https://www.google.com.eg https://*.google.com https://*.g.doubleclick.net https://*.analytics.google.com https://bat.bing.com https://*.linkedin.com https://www.facebook.com https://tr.snapchat.com https://p.adsymptotic.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://login-ds.dotomi.com https://www.googleoptimize.com https://login.dotomi.com https://tr.snapchat.com https://*.google-analytics.com https://*.googleanalytics.com https://optimize.google.com https://cdn.cookielaw.org https://*.clarity.ms https://www.analytics.google.com https://sc-static.net https://snap.licdn.com https://connect.facebook.net https://bat.bing.com https://www.youtube.com https://maps.googleapis.com https://*.salesforceliveagent.com https://www.googleadservices.com https://*.googletagmanager.com https://assets.adobedtm.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' 'unsafe-inline' https://optimize.google.com https://www.facebook.com https://www.youtube.com https://4136874.fls.doubleclick.net https://tr.snapchat.com https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' https://*.g.doubleclick.net https://*.google.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.googletagmanager.com https://www.google.com.eg https://d.clarity.ms https://www.clairty.ms https://*.clarity.ms https://tr.snapchat.com https://stats.g.doubleclick.net https://*.analytics.google.com https://www.facebook.com https://bat.bing.com https://*.google-analytics.com 3 style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 3 frame-ancestors 'self' https://*.mend.io 3 default-src 'self' 'sha256-wnP+Lbj39ymMcEzqawDqMAU1J1IrwLHzIYIJK5A/4xM=' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; img-src 'self' data: https://*.usercentrics.eu https://www.google.com https://www.google.de https://i.ytimg.com https://hcaptcha.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://*.google-analytics.com https://www-htp-test01.servers.ip https://googleads.g.doubleclick.net ; frame-src 'self' *.google.com https://*.hcaptcha.com https://www.youtube-nocookie.com https://www.youtube.de https://www.youtube.com https://www.enercity.de https://*.adform.net https://cdn2.spatialbuzz.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://*.usercentrics.eu https://www.test-neu.htp-test.de https://www.googleadservices.com https://*.googletagmanager.com https://*.google-analytics.com https://cdn.matomo.cloud https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.adform.net https://hcaptcha.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://cdn2.spatialbuzz.com/cust/F884ECF1/js/ https://cdn2.spatialbuzz.com/cust/D092ABFD/js/ data: blob:; connect-src 'self' data: blob: https://*.usercentrics.eu https://htp.matomo.cloud https://cdn2.spatialbuzz.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hcaptcha.com https://*.googleapis.com *.google.com https://*.gstatic.com ; font-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com ; worker-src blob:; 3 default-src*; font-src*;img-src* data:; script-src*; style-src*; 3 default-src * 'unsafe-inline' 'unsafe-eval' data:; report-uri /report-csp-violation 3 default-src 'self'; base-uri 'self'; script-src 'unsafe-inline' 'self' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com stats.pusher.com; style-src 'self' 'unsafe-inline' *.rvo.nl; object-src *.rvo.nl; connect-src 'self' *.rvo.nl *.rvochat.nl *.rovid.nl *.obi4wan.ai *.shoppingminds.com *.shoppingminds.net *.creative-serving.com *.pusher.com wss://*.pusher.com *.obi4wan.com; img-src 'self' data: *.rvo.nl *.rovid.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com *.mediatheekrijksoverheid.nl services.arcgisonline.com www.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.mediatheekrijksoverheid.nl; form-action 'self' *.rvo.nl; frame-ancestors 'self'; frame-src 'self' *.rvo.nl; script-src-elem 'self' 'unsafe-inline' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com stats.pusher.com; upgrade-insecure-requests; report-uri https://sentry.dtnr.nl/api/23/security/?sentry_key=75abd3b6f5714c10b9152afedb286218&sentry_environment=prod 3 frame-ancestors https://*.neogov.com https://*.neogov.net https://*.neoed.com https://*.neogov.ca https://*.neoed.net; upgrade-insecure-requests 3 font-src https://themes.googleusercontent.com https://fonts.gstatic.com https://cnxc.wpengine.com https://fonts.googleapis.com https://cnxc.wpenginepowered.com https://www.concentrix.com https://gallery.concentrix.com https://lottiefiles.com data www.concentrix.com; frame-ancestors https://munchkin.marketo.net https://cnxc.wpengine.com https://cnxc.wpenginepowered.com https://www.concentrix.com 'self' https://gallery.concentrix.com www.concentrix.com; 3 default-src 'self' www.googletagmanager.com https://d1af033869koo7.cloudfront.net;; script-src 'self' cdn-app.pathfactory.com app.cdn.lookbookhq.com tracker.engageclick.com stage-new.www.247.ai turbo.engageclick.com platform.linkedin.com www.googletagmanager.com ajax.cloudflare.com ajax.googleapis.com js-agent.newrelic.com consent.trustarc.com extend.vimeocdn.com www.linkedin.com 074-hbw-141.mktoutil.com *.cloudfront.net unpkg.com info.247.ai www.google-analytics.com analytics.google.com *.marketo.com munchkin.marketo.net https://platform.linkedin.com/xdoor/scripts/in.js cdpn-js.figureone.com 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-eval' 'unsafe-inline' https://d1af033869koo7.cloudfront.net https://*.247-inc.net consent.trustarc.com ws-assets.zoominfo.com schedule.zoominfo.com js.zi-scripts.com www.recaptcha.net www.gstatic.com;; object-src 'none' ; style-src 'self' maxcdn.bootstrapcdn.com app.cdn.lookbookhq.com rtp-static.marketo.com fast.fonts.net fonts.googleapis.com info.247.ai 'unsafe-inline' data: 'unsafe-inline' https://d1af033869koo7.cloudfront.net; ; img-src www.googletagmanager.com dev-new.www.247.ai google-analytics.com data: https: www.247.ai/* tfscorp.intelliresponse.com;; frame-src 'self' consent-pref.trustarc.com www.linkedin.com vars.hotjar.com turbo.engageclick.com *.cloudfront.net player.vimeo.com www.youtube.com boards.greenhouse.io info.247.ai https://d1af033869koo7.cloudfront.net https://*.247-inc.net career4.successfactors.com www.recaptcha.net customercentricityworldseries.com www.brella.io sponsor.brella.io next.brella.io;; frame-ancestors 'self' 247ai.pathfactory.com consent-pref.trustarc.com https://www.linkedin.com customercentricityworldseries.com www.brella.io sponsor.brella.io next.brella.io;; child-src www.linkedin.com consent-pref.trustarc.com turbo.engageclick.com *.cloudfront.net blob: https://d1af033869koo7.cloudfront.net https://*.247-inc.net;; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com info.247.ai;; connect-src 'self' info.247.ai www.google.co.in jukebox.pathfactory.com wss: secure.adnxs.com stats.g.doubleclick.net analytics.google.com www.google-analytics.com api.company-target.com dev-new.www.247.ai *.mktoresp.com 074-hbw-141.mktoutil.com *.marketo.com *.cloudfront.net tie-stage.247-inc.net tie-stage.247-inc.net staging.api.247-inc.net stage-new.www.247.ai tie.247-inc.net bam.nr-data.net api.247-inc.net fonts.googleapis.com 6jh2sbaxvh.execute-api.us-east-1.amazonaws.com segments.company-target.com staging.api.cloud.247-inc.net https://d1af033869koo7.cloudfront.net api.cloud.247-inc.net https://*.247-inc.net target-web-staging.247-inc.net target-web.247-inc.net ws.zoominfo.com api.schedule.zoominfo.com js.zi-scripts.com; 3 frame-ancestors 'self' https://duffandphelps.360learning.com 3 frame-ancestors 'self' https://*.khapps.com https://*.khapps.jp; 3 default-src 'self'; form-action 'self' https://*.hsforms.com; object-src 'self'; connect-src 'self' https://api.github.com https://*.hsforms.com https://element.io; media-src 'self' https://element.io; style-src 'self' 'unsafe-inline' https://element.io https://*.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://element.io data: https://fonts.gstatic.com; img-src 'self' https://element.io data: https://matomo.riot.im/matomo.php https://*.hsforms.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://element.io https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js https://*.hsforms.net https://*.hsforms.com; child-src 'self' https://*.hsforms.com; frame-src youtube.com www.youtube-nocookie.com https://*.hsforms.com; 3 default-src * data: 'unsafe-inline' 'unsafe-eval'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.sprinklr.com *.leadfamly.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data: *.sprinklr.com; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src *; frame-src *; media-src * blob:; worker-src * blob:; 3 frame-ancestors 'self' https://dbwas.service.deutschebahn.com 3 default-src='self'; 3 frame-ancestors self googleads.g.doubleclick.net www.youtube.com propellerads.com 3 frame-ancestors home.siberianhealth.com; 3 frame-src *; 3 img-src * data: 3 object-src *.calgary.ca:*; frame-ancestors *.calgary.ca:* *.coc.ca thecityofcalgary.maps.arcgis.com 3 frame-ancestors 'self' connectappypie.com googleapis.com reveal.clearbit.com; 3 base-uri 'none'; img-src * data: blob:; default-src 'self' data: https: wss: blob:; style-src 'self' data: https: wss: 'unsafe-inline'; media-src blob: https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://*.akamaihd.net https://shs-components.infopark.io https://*.siemens-healthineers.com https://preview-cdn.scrvt.com/; worker-src blob:; script-src data: blob: 'unsafe-inline' 'unsafe-eval' 'self' https://api.scrivito.com https://assets.scrivito.com https://*.siemens.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu/ https://tools.adlytics.net https://charts3.equitystory.com/ https://irpages2.eqs.com/ https://shs-components.infopark.io https://players.brightcove.net https://vjs.zencdn.net https://siemenshealthcare.postclickmarketing.com https://ionfiles.scribblecdn.net https://manifest.prod.boltdns.net https://*.brightcovecdn.com https://www.adobetag.com https://static.adlytics.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://img.en25.com/i/elqCfg.min.js; frame-ancestors 'self' https://*.scrivito.com https://gather.town; object-src 'none'; block-all-mixed-content 3 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 3 script-src 'self' 'unsafe-inline' munchkin.marketo.net *.facebook.net *.googletagmanager.com *.mxpnl.com *.chtbl.com *.barracudamsp.com *.cookielaw.org *.marketo.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.demandbase.com *.vidyard.com *.adroll.com *.licdn.com *.redditstatic.com *.liveperson.net *.lpsnmedia.net assets.adobedtm.com *.driftt.com *.searchcdn.com unpkg.com 3 report-uri https://www.coned.com 3 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:; 3 default-src 'self' data: blob: https://*.sitecore.com https://*.sitecore.net https://*.hhogdev.com https://*.stylelabs.cloud https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://*.bolddns.net;frame-src 'self' 'unsafe-inline' https://indd.adobe.com https://www.careerarc.com https://www.facebook.com https://www.google.com https://login.microsoftonline.com https://capture.navattic.com https://sitecore.navattic.com https://app.qualified.com https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net https://sitecore.com https://go.sitecore.com https://app.smartsheet.com https://w.soundcloud.com/ https://webinars.sitecore.com;script-src 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js 'unsafe-eval' http://j.6sc.co/6si.min.js 'unsafe-eval' https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/gtm.js https://maps.googleapis.com/ 'unsafe-inline' https://www.google.com/recaptcha https://www.recaptcha.net/recaptcha/ https://www.gstatic.cn https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.qualified.com https://*.salesloft.com https://*.twitter.com https://api.zoom.us;script-src-elem 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js https://secure.adnxs.com/ https://go.affec.tv/ https://api-us.boxever.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com *.cloudfront.net *.cloudfront.net https://connect.facebook.net *.google-analytics.com *.google.com *.google.bg *.googletagmanager.com https://maps.googleapis.com/ https://www.gstatic.com https://snap.licdn.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://pi.pardot.com/pd.js https://pi.pardot.com/ https://js.qualified.com https://scout-cdn.salesloft.com/sl.js https://go.sitecore.com https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net https://webinars.sitecore.com/ https://static.ads-twitter.com/uwt.js https://platform.twitter.com/oct.js;style-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://fonts.googleapis.com/ https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net https://webinars.sitecore.com/;img-src 'self' 'unsafe-inline' https://report.23video.com/ https://b.6sc.co https://secure.adnxs.com https://match.adsrvr.org/ https://map.go.affec.tv https://insitecorecom.azureedge.net http://insitecorecom.azureedge.net https://wwwsitecorecom.azureedge.net http://wwwsitecorecom.azureedge.net https://community.sitecore.net https://community.sitecore.com https://sitecore--c.na116.content.force.com https://sitecore.file.force.com https://www.facebook.com *.google-analytics.com *.google.com *.google.bg *.google.ca *.google.dk https://maps.gstatic.com/ https://maps.googleapis.com/ *.googleapis.com/ https://www.googletagmanager.com/ https://www.google.com.ua/ data: https://px.ads.linkedin.com https://www.linkedin.com/ https://mss-p-006-delivery.sitecorecontenthub.cloud/ https://sitecorecdn.azureedge.net/ https://sitecorecontenthub.stylelabs.cloud http://sitecorecontenthub.stylelabs.cloud https://mss-p-006-delivery.stylelabs.cloud https://t.co https://delivery.twentythree.com http://delivery.twentythree.com https://webinars.sitecore.com/ https://analytics.twitter.com;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com/ https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net;connect-src https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://secure.adnxs.com https://api-us.boxever.com http://api-us.boxever.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://events-api.staging.rfksrv.com https://www.facebook.com/ https://api-staging.rfksrv.com/ https://discover.sitecorecloud.io/ https://www.google-analytics.com http://www.google-analytics.com https://region1.analytics.google.com/ https://analytics.google.com https://maps.googleapis.com/ https://adservice.google.com/ https://api.ipify.org http://api.ipify.org https://cdn.linkedin.oribi.io wss://ws.qualified.com https://app.qualified.com https://scout.salesloft.com https://sitecore.com 'self' https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net;object-src 'none';media-src 'unsafe-inline' 'unsafe-eval' https://insitecorecom.azureedge.net https://sitecorecdn.azureedge.net data: blob: https://app.qualified.com https://wwwsitecorecom.azureedge.net/ 'self'; 3 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' *.joinsmarty.com *.google.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.stripe.com *.trustpilot.com *.facebook.net *.facebook.com *.pinimg.com *.bing.com *.pinterest.com *.stripe.network *.clarity.ms cdn.ywxi.net *.gstatic.com *.trustedsite.com *.transactiongateway.com cdn.sitesasset.com smrty.s3.us-west-1.amazonaws.com smrty.s3.us-west-2.amazonaws.com smrty-qa.s3.us-west-1.amazonaws.com smrty-qa.s3.us-west-2.amazonaws.com smrty.s3-us-west-1.amazonaws.com smrty.s3-us-west-2.amazonaws.com smrty-qa.s3-us-west-1.amazonaws.com smrty-qa.s3-us-west-2.amazonaws.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.ladesk.com *.doubleclick.net *.shareasale.com *.shopify.com assets-global.website-files.com *.impact.com *.cloudfront.net *.awin.net *.awin.com *.bravodeal.com *.bravo-savings-network.com *.jquery.com *.digitaloceanspaces.com data: blob: 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com ad.doubleclick.net www.advconversion.com *.taboola.com post.adgatemedia.com bat.bing.com conversions.clickmeter.com liquidpch.go2cloud.org s.yimg.com servetrack.go2cloud.org trends.revcontent.com e9lak.endtrk.com klaymedia.servecvr.com events.pushtrack.co www.groovast.com trk.shophermedia.net go.shetrack.com amplify.outbrain.com rtb.mfadsrvr.com tracking.lifestylejournal.com www.googleadservices.com *.playgamesnow.org www.drcvr.com *.mediago.io s.pinimg.com secco.servecvr.com tracking.propelmedia.com appfocus.go2cloud.org wsdk.rokt.com r.financebuzz.com static.ads-twitter.com pubads.g.doubleclick.net pushpros.go2cloud.org *.liadm.com www.steadyhop.com securetracking.adsprotection.com www.tp88trk.com f.cstpersl.com t1.anytrack.io imtrk.go2cloud.org ad.propellerads.com www.imcounting.com serve.popads.net www.pbterra.com www.chant3rm1.com ct.pinterest.com eng.trkcnv.com *.dergoodting.com *.cvrdomain.com traktum.com cdn1.decide.dev restersu.info *.zeeto.io *.pixelitooo.com 3 default-src 'unsafe-inline' 'unsafe-eval' *.windstream.com *.union.agency; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.windstream.com *.union.agency https://tr.snapchat.com https://dev.visualwebsiteoptimizer.com/ https://cdn.segment.com *.union.agency *.salesforceliveagent.com *.clarity.ms https://js.adsrvr.org/ https://ag.innovid.com/ https://s-a.innovid.com https://www.googleoptimize.com https://edge.marker.io https://www.google-analytics.com https://558-has-110.mktoresp.com https://acsbapp.com https://ajax.cloudflare.com https://ajax.googleapis.com https://analytics.twitter.com https://api.cartstack.com https://app-sj11.marketo.com https://assets.adobedtm.com https://bam.nr-data.net https://bat.bing.com https://c.la2-c2cs-iad.salesforceliveagent.com https://c.la4-c2-ph2.salesforceliveagent.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://d.la2-c2cs-iad.salesforceliveagent.com https://d.la4-c2-ph2.salesforceliveagent.com https://email.windstreamenterprise.com https://googleads.g.doubleclick.net https://hero.kingpinkton.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://munchkin.marketo.net https://optimize.google.com https://pnapi.invoca.net https://polyfill.io https://s.pinimg.com https://sc-static.net https://script.hotjar.com https://se.monetate.net https://siteimproveanalytics.com https://snap.licdn.com https://solutions.invocacdn.com https://static.ads-twitter.com https://static.hotjar.com https://unpkg.com https://villain.kingpinkton.com https://visit.gokinetic.com https://visit.gokinetic.com/ https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.windstreamonline.com https://www.youtube.com https://kinetic--uat.sandbox.my.salesforce.com https://kinetic.my.salesforce.com https://*.my.site.com https://*.force.com https://edge.fullstory.com https://rs.fullstory.com; font-src 'self' data: https://use.typekit.net https://acsbapp.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.windstream.com *.gokinetic.com *.union.agency *.jsdelivr.net https://p.typekit.net https://use.typekit.net/ https://optimize.google.com https://app-sj11.marketo.com https://email.windstreamenterprise.com https://fonts.googleapis.com https://kinetic-cart-cms.union.agency https://stackpath.bootstrapcdn.com https://unpkg.com https://*.my.site.com https://*.force.com; img-src 'self' *.windstream.com *.union.agency *.imgix.net https://optimize.google.com https://usermatch.krxd.net https://maps.gstatic.com https://unpkg.com https://hero.kingpinkton.com https://id5-sync.com https://ads.scorecardresearch.com https://acsbapp.com https://aa.agkn.com https://sync.search.spotxchange.com https://loadus.exelator.com https://x.bidswitch.net https://pixel.advertising.com https://windstream.d2.sc.omtrdc.net https://secure.adnxs.com https://tags.w55c.net https://www.google.com https://www.google.co.in https://6029303.global.siteimproveanalytics.io https://bat.bing.com https://ct.pinterest.com https://www.facebook.com https://t.co https://trkn.us https://www.google-analytics.com https://pixel-a.basis.net https://clickserv.basis.net https://googleads.g.doubleclick.net https://b.6sc.co https://px.ads.linkedin.com https://www.googletagmanager.com https://ups.analytics.yahoo.com https://dpm.demdex.net https://beacon.krxd.net https://eb2.3lift.com https://pixel.sitescout.com https://clickserv.sitescout.com https://img.icons8.com https://pixel.rubiconproject.com https://analytics.twitter.com https://contextual.media.net https://img.icons8.com https://clickserv.sitescout.com https://p.adsymptotic.com https://dc.ads.linkedin.com https://ib.adnxs.com https://pixel.tapad.com https://odr.mookie1.com https://idsync.rlcdn.com https://tags.bluekai.com https://dsum-sec.casalemedia.com https://cm.g.doubleclick.net https://cx.atdmt.com https://vc.hotjar.io https://cm.g.doubleclick.net https://connect.facebook.net https://cx.atdmt.com https://pippio.com https://match.adsrvr.org https://www.linkedin.com https://rs.fullstory.com data: https:; connect-src 'self' *.windstream.com https://*.craftcms.com wss://*.hotjar.com https://google.com https://api.segment.io https://dev.visualwebsiteoptimizer.com/ https://cdn.segment.com *.union.agency *.clarity.ms https://ipv6.6sc.co/ https://analytics.google.com https://k.clarity.ms https://google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://craftcms.windstream.com/ https://staging-cms.windstream.com/ https://api.marker.io https://kinetic-cart-cms.union.agency https://maps.googleapis.com https://unpkg.com https://436-swj-524.mktoutil.com https://hero.kingpinkton.com https://tr.snapchat.com https://436-swj-524.mktoresp.com https://bam.nr-data.net https://www.facebook.com https://ws12.hotjar.com https://email.business.windstream.com https://bat.bing.com https://558-has-110.mktoutil.com https://www.google-analytics.com https://cdn.acsbapp.com https://connect.supplychain.fedex.com https://ct.pinterest.com https://stats.g.doubleclick.net https://558-has-110.mktoresp.com https://c.6sc.co https://secure.adnxs.com https://in.hotjar.com https://pnapi.invoca.net https://vc.hotjar.io https://maps.googleapis.com/maps https://*.my.site.com https://kinetic--uat.sandbox.my.salesforce.com https://c.la2-c1cs-ia5.salesforceliveagent.com https://c.la1-c2-ia6.salesforceliveagent.com https://*.force.com https://mc8n5z4-y9tgp9p0x30lhqbxqq44.auth.marketingcloudapis.com https://mc8n5z4-y9tgp9p0x30lhqbxqq44.rest.marketingcloudapis.com https://inetsvcs.windstream.com https://edge.fullstory.com https://rs.fullstory.com; frame-src 'self' *.windstream.com https://windstream.maps.arcgis.com https://dev.visualwebsiteoptimizer.com/ https://ct.pinterest.com/ https://match.adsrvr.org/ https://insight.adsrvr.org/ https://11771150.fls.doubleclick.net https://optimize.google.com https://app.marker.io https://epaytest.windstream.com/ https://www.pinterest.com/ https://tr6.snapchat.com https://email.windstreamenterprise.com https://acsbapp.com https://bid.g.doubleclick.net https://epay.windstream.com https://epay.windstreamonline.com https://tr.snapchat.com https://www.googletagmanager.com https://vars.hotjar.com https://www.facebook.com https://pixel-a.basis.net https://www.youtube.com https://sr.rlcdn.com https://pixel.sitescout.com https://www.google.com https://app-sj11.marketo.com https://player.vimeo.com https://bcove.video https://players.brightcove.net https://visit.gokinetic.com https://service.force.com https://c.la2-c1cs-ia5.salesforceliveagent.com https://c.la1-c2-ia6.salesforceliveagent.com; object-src https://bcove.video 3 frame-ancestors 'self' https:; default-src https: data: 'unsafe-inline' 'unsafe-eval' 3 img-src 'self' data: *.hypernode.com *.hypernode.nl *.hubspot.com *.linkedin.com *.licdn.com p.adsymptotic.com *.google-analytics.com *.google.com www.google.com.bd www.google.pl www.google.nl www.google.de www.google.co.uk www.google.co.in www.google.ae www.google.fr www.google.ge www.google.co.tz www.google.pk www.google.be www.google.ro www.google.com.ua www.google.by www.google.it www.google.dk www.gstatic.com *.gravatar.com www.googletagmanager.com t.co cdn2.hubspot.net *.hubspotusercontent-na1.net *.hsforms.com www.facebook.com https://collector.leadinfo.net https://cdn.leadinfo.net motu.teamblue.services *.twitter.com;; script-src-elem 'unsafe-inline' 'self' js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com snap.licdn.com static.ads-twitter.com www.google-analytics.com www.googletagmanager.com www.hypernode.nl analytics.twitter.com wchat.freshchat.com www.google.com www.gstatic.com gist.github.com cdn.jsdelivr.net cdn.randomhow.com connect.facebook.net s3.amazonaws.com platform.twitter.com ssl.google-analytics.com www.hypernode.com www.pagespeed-mod.com asciinema.org cdn.mxpnl.com gc.kis.v2.scr.kaspersky-labs.com ucads-cdn.ucweb.com byte.us2.list-manage.com www.youtube.com cdn.leadinfo.net motu.teamblue.services fast.wistia.com;; style-src-attr 'unsafe-inline';; style-src-elem 'unsafe-inline' 'self' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl github.githubassets.com *.hypernode.com;; script-src 'unsafe-eval' 'self' www.google.com www.hypernode.nl 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net www.google-analytics.com www.googletagmanager.com analytics.twitter.com snap.licdn.com static.ads-twitter.com wchat.freshchat.com www.gstatic.com connect.facebook.net wasm-eval s3.amazonaws.com www.hypernode.com js.hsadspixel.net js.hubspotfeedback.com js.usemessages.com js.hs-analytics.net js.hscollectedforms.net js.hsforms.net js-na1.hs-scripts.com forms.hsforms.com www.youtube.com cdn.leadinfo.net snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com motu.teamblue.services https://platform.linkedin.com;; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl translate.googleapis.com www.hypernode.com https://cdn.leadinfo.net;; child-src www.youtube.com wchat.freshchat.com www.google.com 'self' app.hubspot.com 253949009329559.webpush.freshchat.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com;; connect-src *.oribi.io *.google.com *.hubspot.com api.hubapi.com www.facebook.com js.usemessages.com js.hsleadflows.net js.hubspotfeedback.com js.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com js.hs-banner.com stats.g.doubleclick.net *.google-analytics.com 'self' www.google.co.in www.google.nl www.google.pl www.hypernode.com www.hypernode.nl yoast.com www.google.co.za www.google.co.uk www.google.de www.google.dk www.google.ro www.google.rs www.google.se www.google.ca www.google.com.au www.google.ie meetlookup.com www.google.be *.cdn77.org code.jquery.com *.kaspersky-labs.com www.google.cn www.google.com.eg www.google.com.pk www.google.fi www.google.it www.google.lv *.linkedin.com *.licdn.com *.hypernode.io *.make.com https://api.leadinfo.com https://collector.leadinfo.net *.teamblue.services *.gcp.cloud.es.io;; font-src 'self' fonts.gstatic.com data: cdn.faceworks.nl cdn.megabonus.com use.typekit.net *.hypernode.nl *.hypernode.com https://cdn.leadinfo.net;; form-action my.hypernode.com forms.hsforms.com forms.hubspot.com 'self' www.hypernode.com www.facebook.com;; frame-src www.youtube.com 'self' 253949009329559.webpush.freshchat.com wchat.freshchat.com www.google.com recaptcha.google.com mozbar.moz.com www.hypernode.com platform.twitter.com app.hubspot.com www.hypernode.nl asciinema.org *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.linkedin.com www.facebook.com td.doubleclick.net www.googletagmanager.com 'unsafe-eval';; default-src 'self' 'unsafe-eval' 'unsafe-inline' 253949009329559.webpush.freshchat.com adservice.google.com analytics.google.com analytics.twitter.com data: fonts.googleapis.com fonts.gstatic.com forms.hsforms.com forms.hubspot.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net px.ads.linkedin.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co track.hubspot.com wchat.freshchat.com www.google-analytics.com www.google.com www.google.nl www.googletagmanager.com www.gstatic.com www.hypernode.com www.hypernode.nl www.youtube.com a.slack-edge.com gist.github.com github.githubassets.com www.google.dk www.google.co.uk www.slideshare.net api.hubspot.com app.hubspot.com 'self' yoast.com asciinema.org support.hypernode.com www.google.be www.google.co.in www.google.de www.google.ru;; frame-ancestors 'self' about;; worker-src 'self';; object-src 'self' www.hypernode.com;; media-src 'self'; base-uri 'self'; report-uri https://madebyus.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; 3 base-uri 'self'; object-src 'self'; media-src 'self' https://videos.ctfassets.net; font-src 'self'; frame-src 'self' https://bid.g.doubleclick.net https://info.hireright.com https://www.youtube.com https://lpcdn.lpsnmedia.net https://assets.ctfassets.net; form-action 'self'; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://www.google.co.in https://www.linkedin.com https://*.ads.linkedin.com *.analytics.google.com https://lpcdn.lpsnmedia.net https://ha.prelytix.com https://b.6sc.co https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://dpm.demdex.net https://stags.bluekai.com *.agkn.com https://aorta.clickagy.com https://images.ctfassets.net https://cdn.sanity.io https://j.mrpdata.net https://px.ads.linkedin.com https://pixel-sync.sitescout.com *.rlcdn.com https://us-u.openx.net https://sync.crwdcntrl.net *.doubleclick.net *.clarity.ms https://c.bing.com https://*.google.ee; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://j.6sc.co/6si.min.js http://info.hireright.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com *.doubleclick.net https://tags.clickagy.com *.pardot.com https://ws.zoominfo.com https://snap.licdn.com *.rlcdn.com *.clarity.ms https://www.youtube.com *.liveperson.net *.lpsnmedia.net https://assets.ctfassets.net; connect-src 'self' https://*.analytics.google.com https://*.googletagmanager.com https://ws.zoominfo.com https://aorta.clickagy.com https://secure.adnxs.com https://c.6sc.co/ https://ipv6.6sc.co/ https://analytics.google.com https://cdn.linkedin.oribi.io https://cdn.contentful.com *.google-analytics.com *.analytics.google.com *.algolianet.net *.algolianet.com *.algolia.net *.clickagy.com *.doubleclick.net https://insights.algolia.io *.clarity.ms https://hireright-com-resources-prod.netlify.app https://hireright-com-blog-prod.netlify.app https://hireright-com-pdfs-prod.netlify.app https://hireright-com-services-prod.netlify.app https://hireright-com-industries-prod.netlify.app; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.google-analytics.com sjs.bizographics.com *.bizible.com *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com j.6sc.co bam.nr-data.net cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com maxcdn.bootstrapcdn.com snap.licdn.com ajax.googleapis.com js.createsend1.com *.bing.com *.cloudfront.net *.netlify.app plausible.io *.cookielaw.org *.onetrust.com *.buzzsprout.com *.lingotek.com *.boldchat.com *.nanorep.co *.microsoftstream.com cdn.ampproject.org *.force.com *.site.com *.salesforce.com *.salesforceliveagent.com cdn.jsdelivr.net servicesupport.bakerhughesds.com *.acuityplatform.com; media-src 'self' *.vimeo.com *.youtube.com https://fpdl.vimeocdn.com data: https://designbysoap.b-cdn.net *.cloudfront.net bakerhughes.nanorep.com *.evolutioneng.com; frame-src 'self' *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net 11146811.fls.doubleclick.net youtu.be *.google.com *.yammer.com login.microsoftonline.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com player.vimeo.com *.buzzsprout.com anchor.fm apps.kaonadn.net *.boldchat.com web.microsoftstream.com https://infogram.com service.force.com https://bid.g.doubleclick.net https://play.goconsensus.com podcasters.spotify.com; frame-ancestors 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com *.smartsheet.com s3.amazonaws.com https://play.goconsensus.com *.lingotek.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com themes.googleusercontent.com *.hotjar.com d8ejoa1fys2rk.cloudfront.net use.typekit.net; report-uri /report-csp-violation 3 default-src 'self' data: wss: blob blob: 'unsafe-eval' 'unsafe-inline' *.2o7.net *.ac-systems.com *.adobe.com *.adobedtm.com *.adsymptotic.com *.akamaihd.net *.amazonaws.com *.amelia.com *.atdmt.com *.base.be *.bbvms.com *.bluebillywig.com *.bluecoat.com *.clarity.ms *.cloudfront.net *.companymatch.me *.contentsquare.com *.contentsquare.net *.cookielaw.org *.customersaas.com *.day.com *.demdex.net *.doubleclick.net *.driftqa.com *.driftt.com *.everesttech.net *.facebook.com *.facebook.net *.fontawesome.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io *.licdn.com *.oribi.io *.linkedin.com *.litix.io *.loadinggif.com *.luckycycle.com *.marketo.net *.mktoresp.com *.mktoutil.com *.mobistar.be *.nettjar.com *.omtrdc.net *.onetrust.com *.pegacloud.net *.pingvp.com *.pinimg.com *.pinterest.com *.premiumplus.io *.qelpcare.com *.salesforce.com *.salesforceliveagent.com *.sfdcstatic.com *.speedtestcustom.com *.telenet-ops.be *.telenet.be *.telenet.be.seg.js *.telenet.be:* *.telenetcampagnes.be *.typekit.net *.typography.com *.unpkg.com *.upc.ch *.usabilla.com *.vimeo.com *.wista.com *.wistia.com *.wistia.net *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com *.zentr.cc *.zentrick.com *.zopim.com *.zopim.io https://app.insites.com https://app.prospect.silktide.com https://eur01.safelinks.protection.outlook.com https://html5-player.libsyn.com https://playlist.megaphone.fm https://sandbox-telenet.24sessions.com https://telenet.24sessions.com https://cookies-data.onetrust.io https://euuat.cobrowse.pega.com https://euuatassets.cobrowse.pega.com https://widget.euw1.chat.pega.digital *.webgains.com *.webgains.io sc-static.net *.snapchat.com *.arcgis.com;img-src 'self' data: data blob blob: *.telenet.be *.telenet.be:* https: http://loadinggif.com *.doubleclick.net *.loadinggif.com;report-uri https://api.prd.telenet.be/csp-violation-report; 3 frame-ancestors 'self' https: 3 default-src https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.qualtrics.com; script-src https: 'unsafe-inline' 'unsafe-eval' https://*.qualtrics.com; style-src https: 'unsafe-inline' https://*.qualtrics.com; img-src https: data: https://*.qualtrics.com; font-src data: https:; connect-src https: wss://*.hotjar.com https://*.qualtrics.com; media-src blob: https:; object-src https:; frame-src http: https: https://*.qualtrics.com; worker-src blob: https:; frame-ancestors 'self' https://isrvr.com http://isrvr.com https://iportal.ajginternational.com http://iportal.ajginternational.com https://share.penunderwriting.co.uk http://share.penunderwriting.co.uk https://internal.client.gallagherheath.local http://internal.client.gallagherheath.local https://my2.siteimprove.com; form-action 'self' https://analytics.clickdimensions.com *.clickdimensions.com https://www.payconnexion.com https://*.qualtrics.com; upgrade-insecure-requests; block-all-mixed-content; manifest-src https: ; 3 frame-scr https://library.ymcapps.net 3 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.lvvwd.com *.juicer.io *.digicert.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.onefiserv.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net *.facebook.com *.cludo.com *.cludo.com.cdn.cloudflare.net apps.usw2.pure.cloud cdn.jwplayer.com api.flickr.com data:; connect-src 'self' *.lvvwd.com *.juicer.io *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.cludo.com *.cludo.com.cdn.cloudflare.net api-use2.digital.genesyscloud.com cdn.jwplayer.com cdn3.wowza.com data:; font-src 'self' *.lvvwd.com *.juicer.io *.jwpcdn.com *.gstatic.com data:; img-src 'self' *.lvvwd.com *.snwa.com *.springspreserve.org *.google.com *.juicer.io *.cdninstagram.com prd.jwpltx.com seal.digicert.com maps.gstatic.com *.googleapis.com cdn.jwplayer.com assets-jpcust.jwpsrv.com live.staticflickr.com *.cludo.com *.facebook.com *.fbcdn.net *.facebook.net blob: data:; frame-src 'self' *.onefiserv.com *.captionedtext.com *.youtube.com *.doubleclick.net *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com cdn3.wowza.com blob: data:; 3 base-uri 'self';default-src 'none'; connect-src 'self' inline-only: *; font-src 'self' data: *; img-src 'self' *;script-src 'self' 'unsafe-hashes' 'sha256-H2tlmRuSoiM440uTQK7H3mt3L74Xvy3HDbFQqhasmLM=' 'sha256-F31Z235J4JoHiQd4pwhlVGhZAo9TL1xXkr998POEVGk=' 'sha256-dg9STQouzRiKJUO3yike1CtjTb8JY3xoFiB0syjsclM=' 'sha256-npzn7ujSOdyjMmFgVUD96cEc+e4ADPr6/G36kMw42xg=' 'sha256-5TFWe/7xA1mUO7yvl+1rrgKnK4IkLgDeImwowoNtSio=' 'sha256-0ris5gmMUJMPIW5+I0NnEuFoC0HsIyvgUblcUKRj8DU=' 'sha256-2YCB6Lhue7C9r6969mhdpe1UfjRUR3HR4A0E0by9Kgg=' 'sha256-dPdAVNwRUBOO9U/2jj9+7Wrv56B40z2Jv1G60xrq99k=' 'sha256-1v5J2KvQP4Gbm3K2rHEJwOXTbrRded9lfuiMfmyrgLQ=' 'sha256-zjjpOAlgWBBa3LGAToXGdQdBJ74Nk1FbPuXvyyNud+c=' 'sha256-6Vxqk2EtHXjiJTfzUejPw5pYIuKocUwpWnj5ceUldH4=' 'sha256-jWeJInrhgp2bhmYq4ENjpiKhX8vgbI25wEHe7xZmntk=' 'sha256-MkZksky8RCDrddFfcsZvpoIOBWi+U4WdS/AUDSRoFWc=' 'sha256-JgUlUrFxfMASKHj7b/5oFO6lurjlitmjXKYNNDMUD+Y=' 'sha256-jwKtf7qtuAMIgLD43eyvgH971eEPHz3iVd6yMxfeA9A=' 'sha256-D/PRixJhLrpI1HflSDVH9owyKK3PGUoiNKrmyLvd3tM=' 'sha256-HSqFHC4bxSGLtwIKYvWNU/qQ4Q0oBveduu1wZdFXO+M=' 'sha256-nFFbE/gfqIA03gqrxwtcaywPXAg1nnX0YRI/RaMK8Lo=' 'sha256-k0FSIbTuVFHaoQGas062MT8MxUolKkiZqbpYaF929+c=' 'sha256-rqmm25uujCmwRm3UkPUpq2WM1jbmHLDuEQGkdF9+470=' 'sha256-U7ve//F4t99wIgL0aTmqx7pcSv+0E36f4XP+HwqZU30=' 'sha256-zZ15axXrbdoSqrE42O5dT3pilUPZCKObwx+aitQeT78=' 'sha256-C76Klxj0BnbMe8uaGS7kU+98MDherr94oIyjKlkWxTk=' 'sha256-244y469+HkRw3VOen69J4OuOZPA1f+0QrXS6/KOHJg0=' 'sha256-DNpb+AMfC5A+CyVJTBZTmmAK5kjYiOPpCYonuCoNUDc=' 'sha256-4xvwiEnvCWO3LygP+6rATbySh1+ealhANaQTvdaQaxk=' 'sha256-ClkLV8HfXoqqJ9Kl5sJglafxsF9F9ogSxHZxhR07bq4=' 'sha256-4TpZ3Tx5SLybDXPQaSHGuP1RU4D+pzck+02JLVY61BY=' 'sha256-osjxnKEPL/pQJbFk1dKsF7PYFmTyMWGmVSiL9inhxJY=' 'unsafe-inline' 'unsafe-eval' https://aicpa.ugc.bazaarvoice.com/static/8502-en_us/bvapi.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/04f604fda4ad/launch-4dd043aa3d36.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/135000054.js https://cdn.mouseflow.com/projects/79d6f783-d04b-41b1-8cd4-ff5b0aef991b.js https://connect.facebook.net/en_US/fbevents.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://siteintercept.qualtrics.com/dxjsmodule/11.94e7d7f0c6a48ca94c06.chunk.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://us-content.vergic.com/C684836E-2833-4669-875F-C54261C28192/engage.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/AppMeasurement.min.js https://assets.adobedtm.com/launch-ENbe9d56e701d340938e112682ad21519f.min.js https://d2qrdklrsxowl2.cloudfront.net/api/configuration.js https://d2qrdklrsxowl2.cloudfront.net/api/viewer/setup/ https://d2qrdklrsxowl2.cloudfront.net/js/generated/bootstrap.built.js https://d2qrdklrsxowl2.cloudfront.net/js/generated/brightcove.v2.built.js https://d2qrdklrsxowl2.cloudfront.net/js/hapyak.js https://d2qrdklrsxowl2.cloudfront.net/js/partners/brightcovePlugin/brightcovePlugin.js https://players.brightcove.net/1485859309/experience_59ca4a72f0534d000fe052ff/live.js https://players.brightcove.net/1485859309/rJBq047Xx_default/index.min.js https://vjs.zencdn.net/vttjs/0.12.5/vtt.global.min.js https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.youtube.com/iframe_api https://a.quora.com/qevents.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/a620dac02c5d/launch-01674e2d033f.min.js https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/135000332.js https://cdn.mouseflow.com/projects/f51c3538-9092-4e2e-aae3-eff0161c955a.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://us-content.vergic.com/C684836E-2833-4669-875F-C54261C28192/engage.js https://www.clarity.ms/tag/uet/135000332 https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://adservice.google.com.ph/adsid/integrator.js https://adservice.google.com/adsid/integrator.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js https://assets.adobedtm.com/launch-EN2c0e28c6709c4e27a936ae1de1381bd2.min.js https://cdn.mouseflow.com/projects/4ac367e9-d555-45b8-8c1c-21159c893c86.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031501.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/window_focus_fy2019.js https://tpc.googlesyndication.com/sodar/UFYwWwmt.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/activeview/js/current/rx_lidar.js https://www.googletagservices.com/tag/js/gpt.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/8b34a42b9048/94b1f86a0642/EX982a457aa31f49e98223c06cfedf70f2-libraryCode_source.min.js https://assets.adobedtm.com/launch-EN4ac663097b4c4c6483086c5b1a46bf23.min.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032104.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *; script-src-elem 'unsafe-inline' *; style-src-elem 'unsafe-inline' *;frame-src 'unsafe-inline' *;worker-src 'unsafe-inline' blob: *;media-src 'unsafe-inline' blob: *; 3 frame-ancestors 'self' inloggen.cooperatievgz.nl 3 default-src 'self'; frame-ancestors 'self' *.arista.com; form-action 'self' *.arista.com *.onelogin.com *.salesforce.com forms.hsforms.com syndication.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' customer.cludo.com cdn.cookielaw.org geolocation.onetrust.com js.hsforms.net forms.hsforms.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net *.smartrecruiters.com www.google.com *.gstatic.com www.google-analytics.com *.googletagmanager.com maps.google.com maps.googleapis.com *.googleapis.com platform.twitter.com cdn.syndication.twimg.com connect.facebook.net platform.linkedin.com www.youtube.com; connect-src 'self' api-eu1.cludo.com api.cludo.com cdn.cookielaw.org geolocation.onetrust.com privacyportal.onetrust.com forms.hsforms.com forms.hubspot.com stats.g.doubleclick.net www.google-analytics.com *.analytics.google.com *.googletagmanager.com; child-src 'self' forms.hsforms.com js.hs-analytics.net www.youtube.com www.facebook.com web.facebook.com platform.twitter.com syndication.twitter.com web.facebook.com www.google.com www.google-analytics.com *.livestream.com *.vimeo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twimg.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: customer.cludo.com cdn.cookielaw.org perf.hsforms.com track.hubspot.com forms-na1.hsforms.com forms.hsforms.com i.ytimg.com *.gstatic.com maps.google.com maps.googleapis.com *.googleapis.com *.ggpht.com www.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net platform.twitter.com *.twimg.com syndication.twitter.com www.facebook.com; upgrade-insecure-requests; report-uri /csp-report/ 3 frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com webcache.googleusercontent.com 3 default-src 'self' blob: *.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com *.aman.com *.quantummetric.com 'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:;; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.brightcove.net *.googletagmanager.com *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com *.aman.com *.ipstack.com *.quantummetric.com *.doubleclick.net *.googleadservices.com impactradius-event.com utt.impactcdn.com *.cinnox.com *.gstatic.com *.onetrust.com *.synxis.com *.recaptcha.net *.google.com logs-01.loggly.com ojrq.net *.zencdn.net *.thehotelsnetwork.com *.google-analytics.com cdn.rudderlabs.com https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js; style-src 'self' 'unsafe-inline' cloud.typography.com *.buyatab.com *.aman.com *.cinnox.com *.googleapis.com *.bootstrapcdn.com *.synxis.com *.thehotelsnetwork.com; img-src 'self' data: *.brightcove.net *.brightcove.com *.googletagmanager.com *.buyatab.com *.aman.com *.cinnox.com *.boltdns.net *.google-analytics.com *.onetrust.com *.thehotelsnetwork.com; media-src 'self' blob: *.buyatab.com *.aman.com *.akamaihd.net *.boltdns.net; frame-src *; frame-ancestors 'self'; font-src 'self' data: *.typekit.net *.aman.com *.gstatic.com *.cinnox.com *.thehotelsnetwork.com; connect-src 'self' *.aman.com *.boltdns.net *.thehotelsnetwork.com *.quantummetric.com *.akamaihd.net *.doubleclick.net *.google-analytics.com *.nr-data.net ws: 'unsafe-eval' *.googleapis.com *.onetrust.com *.synxis.com *.cinnox.com impactradius-event.com utt.impactcdn.com *.brightcove.com ojrq.net logs-01.loggly.com amanresorts.pxf.io api.rudderlabs.com *.rudderstack.com sessions.bugsnag.com; upgrade-insecure-requests 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' https://ge.ch *.etat-ge.ch https://datawrapper.dwcdn.net/; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' data: https://ge.ch https://*.infomaniak.com https://*.infomaniak.ch https://www.google-analytics.com *.etat-ge.ch https://www.etat.ge.ch; media-src 'self' https://*.infomaniak.com https://*.infomaniak.ch; frame-src 'self' https://vod.infomaniak.com https://player.infomaniak.com https://*.ge.ch https://ge.ch https://www.ropag-data.ch https://sketchfab.com https://datawrapper.dwcdn.net/; frame-ancestors https://*.ge.ch; child-src 'self' https://vod.infomaniak.com https://*.ge.ch https://ge.ch; font-src 'self' data:; connect-src 'self' *.etat-ge.ch ge.ch *.ge.ch *.geneveid.ch; report-uri /report-csp-violation 3 default-src 'self' ajax.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com; img-src 'self' 'unsafe-inline' * data: www.w3.org irs.tools.investis.com; frame-src 'self' *.investis.com *.youtube.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com fonts.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com fast.fonts.net; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com irs.tools.investis.com *.googletagmanager.com *.google-analytics.com *.investisdigital.com *.lfeeder.com *.youtube.com youtube-nocookie.com; connect-src 'self' *.investisdigital.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com maps.googleapis.com maps.google.com *.amazonaws.com stats.g.doubleclick.net; base-uri 'none'; form-action 'self'; 3 base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com wss://*.hunqz.com *.planetromeo.com *.romeo.com *.facebook.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.blufm.de blufm.de winq.nl *.firebaseio.com *.youtube.com *.facebook.com *.twitter.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.twitter.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 3 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.boost.ai/ https://*.entryscape.com https://*.stratsys.com/ registry.dataportalvast.se http://piwik-ext.vgregion.se/ http://piwik-ext.vgregion.se/piwik.js https://*.vgregion.se https://*.vimeocdn.com https://player.vimeo.com/ https://www.youtube.com https://cdn.siteimprove.net/ https://vgrintern.boost.ai https://vgregion.esmaker.net/ https://ssl.webserviceaward.com/; style-src 'unsafe-inline' 'self' https://*.vimeocdn.com https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.stratsys.com/ registry.dataportalvast.se https://*.vgregion.se https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.boost.ai/ https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.vimeocdn.com registry.dataportalvast.se http://piwik-ext.vgregion.se/ https://nominatim.openstreetmap.org https://*.vgregion.se https://id.siteimprove.com https://my2.siteimprove.com/ https://vgrintern.boost.ai https://td.azure-api.net/ *.t-d.se; font-src 'self' data: https://static.entryscape.com/ https://static2.sharepointonline.com/ https://players.cupix.com/*; frame-src 'self' https://sketchfab.com/ https://play.gu.se/ https://forms.office.com/ https://*.microsoftstream.com/ https://nominatim.openstreetmap.org https://www.google.com https://maps.google.se https://e.infogram.com https://vimeo.com https://player.vimeo.com https://www.youtube.com https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com https://players.cupix.com/; img-src 'self' data: https://api.lantmateriet.se https://ssl.webserviceaward.com/wsc/ https://i.vimeocdn.com/ https://i.ytimg.com/ https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com https://*.amazonaws.com/ https://sahlgrenskaliv.se/ https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com blob:; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com; prefetch-src 'self' https://*.t-d.se https://*.stratsys.com/; 3 frame-ancestors 'self' http://broadridge.lookbookhq.com https://broadridge.lookbookhq.com http://explore.broadridge.com https://explore.broadridge.com; 3 report-uri https://www.hoka.com/_/csp-reports?siteKey=d494UHifw_Ts-A 3 frame-ancestors *.firsthorizon.com 3 default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: mailto:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 3 connect-src 'self' stats.g.doubleclick.net omappapi.com *.cookiebot.com heapanalytics.com pagesense-collect.zoho.eu www.google-analytics.com fonts.googleapis.com; default-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.limesurvey.org www.youtube.com frontend.pay1.de www.google.com kiwiirc.com limesurvey.org; font-src 'self' https://*.typekit.net https://tagmanager.google.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com projectfiles.limesurvey.org github.com; style-src 'unsafe-inline' heapanalytics.com https://tagmanager.google.com fonts.googleapis.com 'self' maxcdn.bootstrapcdn.com projectfiles.limesurvey.org ajax.googleapis.com www.google.com; form-action 'self' https://authentication.cardinalcommerce.com https://*.six-payment-services.com https://*.securesuite.co.uk https://*.cic.fr https://*.arcot.com www.paypal.com survey.limesurvey.org; frame-ancestors 'self' *.limesurvey.org; img-src 'self' www.googletagmanager.com data: *; manifest-src 'self'; media-src 'self'; script-src 'self' https://privacy.cortina-consult.com https://maillist-manage.eu https://*.zoho.eu https://*.zohocdn.com https://*.limesurvey.org data: https://tagmanager.google.com https://heapanalytics.com https://*.pagesense.io https://*.omappapi.com https://*.hotjar.com https://*.heapanalytics.com https://*.cookiebot.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com secure.pay1.de projectfiles.limesurvey.org www.google.com www.google-analytics.com appscdn.joomla.org; frame-src https://forms.zohopublic.eu/ https://*.hotjar.com https://*.cookiebot.com https://*.visa.com https://authentication.cardinalcommerce.com 3dsecure.icscards.nl https://*.pay1.de docs.google.com 'self' download.limesurvey.org kiwiirc.com www.youtube.com limesurvey.org secure.pay1.de; object-src 'self'; report-uri https://account.limesurvey.org/violation.php; 3 default-src 'self' ; media-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch static.zdassets.com ; frame-src 'self' https://m.lndg.page dash-staging.bounceexchange.com assets.bounceexchange.com *.fls.doubleclick.net bid.g.doubleclick.net https://player.vimeo.com/ *.photorank.me *.hotjar.com *.facebook.com *.google.com *.instagram.com *.youtube.com *.pinterest.com https://www.sandbox.paypal.com *.clarity.ms www.pinterest.co.uk *.openpay.mx https://www.pinterest.ch https://www.pinterest.cl https://www.pinterest.es https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie tsdtocl.com *.tangiblee.com www.paypal.com www.paypalobjects.com www.googletagmanager.com emersya.com cdn.emersya.com *.opencontrol.mx https://www.recaptcha.net https://outlook.office365.com https://dem.mysingleromance.com https://us-device-pro1.csftr.com www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com csxd.victorinox.com csxd.swissarmy.com https://forms.office.com *.dash-staging.bounceexchange.com *.dash.bounceexchange.com https://victorinox.my-june.com ; report-to csp-endpoint ; frame-ancestors 'self' https://development--b2cstore-victorinox.netlify.app/ https://staging--b2cstore-victorinox.netlify.app/ https://b2cstore-victorinox.frontend.site ; worker-src 'self' blob: ; child-src 'self' blob: *.victorinox.com *.swissarmy.com *.wenger.ch *.tangiblee.com *.photorank.me *.pinterest.com https://web.facebook.com https://fbsbx.com https://*.google.com https://www.youtube.com https://www.facebook.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://emersya.com/ https://www.pinterest.com https://www.pinterest.co.uk https://www.pinterest.ch https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie https://secure.img-cdn.mediaplex.com *.fls.doubleclick.net *.doubleclick.net vars.hotjar.com victorinox-fr-affiliate-programme.sjv.io player.vimeo.com assets.bounceexchange.com ; img-src 'self' data: https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.victorinox.com *.swissarmy.com *.wenger.ch *.paypalobjects.com *.cloudfront.net *.kameleoon.eu *.kameleoon.com *.cdn4.forter.com *.baidu.com *.onetrust.com *.getback.ch *.taboola.com *.yahoo.co.jp *.bazaarvoice.com *.cdn77.org *.zoovu.com *.tangiblee.com *.contentsquare.com *.zopim.com *.bdimg.com maps.google.com load.sumome.com load.sumo.com https://*.googletagmanager.com https://*.google-analytics.com www.googleadservices.com www.sc.pages03.net static.hotjar.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com tag.bounceexchange.com dash-staging.bounceexchange.com bat.bing.com snap.licdn.com t.contentsquare.net contentsquare.com static.ads-twitter.com analytics.tiktok.com analytics.twitter.com platform.twitter.com script.hotjar.com googleads.g.doubleclick.net s.yimg.jp px.adhigh.net assets.zendesk.com intljs.rmtag.com static.zdassets.com ut.rd.linksynergy.com br-victorinox.netmng.com tags.srv.stackadapt.com d.impactradius-event.com s.pinimg.com cdn.tangiblee.com cscoreproweustor.blob.core.windows.net js.monitor.azure.com api.channelsight.com cdn.channelsight.com *.klaviyo.com emersya.com cdn.emersya.com cdn.brcdn.com f.monetate.net se.monetate.net cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com photorankstatics-a.akamaihd.net https://*.google.com www.paypal.com www.gstatic.com www.gstatic.cn www.dwin1.com connect.facebook.net openpay.s3.amazonaws.com swissarmy.cardconnect.com:* vx.local:* *.clarity.ms *.openpay.mx *.googlesyndication.com https://www.recaptcha.net https://services.postcodeanywhere.co.uk *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv www.googleoptimize.com https://eubroken.mysingleromance.com https://dem.mysingleromance.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com *.dash-staging.bounceexchange.com *.dash.bounceexchange.com ; font-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch *.hotjar.com *.cdn77.org *.cloudfront.net *.tangiblee.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com emersya.com cdn.emersya.com fast.fonts.net cdnjs.cloudflare.com cdn.megabonus.com static3.avast.com cdn.honey.io netdna.bootstrapcdn.com assets.bounceexchange.com *.sprinklr.com ; form-action 'self' https: ; connect-src 'self' ws: wss: *.victorinox.com *.swissarmy.com *.wenger.ch *.forter.com *.klaviyo.com *.amazonaws.com *.onetrust.com *.paypal.com *.paypalobjects.com *.openpay.mx *.taboola.com *.victorinox.com *.tangiblee.com *.contentsquare.net *.bazaarvoice.com *.getback.ch *.hotjar.com *.zoovu.com *.facebook.com https://*.google.com *.instagram.com sumo.com api.openweathermap.org https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com emersya.com cdn.emersya.com ws.emersya.com cdn.cookielaw.org d2o5idwacg3gyw.cloudfront.net photorankstatics-a.akamaihd.net photorankapi-a.akamaihd.net https://*.g.doubleclick.net analytics.tiktok.com ekr.zdassets.com swissarmy.zendesk.com widget-mediator.zopim.com bat.bing.com px.adhigh.net hm.baidu.com tags.srv.stackadapt.com ct.pinterest.com api.channelsight.com dc.services.visualstudio.com vc.hotjar.io victorinox-fr-affiliate-programme.sjv.io events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net maps.googleapis.com *.clarity.ms https://services.postcodeanywhere.co.uk https://api.addressy.com *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv https://dem.mysingleromance.com cdn.linkedin.oribi.io https://*.csftr.com *.googlesyndication.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com ; style-src 'self' 'unsafe-inline' *.victorinox.com *.swissarmy.com *.wenger.ch *.cdn77.org *.tangiblee.com assets-static.victorinox.com *.klaviyo.com photorankstatics-a.akamaihd.net fonts.googleapis.com emersya.com cdn.emersya.com api.map.baidu.com fast.fonts.net static.getback.ch cdnjs.cloudflare.com tags.srv.stackadapt.com cdn.channelsight.com tiger-cdn.zoovu.com translate.googleapis.com assets.bounceexchange.com https://services.postcodeanywhere.co.uk *.sprinklr.com 3 frame-ancestors *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app 'self'; connect-src *.adguard-dns.com *.adguard.org *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app 'self'; script-src https://cdn.paddle.com/paddle/paddle.js https://widget.cloudpayments.ru/bundles/cloudpayments.js hcaptcha.com *.hcaptcha.com https://challenges.cloudflare.com/turnstile/v0/api.js *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app 'unsafe-inline' 'unsafe-eval' 'self'; style-src cdn.paddle.com *.adguard.org *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app 'unsafe-inline' 'self'; img-src * data: *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app 'self'; frame-src *.paddle.com widget.cloudpayments.ru *.youtube.com *.youtube-nocookie.com https://cdn.adtidy.org hcaptcha.com *.hcaptcha.com https://challenges.cloudflare.com/ *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app 'self'; font-src *.adguard.org *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app 'self' data:; object-src https://cdn.adtidy.org *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app 'self'; media-src cdn.adtidy.org *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app 'self'; report-uri /api/247/security/?sentry_key=f9f67ed550ee435e96c854cdb8278247; default-src *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app 'self' 3 frame-src https://*.pilotflyingj.com https://pilotflyingj.com https://demo.docusign.net https://docusign.net https://powerforms-d.docusign.net https://na2.docusign.net https://powerforms.docusign.net https://youtube.com https://www.youtube.com https://*.doubleclick.net https://goconnect.stackla.com https://info.evidon.com https://pilotadmin.wufoo.com/ https://l3.evidon.com 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' tal.de *.tal.de; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline' tal.de *.tal.de https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://www.tal.de/st/csp-violator.py 3 default-src 'self' data: blob: gap: https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.akamaized.net https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://media-.akamaized.net https://gsam.sc.omtrdc.net https://gs-analytics.url.gs.com:8443 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://consent.trustarc.com https://fonts.gstatic.com data:; script-src 'self' https://s.gihwyz.com https://cdn.pdst.fm https://*.marketo.com https://*.mktoweb.com https://consent.trustarc.com https://polyfill.io https://consent-pref.trustarc.com https://fonts.googleapis.com https://assets.adobedtm.com https://ds-aksb-a.akamaihd.net https://*.gsam.com https://*.gs.com https://*.google.com https://snap.licdn.com https://*.gsacquisition.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://api.darksky.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://cdn.linkedin.oribi.io https://s.gihwyz.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.mktoresp.com https://*.marketo.com https://*.qualtrics.com https://*.akamaized.net https://gsam.122.2o7.net https://*.gs.com https://*.gsam.com https://*.demdex.net https://*.omtrdc.net https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://consent-pref.trustarc.com https://gsam.sc.omtrdc.net https://gs-analytics.url.gs.com:8443 'unsafe-inline' data:; object-src 'self'; child-src blob: gap: 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com; frame-src gap: 'self' https://*.marketo.com https://*.mktoweb.com https://t2.jiji.com https://*.qualtrics.com https://www.google.com https://*.gs.com https://*.gsam.com https://*.doubleclick.net https://*.gsacquisition.com https://*.goldmansachsbdc.com https://gsam.demdex.net https://*.goldman.com https://consent-pref.trustarc.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://vds.issproxy.com; img-src 'self' https://*.qualtrics.com https://www.commercefunds.com https://p.adsymptotic.com https://ds-aksb-a.akamaihd.net https://*.google.co.in https://*.google.gr https://*.google.co.uk https://*.google.ca https://*.google.fi https://*.google.de https://*.google.fr https://*.google.it https://*.google.com https://*.demdex.net https://*.gsam.com https://*.gs.com https://*.ads.linkedin.com https://*.doubleclick.net https://www.linkedin.com https://*.gs.com:28500 https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://cm.everesttech.net https://gsam.sc.omtrdc.net https://*.rocaton.com https://consent.trustarc.com https://consent-pref.trustarc.com data:; style-src 'self' https://s.gihwyz.com https://*.marketo.com https://*.mktoweb.com https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://fonts.googleapis.com 'unsafe-inline'; 3 connect-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.ru *.google-analytics.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.mapbox.com *.ipqualityscore.com ipqualityscore.com *.googlesyndication.com *.getsitecontrol.com trainbusferry.com *.trainbusferry.com api.alternativepayments.com *.logs.datadoghq.com api-js.datadome.co cdn.ampproject.org; default-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com fonts.gstatic.com maxcdn.bootstrapcdn.com blob:; font-src 'self' * data: *.onetwogo.com maxcdn.bootstrapcdn.com *.apiairasia.com; frame-ancestors 'self'; frame-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.md *.youtube.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.google.com *.stripe.com paymentpage.ecommpay.com s2.mailorsoon.net *.googletagmanager.com apiairasia.com *.apiairasia.com; img-src * blob: * data:; media-src *; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.bing.com mc.yandex.ru *.ads-twitter.com analytics.twitter.com connect.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.omise.co *.paypalobjects.com *.paypal.com ipqualityscore.com *.getsitecontrol.com *.googleapis.com pagead2.googlesyndication.com googletagservices.com *.stripe.com trainbusferry.com *.trainbusferry.com paymentpage.ecommpay.com s7.addthis.com cdn.ampproject.org www.datadoghq-browser-agent.com js.datadome.co blob:; style-src 'self' * 'unsafe-inline' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.googleapis.com paymentpage.ecommpay.com maxcdn.bootstrapcdn.com; 3 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://dev.vatrix.eu; frame-src * data: blob:; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 3 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 3 upgrade-insecure-requests; frame-ancestors 'self' tigertech.net *.tigertech.net; 3 default-src 'self'; font-src 'self' data: https://script.hotjar.com https://consent.trustarc.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://static.cloud.coveo.com https://engage.aveva.com https://tagmanager.google.com https://fonts.googleapis.com; object-src 'self'; child-src 'self' ujet.co *.ujet.co; connect-src 'self' https://*.b0e8.com https://*.bc0a.com http://*.b0e8.com http://*.bc0a.com https://*.google-analytics.com https://*.analytics.google.com http://*.google-analytics.com http://*.analytics.google.com https://region1.google-analytics.com/g/collect* https://region1.analytics.google.com/g/collect* https://cdn.linkedin.oribi.io/partner/265491/domain/aveva.com/token https://api.company-target.com http://api.company-target.com https://company-target.com http://company-target.com https://segments.company-target.com http://segments.company-target.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://analytics.cloud.coveo.com https://consent-pref.trustarc.com https://platform.cloud.coveo.com https://s7.addthis.com https://sfgw.leadspace.com https://engage.aveva.com https://986-yis-805.mktoresp.com https://stats.g.doubleclick.net https://segments.company-target.com https://www.google-analytics.com https://connect.facebook.net/ https://vc.hotjar.io https://in.hotjar.com https://*.demdex.net https://api.company-target.com https://smetrics.aveva.com https://cm.everesttech.net https://assets.adobedtm.com https://aveva.tt.omtrdc.net https://m.addthis.com; img-src 'self' data: *.google-analytics.com https://px4.ads.linkedin.com/collect* *.analytics.google.com https://www.google.co.uk/pagead/1p-user-list/986306368/* https://px4.ads.linkedin.com/collect* https://id.rlcdn.com/464526.gif https://www.google.co.uk/ads/ga-audiences* https://script.hotjar.com http://script.hotjar.com https://consent-pref.trustarc.com https://analytics.twitter.com https://bat.bing.com https://engage.aveva.com https://consent.trustarc.com https://ssl.gstatic.com https://www.googletagmanager.com https://10049316.fls.doubleclick.net https://secure.adnxs.com https://sdk.yoyi.com.cn https://mapping.yoyi.com.cn https://segments.company-target.com https://t.co https://connect.facebook.net https://*.demdex.net https://match.prod.bidr.io https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://p.adsymptotic.com https://www.linkedin.com https://px.ads.linkedin.com https://www.facebook.com https://smetrics.aveva.com https://cm.everesttech.net https://assets.adobedtm.com https://avevaenglishdev.112.2o7.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://hud.crazyegg.com https://ftrk.crazyegg.com https://script.crazyegg.com https://vector.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com http://hud.crazyegg.com http://ftrk.crazyegg.com http://script.crazyegg.com http://vector.crazyegg.com http://tracking.crazyegg.com http://assets-tracking.crazyegg.com http://pagestates-tracking.crazyegg.com https://api.brightedge.com https://*.b0e8.com https://*.bc0a.com http://api.brightedge.com http://*.b0e8.com http://*.bc0a.com https://script.crazyegg.com/pages/scripts/0116/7658.js https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js* https://s.adroll.com/j/exp/5TODA6DLONELRNGZWU5E3D/index.js https://s.adroll.com/j/pre/5TODA6DLONELRNGZWU5E3D/RMNM2XJBDVDX5HV2TGMQ3E/index.js https://s.adroll.com/j/pre/5TODA6DLONELRNGZWU5E3D/RMNM2XJBDVDX5HV2TGMQ3E/fpconsent.js https://d.adroll.com/consent/check/5TODA6DLONELRNGZWU5E3D* https://www.clarity.ms/eus-e/s/0.7.2/clarity.js https://block.opendns.com https://www.clarity.ms/tag/uet/137010788 https://cdn.pdst.fm/ping.min.js https://www.google.com https://scripts.demandbase.com http://scripts.demandbase.com https://tag.demandbase.com http://tag.demandbase.com https://static.hotjar.com https://script.hotjar.com https://lonrtp1-cdn.marketo.com/rtp-api/v1/* https://static.cloud.coveo.com https://cdn.jsdelivr.net https://ajax.cloudflare.com https://z.moatads.com https://bat.bing.com https://sfc.leadspace.com https://cdn.thinglink.me https://sfc.leadspace.com https://consent.trustarc.com https://munchkin.marketo.net https://engage.aveva.com https://tagmanager.google.com https://www.googletagmanager.com https://polyfill.io https://cdn.jsdelivr.net https://static.cloudflareinsights.com https://track.accountinsight.cloud https://view.ceros.com https://okt.to https://analytics.twitter.com https://script.hotjar.com https://tag.demandbase.com https://static.ads-twitter.com http://clientservices.googleapis.com https://static.hotjar.com https://static.oktopost.com https://www.googletagmanager.com http://r2---sn-ci5gup-cvhz.gvt1.com http://r4---sn-qxaeen7e.gvt1.com http://redirector.gvt1.com http://update.googleapis.com http://www.gstatic.com https://js.driftt.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://snap.licdn.com https://noembed.com *.adobe.com google-analytics.com *.google-analytics.com https://fast.wistia.net http://fast.wistia.com http://vimeo.com https://vimeo.com https://*.vimeo.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://www.youtube.com https://s.ytimg.com https://s7.addthis.com https://v1.addthisedge.com https://m.addthis.com https://graph.facebook.com; frame-src 'self' https://*.adobe.com https://www.google.com https://tracker-detail-page.trustarc.com https://vars.hotjar.com https://www.thinglink.com https://engage.aveva.com https://consent-pref.trustarc.com https://consent.trustarc.com https://www.googletagmanager.com https://10049316.fls.doubleclick.net https://www.w3.org https://view.ceros.com https://vars.hotjar.com https://js.driftt.com https://*.demdex.net https://www.facebook.com https://www.youtube.com https://fast.wistia.net https://s7.addthis.com https://player.vimeo.com https://bid.g.doubleclick.net https://www.slideshare.net; frame-ancestors 'self' https://explore.osisoft.com https://osisoft.lookbookhq.com https://osisoft.pathfactory.com https://discover.aveva.com https://aveva.pathfactory.com; 3 default-src 'self'; frame-ancestors 'self';upgrade-insecure-requests;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omnicalculator.com https://cdn.tiny.cloud https://cdn.omnicalculator.com https://market.esmchina.com https://s0.2mdn.net https://zz.bdstatic.com https://mbb.eet-china.com https://pagead2.googlesyndication.com https://ad.doubleclick.net https://pos.baidu.com https://www.eet-china.com https://static-eetc.oss-cn-shenzhen.aliyuncs.com https://dup.baidustatic.com https://site.eet-china.com https://apps.bdimg.com https://www.googletagmanager.com https://hm.baidu.com https://www.googletagservices.com https://www.google-analytics.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://adservice.google.com https://res.wx.qq.com; style-src 'unsafe-inline' https:;font-src https: data:; img-src data: blob: https:;connect-src https: ;frame-src https: data:;media-src https: 3 frame-ancestors https://*.t-mobile.com https://metropcs.mobi https://www.metropcs.mobi https://*.metrobyt-mobile.com https://metropcs.mobileposse.com/ 3 default-src 'self' data: *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 3 frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/enforce 3 frame-ancestors 'self' blank;object-src 'self' blank; 3 default-src https: ws: data: blob: 'unsafe-inline' 'unsafe-eval' 3 default-src https: wss://*.hotjar.com wss://*.qualified.com; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self' *.experityhealth.com; frame-src data: https:; media-src blob: data: https:; object-src 'self' blob:; worker-src blob: 'self'; child-src blob:; upgrade-insecure-requests; 3 frame-ancestors; 3 frame-ancestors 'self' http://renaissance.lookbookhq.com https://renaissance.lookbookhq.com http://renaissance.pathfactory.com https://renaissance.pathfactory.com http://content.renaissance.com https://content.renaissance.com 3 script-src 'none'; 3 frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com https://hyland.highspot.com; 3 child-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.cookieyes.com cdn-cookieyes.com;font-src 'self' fonts.gstatic.com;frame-src 'self';frame-ancestors 'self';img-src *.mvmnet.com data: maps.gstatic.com *.gstatic.com *.ggpht.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.facebook.com *.cookieyes.com cdn-cookieyes.com;manifest-src 'self';media-src 'self';object-src 'self';worker-src 'self'; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; frame-ancestors https://epson.com https://*.epson.com https://*.epson.jp https://*.epson https://*.goepson.com https://epson.ca https://epson.com.mx https://epson.com.ar https://epson.com.bo https://epson.com.br https://epson.co.cr https://epson.cl https://epson.com.co https://epson.com.do https://epson.com.ec https://epson.com.py https://epson.com.pe https://epson.com.uy https://epson.com.ve https://cm.lpga.com https://cm.epsontour.com https://www.lpga.com https://www.epsontour.com 3 frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com aldianer.staffbase.com aldinord-custom.staffbase.com http://www.aldianer-nord.de https://www.aldianer-nord.de http://staffbase.com capacitor://aldianer-nord.de capacitor://staffbase.com cname-main-de1.staffbase.com magazine.aldi-nord.de 195.192.131.24 localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 3 frame-src *.nttdataservices.com *.nttdata.com *.google.com *.googletagmanager.com *.pardot.com *.ceros.com 'self' *.addthis.com *.hotjar.com *.facebook.net *.twitter.com *.youtube.com *.infogram.com *.jobdiva.com *.doubleclick.net *.adsrvr.org *.clarity.ms *.evidon.com; frame-ancestors 'self' *.nttdataservices.com *.nttdata.com; 3 default-src 'self' sit.encoded.services live.encoded.services *.hotjar.io *.hotjar.com 'unsafe-inline' *.agendize.com vimeo.com *.vimeo.com *.openstreetmap.org *.instagram.com *.facebook.net www.youtube.com *.youtube.com www.google.com *.google.com googlesyndication.com *.googlesyndication.com *.www.isleofman.com 'unsafe-inline' *.google.com googlesyndication.com *.googlesyndication.com sentry.yabsta.net cdn.ravenjs.com www.google.com *.www.isleofman.com *.gstatic.com www.googletagservices.com www.googletagmanager.com *.google-analytics.com *.twitter.com *.facebook.net *.simpli.fi www.facebook.com *.facebook.com *.twimg.com *.doubleclick.net *.googleapis.com;img-src * data: blob:;font-src * data:;frame-src *; 3 default-src 'self'; frame-src 'none'; connect-src 'self'; font-src 'self' data:; img-src 'self' data:; media-src data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; form-action 'none'; 3 report-uri / 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lionbridge.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://lionbridge.data.adobedc.net https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com *.trendemon.com https://info.lionbridge.com/js/forms2/js/forms2.min.js https://googleads.g.doubleclick.net/* https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/ https://ajax.googleapis.com/ https://ws-assets.zoominfo.com/ https://schedule.zoominfo.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://lionbridge.data.adobedc.net https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com https://www.google.com/ https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/ https://js.zi-scripts.com/zi-tag.js https://googleads.g.doubleclick.net/* https://ws-assets.zoominfo.com/formcomplete.js; style-src * 'unsafe-inline'; img-src *; connect-src * https://ws.zoominfo.com hpps://api.schedule.zoominfo.com; prefetch-src https://play.vidyard.com/; frame-src 'self' https://play.vidyard.com https://dayintegrationinternal.demdex.net https://lionbridge.demdex.net https://www.facebook.com https://app-sjn.marketo.com https://www.youtube.com/ https://www.google.com/ https://www.lionbridge.com/ https://player.youku.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/; frame-ancestors 'self' http://lionbridge.com:8000 3 frame-ancestors https://engage.bruker.com https://tongji.baidu.com self; 3 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.facebook.net https://*.facebook.com https://js.monitor.azure.com https://bat.bing.com https://www.google.com https://www.gstatic.com https://cdn.cookielaw.org https://s.go-mpulse.net https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://www.googleadservices.com https://*.billtrust.com https://*.vimeo.com https://dwill530.github.io https://billtrust.containers.piwik.pro https://munchkin.marketo.net https://ws.zoominfo.com https://tracking.g2crowd.com https://snap.licdn.com https://ml314.com https://tracker.marinsm.com https://www.clickcease.com https://googleads.g.doubleclick.net https://cookie-cdn.cookiepro.com https://boards-api.greenhouse.io https://code.jquery.com https://pagead2.googlesyndication.com https://boards.greenhouse.io https://js.zi-scripts.com; style-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://*.typekit.net https://mktg.billtrust.com https://billtrust.containers.piwik.pro; object-src 'none'; base-uri 'self'; connect-src 'unsafe-inline' 'self' https://cdn.linkedin.oribi.io https://*.in.applicationinsights.azure.com https://*.cloud.coveo.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://billtrust.piwik.pro https://billtrust.containers.piwik.pro https://*.mktoresp.com https://ws.zoominfo.com https://geolocation.onetrust.com https://pagead2.googlesyndication.com https://boards-api.greenhouse.io https://privacyportal.cookiepro.com https://www.google.com https://googleads.g.doubleclick.net https://js.zi-scripts.com; font-src 'self' https://fonts.gstatic.com https://*.typekit.net https://billtrust.containers.piwik.pro data:; frame-src 'self' https://www.google.com https://www.npr.org https://www.youtube.com https://mktg.billtrust.com https://player.vimeo.com https://www.g2.com https://boards.greenhouse.io; img-src 'unsafe-inline' 'self' https//sync.1rx.io https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://i.vimeocdn.com https://px.ads.linkedin.com https://cookie-cdn.cookiepro.com https://dpm.demdex.net https://idsync.rlcdn.com https://match.adsrvr.org https://sync.crwdcntrl.net https://ps.eyeota.net https://ml314.com https://pixel.mathtag.com https://ib.adnxs.com https://loadus.exelator.com https://s.amazon-adsystem.com https://sync.srv.stackadapt.com https://www.google.com https://www.linkedin.com https://bat.bing.com https://billtrust.containers.piwik.pro data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri /cspreports.xml 3 default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://optimize.google.com https://*.morningstar.com; img-src 'self' https://api.nuveen.com https://www.google-analytics.com https://www.gstatic.com https://cdn.cookielaw.org https://maps.gstatic.com https://maps.googleapis.com https://www.b2i.us https://www.nuveen.com https://id.rlcdn.com *.morningstar.com https://neu-prd-e50f2931bfec-xp2-cd1.azurewebsites.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://www.facebook.com https://*.linkedin.com https://t.co https://analytics.twitter.com https://googleads.g.doubleclick.net https://segments.company-target.com https://www.google-analytics.com https://*.akamaihd.net https://*.qualtrics.com https://*.nr-data.net https://*.bing.com https://*.clarity.ms data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nuveen.com https://www.nuveen.com https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://www.google-analytics.com https://tools.inviteeducation.com https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com https://cdn.cookielaw.org https://*.salesforceliveagent.com https://players.brightcove.net https://*.qualtrics.com https://www.google.com https://cdn.evgnet.com https://neu-prd-e50f2931bfec-xp2-cd1.azurewebsites.net https://wus-prd-98682cc0fada-xp2-cd1.azurewebsites.net https://s.go-mpulse.net https://cdn.polyfill.io https://cdnjs.cloudflare.com https://*.morningstar.com https://*.akamaihd.net https://js-agent.newrelic.com https://www.nuveen.com https://tag.demandbase.com https://www.google-analytics.com https://script.crazyegg.com https://snap.licdn.com https://static.ads-twitter.com https://cdn.callrail.com https://pi.pardot.com https://js.adsrvr.org https://connect.facebook.net https://info.nuveen.com https://js.callrail.com https://action.dstillery.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://api.ipify.org https://analytics.google.com https://stats.g.doubleclick.net https://*.nr-data.net https://action.media6degrees.com https://ajax.googleapis.com https://*.nuveen.com https://polyfill.io https://unpkg.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://*.broadridge.com https://*.bing.com https://*.clarity.ms blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.googleoptimize.com https://fonts.googleapis.com https://*.morningstar.com https://*.broadridge.com; frame-ancestors 'self' ; frame-src 'self' https://c-pace.greenworkslending.com https://optimize.google.com https://www.googleoptimize.com https://v3.inviteeducation.com https://players.brightcove.net https://www.google.com https://*.adsrvr.org https://*.doubleclick.net https://www.facebook.com https://*.nuveen.com https://*.company-target.com; connect-src 'self' *.nuveen.com https://ad.doubleclick.net https://bat.bing.com https://maps.googleapis.com https://siteintercept.qualtrics.com https://cdn.cookielaw.org/ https://tiaabank.us-4.evergage.com https://www.b2i.us https://c.go-mpulse.net https://neu-prd-e50f2931bfec-xp2-cm.azurewebsites.net https://*.akamaihd.net https://*.akstat.io https://*.morningstar.com https://api.company-target.com https://js.callrail.com https://script.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.crazyegg.com https://analytics.google.com https://geolocation.onetrust.com https://privacyportal.onetrust.com *.nr-data.net https://cdn.linkedin.oribi.io https://*.hawkeye.epsilon.com https://*.fundslibrary.net https://*.services.visualstudio.com https://*.clarity.ms https://*.company-target.com https://tag-logger.demandbase.com; object-src 'none'; media-src https://bcbolt446c5271-a.akamaihd.net ; base-uri 'none' ; 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 3 frame-src https://www.google.com https://app.hubspot.com https://forms.hsforms.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; form-action 'self' https://forms.hsforms.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://js.usemessages.com/conversations-embed.js https://js.hsforms.net/forms/embed/v2.js https://ssl.google-analytics.com/ga.js https://www.pagespeed-mod.com/v1/taas; 3 upgrade-insecure-requests; default-src 'self' https://*.canadalife.com; connect-src 'self' https://*.canadalife.com https://*.greatwestlife.com https://www.google-analytics.com https://pdx-col.eum-appdynamics.com https://greatwestlife.sc.omtrdc.net https://dpm.demdex.net https://maps.googleapis.com https://greatwestlife.tt.omtrdc.net https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://*.qualtrics.com https://*.tt.omtrdc.net https://analytics.google.com https://*.force.com https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.mouseflow.com https://edge.adobedc.net https://analytics.tiktok.com; script-src 'self' 'unsafe-eval'; script-src-attr 'unsafe-hashes' 'sha256-s03MppK+yldqebQIUHl/a3rnlThCtQkSXSmmZOF3+F4='; script-src-elem 'self' 'sha256-rxbB0dwoVgxFLovO+2QdlowWXjNRQqQ2N+l1eql3idk=' 'sha256-FBNK2rdRWFlHdRsYGZZBmuYu5+CkAl+Wn1JoYWqrksM=' 'sha256-F4BYc9lsI/Vrx9C9i80ixfUTjvillF19Ozmb78mybec=' 'sha256-AQOwIQfwXmjGkJa3okk527EAh1ebFJRpTTZl+5jRXbY=' 'sha256-g2Pta/3ikSvMxquiOYn0GW46rWdTYOpxkQZQy4WkDmg=' 'sha256-KoHyQmm+D9hBDaBTR6+gxOIONQBIayKMbpsmhIC1btA=' 'sha256-aPmuEA+YTJeUe5vchynnoiv3QTQuOLlWWoFTWMZ0g1g=' 'sha256-qLzKpw2YpqphcZ2dUfDq+nZ5lHCEZFVVMQAG3QzDYFs=' 'sha256-mpui/uSvBk50FoZaT31+E4TDh6X31gDoxHjIJDzRJZg=' 'sha256-77v6+Y2oUkIbs8c4pNz/22z+7s+raZVjnYoWAy3n340=' 'sha256-E7YCGQ5MRgDfOE83WCZrO5WMF47b8DMQrCCUsSG4BZA=' 'sha256-7sAcIrWL0oWh2ze3yV6tqz1RbnGmqhIx1Qus9jRracQ=' 'sha256-M+nrL1i0jyqg3asaQwtMrGR3HewAhiK/bpVvlDbxPVA=' 'sha256-2w2VuPWkQ3e1VTwZBpAMJr/J8SGDI2TAq/lDdYX5rCM=' 'sha256-QmTlplZrwxtcIjf0Qw5pH3wwugda+oguLrKTkvZcEZg=' 'sha256-c/UuTsNI4PzkW3h2TEBTba6cHzrxCGLRLm7e7JFOMTA=' https://*.canadalife.com https://assets.adobedtm.com https://cdn.appdynamics.com https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/ https://*.qualtrics.com https://dpm.demdex.net https://ad.doubleclick.net https://snap.licdn.com https://*.fls.doubleclick.net https://px.ads.linkedin.com https://secure.adnxs.com https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/ https://play.vidyard.com https://p.adsymptotic.com https://www.googletagmanager.com/gtag/ https://mboxedge35.tt.omtrdc.net https://s.pinimg.com/ct/ https://googleads.g.doubleclick.net https://bat.bing.com/bat.js https://bat.bing.com/p/action/11042675.js https://www.googleadservices.com https://analytics.google.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.mouseflow.com https://www.gstatic.com https://www.google.com/recaptcha/enterprise.js https://analytics.tiktok.com; style-src 'self' blob: 'unsafe-inline' https://*.canadalife.com https://*.vidyard.com https://*.qualtrics.com https://*.force.com https://*.salesforce-sites.com https://fonts.googleapis.com; img-src 'self' data: https://*.canadalife.com https://*.ggpht.com https://*.googleapis.com/ https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net https://www.facebook.com https://*.qualtrics.com https://cm.everesttech.net https://*.fls.doubleclick.net https://maps.googleapis.com https://px.ads.linkedin.com https://ad.doubleclick.net https://secure.adnxs.com https://p.adsymptotic.com https://adservice.google.com/ddm/ https://adservice.google.ca/ddm/ https://dpm.demdex.net https://maps.gstatic.com https://*.vidyard.com https://*.qualtrics.com https://www.google.ca/ads/ https://www.google.com/ads/ https://www.google-analytics.com https://www.google.com/pagead/ https://www.google.ca/pagead/ https://t.co/i/ https://s.pinimg.com/ct/ https://bat.bing.com https://*.force.com https://*.salesforce-sites.com https://ca-gmtdmp.mookie1.com; font-src 'self' data: https://*.canadalife.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.qualtrics.com https://*.vidyard.com; frame-src 'self' https://play.vidyard.com https://*.qualtrics.com https://www.youtube.com https://gwl.demdex.net https://*.force.com https://www.google.com; child-src https://*.canadalife.com https://*.qualtrics.com https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net; object-src 'none'; base-uri 'none'; 3 connect-src 'self' https://www.paypal.com https://fastmail.innocraft.cloud https://o73885.ingest.sentry.io/api/; default-src 'none'; img-src 'self' data: https://fastmail.innocraft.cloud https://*.twimg.com https://*.twitter.com https://www.gravatar.com https://icgroup.helpspot.com https://www.paypalobjects.com http://www.pobox.com https://*.gstatic.com https://www.fastmail.com https://*.zdusercontent.com https://fastmail.zendesk.com https://pobox.zendesk.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.twitter.com https://*.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://connect.facebook.net https://fastmail.innocraft.cloud https://listbox.com https://run-static.pingdom.net https://*.gstatic.com https://*.facebook.com https://talon-ehawk.netdna-ssl.com https://www.e-hawk.net https://www.ehawk.net https://www.paypalobjects.com https://www.paypal.com https://icgroup.helpspot.com; object-src 'none'; frame-src 'self' data: https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.google.com; frame-ancestors 'self' 3 frame-ancestors 'self' https://legacyshield.com https://www.legacyshield.com https://hotfix.legacyshield.com https://test049.legacyshield.com https://lsapp.legacyshield.com https://getzuby.com https://staging.getzuby.com https://www.assistancedocs.com https://testing.connectedinvestors.com https://connectedinvestors.com https://www.furnishedfinder.com https://www.keycheck.com https://dev18.furnishedfinder.com https://dev18.keycheck.com https://www.lawyerless.com.au/ https://lawyerless.com.au http://local.lawyerless.com.au/ https://www.american-apartment-owners-association.org/ https://www.tenantalert.com/ https://secure.american-apartment-owners-association.org/ https://aragdc.eyelightdev.ca https://members.dginstitute.com.au https://members-beta.dginstitute.com.au https://members.dginstitute.co/ https://members-beta.dginstitute.co/ https://honcho.com.au https://honcho.com.au:8080 http://app.loc.srv:18002 https://hon.dev-t-syd.honcho.be http://hon.dev-t-syd.honcho.be https://infinitedocs.com http://affiliateprototype.lawdepot.com https://members-beta.propertylovers.com.au https://members.propertylovers.com.au; 3 default-src * data: 'unsafe-inline' 'unsafe-eval' blob:; frame-src * 'self' https://www.youtube.com https://www.googletagmanager.com https://www.youtube-nocookie.com http://*.dynamics.com http://*.google.de http://*.google.com; frame-ancestors * http://*.dynamics.com 3 default-src * blob:; connect-src https: wss:; font-src https: data:; frame-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.2o7.net b.6sc.co c.6sc.co j.6sc.co secure.adnxs.com *.adobe.com assets.adobedtm.com *.adsrvr.org static.ads-twitter.com p.adsymptotic.com *.advancedfundsolutions.com *.akafms.net *.akamaihd.net ingestion-upload-production.s3.amazonaws.com/ platform.asset.tv *.atlcap.com *.bcovlive.io *.bcvp0rtal.com match.prod.bidr.io bat.bing.com tags.bluekai.com *.boltdns.net *.brightcove.com *.brightcove.net *.brightcovecdn.com *.calvert.com *.morganstanley.com *.ms.com *.msim.com cdn.polyfill.io/v2/polyfill.sj cdnjs.cloudflare.com *.cloudfront.net api.company-target.com segments.company-target.com *.custombeta.com *.demandbase.com *.demdex.net dev-drwebsite www.dianomi.com *.doubleclick.net *.eatonvance.at *.eatonvance.ch *.eatonvance.co.kr *.eatonvance.co.uk *.eatonvance.com *.eatonvance.com.au *.eatonvance.de *.eatonvance.dk *.eatonvance.fi *.eatonvance.ie *.eatonvance.jp *.eatonvance.nl *.eatonvance.no *.eatonvance.se *.eatonvance.sg proxy-bedford.eatonvance.com:8443 *.eatonvancecounsel.com eatonvanceinvestment.tt *.eatonvancerealestate.com *.analytics.edgekey.net ejohn.org cm.everesttech.net *.evmanagement.com *.evwateroak.com xbrl.fasb.org servedby.flashtalking.com fluidproject.org *.fml-x.com fml-x.com *.gallerysites.net gateway.zscalertwo.net getbootstrap.com www.giftcalcs.com www.google.com www.googleadservices.com www.google-analytics.com *.googleapis.com www.googletagmanager.com fonts.gstatic.com www.gstatic.com vds.issgovernance.com weblogs.java.net www.joostdevalk.nl code.jquery.com static.knowledgevision.com www.kryogenix.org snap.licdn.com *.linkedin.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net *.morningstar.com hello.myfonts.net js-agent.newrelic.com *.nextshares.com bam.nr-data.net javascript.nwbox.com *.omtrdc.net onlinexperiences.com *.parametricportfolio.com pi.pardot.com cdn.polyfill.io www.riddle.com id.rlcdn.com xbrl.sec.gov seekingalpha.com t.sf14g.com www.storygize.net t.co analytics.twitter.com platform.twitter.com cloud.typography.com ww.math.ubc.ca *.uscharitablegifttrust.org *.uslegacyincometrusts.org bcove.video www.w3.org xbrl.org youtube.com vjs.zencdn.net *.dynatrace.com *.evidon.com blob: data: 3 default-src * blob:;connect-src 'self' 'unsafe-inline' https://app.clearbit.com https://adservice.google.com https://cdn.bizible.com https://api.craftcms.com https://region1.analytics.google.com/ https://stats.g.doubleclick.net https://analytics.google.com https://www.facebook.com wss://*.signalwire.com https://*.signalwire.com https://cdn.signalwire.com https://signalwire.s3-us-west-2.amazonaws.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://app.termly.io https://munchkin.marketo.net https://262-hgr-311.mktoresp.com http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat;frame-src 'self' https://www.facebook.com https://js.stripe.com https://www.youtube.com https://youtube.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://app.termly.io https://vars.hotjar.com https://game.crisp.chat http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com;child-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;worker-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;style-src 'self' 'unsafe-inline' https://github.githubassets.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://*.signalwire.com https://cdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://x.clearbitjs.com https://tag.clearbitscripts.com https://cdn.bizible.com https://www.clickcease.com https://ajax.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://js.usemessages.com https://snap.licdn.com https://gist.github.com https://js.stripe.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://app.termly.io https://d3js.org https://cdn.jsdelivr.net https://munchkin.marketo.net https://262-hgr-311.mktoresp.com http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://client.crisp.chat https://settings.crisp.chat;font-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com http://mcdn.signalwire.com https://mcdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com http://script.hotjar.com https://script.hotjar.com https://client.crisp.chat data:;img-src * data: 3 default-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://csp.d47wgg8.com 3 object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 3 frame-ancestors https://www.iway.ch https://www.sak-digital.ch https://freerideict.ch https://www.crossdata.ch https://www.telcomnet.ch https://www.rhone.ch https://www.uli-l.ch https://www.pc-zbinden.ch https://www.2com.ch https://www.jpag.ch https://www.bluenetsys.ch https://www.bluenetworksystems.ch https://www.agiba.ch https://agiba.ch https://www.ewh.ch https://isptv.ch/ https://www.isptv.ch/ https://profifon.ch https://starnet24.com/ 3 frame-ancestors 'self' *.pangle.io *.pangle-b.io 3 default-src 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com yolacom.yolacdn.net www.yola.com unpkg.com *.yolacdn.net polyfill.io cdn.ravenjs.com *.googleapis.com *.sharethis.com www.googleoptimize.com www.googletagmanager.com *.yola.com *.googleusercontent.com *.gstatic.com secure.gravatar.com www.facebook.com www.google-analytics.com *.google.com *.yola.net stats.g.doubleclick.net *.fullstory.com s.w.org *.sitewit.com ts.w.org *.wikimedia.org www.youtube.com wp-themes.com data: blob:;frame-ancestors 'self'; form-action 'self'; 3 upgrade-insecure-requests; default-src https://*.idnet.com https://*.idnet.net 'unsafe-inline' https://www.google.com https://*.analytics.google.com https://analytics.google.com https://widget.trustpilot.com https://www.google.co.uk https://stats.g.doubleclick.net https://analytics.google.com https://www.googletagmanager.com https://www.google-analytics.com https://fast.fonts.net https://*.facebook.net https://*.facebook.com https://*.twitter.com https://*.stripe.com https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://*.purechat.com https://*.purechatcdn.com wss://*.prod-aws.purechat.com data: ; img-src https: data: android-webview-video-poster: ; font-src https: data: ; object-src 'self'; base-uri 'self'; form-action https://www.idnet.com https://idnet.us4.list-manage.com; report-uri https://www.idnet.com/api/csp_receiver.php; 3 base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; default-src 'self' blob: data:; child-src 'self' blob: players.brightcove.net; font-src 'self' blob: data: fonts.gstatic.com; frame-src 'self' players.brightcove.net siemens.demdex.net charts3.equitystory.com irpages2.eqs.com new.siemens.com *.usercentrics.eu; connect-src 'self' blob: data: o1.ingest.sentry.siemens-web.com search.new.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net api.dc.siemens.com api.dc.siemens-energy.com searchapi.new.siemens.com assets.new.siemens.com assets.siemens-energy.com manifest.prod.boltdns.net edge.api.brightcove.com metrics.brightcove.com secure.brightcove.com *.media.brightcove.com *.akamaihd.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com w3.siemens.com privacyportal-eu.onetrust.com profiles.siemens.com dpm.demdex.net api.swarm.app tools.adlytics.net *.usercentrics.eu; img-src 'self' data: android-webview-video-poster: blob: *.siemens.com brightcove04pmdo-a.akamaihd.net *.prod.boltdns.net metrics.brightcove.com cf-images.eu-west-1.prod.boltdns.net siemens.sc.omtrdc.net siemens.tt.omtrdc.net img.en25.com images.response.siemens-info.com stats.adlytics.net assets.siemens-energy.com cookies.siemens-energy.com c.jabmo.app cm.everesttech.net www.gstatic.com dpm.demdex.net search.dc.siemens-energy.com press.siemens-energy.com www.google.com www.facebook.com *.usercentrics.eu secure.adnxs.com track.accountinsight.cloud ad.doubleclick.net googleads.g.doubleclick.net adservice.google.com; media-src 'self' data: android-webview-video-poster: blob: manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com f12.cf.brightcove.com; object-src players.brightcove.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' w3.siemens.com prod.ste.dc.siemens.com tools.adlytics.net geolocation.onetrust.com players.brightcove.net vjs.zencdn.net assets.adobedtm.com profiles.siemens.com img.en25.com cookies.siemens-energy.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net *.usercentrics.eu googleads.g.doubleclick.net s.kmtx.io adservice.google.com; style-src 'self' 'unsafe-inline' tools.adlytics.net profiles.siemens.com *.usercentrics.eu; report-uri https://o1.ingest.sentry.siemens-web.com/api/332/security/?sentry_key=1d8c95b215bb485e82ebbdc79f653653&sentry_environment=sites-prod&sentry_release=a6738d5d; 3 default-src *.ewe.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ewe.de *.googletagmanager.com *.google-analytics.com www.youtube.com consent.cookiebot.com *.intelliad.de s.ytimg.com empfehlen-admin.pso-vertrieb.de connect.facebook.net www.dwin1.com *.rfihub.com *.rfihub.net *.adform.net *.adc-srv.net *.google.de *.google.com bat.bing.com *.bing.com/bat.js *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.gstatic.com *.googleapis.com *.ad4mat.de journeyengine.staging.wlp.cloud *.ad4mat.at *.ad4mat.ch *.adsrvr.org consentcdn.cookiebot.com ad4m.at cdn.sitesearch360.com cdn.cai.tools.sap apps.mypurecloud.de; connect-src 'self' *.ewe.de global.sitesearch360.com *.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net ewe-ckd-faq-bot-3q50idha.sapcai.eu10.hana.ondemand.com consentcdn.cookiebot.com api.mypurecloud.de api-cdn.mypurecloud.de wss://webmessaging.mypurecloud.de; img-src 'self' *.ewe.de images.ctfassets.net *.intelliad.de www.google-analytics.com *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.adform.net ad4m.at *.ad4m.at *.smartadserver.com *.googletagmanager.com adservice.google.com *.gstatic.com ih.adscale.de a.twiago.com dmp.ad4mat.net adservice.google.de maps.googleapis.com cdn.cai.tools.sap r.adserver01.de ad11.adfarm1.adition.com secure.adnxs.com imagesrv.adition.com blob: data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com *.ewe.de cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com *.ewe.de cdnjs.cloudflare.com; frame-src ad4m.at ad4mat.net match.adsrvr.org www.facebook.com ad4mat.at widget.whappodo.com consentcdn.cookiebot.com insight.adsrvr.org youtube.com www.youtube.com journeyengine.staging.wlp.cloud apps.mypurecloud.de *.ewe.de; media-src 'self' data.ewe.de; 3 frame-ancestors 'self' https://olbsupport.cbvoyager.com https://banking.commercebank.com https://bankingapi.commercebank.com https://loans.commercebank.com https://solutions.commercebank.com https://go.pardot.com https://pi.pardot.com https://sb.commercebank.com/legacybillpayenrollment https://view.ceros.com https://transact.commercebank.com/ 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: *.gea.com; form-action 'self'; frame-src 'self' *.gea.com *.eqs.com streamstudio.world-television.com *.eurolandir.com www.treedom.net console.e-bot7.de *.qualtrics.com vara-services.com *.podigee.com *.podigee-cdn.net playout.3qsdn.com *.audiocon.de html5-player.libsyn.com forms.office.com embed.contentflow.net 3 frame-ancestors 'self' https://*.webvisor.com https://metrika.yandex.ru/ https://www.copytrans.net 3 default-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src self https:; 3 frame-ancestors 'self' connectmeinforma.com *.connectmeinforma.com informaconnect.com dev.totem-app.com www.fanexpohq.events 3 object-src 'none'; frame-ancestors 'self' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.surveyhero.com https://*.eventbrite.com https://*.chatanexpert.com https://*.clarity.ms https://*.bing.com https://*.linkedin.oribi.io https://*.salesforce-sites.com https://*.force.com https://*.google.com.mx https://*.licdn.com https://*.google.com https://*.doubleclick.net https://*.adservice.google.com https://*.googleadservices.com https://*.mouseflow.com wss://in.visitors.live https://*.luckyorange.com https://*.usercentrics.eu https://*.dwcdn.net https://*.adsrvr.org https://weatherwidget.io https://cdn.thinglink.me https://www.thinglink.com https://www.wrike.com https://*.megameeting.com https://www.youtube.com https://www.slideshare.net https://www.washingtonpost.com https://www.chasepaymentechhostedpay.com https://sketchfab.com https://r3.visualwebsiteoptimizer.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://www.gstatic.com https://play.vidyard.com https://pi.pardot.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://go.jabil.com https://www.google-analytics.com http://stats.g.doubleclick.net https://4bfejp2jq0q2273jfp3mhqaw-wpengine.netdna-ssl.com https://hm.baidu.com https://cse.google.com https://snid.snitcher.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://ton.twimg.com https://maps.googleapis.com https://*.6sc.co https://secure.adnxs.com https://w.soundcloud.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://go.pardot.com https://maxcdn.bootstrapcdn.com ; img-src 'self' https://* data: blob: ; worker-src 'self' blob: ; child-src 'self' https://*.surveyhero.com https://*.eventbrite.com https://*.chatanexpert.com https://*.clarity.ms https://*.bing.com https://*.linkedin.oribi.io https://*.salesforce-sites.com https://*.force.com https://*.google.com.mx https://*.licdn.com https://*.google.com https://*.doubleclick.net https://*.adservice.google.com https://*.googleadservices.com https://*.mouseflow.com wss://in.visitors.live https://*.luckyorange.com https://*.usercentrics.eu https://*.dwcdn.net https://*.adsrvr.org https://weatherwidget.io https://cdn.thinglink.me https://www.thinglink.com https://www.wrike.com https://*.megameeting.com https://www.youtube.com https://www.slideshare.net https://www.washingtonpost.com https://www.chasepaymentechhostedpay.com https://sketchfab.com https://r3.visualwebsiteoptimizer.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://www.gstatic.com https://play.vidyard.com https://pi.pardot.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://go.jabil.com https://www.google-analytics.com http://stats.g.doubleclick.net https://4bfejp2jq0q2273jfp3mhqaw-wpengine.netdna-ssl.com https://hm.baidu.com https://cse.google.com https://snid.snitcher.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://ton.twimg.com https://maps.googleapis.com https://*.6sc.co https://secure.adnxs.com https://w.soundcloud.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://go.pardot.com https://maxcdn.bootstrapcdn.com blob: ; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com data: ; 3 default-src 'self' 'unsafe-inline' *.bam-x.com *.narrativ.com *.planethowl.com *.braze.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.facebook.com *.facebook.net *.hotjar.com *.klaviyo.com *.segment.com *.segment.io *.webflow.com webflow.com d3e54v103j8qbb.cloudfront.net js.appboycdn.com wss://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/jquery-nice-select/ *.googleapis.com *.hubspot.com *.hs-scripts.com *.google.pl unpkg.com weblocks.io *.jsdelivr.net *.hsforms.com *.hsforms.net *.hscollectedforms.net js.hs-analytics.net js.hs-banner.com i.vimeocdn.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/ vimeo.com *.vimeo.com cdn.embedly.com vimeocdn.com *.vimeocdn.com *.gstatic.com; font-src 'self' data: *.webflow.com fonts.gstatic.com; object-src 'none'; style-src 'unsafe-inline' https:; base-uri 'self'; form-action 'self' webto.salesforce.com forms.hsforms.com; frame-ancestors 'none'; upgrade-insecure-requests; frame-src 'self' data: vimeo.com cdn.embedly.com *.vimeo.com vimeocdn.com *.vimeocdn.com www.google.com forms.hsforms.com; img-src http: https: data:; 3 default-src photomath.net photomath.app photomath.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mathjax.org tcms.photomath.net tpip.photomath.net ajax.googleapis.com apis.google.com code.jquery.com maxcdn.bootstrapcdn.com www.google-analytics.com s.imgur.com cdnjs.cloudflare.com www.googletagmanager.com static.hotjar.com connect.facebook.net analytics.tiktok.com script.hotjar.com edge.fullstory.com; connect-src 'self' cms.photomath.net tcms.photomath.net pip.photomath.net www.google-analytics.com stats.g.doubleclick.net script.google.com www.facebook.com analytics.tiktok.com region1.google-analytics.com in.hotjar.com vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com edge.fullstory.com rs.fullstory.com api.db-ip.com; img-src 'self' data: cdnjs.cloudflare.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.gstatic.com storage.googleapis.com d2fi4ri5dhpqd1.cloudfront.net www.facebook.com rs.fullstory.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com fast.fonts.net; font-src 'self' about: data: fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; frame-src player.vimeo.com imgur.com apis.google.com accounts.google.com plus.google.com vars.hotjar.com; object-src 'self'; manifest-src photomath.com; media-src photomath.com player.vimeo.com vod-progressive.akamaized.net; 3 default-src 'self' *.mktoresp.com in.hotjar.com vc.hotjar.io sentry.hotjar.com *.hid.gl www.google-analytics.com d30ia583fbtg8i.cloudfront.net www.trustradius.com sentry.io cdn.cookielaw.org *.zoominfo.com www3.hidglobal.com; connect-src 'self' *.adobe.io wss://*.adobe.io cdn.cookielaw.org www.google-analytics.com in.hotjar.com 289-tsc-352.mktoresp.com dudodiprj2sv7.cloudfront.net www.trustradius.com d30ia583fbtg8i.cloudfront.net gmc.lingotek.com *.zoominfo.com https://metrics.hidglobal.com/; font-src 'self' maxcdn.bootstrapcdn.com script.hotjar.com d30ia583fbtg8i.cloudfront.net www.trustradius.com fonts.gstatic.com *.typekit.net; frame-src 'self' player.vimeo.com www.youtube-nocookie.com www.youtube.com vars.hotjar.com hidglobal.secure.force.com hidglobal.force.com hidglobal-communities.force.com accounts.google.com info.hidglobal.com bid.g.doubleclick.net www.google.com hidglobal.my.salesforce.com d30ia583fbtg8i.cloudfront.net www.trustradius.com cdn.thinglink.me www.google-analytics.com *.visual.force.com *.my.salesforce.com player.acast.com documentcloud.adobe.com bugcrowd.com *.my.site.com; img-src 'self' data: www.google-analytics.com/ img.youtube.com stats.g.doubleclick.net play.google.com i.ytimg.com ssl.gstatic.com yt3.ggpht.com www.hidglobal.com www.hidglobal.cn www.hidglobal.fr www.hidglobal.mx www.hidglobal.de www.hidglobal.jp www.hidglobal.kr www.hidglobal.com.br www.hidglobal.ru *.hid.gl script.hotjar.com www.googletagmanager.com www.google.com hidglobal.com s3.amazonaws.com ssl.google-analytics.com d30ia583fbtg8i.cloudfront.net www.trustradius.com cdn.thinglink.me tagmanager.google.com www.gstatic.com px.ads.linkedin.com p.adsymptotic.com www.google-analytics.com info.hidglobal.com cdn.cookielaw.org media.trustradius.com i.vimeocdn.com ct.capterra.com wec-assets.terminus.services assets.adoberesources.net lh3.googleusercontent.com bat.bing.com gmc.lingotek.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com script.hotjar.com static.hotjar.com munchkin.marketo.net www.googleadservices.com www.googletagmanager.com www.youtube.com s.ytimg.com apis.google.com www.googleapis.com googleads.g.doubleclick.net sjs.bizographics.com px.ads.linkedin.com www.linkedin.com d30ia583fbtg8i.cloudfront.net www.trustradius.com cdn.thinglink.me www.thinglink.com tagmanager.google.com accounts.google.com info.hidglobal.com www.google.com snap.licdn.com cdn.cookielaw.org *.zoominfo.com vidassets.terminus.services assets.adoberesources.net documentcloud.adobe.com bugcrowd.com assets.bugcrowdusercontent.com metrics.hidglobal.com bat.bing.com js.zi-scripts.com gmc.lingotek.com https://cdnjs.cloudflare.com https://d3js.org https://metrics.hidglobal.com/; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com d30ia583fbtg8i.cloudfront.net www.trustradius.com cdn.thinglink.me tagmanager.google.com fonts.googleapis.com info.hidglobal.com *.typekit.net gmc.lingotek.com https://cdnjs.cloudflare.com https://use.typekit.net; form-action 'self' *.mktoresp.com in.hotjar.com vc.hotjar.io sentry.hotjar.com *.hid.gl www.google-analytics.com d30ia583fbtg8i.cloudfront.net www.trustradius.com sentry.io info.hidglobal.com webto.salesforce.com www.hidglobal.com/search www.hidglobal.com/es/search www.hidglobal.com/pt/search; frame-ancestors 'self' engage.hidglobal.com hidglobal.com www.hidglobal.com http://hidglobal.lookbookhq.com https://hidglobal.lookbookhq.com http://hidglobal.pathfactory.com https://hidglobal.pathfactory.com; report-uri https://www.hidglobal.com/report-uri/enforce 3 frame-ancestors resources.levelaccess.com 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://a.levelaccess.com https://*.formhq.net https://cdn.wmxtools.com https://www.influ2.com https://*.unbounce.com https://*.cloudfront.net https://*.ub-assets.com https://*.wistia.com https://*.wistia.net https://*.wistia.com https://*.adnxs-simple.com https://*.adnxs.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://ajax.googleapis.com https://boards.greenhouse.io https://bat.bing.com https://cdnjs.cloudflare.com https://cta-service-cms2.hubspot.com https://code.jquery.com https://connect.facebook.net https://cdn.bizible.com https://content.linkedin.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://dsp-creative.demandbase.com https://d.adroll.com https://fast.wistia.com https://forms.hsforms.com https://graph.facebook.com https://googleads.g.doubleclick.net https://google-analytics.com https://googletagmanager.com https://js.hscta.net https://js.facebook.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://js.qualified.com https://j.6sc.co https://resources.levelaccess.com https://a.levelaccess.com https://learn.levelaccess.com https://m.youtube.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://app.qualified.com/ https://platform.linkedin.com https://r.bing.com https://src.litix.io https://stackpath.bootstrapcdn.com https://s.adroll.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://*.hsforms.net https://*.hsforms.com https://cdnjs.cloudflare.com https://s42509.pcdn.co https://s43627.pcdn.co https://resources.levelaccess.com https://tracking.g2crowd.com https://tag.demandbase.com https://tag.yieldoptimizer.com https://tagmanager.google.com https://widget.surveymonkey.com https://www.youtube.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googletagmanager.com https://yoast.com;style-src 'self' 'report-sample' 'unsafe-inline' blob: *.google.com *.licdn.com *.cloudfront.net *.unbounce.com *.ub-assets.com *.qualified.com *.bing.com *.bootstrapcdn.com ajax.googleapis.com cdnjs.cloudflare.com code.jquery.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://code.jquery.com/jquery-3.3.1.min.js fast.wistia.com fonts.googleapis.com s42509.pcdn.co s43627.pcdn.co https://resources.levelaccess.com www.googletagmanager.com;object-src *.googlesyndication.com embedwistia-a.akamaihd.net;child-src 'self' data: blob: *.google.com *.doubleclick.net *.googlesyndication.com *.adnxs.com *.facebook.com app.hubspot.com connect.facebook.net forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net www.youtube.com www.ub-assets.com www.cloudfront.net www.unbounce.com www.googletagmanager.com;base-uri 'self' *.adnxs.com;form-action 'self' *.google.com *.facebook.com connect.facebook.net download.essentialaccessibility.com forms.hubspot.com forms.hsforms.com;worker-src 'self' blob: www.google.com; frame-src 'self' https://www.googletagmanager.com/ https://www.cloudfront.net/ https://www.unbounce.com/ https://www.ub-assets.com/ https://app.qualified.com/ https://*.wistia.net https://*.wistia.com https://fast.wistia.com https://boards.greenhouse.io https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com https://cdnjs.cloudflare.com https://www.facebook.com/ https://consentcdn.cookiebot.com/ https://vars.hotjar.com/ https://code.jquery.com/jquery-3.3.1.min.js; default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hsforms.net https://*.hsforms.com https://cdnjs.cloudflare.com https://www.facebook.com/ https://consentcdn.cookiebot.com/ https://vars.hotjar.com/ https://code.jquery.com/jquery-3.3.1.min.js blob:; 3 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; 3 default-src 'self' flickrembed.com *.flickrembed.com *.jquery.com *.flickr.com *.twitter.com *.gstatic.com *.weloveiconfonts.com weloveiconfonts.com *.googletagmanager.com *.google-analytics.com *.youtube.com youtube.com *.ytimg.com *.google.com *.googlevideo.com *.googleapis.com *.facebook.net *.facebook.com *.doubleclick.net *.rss2json.com *.instagram.com *.googleservices.com *.office.com *.matterport.com *.cloudflare.com *.benchmarkemail.com *.renem.es *.openstreetmap.org *.opentopomap.org *.ign.es data: 'unsafe-inline' 'unsafe-eval'; 3 frame-ancestors 'self' https://rbi.experiencecloud.adobe.com https://fullstory.com https://edge.fullstory.com rs.fullstory.com https://test.salesforce.com https://login.salesforce.com https://unity--trinitydev.my.salesforce.com https://unity--trinitydev.sandbox.my.salesforce.com *.lookbookhq.com *.pathfactory.com *.adobedtm.com https://rbi.demdex.net 3 default-src 'self' *.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' qvdt3feo.com *.zoominfo.com *.googleadservices.com *.bttrack.com bttrack.com *.clarity.ms *.intentsify.io *.bizible.com *.easy7bear.com ceros-creative-services.s3.amazonaws.com ceros-labs.s3.amazonaws.com *.ceros.com *.bidr.io *.bizzabo.com *.cloudfront.net acsbapp.com *.acsbapp.com *.bc0a.com *.b0e8.com *.ads-twitter.com *.adsrvr.org *.srv.stackadapt.com *.stackadapt.com *.fontawesome.com *.cookielaw.org *.jquery.com *.marketo.com *.marketo.net *.twimg.com *.onetrust.com *.driftt.com *.bing.com *.bootstrapcdn.com *.myfonts.net *.cloudflare.com *.callrail.com *.aspnetcdn.com *.vidyard.com *.ceridian.ca *.en25.com *.eloqua.com *.googletagmanager.com *.swiftypecdn.com *.google-analytics.com *.google.com *.google.ca *.licdn.com *.facebook.net *.terminus.services *.windows.net *.g2crowd.com *.adsrvr.org *.ads-twitter.com *.ads.linkedin.com *.twitter.com go.ceridian.com https://*.hotjar.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.marketo.com *.twitter.com *.bootstrapcdn.com fastcdn.org *.cloudflare.com optanon.blob.core.windows.net *.swiftypecdn.com go.ceridian.com *.stackadapt.com https://*.hotjar.com 'unsafe-inline'; img-src * data: https://*.hotjar.com; font-src 'self' *.bttrack.com acsbapp.com *.acsbapp.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com https://*.hotjar.com; connect-src 'self' https://play.vidyard.com cdn.linkedin.oribi.io *.tt.omtrdc.net *.zoominfo.com *.google.com *.google-analytics.com *.bttrack.com bttrack.com *.clarity.ms *.doubleclick.net ka-p.fontawesome.com *.fontawesome.com *.collector.snplow.net acsbapp.com *.acsbapp.com *.srv.stackadapt.com *.cookielaw.org *.facebook.com *.marketo.com *.mktoresp.com *.eloqua.com *.swiftype.com *.ceridian.ca *.swiftypecdn.com *.callrail.com go.ceridian.com *.onetrust.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; media-src * 'unsafe-inline'; frame-src 'self' *.doubleclick.net *.ceros.com accessibe.com *.accessibe.com *.acsbapp.com acsbapp.com *.bizzabo.com *.facebook.com *.marketo.com *.twitter.com *.youtube.com *.driftt.com *.vidyard.com *.adsrvr.org go.ceridian.com https://*.hotjar.com; frame-ancestors 'none' 3 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com cdn.jsdelivr.net wererxrzmp.com main-ti-hub.com jkha742.xyz *.cstwpush.com *.wpadmngr.com *.wpshsdk.com *.cabnnr.com *.wpushsdk.com *.swwpush.com *.forlumineoner.com forlumineoner.com *.mfcewkrob.com iogjhbnoypg.com baradoot.com flymylife.info *.nawpush.com futureocto.com 69v.club *.ampproject.org s7.addthis.com *.addthis.com z.moatads.com v1.addthisedge.com *.pinterest.com *.odnoklassniki.ru *.ok.ru vk.com *.vk.com *.facebook.net opvanillishan.com *.googleusercontent.com clickatdcode.com onetouch4.com *.fluidplayer.com;img-src 'self' 'unsafe-inline' data: blob: * android-webview-video-poster:;connect-src * 'unsafe-inline';media-src * blob:;font-src * data:;frame-src erkiss.live *.erkiss.club jkha742.xyz s7.addthis.com *.pinterest.com *.google.com;manifest-src feelisfile.info;report-uri /ajax/csp_report.php 3 default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 3 script-src 'self' blob: data: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://bidswitch.net https://cdn.cookielaw.org https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; base-uri 'self'; img-src 'self' data: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cookiebot.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net 'unsafe-inline' https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; default-src 'self' blob: data: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://bidswitch.net https://cdn.cookielaw.org https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net 'unsafe-inline' https://*.adyen.com https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cookiebot.com https://*.creativecdn.com https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com 'unsafe-inline' https://*.adyen.com; form-action 'self' https://accounts.lidl.com https://survey.g.doubleclick.net; report-uri https://csp.cre.lidl-shop.com/csp/report; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; object-src 'self' data: https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval'; 3 frame-ancestors 'self' http://*.storyblok.com/ https://*.storyblok.com/; 3 default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 3 frame-ancestors 'self' *.investec.com https://ng.secure.investec.com:8080; 3 report-uri https://appserver-e5a8503e-nginx-152e547232c04d8d8ec24d56c95d604a 3 frame-ancestors www.medidata.com medidata.com next.medidata.com loc.medidata.com explorer.medidata.com https://*.mdsol.com test-medidata-next.pantheonsite.io dev-medidata-next.pantheonsite.io blog-medidata-corporate.pantheonsite.io dev-medidata-corporate.pantheonsite.io test-medidata-corporate.pantheonsite.io 26five-medidata-corporate.pantheonsite.io perf-medidata-corporate.pantheonsite.io tags-medidata-corporate.pantheonsite.io web.cvent.com mdsol.preview.salesforce-experience.com mdsol.live-preview.salesforce-experience.com mdsol.my.site.com 3 default-src 'self' blob: *.persistent.com *.crazyegg.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://tags.clickagy.com/ *.crazyegg.com https://script.crazyegg.com/ https://www.gartner.com/ https://js.qualified.com/ https://cookie-cdn.cookiepro.com/ https://www.googleoptimize.com/ https://d.clarity.ms/ https://g.clarity.ms/ https://f.clarity.ms/ https://www.clarity.ms/ https://a.clarity.ms/ https://e.clarity.ms/ https://bat.bing.com/ https://ws.zoominfo.com/ https://view.ceros.com/ https://vidassets.terminus.services/ https://j.6sc.co/ https://cdn.mouseflow.com/ https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://match.prod.bidr.io/ https://d26x5ounzdjojj.cloudfront.net/ https://plugins.eventable.com/ https://www.recaptcha.net/ https://add.eventable.com https://twitter.com/ https://script.hotjar.com https://static.hotjar.com/ https://maxcdn.bootstrapcdn.com/ https://dn1f1hmdujj40.cloudfront.net https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com/ https://geolocation.onetrust.com https://cookiepro.blob.core.windows.net https://code.jquery.com https://pi.pardot.com/ https://go.persistent.com http://www.persistent.com https://www.persistent.com https://www.google.com/ https://www.gstatic.com https://analytics.twitter.com https://t.co https://px.ads.linkedin.com https://snap.licdn.com https://static.ads-twitter.com/ https://optanon.blob.core.windows.net https://web-analytics.engagio.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com https://s.ytimg.com https://www.youtube.com/ https://connect.facebook.net/ https://www.linkedin.com https://www.googletagmanager.com https://d3afnetdjufmcb.cloudfront.net/ https://cdn.syndication.twimg.co https://ajax.googleapis.com; style-src 'self' https://hello.myfonts.net/ *.crazyegg.com https://cdn.jsdelivr.net https://www.gartner.com/ https://cdnjs.cloudflare.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://cookiepro.blob.core.windows.net https://use.fontawesome.com http://www.persistent.com https://www.persistent.com https://optanon.blob.core.windows.net https://fonts.googleapis.com/css 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://d3afnetdjufmcb.cloudfront.net/ https://*.twitter.com https://*.twimg.com;font-src 'self' https://cdnjs.cloudflare.com https://script.hotjar.com https://www.gartner.com/ https://www.google-analytics.com https://use.fontawesome.com https://d3afnetdjufmcb.cloudfront.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ data:;frame-src 'self' https://www.ceros.com/ *.crazyegg.com https://td.doubleclick.net/ https://www.gartner.com/ https://app.qualified.com/ https://view.ceros.com/ https://www.recaptcha.net/ https://accounts.google.com/ http://cal.events https://outlook.live.com/ https://login.yahoo.com/ https://calendar.yahoo.com/ https://calendar.google.com/ https://calendar.google.com/ https://accounts.google.com/ https://add.eventable.com/ https://vars.hotjar.com/ http://go.persistent.com/ https://bid.g.doubleclick.net/ http://get.adobe.com/ https://web.facebook.com/ https://www.google.com/ https://player.vimeo.com/ https://*.twitter.com/ https://player.zype.com/ https://connect.facebook.net/ https://www.facebook.com/ https://staticxx.facebook.com https://ebooks.persistent.com/ *.persistent.com https://www.youtube.com/ https://www.linkedin.com/ ; img-src 'self' https://cookie-cdn.cookiepro.com/ *.crazyegg.com https://aorta.clickagy.com/ https://reviews.static.gartner.com/ https://wec-assets.terminus.services/ https://wec-assets-api.terminus.services/ https://c.clarity.ms/ https://bat.bing.com/ https://wec-assets-api.terminus.services/ https://wec-assets-api.terminus.services/ https://match.adsrvr.org/ https://vidassets.terminus.services/ https://b.6sc.co/ https://www.google.com.np/ https://www.googletagmanager.com/ https://plugins.eventable.com/ https://add.eventable.com/ https://p.adsymptotic.com https://content.persistent.com https://px.ads.linkedin.com https://www.google.com https://www.google.co.in https://ssl.gstatic.com https://www.gstatic.com https://cookiepro.blob.core.windows.net http://www.persistent.com https://www.persistent.com https://t.co/ https://optanon.blob.core.windows.net https://*.twitter.com https://syndication.twitter.com https://*.twimg.com/ https://d3afnetdjufmcb.cloudfront.net/ https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com/ https://stats.g.doubleclick.net https://i.vimeocdn.com/ https://img.youtube.com/ data:;connect-src 'self' https://cookie-cdn.cookiepro.com/ https://api.ipregistry.co/ https://p.clarity.ms/ https://cdn.linkedin.oribi.io/ https://analytics.google.com/ https://ipv6.6sc.co/ https://r.clarity.ms/ https://ws.zoominfo.com/ wss://ws.qualified.com/ *.crazyegg.com https://app.qualified.com/ https://geolocation.onetrust.com/ https://b.clarity.ms/ https://www.clarity.ms/ https://e.clarity.ms/ https://epsilon.6sense.com/v3/company/details https://o2.mouseflow.com/ https://secure.adnxs.com/ https://c.6sc.co/ https://stats.g.doubleclick.net/ http://go.persistent.com/ https://www.google-analytics.com https://go.persistent.com https://com-thebigwillow-prod1.collector.snplow.net/ https://www.googleapis.com/ https://my.yoast.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io wss://ws4.hotjar.com https://ws6.hotjar.com/ https://in.hotjar.com/ wss://ws6.hotjar.com https://www.facebook.com/ https://www.linkedin.com/ https://www.quandl.com/; frame-ancestors 'self' https://persistentcontenthub.enablix.com/ https://accounts.google.com/ https://www.youtube.com;plugin-types application/pdf application/x-shockwave-flash;form-action 'self' https://syndication.twitter.com/i/jot https://platform.twitter.com/ https://www.facebook.com 3 frame-ancestors 'self' https://www.iu.org https://www.iu-fernstudium.de https://www.iu-dualesstudium.de https://www.iu-kombistudium.de https://www.iu-mystudium.de https://www.iu-group.com https://www.iu-careers.com https://www.iu-university.org https://www.iu-academy.org https://www.iu-akademie.de https://www.iu-medicalschool.de; 3 default-src https://*.apptio.com 'self'; script-src 'self' https://*.apptio.com https://cdn-app.pathfactory.com/ https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js https://web.cvent.com https://www.cvent-assets.com https://bat.bing.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://*.cloudfront.net/fullcircle.js https://dev.visualwebsiteoptimizer.com https://*.wistia.com https://*.wistia.net https://www.trustradius.com https://googleads.g.doubleclick.net https://*.clarity.ms https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://tag.demandbase.com https://tracking.intentsify.io https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://www.google.com/pagead/conversion_async.js https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js https://src.litix.io https://*.addthis.com https://*.moatads.com https://*.addthisedge.com https://cdn.shortpixel.ai https://app.vwo.com https://s.pointerpro.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' blob: https://*.apptio.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.shortpixel.ai https://fast.wistia.com https://www.cvent-assets.com https://www.gartner.com https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://app.cdn.lookbookhq.com https://app.vwo.com https://cdn-app.pathfactory.com 'unsafe-inline'; object-src 'self'; base-uri 'self'; connect-src 'self' https://*.apptio.com https://*.mktoresp.com https://935-cth-469.mktoutil.com https://www.facebook.com https://apptio.widen.net https://cf-store.widencdn.net/apptio https://api.company-target.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com https://cdn.linkedin.oribi.io https://cdn.cookielaw.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.litix.io https://geolocation.onetrust.com https://*.cloudfront.net https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io https://www.trustradius.com https://jukebox.pathfactory.com https://embedwistia-a.akamaihd.net https://spcollector.pathfactory.com https://st.fullcircleinsights.com https://*.addthis.com https://www.facebook.com https://segments.company-target.com; font-src 'self' data: https://fonts.gstatic.com https://*.cloudfront.net https://cdn.shortpixel.ai https://*.wistia.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com https://cdn-app.pathfactory.com https://*.gartner.com; frame-src 'self' https://*.apptio.com https://js.driftt.com https://web.cvent.com https://vars.hotjar.com https://www.facebook.com https://www.gartner.com https://fast.wistia.net https://fast.wistia.com https://maps.google.com https://www.google.com https://*.addthis.com https://*.doubleclick.net https://app.vwo.com https://s.pointerpro.com; img-src 'self' data: blob: https://*.apptio.com https://*.bing.com https://*.clarity.ms https://cdn.shortpixel.ai https://s.w.org https://*.cloudfront.net https://*.wistia.com https://*.visualwebsiteoptimizer.com https://embedwistia-a.akamaihd.net https://*.wistia.net https://id.rlcdn.com https://match.prod.bidr.io https://*.linkedin.com https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://segments.company-target.com https://*.adsymptotic.com https://cdn.cookielaw.org https://reviews.static.gartner.com https://cdn.pathfactory.com https://media.trustradius.com; manifest-src 'self'; media-src 'self' blob: data: https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://js.driftt.com https://episodes.castos.com; worker-src https://*.apptio.com blob: 'self'; 3 frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests 3 object-src 'none'; script-src 'self' 'unsafe-inline' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://vtm-test.cutm.nfrance.com/libraries/jstree/dist/jstree.min.js https://tmcsi.widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://tmcsi.pp-widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://www.google.com/recaptcha/api.js https://public.message-business.com/Javascript/form/MB_Form_JsApp.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://matomo-pp.cutm.nfrance.net matomo-pp.cutm.nfrance.net connect.facebook.net cdn.onesignal.com platform.twitter.com www.youtube.com www.recaptcha.net www.gstatic.com onesignal.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; frame-ancestors 'self' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://cdn.jsdelivr.net cdn.jsdelivr.net; report-uri https://metropole.toulouse.fr/report-uri/enforce; report-to default 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.dealer-fx.com 3 default-src 'self' *.ekantipur.com *.kantipurdaily.com; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; prefetch-src 'none'; 3 upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; s